Ashley Madison

I’m in the middle of moving so I’m typing this up on my phone. As you may well be aware, I detest brevity as I loathe all encumbrances upon all opportunities to hear (or read) myself talk (or write). Here’s what you need to know to keep yourself safe.

First, keep this firmly in mind: Just because someone’s name or email address shows up in this breach does NOT mean they cheated on their spouse.

Ashley Madison does not verify a user’s email account when they sign up at all. This means anyone in the world could have entered your email address when they signed up. Now you look guilty.

There are other reasons an account is not necessarily a scarlet letter, even if it really does belong to the purported account holder. The person could have signed up because:
* They were curious and just wanted to look around
* They wanted to cheat but changed their mind.
* They signed up when single and subsequently got married and forgot all about the site. (Or paid for Ashley Madison’s delete account service and clearly did not get their money’s worth)
* They want to protect their identity online so they sign up for every high-profile social networking site that pops up.
* Or, possibly, they could want to cheat on their spouse. Diff’rent strokes and all.

Keep yourself safe

Do not click links in social media which claim to show you whose accounts were breached. Doesn’t matter if the link says your account is┬álisted, your boss’s, a celebrity, or a politician. Scammers looooove throwing up bait like this to trick people into installing viruses or paying money or paying money to install viruses. Steer clear.

To see if your account is listed, visit this website (given my previous paragraph, I understand if you don’t want to click through)

This is the only website that I trust for this sort of information. The only one.

Now, since this information is sensitive, the author of the site, Troy Hunt, requires you to verify that you own the email address in question before he tells you whether or not you were among the breached Ashley Madison accounts. Click ‘Notify Me’ in the menu and sign up for notifications. Once you have verified your email address the website will let you know privately if you, well, ‘been pwned’.

This is a good practice, in general. I┬ásigned up for notifications from haveibeenpwned so if my email address ever shows up in a breach (even one which hasn’t been publicized) I get emailed.

Educate yourself

Here are a couple great articles from information security news sources I trust.

Brian Krebs, the foremost info sec journalist, wrote an article on the breach data.

Graham Cluley, a well-respected info sec analyst, has another article.

8 Skills to Scuttle ATM Skimmers

It looks like the ATM skimmer creeps have made it to Des Moines.

Worried about ATM security? Good! Here’s how to stay safe:

  1. Don’t ignore basic ATM security you already know – be sure you’re in a safe, well-lit area and there aren’t any suspicious people hanging around. Mugging someone is easier and quicker than installing a skimmer.
  2. Use familiar ATMs and pay attention to what they look like. Any changes? A new card reader perhaps? That’s a sign that thieves have placed a skimmer there. Contact the bank to see if they’ve fixed/replaced that ATM recently.
  3. Try to pull the card reader off. If it comes off in your hand with a quick tug, then congratulations, you have just discovered a skimmer.
  4. Same thing with the PIN pad. With your debit card number, the thief still needs your PIN. Whew! Unfortunately the thief has thought of this. They either have a pinhole camera mounted somewhere (probably on the ATM) to videotape your PIN or an overlay on top of the PIN pad which records your PIN as you type it.
  5. Cover your hand with your other hand while you type your PIN. This helps foil the cameras.
  6. After you type your PIN, rest your whole hand on ALL of the buttons on the PIN pad for a moment. This heats all of the buttons up so the thief can’t use an infrared camera to get your PIN. (Yes, they really can do that, and yes, covering the PIN pad for a few seconds really does help)
  7. Periodically check your account balance and transactions online. At least every few days. This way you may catch any fraudulent activity faster. Did thieves get access to your account with a skimmer? Was it an online shopping hack? Who knows! Doesn’t matter, really. Good thing is that you caught it. Talk to your bank and have them back out the fraudulent activity.
  8. Finally, if you do discover a problem, do not panic. First, don’t actually use the ATM, even if you yanked the skimmer off. Get the hell out of there ASAP. If you’re on foot, run. If you’re in your car, lock it, roll the windows up, and get the hell away from the ATM. ATM skimming criminals may be lurking nearby to watch their toy. You just broke their toy, so they might be mad. They might resort to simply mugging you. So don’t use the ATM, don’t withdraw any money, and get the hell out of there.

    Call the police from a safe distance.