Voter database exposed on Internet

[waltky]

Somebody asleep at the security switch...

Database of 191 million U.S. voters exposed on Internet: researcher
Mon Dec 28, 2015 - An independent computer security researcher uncovered a database of information on 191 million voters that is exposed on the open Internet due to an incorrectly configured database, he said on Monday.

The database includes names, addresses, birth dates, party affiliations, phone numbers and emails of voters in all 50 U.S. states and Washington, researcher Chris Vickery said in a phone interview. Vickery, a tech support specialist from Austin, Texas, said he found the information while looking for information exposed on the Web in a bid to raise awareness of data leaks. Vickery said he could not tell whether others had accessed the voter database, which took about a day to download.

While voter data is typically considered public information, it would be time-consuming and expensive to gather a database of all American voters. A trove of all U.S. voter data could be valuable to criminals looking for lists of large numbers of targets for a variety of fraud schemes. "The alarming part is that the information is so concentrated," Vickery said. Vickery said he has not been able to identify who controls the database, but that he is working with U.S. federal authorities to find the owner so they can remove it from public view. He declined to identify the agencies. A representative with the Federal Bureau of Investigation declined to comment.

A representative with the U.S. Federal Elections Commission, which regulates campaign financing, said the agency does not have jurisdiction over protecting voter records. Regulations on protecting voter data vary from state to state, with many states imposing no restrictions. California, for example, requires that voter data be used for political purposes only and not be available to persons outside of the United States. Privacy advocates said Vickery's findings were troubling.

MORE

 

[waltky]

How to keep the internet safer...

Want a safer Internet? Here's how to start
February 9, 2016 - In our constantly-connected digital age, how can you keep yourself and your family safe online? Tech organizations and companies around the world are calling attention to security issues to mark Safer Internet Day, an annual event that aims to encourage better practices for making the Internet a safer place.

Internationally, the day, which is always the second Tuesday in February, is organized by Brussels-based Insafe Network for the European Commission. Since 2014, ConnectSafely.org, a nonprofit devoted to educating people about safety, privacy, and Web security, has served as the day's U.S. coordinator. "One thing that I always point out, one thing that I always emphasized, is the word 'safer.' The Internet is not 100 percent safe -- all great things have risks associated with them," said Larry Magid, co-founder and CEO of ConnectSafely.org and a CBS News technology analyst. "There are things you have to keep in mind with safety, security, and privacy. [You] have to be careful how you present yourself, have to be careful to use long passwords and practice security -- all of those key points."

One thing that Magid stressed is the importance of being kind online. "Part of it is respecting yourself and others. Maintaining your own reputation by not posting something that will haunt you," he said. On Tuesday, ConnectSafely.org is hosting a Safer Internet Day event at the Universal Studios Hollywood Globe Theater in Hollywood. The event is filled with a wide range of celebrity speakers and presentations, all tying into the central theme: "Play your part for a better Internet." "You used to have worries about predators, but now it's more worry over how people treat each other online," Magid said. Magid added that safety for young people is one of the key themes this year. From cyber bullying to sexting, he said that young people have to be "empowered" to make the best decisions online.

The recent proliferation of mobile messaging and social media apps has led to increased risks for users young and old -- but especially young, since these apps are so popular with teens. "Apps have their challenges. You have to be kind of resilient, you have to understand that if someone does say something mean about you, or attacks you somehow online, or if you notice that someone is being harassed -- you have to use common sense for staying safe," Magid stressed. Magid said it is important that parents be aware of the risks involved with their children using apps and sites that could open them up to harm. And of course, falling prey to malicious attacks online can happen to adults too. "Most people will not abuse whatever the next great app is," he said. "But some will fall through the cracks, some will abuse it, and it's important that we continue to educate people."

Want a safer Internet? Here's how to start

See also:

These were the 25 worst passwords of 2015
January 20, 2016, Is your password on the list? SplashData has released its annual "Worst Passwords List" for 2015, shining a spotlight on what it calls the "insecure password habits of some Internet users."

While using the same simple word or string of numbers might seem like the easiest, most convenient way to secure your information, these poor password choices could put your personal data at risk. It wouldn't take hackers long to run through a list of commonly used passwords like these. SplashData's list shows that lot of Internet users out there aren't very original in coming up with their passwords, and many continue to ignore recommendations for how to choose a strong one. For instance, "123456" and "password" topped the list of last year's 25 worst passwords. (The passwords came from mostly North America and Western Europe.) Perhaps most shocking is the fact that these have remained the top two most used "bad" passwords since SplashData started its list in 2011.

For its most recent list, SplashData assembled data from more than 2 million leaked passwords. The security firm noted that while some longer passwords made their debut on the list, they did not necessarily reflect a more sophisticated approach to creating passwords. "We have seen an effort by many people to be more secure by adding characters to passwords, but if these longer passwords are based on simple patterns they will put you in just as much risk of having your identity stolen by hackers," Morgan Slain, CEO of SplashData, said. "As we see on the list, using common sports and pop culture terms is also a bad idea. We hope that with more publicity about how risky it is to use weak passwords, more people will take steps to strengthen their passwords and, most importantly, use different passwords for different websites."

Having a secure password is one of the easiest ways people can keep their personal information safe from hackers. SplashData said it releases the list to encourage people to "adopt stronger passwords" and "improve Internet security" as a whole. Their key tips for choosing a strong password include:

- Make them long, preferably 12 characters or more, with a mix of letters, numbers and symbols.

- Avoid using the same password on multiple sites.

- Consider using a password manager program to keep track of multiple passwords.

In addition, many experts advise avoiding use of dictionary words or easily guessable phrases like your name and birthday as passwords. See the graphic below for more security info and the complete list of 2015's worst passwords:

These were the 25 worst passwords of 2015