Sunday, September 29, 2019

4 Tips to Secure the Privacy of Your Home



Last Updated on

Roughly around 325,000 homes across the US are broken into every year, usually in plain view. Altogether there are about 2.5 million burglaries reported and 66% of those are in homes. Most break-ins happen during the day when people are most likely to be out and about.
There are certain things you can do to protect your home in order not to become a statistic. We’ve rounded up 4 tips to protect your home, your family, and belongings better.

1. Keep valuables out of sight

It’s not difficult for anyone to just walk up and take a peek through one of your windows and see what you have lying around if you don’t have thick curtains or forgot to close them on your way out. While some items are not really meant to be moved around, like a TV screen, others are easier to move and keep out of view. Laptops, mobiles, all other small devices, purses, and wallets can all be put away when you’re out of the house. Even if your purse or wallet is actually empty and the mobile is old, a burglar wouldn’t know that, and it would just be too tempting in their eyes.

2. Wire up

It doesn’t matter if you live in a building, a house, or own a shop or any other business, you can use a security system to put your mind at ease. If moving into a new home or looking to sell your old one that’s a good time for when to get a wired security system. Having a wired system can increase the cost of your home when selling, and may also have custom made options that wireless security systems do not always offer.

3. Don’t provide hiding places

Your landscape, tall trees, and bushes are lovely to sit near and under. They provide nice shade on hot days but they also provide more opportunity for thieves and the likes to hide in. Keep shrubs and trees trimmed, at least trimmed enough that they do not block windows. Besides that, don’t leave items outside. Many people will leave a ladder outside after doing some roof repair, for example. This is inviting a would-be thief to the upper floors of a house where windows might be often unlocked.

4. Change locks when necessary

Anytime you or someone else loses a key to the house, change the lock. You can never be sure if the key was actually lost or if someone got their hands on it, giving them more than easy access to your home. If you rent out a home, it’s also recommended to change locks after a tenant leaves.

You can never be too safe

There really is no such thing as being too safe when it comes to protecting your home. Be an alert homeowner and find out more ways to protect your property. Always keep all doors, windows and the garage locked. You can ask someone you trust to keep a watchful eye if you have to leave home for an extended period. As we say, better to be safe than sorry.

Saturday, September 21, 2019

Home Security Tips



According to the FBI’s there were over 1 million home burglaries reported in 2015. That’s a rate of one burglary for every 134 homes making home security more important than ever. At the most basic level, making your home more secure is preventing a would-be burglar from entering your home. This can be accomplished by following a few basic rules and by employing security solutions that are effective and realistic.

We’ve compiled a few tips to help guide you on your path to a more safe and secure home.
  • Securing Exterior Doors
  • Securing Windows
  • Garage Doors
  • Make Your Home Look Occupied
  • Keep Burglars at a Distance

Securing Exterior Doors

Exterior doors are the most used point of entry for burglars. There are several points of potential weakness on a typical door such as: the handle and lockset, hinges and their mounting screws, strength of the door itself, and the door jamb or frame. Sliding patio doors and French doors present a whole new set of weaknesses. Here are some suggestions on how to make your doors a safer barrier:
  • Don’t rely on the spring-latch lock on your door handle. These locks are easy to compromise. Incorporate a sturdy deadbolt lock.
  • Install door armor kits on exterior doors to help prevent burglars from taking advantage of the weakest parts of your door. These kits usually include 3” screws to replace short screws that come with door hardware, hefty strike plates for handles and deadbolts, and metal framing to place around the hinge and handle/lock hardware.
  • Add auxiliary locks to sliding doors. Options include loop locks, security bars, or a vertical bolt locks.
    Security bars are sometimes known as sliding door polls or charlie bars.
  • Add a security bar to French doors to decrease the likelihood of a kick-in. These bar systems might not be the most attractive, but they make up for their looks with effectiveness.
  • A sometimes overlooked detail about French doors, and doors in general, is hinge placement. Ensure that all of your hinge pins are interior-facing to avoid giving burglars easy access without force.
  • Add security film to glass doors. This window film prevents glass from being easily broken. Security film is an inexpensive way to help stop an intruder from quickly kicking through a patio door without sacrificing the benefits of having a glass door.

Securing Windows

Windows can be easily secured. There are numerous window security solutions for new and old windows that increase effectiveness at keeping out intruders. If you’re in the market to replace your windows, here are some key suggestions:
  • Look for reinforced glass or acrylic windows. Reinforced (tempered or laminated) glass and acrylic (polycarbonate) are much harder to break than traditional glass windows. This can help deter criminals from continuing an intrusion after they attempt to break your windows.
  • Multiple panes of glass are better than one large pane. Multiple glass panes provide added strength and durability to repel break-in attempts.
If you’re looking to increase the security of your current windows, these devices can help:
  • Add after-market window locks to your built in window locks. These simple gadgets are cheap and very successful at helping to stop a window from being forced open. Depending on your window style, you may need double hung window locks, sliding window locks, or locks for casement windows (sometimes called crank windows.)
  • Exterior window bars can be added for additional protection. Many window bars come in decorative designs and can accent the style of your house just as well as they can help protect your windows.
  • Security film can be added to windows to decrease the likelihood of break-ins. Thicker film provides the highest level of protection.

Garage Doors

Garage door security is often overlooked by homeowners. While breaking into a garage via the garage door seems unlikely, the truth is it can be done quickly. The worst part about attached garage break-ins is that criminals can shut the garage door behind them and take their time breaking into your home without worrying about being seen. Here are some strategies to help prevent garage break-ins:
  • Don’t leave garage door openers in your vehicles. It might seem inconvenient to bring them in each night, but the inconvenience is well worth it by saving you the time and trouble of replacing your belongings.
  • Help secure your garage door emergency release to prevent easy intruder access. This can be done by either fastening it with a zip tie (which can be broken by yanking the release cord) or by placing a barrier between the top of the door and the release. Check out a guide for securing your emergency release cord at Family Handyman.
  • Use a garage door sensor to remotely alert you when your garage door has opened. Some newer garage door openers have this feature built-in as well as an auto-closing feature that will close your garage door when it has been open for too long.
  • Have a dead bolt on the door between your garage and home to prevent further intrusion. It is also a good idea to install a peephole viewer on the door to make it easier to inspect the garage without opening the door.
  • Have bright, motion sensing lights in the garage to bring attention to an open garage door.

Make Your Home Look Occupied

Whether you are home or away, it is best to make it look as though someone is home. Having an intruder invade your home is terrifying and traumatic. Here are a few tips that will help make your home look active whether you are there or not:
  • Make you home look occupied by having lamps on a timer. Strategically placing lights throughout the house on timers gives the appearance that people are using different rooms.
  • Leave a television or radio on at moderate volume. Noise is a great way to make criminals think you’re home. Televisions do a good job of creating light and mimicking activity.
  • Don’t close all your curtains and blinds. If you are using timed lights or a television to cast light, it’s good to leave a few open. Open curtains also allow the police (or a helpful neighbor) to see inside your home should the need arise.

Keep Burglars at a Distance

Some of the best burglary prevention techniques are things that you might not even consider to be prevention techniques. These tips are designed to help keep crooks from coming close enough to your home to even attempt to break in.
  • Get a dog. Your dog’s bite might not deter a burglar, but its bark might. A barking dog can bring attention to your house and the last thing a burglar wants is attention while they are sneaking into your home.
  • Home security system signs are a great way to help stop burglars in their tracks. A home security system means that the perpetrator has only a matter of seconds to burgle your home before the alarm sounds and the police are called. Advertise your alarm system near all entry points to your house.
  • A well-lit exterior is a great way to deter burglars. Dusk-to-dawn porchlights or carriage lights take away the veil of darkness from the front of your home. Landscape lighting placed near windows can increase visibility around the rest of your home.
  • Parking a car in the driveway is a great way to tell would-be burglars someone is home.
  • Keep bushes and shrubs around windows trimmed to avoid creating hiding spots. Additionally, having thorny or spiked plants such as blackberry bushes, holly, or juniper in front of windows can deter criminals from venturing too close.

Link to the article: https://www.protectyourhome.com/home-security-tips
Related articles: https://staysafeandsecure.wordpress.com/
For further assistance in home security, click here for more: http://www.locksmitharvadaco.com/

Sunday, September 15, 2019

Confirmed: 2 Billion Records Exposed In Massive Smart Home Device Breach

Davey Winder Senior Contributor
Cybersecurity
I report and analyse breaking cybersecurity and privacy stories 



A team of self-styled “hacktivist” security researchers, with an impressive track record of exposing breach after breach as part of a web-mapping project that searches for vulnerabilities within online databases, has disclosed one of the biggest to date. The researchers in question, Noam Rotem and Ran Locar from vpnMentor, found that a user database belonging to a Chinese company called Orvibo, which runs an Internet of Things (IoT) management platform, had been left exposed to the Internet without any password to protect it. So far, so appalling. But it gets even worse when you discover that the database includes more than 2 billion logs containing everything from user passwords to account reset codes and even a “smart” camera recorded conversation.

Who is Orvibo?

Orvibo is a Chinese company based in Shenzhen, from where it operates a smart home device management platform. The Orvibo website boasts of a secure cloud providing a “reliable smart home cloud platform,” and goes on to mention how it “supports millions of IoT devices and guarantees the data safety.” I imagine that the vpnMentor researchers might well take issue with that given how the breach methodology itself was shockingly predictable: a misconfigured and Internet-facing Elasticsearch database without a password. Just to add salt to the wound, a Kibana web-based app that makes navigating through the data contained in that database easier was also left with no password protection. Geoff Tudor, general manager of Vizion.ai, told me that Elasticsearch breaches are becoming almost everyday occurrences. “When first installed, Elasticsearch’s API is completely open without any password protection,” Tudor says, adding “all a hacker needs to do is to hit a URL with http: //[serverIP]:9200 and a user can see if an Elasticsearch is operational. Then it takes a single command to search through the data stored in it…”

Less salt in the wound

The list of data included in the breach is extensive according to the vpnMentor report and includes:
  • Email addresses
  • Passwords
  • Account reset codes
  • Precise geolocation
  • IP address
  • Username
  • UserID
  • Family name
  • Family ID
  • Smart device
  • Device that accessed account
  • Scheduling information
Of these, the most problematical are the password and password reset codes that are being logged. Even though these had not been encrypted, they had been hashed using MD5. Unlike encryption, which is a two-way function in that it is designed so you can decrypt the data at some point, hashing is a one-way thing that isn’t reversible. Hashing turns a plaintext password into a unique hexadecimal string, it’s an authentication thing, a check-sum if you like. Unfortunately, the MD5 algorithm used to hash these passwords isn’t considered particularly secure as it has been found to contain a whole bunch of vulnerabilities. The Orvibo incident went one step further when it comes to diluting the security value of MD5 hashing: the passwords and reset codes were hashed but not salted. By adding a unique value, or salt, to the end of every password before hashing you produce a different hash value. This additional security layer is vital if you want to protect against a brute force attack that tries every known alphanumeric combination until the password is revealed. Rainbow tables, lists of hashes and their corresponding passwords, can also be made much less likely to succeed if every hashed password has a unique salt.

What could attackers do with this data?

Given that Orvibo claims to have more than a million users, including private individuals with smart home systems but also hotels and other business customers, the implications are quite far reaching. Orvibo manufactures some 100 different smart home or smart automation devices. The vpnMentor report states that it found logs for users in China, Japan, Thailand, Mexico, France, Australia, Brazil, the United Kingdom and the U.S.

According to the researchers, the reset codes were the most dangerous pieces of information found in the database. “These would be sent to a user to reset either their password or their email address,” the report explains, continuing “with that information readily accessible, a hacker could lock a user out of their account without needing their password. Changing both a password and an email address could make the action irreversible.”

But that’s just the tip of this incident iceberg, given that a number of home security devices are included in the Orvibo product line. These include smart locks, home security cameras and full smart home kits. “With the information that has leaked,” the report says, “it’s clear that there is nothing secure about these devices. Even having one of these devices installed could undermine, rather than enhance, your physical security.”

“Misconfigurations that leave servers open and vulnerable is something that we’ve seen resurface over and over again,” Ben Herzberg, director of threat research at Imperva, told me. “When these systems are left open attackers have a variety of options, they can either use the data to their advantage, take over resources,” Herzberg continued, concluding “or work themselves even further into the networks of the organization and infiltrate additional resources.”

What can you do to secure your smart device data?

“Criminal groups may have been aware of this vulnerability but it is unknown if anyone has taken advantage of this flaw yet,” says Jake Moore, a cybersecurity specialist at ESET who adds, “I’d hope it would be patched quite quickly now it is out.” That hope seems like a bit of a reach to me considering that vpnMentor says it first contacted Orvibo on June 16 without response. It then tweeted the company, but this didn’t get any response either. As of yesterday, ZDNet reports that despite continued efforts to contact the company not only has there been no response but the database remains freely accessible online with no password protection.

“The best thing now for people affected is to make sure their smart device passwords are changed immediately to something long and complex along with other accounts where the same password may be reused,” Moore advises. However, he also points out that if cyber-criminal gangs are already in and watching their every move before a patch is installed, “they may as well pull the plug on the device until it is fixed.”

Ilia Kolochenko, founder and CEO of web security company ImmuniWeb, concludes that beyond the obvious password changing, users of Orvibo devices have little recourse “but to file a legal complaint and deactivate any remote management of their homes if it is doable.”



July 4, 2019.

An Orvibo spokesperson has provided the following comment:

“Once we received this report on July 2, Orvibo’s RD team took immediate actions to resolve security vulnerability and informed the reporter. Orvibo attaches great importance to user data security and keeps improving information security systems.”

I can also confirm that the Orvibo database in question has been closed as of July 2.

Saturday, September 7, 2019

Smart home security: 10 hacks to protect your home from hackers

By Paul Walton March 13, 2019 Internet



Did you hear about the FaceTime bug that allowed users to eavesdrop on one another? How about the US family convinced by their Nest Camera that a nuclear attack was imminent?

IoT devices are now a top target for brazen cyber criminals eager to take advantage of anything in order to get their hands on someone else’s personal details.

Yet despite the dramatic headlines, there’s no need to unplug altogether. Instead, there are several simple and easy hacks that you can do to add an extra layer of security to your smart home devices.

Here’s our top 10 tips on how:
  • Smart homes at greater security risk than ever
  • Protecting your data in the age of smart homes
  • 6 ways to secure your home Wi-Fi

1. Use two-factor authentication (2FA)

For most devices, there is usually an option to set up 2FA. With 2FA you’re asked to enter a secondary form of verification after submitting your username and password. This second layer of security helps repulse particularly persistent hackers.

When it comes to finance, security is crucial so many banks go further than 2FA by sending customers a unique code to enter. Facebook gets even more creative, asking users to verify friends in photos.

However, neglecting 2FA isn’t amusing; recently a hacker spoke to a baby through a Nest security camera and then turned up the central heating. With proper 2FA, this was a situation that could have been avoided.

2. Set up a secondary or ‘guest’ network

Broadband suppliers allow you to create multiple networks on your Wi-Fi router. It’s how parents set up controlled kids’ networks and guest networks for visitors. The same can be done for smart devices.

Create a separate Wi-Fi network so that your IoT devices operate separately from personal ones like your laptop or phone. Many routers now segregate all devices on a guest network so that they cannot communicate with each other. This makes it harder for a would-be hacker to gain access to data on this network.

When creating this new network, opt for WPA2 if given a choice between this and WPA; it’s the standard encryption method used worldwide.

3. Kill the bugs

Modern technology is impressive, but we all know that mistakes do happen. One of the most common ways hackers target smart devices is by exploiting a vulnerability missed by the software developer.

Luckily, this is also one of the easiest issues to address – simply update the device. Maybe think twice before clicking ‘ask me later’ the next time an update notification appears on your phone or laptop. There are bigger bugs to fry.

4. Disable unnecessary features

Smart devices are full of features, often enabled by default. Remote access is a good example of something that may be surplus to requirements. Don’t need it? Disable it.

5. Is your device qualified?

When purchasing a smart device, make sure it has the correct certification. The “Works with Alexa” and “Works with Apple HomeKit” badges show that devices meet certain standards in responsiveness, reliability and functionality.

However, certification is especially important in regards to smart security devices. It’s worth noting that in the UK a smart alarm needs to be certified by either the National Security Inspectorate (NSI) or the SSAIB if you want a police response.

6. Resist accessing smart devices using public Wi-Fi

Public Wi-Fi has weak security protocols and information transmission is generally unencrypted. If your Wi-Fi router is hacked your information can easily be intercepted undetected. This is what’s called a “man-in-the-middle” attack.

If you are on the go and want to check your CCTV then perhaps it’s better to take the hit and just use your own 3G/4G connection.

7. But if you must… Make sure the public Wi-Fi is genuine

Another man-in-the-middle attack exists, appropriately dubbed “Evil Twin.” In this case, the hacker creates a Wi-Fi network to mimic a public one nearby. For example, a network named Free_Cafe_Wifi could be created next to a Starbucks. This technique is especially dangerous as login pages may automatically appear, enticing you to enter personal details.

If you cannot avoid public Wi-Fi altogether, ask a café employee for the correct Wi-Fi name to make sure you are logging into the correct one.

8. Secure your phone and smart accessories

Simple, but effective. Your smartphone should have a passcode that isn’t easily guessed. No birthdays or ‘1234’.

You should also keep track of portable smart home accessories. Nowadays, smart alarms often come with key tags, allowing the alarm to be set and unset by waving them next to a panel. If lost, make sure you deactivate the tag on your smartphone until it’s found.

9. Buy from trusted brands

Cybersecurity is a top priority for consumers, but not always for brands. Beware the “poundshop” types you see on Amazon or Ebay boasting good reviews and low prices.  Do your research: look up the brand’s website and search opinions on news-sites and forums.

It’s also worth checking whether the brands encrypts personal content. Ring, for example, is known for not encrypting customers’ videos because of Ring’s belief “that encryption would make the company less valuable.” Earlier this year, this created a storm when allegations arose that Ring’s Ukraine-based employees had unfettered access to video created by Ring camera.

10. Remember: passwords are key

It’s a cybersecurity tale as old as time. But it’s true. Your passwords must be secure. Make sure each one is unique and at least 12 characters long. Avoid full words; MySecurePasswrd is far more secure than MySecurePassword simply because it’s missing the “o”.

A good password will defend against “brute force” attacks: a trial-and-error method where a computer submits thousands of passwords, using common words and patterns, to gradually narrow it down.

If you’re concerned about remembering multiple passwords then use a password manager like LastPass or Dashlane. You can also get built-in options like Keychains for iOS or Password Manager for Google Chrome.

Last but not least, don’t forget to give your broadband network a suitably obscure name. “William’s Wi-Fi” is not ideal. Think outside the box, your favourite movie or car model for instance. Maybe even try putting a smile on a neighbour’s face with something a little playful like “Pretty Fly for a Wi-Fi” or “The LAN Before Time”. You just never know. It could be the difference between being hacked or having said hacker move elsewhere.

Paul Walton, Co-Founder of Boundary