CNET to the Rescue Ep.41: Band-Aids for the Epsilon boo-booSecurity reporter Elinor Mills joins us today to discuss the large data breach at marketing services company Epsilon, which most likely landed your e-mail address in a hacker's database. What can you do about this breach, and how can you protect against...
Hello everyone welcome to CNET could rescue our weekly show we try to dispel some of the fear and uncertainty in the out of using modern tech products and today we've got plenty of it because today we are -- the Epsilon breach. And we are joined -- -- security reporter Elinor mills at this moment studying. -- thanks for coming and -- We're gonna talk about what happened with Epsilon and your email addresses at target best buy. Chase JPMorgan US bank etc. And how it happened what we can do about it and that's similar types of things we have to watch out for. Before we do that and before we get to -- general tech questions we've got a little bit of roundtable roundtable. Of road test action for you here first of all. An update on the -- some knowledge EDS for eleven slim the network attached storage device I bought my home to replacement Windows Home Server. Going on two months now and it's still creating thumbnails on my 150 gigabyte archival photos and videos. Two months of creating thumbnails. And -- I just thought you might wanna know -- -- like it it's the really really slow all right. And yesterday or rather this morning I covered a company that's a kick starter project. These guys making a desktop tribute -- -- snapped together would in the desktop tribute shape and it's a -- I have it right here assembled. That they're trying to raise funding for two. Two -- to buy their own -- Laser cutters they can make these things and send them out to people and I did a story on how innovation works and how they're using to kick start a project to get funding and I tweeted that I got this thing that I put in a pledge fort and I heard back from the guys who are doing this props mr. hey we come up and -- -- give you a demo and I said. Yet out and they did insecurities so I'm just gonna do this think for those view. On audio only I apologize here is -- desktop wouldn't tributary which we snap together their laser cut thing. And I'm learning a lot about the physics -- -- and magnet -- -- these things are finicky little. And in there. -- with. Counterweight of Nickels and dimes. That's that in the basket here and -- the pennies in the slayings. And you're -- I didn't work. Became out of the -- anyway this thing will fling a penny across the room if you put some serious -- -- and there. It'll playing. -- bouncy balls. -- super balls across the room. -- -- is very concerned about -- so this to -- that it would take at somebody's died. It could if you're standing very very close to it. But I'm -- of them there's so many variables in this thing I I am and all of the medieval siege. Warriors. But you -- little -- here at the top that has to be just write the counterweight have to be just right the weight. Of the thing in the in the -- has to be that apparently -- ideal ratio is 100 to one counterweight to project -- wait. -- -- 100 pounds of counterweight stones for every. Flaming data ports -- -- over the that the -- tables anyway. See the link in. Seen at the rescue if you -- order one of these things ahead of time it's really great fun. And -- -- a little route protest from you know you apparently just gotten religion. On last pass. Yeah I am tell -- -- -- it and it basically it's it lets its stores. It all my passwords from a different sites I don't have to remember and I don't have to run him down anywhere in -- and -- -- and lock box. I do have one password that allowed me begin in -- what is that online host and -- -- effort. Dairy funny that that secret will go with the meat migraine. So -- passes. Work and effort it. I use that I like it too -- Great so everybody if you're if you have issues with your turn remember your passwords or -- -- -- -- -- -- -- generate passwords. Alia that in so I actually there are many sites that I go to that I don't know the -- were to last past that this area generate paste done. Easy yet and that the cool thing about last past is that it also has an iPad and iPhone browser version the iPhone version is -- that's where in the -- -- last past of them ads for yet. Today I want to talk about our main topic is the Epsilon security breach now you may have been hearing about this in the media is a very important reach. At the surface of it it looks like it might not be that big -- deal but I have a feeling there's more going on here and -- can you give -- just a little update. Who is Epsilon what got lost and who was affected the start with what is apps. Yeah -- flying you you may never heard of them until this week but their one of the company's -- behind the scenes. It does email marketing services. And basically. So companies like you know best buy or chase. Will want to. Want to outsource the maintenance of databases -- customer database information. Email marketing campaigns things like that -- loyalty rewards programs. And it's not their core functionalities -- why not outsource it so at salon there's -- -- on. There's couple others have a bunch of them actually a large number of them and they. Get the data they get the email information the customer information from the best buy and then they handle the marketing campaign this. -- when I get an email alert from my bank or from best buy or. Netflix Tivo whatever and it says -- we've got a special deal for you if you act before midnight tonight or by this week we here's the scoop on. That is not coming from people inside that companies coming from via -- -- -- often. I and it's an -- so in order for -- to be able to do that obviously they need to know my name and my email treason and is that what. Got stolen. Yeah actually the at salon isn't saying exactly how. They were compromised and how this information was exposed to but just that. Customer their clients and customer names and email addresses were expanse that's all. That's all they say that's all they laid it -- they do they do collect other and have other information like what well. Like from -- financial institutions when they're handling -- loyalty programs they need account information to track. You know. Account activities to back up the point the points in the bonuses and things like that so that they could -- what I'm how much money have what I'm spending money on arguably they could what movies -- -- a connection where I'm flying to. Neither the cut their clients and nor -- -- one is telling -- exactly what and how back. Okay because what I'm hearing right now. When I first heard the story I heard. That the breach was that Epsilon on behalf of and I got four messages which is not -- far for a record I got. What I -- target Tivo. Hilton honors and Chase -- the case -- scares me of course I don't know what data cases -- that this marketing company -- But I first heard I heard it was just my name and email address which means that okay that was managed to get hacked and -- so now I'm gonna be getting more spam. Big deal. But then I start to think about how do we know that's all the data that -- stolen and could is this a bigger deal than just getting more spam on our. Yeah I -- could be I mean if you think about it so. From a legal -- -- and companies again breached. Under California and other laws and in certain states they have to. Disclose its customers have been involved personally identifiable information known as. And that includes. Of a write it you know. Name and one a combination of other different things. -- an email address are not there any Social Security number you know bank account information those things are -- You're your name and your email address are not considered under that legal definition as -- personalized. Personally identifiable information so. They didn't have to. Disclose -- necessarily but they felt. Whether it's the company's in of the chase in the best buy it or apps on someone behind the scenes decided that it was a big enough threat that they needed Q. You know deal with embarrassment and that hit to the reputation credibility and tell people. It you know hey your name and email it Nasser Al pairing -- actually -- -- the threat is fishing which is this threat is well okay so. -- -- Immediate threat is fish that okay so that you will get now it's your email address. And your name are linked with. You said which chase takes -- getting email yes that looks like it comes from chase them. Saying -- -- in light of the recent security problems. We need to verify. Your account -- need to change some details to secure your accounts -- click this link. Or openness attachment or -- you do take some acting and and -- -- give some information you need to it you know. -- Eight your profile and it clearly when I do that I'm gonna get destroyed right now the funny thing is the ads and advice and I'm hearing on what happens in light of -- speech that everybody -- -- Don't open emails from people you don't know but we're saying is -- the Phishing emails look like they are exactly the people as well as be opening emails from that might bank might make my service providers. It's a highly how we protect ourselves. And this could happen this could happen in what's happening before our -- And there's word that at least in the incidence of chase. That there are Phishing -- but whether going on since the breach in -- on the list. But whether it's really related to -- to whether the recipients really -- Among the list of email users who who whose data was exposed or not we don't know maybe it's you know spammers piggy -- on this event. I think -- -- beginning to worry because your -- that thing here's that thing to things. Pay your bank and illegitimate. You know institution is not you know retailers not going to ask for sensitive information or ask you to click on something or -- -- something in an email. And an -- for sensitive information. They'll send -- letters or a phone call they'll contact you some other way they know this is pounds fishers get. -- -- trick people -- that's your first red flag. That this is not legitimate so if it if it's not someone you know you can ignore it. If it's. An institution you know -- you trust you have to two to look at the context and look -- asking for is an urgent town your account can be deactivated unless you do this. Banks don't do that then you know best buy doesn't do that there's not there's no you know urgency that's a real clue that the fishing. But what's really important here is that it's not just okay so some people are sort of downplaying it and -- just in your naming your email address that's that's out there all over the Internet and that's true. But it's that combined with the fact that you -- customer or a best buy customer. Someone could do targeted Phishing known as spear Phishing in the industry I love that and use you know. -- target specifically at. You know individuals that meant that meet that profile. You know W. You know you laugh you know -- Where an obvious and deals at best buy them. And he clicked this link and provide you know this information to get. -- deal now is is -- possible that the data that it was breached your might include not just with my name and my email address. And at you know from my best buy count but what I've purchased at best buy it because that's one might have been using that as part of a marketing campaign so we wanna send a best -- -- -- -- -- sent a special upgrade coupon to everybody who bought a Garmin GPS. So they would send that information -- -- that the kind of data the -- that be used to make more targeted Phishing campaigns -- -- -- apps long would have could have access depending on its client. But right now they're saying all their -- Is that email addresses and user names were exposed so all right. We've been breached I've got four alert messages other people got more some people got less. What do we do the users now the people who are victims of this of the potential victims of these Phishing attacks in the -- on beach what do we do in the future. To stay safe or an -- week for example change all our email addresses at the -- at the from the -- private providers who notified us. I think I would be good and and I and I tend to be paranoid. I only report on security -- your job right I would say change passwords change email addresses. Do that it just in general to change. At those. -- sites where you have these email addresses deftly changed email addresses and you might consider using. New and different email addresses at. Sites in new sites you sign up for or visitor and -- have to give that information to -- on certain products. Services that are. That -- -- -- like one is down it's. Hacked -- C dot net it's CO TSC dot net moon and its sound and I know how much they charge but -- it's a subscription and they will create. Different email addresses for every. Site or service the they keep track of that it's it's sort of like -- -- -- -- or email addresses. So that's 11 option if you wanna do it on your own or you wanna do it you know may -- keep track of who might be spamming you're -- -- minded venue breaches like innocent people who really. You know -- be used Gmail and you can set up filters so what you do is create. Your own you know Tom Smith. FB for FaceBook. At gmail.com. Or plus you know FB at gmail.com for Danny filter valued now that's my. My suiting him email email address Ford that particular -- any keep checking spam and -- in emails then you'll know that that's the site that was. That was very. I think Yahoo! also lets you set up not hate Google lets you set up at individual email accounts the -- You know name plus target at Gmail dot common name plus American Airlines come and I think. I think -- Hotmail or Yahoo! lets you set up actual different email addresses that don't can't be traced back to your account -- that's one -- limited number though. All right so those are couple things to do. This is you know a growing concern I mean are. Do you feel we are now less safe doing commerce online and giving out -- email addresses and -- the stated. And I don't. Okay I don't pick it feel that we were at less safe -- we were last week before. -- -- -- -- -- -- It's actually weren't we are likely to be more safe because this will raise awareness since so many people got. Those emails from. Retailers that they trust and any it's going to get them to. Be more aware oh well so like -- bank with taste but I can't. I can't trust all my emails any emails necessarily that come from chase or best spot just and also now it's the awareness it's raising awareness that. Well yeah right we have a relationship with these -- these companies that we do business with it but our data -- any -- elsewhere with it in the hands of other companies. -- that's something we should be. Aware of even if we can't necessarily do something to -- -- them. We can we -- you know -- -- -- control and are limited by creating these fake email addresses are you know. Pseudo email addresses you can opt opt out of things even Epsilon has a page -- you can opt out not of some of their marketing. -- service if you know about it which now we do -- now the other thing that I wanna talk on when it comes to. Privacy and security is mobile phone privacy and security there is and news happened today about. What mobile phones are collecting from us yeah. -- that pandora which is a popular you know I love pandora it they're great yeah they're great. They're very popular on the mobile. This device to so. Date announcer they -- they. Came forward button within SEC filing where you know as they had to -- -- they'd been subpoenaed by. It was -- and FTC for information. On. You know. Subpoenaed by a grand jury out -- like for information on you know what kind of data -- is sending to whom. A third party advertisers so there was a Wall Street Journal. There -- some study is done last year independent researchers and also Wall Street Journal. Analyzed pandora and other apps and found that. It wasn't just being they were -- information. To advertisers. And advertising networks. That -- that the user didn't know anything about so you know an Apple you don't eat you know you either. Apple vets the apps out. Ostensibly they're keeping anything you know -- but even -- an Android you're downloading apps like you're saying okay there it's explaining. You know here the permissions you wanna give act -- -- -- access this this this. These data these resources -- want to allow it or not. And it's the user -- so ambulances will -- users given permission. But behind the scenes with being shared with advertisers. Could be anything users don't even know they don't know they're even consent knowing that. When you have to that happens on FaceBook a lot when -- wanted to do FaceBook app it says in order to use this app you have to. It doesn't -- -- in these words but the messages. If you want to use deceptive got to give us all this information yes -- no and you kind of over a barrel if you wanna use the app you gotta say let all these things busy if you. Same -- is -- on the mobile side. -- -- -- -- -- -- -- -- Will it. It should be more opt in -- So why what if -- -- don't even. Necessarily are blatantly need what -- -- asking for permission to access but maybe it's you know scientists designed in because of some strategy future you know functionality. But the user should be -- -- more control of that on FaceBook and on mobile apps. These phones -- carry around -- these animals buys. They know everything about it and -- gag GPS location and -- nation. Our -- pressure let's and leave the paranoia department -- thank you for help without that that really does help us the unit. Solid write their -- what to do about -- -- -- and -- -- two million who did it now well they're not saying. Dad did there absolutely mom they're not even saying you know -- revealing any information on how they were compromised or. They -- the only said that it was march 30. And then they made the announcement on April 1. -- -- at six ports are right so listener questions guys and we got some good questions from here for Stephen Plummer says. Currently have a windows machine and I want to move to a Mac -- use. -- use an XP and should I pay the extra to have the folks at best buy and move my data form me. I've been using and -- another question I've been using Microsoft money from home banking what is -- Mac program from banking well there's two questions there the first one is should you let best buy. Take your old XP machine and your new Mac and move the data for you well arguably it will work but there's no way in. As these the same ash HE double toothpicks and -- letting it a couple of geeks at best buy anywhere near mile hard disks I'm sorry -- broken I'm going to eat out for repair. An island that's like a machine and Italy you know but agreed no way no offense -- the nice people working at best buy but. -- -- -- -- So I would say move the data yourself it's not that hard the easiest. They're too easy ways to do it and some that are little bit more advanced than better for larger data stores. One easy way if you have a relatively small amount of data is set up drop box on your XP machine and on your Mac and use that synchronize folder to transfer stuff over the web. Or cloud another good way to do it. As a get a removable hard drive. And a removable are a standalone external hard drive -- USB hard drive put all your data on the map on the XP machine. Then copy it over to the Mac and then reaper with a partner at the time machine backup drive network. Apple has a lot of -- -- and how to do this over a network or network connection will put a link into the show notes it's really not that hard to move windows data. Data files that is com media files documents and so on up from one platform to the other moving iTunes data. Can be tricky we have -- who's on that on CNET. And moving email. You're better -- just use in the cloud service means moving up outlook and outlook data store from one machine to another and the drag it can be done. As far as Mac based home banking. That's a tough one that is a dying market the software accounting. Marketplace. I still using quicken on windows -- and on the Mac is a solution. It's not bad it is not full featured as full featured as quicken on windows. If you really want to stick with Microsoft money. And that capability you might want to run windows on your Mac for the time being using boot camp or virtual machine. Another thing you might wanna do is look at an online solution may -- even your bank's own online solution for online banking although that will just be your bank. Its solutions are getting better course into it in addition to -- -- also owns mint and that is a decent solution that does everything pretty much but pay bills. Though I'm told that's coming. But then we've got to worry more about all -- -- online. That's right yeah alright. And that's the question from Jason the instructional. Design. My latest two year AT&T contract is expiring and I am looking to upgrade to my first Smartphone I'm looking at the Samsung Focus since I love -- seven phones. Okay and the Motorola HX or GeForce and Nvidia dual core goodness which -- should I go with my biggest worry is for -- -- single core focus. I'm gonna regret not having -- eight fixes. Extra core couple months -- -- -- I asked our Smartphone experts Ken German Bonnie Cha about this and they both kind of agree that says. But in particular says I'd give hear her answer since he's just getting its first Smartphone I'd say it's not necessary to government with a dual core processor. And I say that for the average consumer. As well single core devices are -- pretty zippy. He can handle email browsing multimedia -- with no problem. Dual core processors will be more of a consideration when Android ice cream is released but again it looks like he's the Windows 7. A sense that OS will be better optimize take advantage of the chips that -- also adds that. The matrix that is an eight just EPA -- high speed four -- phone with the HSDPA. Connectivity on it not turned on yet by AT&T they said they will enable. That high speed networking but they haven't yet so you might want to take a second look at the matrix four -- as the -- -- solution. Dual core will be in Smartphones kind of as a standard feature probably Bevan at that time you rednecks -- In in about eighteen months would be my guess. Right now developers are still writing for corn meal at the core. -- I -- this question Michael from Minnesota says I recently ruined a pair your -- by winding them in my pocket. This caused the left ear but not to work unless -- held the wire and a certain direction that made me wonder what is the best way to store earbuds in your pocket without ruining them. The best list or earbuds in your pocket without ruining them as not to store them in your pocket. Because the problem isn't the winding the problem is when you -- into your pocket you can the wires no matter how you wind. So we actually -- prank will Brian Cooley who are known he's been here in the studio because the cable to the headphone are always neatly wrapped. He hasn't been nearly notice. He did -- how to how to wind your cable's. Really we -- we're paying money to have people do how to videos and how to wind your cable. It's actually quite entertaining. There are ways to wind Cabell field -- the problem has kinks in the cable. The other problem is of -- these -- my iPhone cables and I -- -- kind of you know OCD about when he cables and I'm very careful about how -- wind and and the whining isn't the problem with the -- So what you wanna do -- even if you -- it neatly. Is not do -- about to look at wind cable neatly no kinks in -- little -- and here's our market. -- -- You unwind them carefully as you point them. I see a market here for our winding devices aren't there are tons. There's tons and they're all over priced ridiculous and Josh -- has the best advice for how to protect the cables cause it's it's it's the kicking in your pocket where they get broken. Get a a case and one of the cases for for cables but I think these will fit is an old film canisters for -- millimeter film canister. It's bulky but will protect -- cables from being -- and operated and that's what you want what a port or an alt width ten. Applicants are useful for everything out those that they're they should via. -- -- these with the iPhone. And that's who probably have some of the ball went in and -- and -- and it with my smelling years. -- I'd be careful -- the care of your cable's. With the quickly here Mike says -- toll totally missed and loved music match jukebox it was the easiest and best MP3. App for super tagging I'm not sure how they did -- but it was the only program on the market that let the built in album that. That built in album artwork into the actual MP3 files -- -- -- bunch of folder and thumbnail JPEG below your drive I no longer have the option to run an old XP machine are there any decent MP3 -- solutions out there. Donald bell are audio expert says -- -- up. Which is tuneup media dot com and if anybody else out there has ideas -- the best way to manage and tag. And take care of MP3 files less now. Finally we have to comments. From previous episodes share -- says. You probably already heard this but one thing to be aware of when you're extending your wireless network with the repeater is that your band with drops and half for each hop. So anyone connected to repeater -- -- get one half the band -- of -- -- connecting to the router directly. An additional repeater will drop again to a quarter -- the -- -- now this doesn't invalidate the solution presented. There says. And if you're using wireless G -- -- band -- is still plenty of -- -- but it's something to be aware of as -- and Peters. And finally. -- barter says. Regarding referred to -- warranties. I reach and recently purchased the camera and eBay and I bought a three year option from square trade which is a warranty services company. Two years later it issues contacted square trade and they fixed it with no questions asked they -- very reasonable for the yearly -- though some good advice on warranty plans. Yes I -- I dislike warranties mostly because they just like in and I I'm -- short my personal the rest my life. But. Extended warranties there always pitched at the point of sale and I just don't like being manipulated -- natural aversion to -- Where trade something control on your own schedule but better idea you don't pressured me. And Hawaii last stop asking you that. Now I don't like being I don't like parts of packets I mean sometimes it's fun to get in there and and fight with tell people actually do like negotiating for cars and things like that and oil and getting in for you but when your research -- -- but when I go to buy something in retail I already know I'm overpaying because I lack the discipline to go in and shop where online. That's when buying it retail I want the router now and I and -- pitchman with that and they're preying on your fair. There's a big market -- that. Security yes and -- good -- to cover all industry -- And for good reason. Yeah -- thanks for covenant thank you thanks to -- -- -- understand what's going on with Epsilon and and tell us about what we can do to be safe Kelli thanks for producing everyone. Thanks for listening to seen at the rest if you have questions remember to send them our way any tech question with -- -- -- senate to rescue at cnet.com. And see all the links in the show notes from this and previous episodes go to cnet.com. Slash rescue. Thank you everybody watching and having question. They -- up there with him.