Top Ten Computer security fails

Cyber security howlers leave oblivious users at risk
Wednesday, 1 August 2012

Hosting specialist UKFast has revealed the top ten cyber security gaffes of the year so far, highlighting the shocking levels of ignorance amongst the British public when it comes to online security.

Stuart Coulson, director of data centres at the Manchester-based firm explained that although some people may laugh at the major security mishaps of naive web users, many of us underestimate the value of the information we post online and the serious implications if it's compromised.

Coulson said: "As a society we rely on technology more than ever nowadays. We communicate through social networks, pay bills and manage our bank accounts online, and carry a wealth of personal data around with us on our mobile phones.

"We are so comfortable sharing information on the net that people don't realise that their over-sharing could hand cybercriminals access to their bank accounts and leave them vulnerable to identity fraud."

Here's UKFast's shortlist of biggest cyber security blunders:

1. Not realising the value of images you post online
Accounts like @NeedaDebitCard are highlighting how oblivious to risk many users are, by retweeting photos Twitter users have posted of their credit and debit cards.

With card details in the image including cardholder's name, number and expiry, cybercrims are left only to decipher the cv code on the back – which has only 1,000 possible combinations.

2. Sharing your contact details with the world
How many times have you seen a message like this pop up on your Facebook feed: "Hey guys, I've got a new mobile, my number is 07890 123 456. via Facebook for iPhone"?

This user has just informed the world – on their unsecured Facebook account which grants everyone access to their timeline – that they have a shiny new iPhone and how to send targeted spam to them on it. And if they have location services enabled, they are also telling phone thieves where they can find a shiny new smartphone.

Which leads us to...

3. Checking-in
Sharing your arrival in the Bahamas on FourSquare, tweeting with location services enabled from the airport as you set of for "two weeks in the sun" may seem like innocent boasting but in conjunction with a previous check-in at "home" you have just told the world where your house is. And that it will be empty, and free to burgle, for two whole weeks.

4. Type your password here
Moving away from social media, password security is a key factor of all online security but how freely do we give them away? Sites that offer free password strength checks are, more often than not, data-mining exercises that trick users into handing over their log-in details for everything from Facebook to your online bank account.

5. Password re-use
While on the topic of passwords, how many different passwords do you have? Having one password that you recycle across all of your online accounts means that once one account is compromised, hackers can use the same password to access every account – and do what they please online while pretending to be you.

6. QR codes
Now a ubiquitous marketing tool in most modern countries, the QR code is a 2D image that is scanned by a mobile device's camera, launches the web browser and opens the webpage to which the code is linked.

These codes appear on stickers on the underground, flyers in the street and social media avatars and we scan them without knowing where they lead – could be to a marketing campaign, could be to a malware download.

7. Public computers
If you stay logged in on a public computer, whoever uses the computer after you has access to that account. Yes, this applies to the iPad that you logged into Facebook on in the Apple store.

8. Public wifi
When using public wifi your connection is unsecured. Anyone can simply jump aboard and find out what you are doing on your device. Public wifi is therefore definitely not appropriate for online banking.

9. Dodgy downloads
Despite warnings since the dawn of the Internet, web users are still downloading files, software, or apps despite having no idea what they are or where they come from, potentially infecting their devices with malware or spyware for example.

10. Shortlinks
Link shorteners like are an essential part of sharing the latest news with the world on social networks, but how do you know where the link leads to? It could take you to a dodgy download or load a strictly NSFW (Not safe for work) Website.


Taxi and private mini-cab problems

Apparently the old trick of refusing fares by Taxi and mini-cab drivers due to distance travelled is rearing its ugly head again. We do not appreciate our ladies travelling alone being treated like this. If you hear of it happening, please leave a comment in the box below (you'll need to register and sign in first, links in the grey footer).

Best advice: Black cabs, make a note of the time place and driver number, then report it to the Police.

Link to Law

34. Duty of taxi driver to accept a fare (Act of 1831 s35 and s36; Act of 1853 s7 and s17; Act of 1968, s3; Order of 1972 para. 3)
A taxi driver, unless required by the hirer to drive more than 12 miles, or more than 20 miles in respect of a journey which begins at Heathrow Airport, London, or for a longer time than one hour, is under a duty to accept a fare:
(a) when his taxi is on a standing or rank appointed for that purpose; or
(b) when his taxi is found standing in any street or place not being a parking place (whether on a rank or not) and is not actually hired.
Refusal by the driver to accept a fare when his taxi is so found is an offence (Penalty Level 1). If the driver is summoned for such a refusal he will not be liable if he proves that he was actually hired at the time. Further, if he also proves that he so informed the would-be-hirer in civil and explicit terms, the justice before whom he appears may award him compensation for loss of time in attending to make his defence (Act of 1831 s35 and s36).

Link to lodge a complaint

Private mini-cabs

Link to TfL

Addison Lee cabs

- Seem to be a law unto themselves


Vehicle crime - protect yourself

This article has been reproduced from the Metropolitan Police website for the purpose of education

Did you know that...

  • Most vehicle crime is preventable. It can take as little as 10 seconds for a thief to steal something from your car. If at all possible, leave nothing on view.
  • NEVER leave valuable items in your car, including sunglasses, the removable radio cover and your Sat Nav. Do you really need all those things you keep in the glove box?
  • Wipe away the Sat Nav mark on your windscreen.
  • Consider fitting anti-tamper screws to your number plate or shattering plates.
  • Never leave your car keys where they can be seen from the front door.

Vehicle common sense


  • Close the windows and sunroof; lock the doors and activate any security devices when leaving your car unattended.
  • Park with care, particularly at night or if you are leaving the vehicle for a long time. If possible, park in a busy, well-lit area.


  • Leave cash, credit cards, chequebook, mobile phones, vehicle documents or other valuables in the car.
  • Never leave your keys in the car, even for a second - treat them as you would your cash and credit cards.

Buying a used car - Be prepared!


  • Ask to see proof of the seller's identity and address - an official letter or driving licence, for example.
  • Make sure the car's VIN matches that on the registration document (V5) - The VIN, formerly known as the chassis number, is a unique 17 character number issued to every vehicle by the manufacturer and can be found:
    • Stamped on the body chassis or frame.
    • On a manufacturer's VIN plate under the bonnet or fixed to the post between the front and rear doors.
    • On an additional plate fixed securely to the top corner of the dashboard where it can easily be seen through the windscreen - this is called a visible VIN.


  • Let the seller bring the car to you, as you may need to confirm their address details.
  • Buy a car without the registration document (V5) - make sure it has a DVLA watermark and has not been altered in any way.

Check it out

  • If in doubt, ask the AA, RAC or another reputable organisation to inspect the car before agreeing to buy.
  • You can check the car's history and second-hand status by calling Equifax HPI on 01722 422 422.


Link to original article


Comprehensive guides to shed, garage and garden security



Property marking

Identifiable property is less likely to be stolen

Identifiable property is more likely to be recovered

Identifiable property is more likely to be reunited with its owner

Identifiable property reduces the chance of theft and burglary

Identifiable property increases the risks to the thief of arrest

Identifiable property makes it more difficult for the thief to sell it on

Identifiable property increases the risks to the receivers and fences

Identifiable property enables police to link a criminal to the crime scene

Identifiable property provides valuable evidence for a prosecution

Identifiable property increases the probability of conviction

It's Mine! - A great source of security devices

Everything you could possibly need to know about property marking is at the Crime Prevention Website:



Private CCTV

CCTV systems are an important weapon to fight against crime. CCTV can be used to protect your business or your home against robbery and theft.

If you use CCTV to protect your home or business premises you should always maintain your system.

If you or your neighbour has a CCTV system, it is important to let the NPT know this, as they may capture information useful to the Police too.

 Digital CCTV

When using a digital CCTV system make sure you know how to view and download the footage as this may be important for future evidence and identification purposes. Please consider the following:

  • Do you know how long the images are stored for?
  • If you want to identify an offender can you see the face clearly, does it need to be focused in more or positioned better?
  • Make sure any CCTV system does not overlook neighbours or the public.
  • Is the lens on the camera clean?
  • Is anything in the way obstructing the lens?

CCTV tapes

If using CCTV tapes there are a few simple steps you can follow to ensure that CCTV is in good working order:

  • Change tapes daily.
  • Use them no more than 12 times.
  • Keep tapes for at least a month
  • Use good quality tapes and check them by playing them on a different machine.
  • Check that the time and date displays are correct.


Dangerous dogs

Any dog can be a danger to the public, but certain types of dogs are banned in the UK. If you own an unregistered banned dog you are committing a criminal offence. Find out which dogs are banned and what can happen if you illegally own a banned dog.

Dangerous dogs

Report a dangerous dog to your local NPT

It’s an offence to allow any dog to be dangerously out of control. For information on what ‘out of control’ means, see ‘Controlling your dog in public’.

In addition, the ownership of certain types of dog is banned:


Pit Bull Terrier

Japanese Tosa

Dogo Argentino

Fila Braziliero

It’s illegal to breed from, sell, abandon or give away a banned dog.

The legislation that covers dangerous dogs is the Dangerous Dogs Act 1991. Section 3 covers any breed, while Section 1 and 4b cover banned dogs.

What is a ‘type’ of banned dog?

Whether your dog is a banned type depends on what it looks like, rather than its breed or name

A dog type is not a breed. Whether your dog is a banned type depends on what it looks like, rather than its breed or name.

If your dog matches many of the characteristics of a Pit Bull Terrier, it may be a banned type. This is because dogs with these characteristics are more likely than other dogs to cause severe harm if they attack.

It won’t matter what type or breed a dog’s parents were. (Cross-bred and mongrel dogs can have the characteristics of a Pit Bull Terrier.)

Pit Bull type dogs

Pit Bull types may include the following dog breeds:

  • American Staffordshire Terriers
  • Irish Staffordshire Terriers
  • Irish Blue or Red Nose

Some kinds of American Bulldogs have been found to be Pit Bull types.

Staffordshire Bull Terriers

Staffordshire Bull Terriers are not listed in the Dangerous Dogs Act 1991. You are allowed to own this breed of dog. 

Knowing what type of dog you have

If you're not sure what type of dog you have, you should contact the police.

What can happen to banned dogs types

If your dog is a banned type, it can be seized even if it isn’t acting dangerously

If your dog is one of the banned types, the police or local council dog warden can seize (capture and keep) it even if:

  • it isn’t acting dangerously
  • there hasn’t been a complaint

The police may need a warrant (permission from a court) to do this. If your dog is in:

  • a public place, the police don’t need a warrant 
  • a private place, the police must get a warrant 
  • a private place and the police have a warrant for something else (for example, drugs search), they can seize your dog

Once seized, your dog will be kept by police until a decision is reached on whether it needs to be destroyed or released. This could take several weeks or months. You won’t be allowed to visit your dog.

Judging whether your dog is a banned type

A police or council dog expert will judge the type of dog you have and whether it is, or could be, a danger to the public. Your dog will then either be:

  • released 
  • kept in kennels while the police (or council) apply to a court

You can give up ownership of your dog but you can’t be forced to. If you do, your dog could be destroyed without you even going to court.

Going to court over a banned dog

It’s your responsibility to prove your dog is not a banned type

If you can’t prove your dog isn’t a banned type (or you plead guilty), you’ll be convicted of a criminal offence. This means you’ll receive a criminal record. You may be eligible for legal aid.

The maximum penalty for illegal possession of a banned dog is a fine of £5,000 and/or six months' imprisonment.

The court will either:

  • return the dog to you, if you prove it’s not a type of banned dog 
  • order that your dog is destroyed if it's judged to be a type of banned dog 
  • grant an exemption if it thinks your dog is not a danger to the public and put it onto the government's Index of Exempted Dogs

Index of Exempted Dogs

Your dog can only be added to the Index of Exempted Dogs (IED) following a court order.

Conditions of being on the IED

If your dog is put on the IED, it will have to be:

  • neutered
  • tattooed
  • microchipped
  • kept on a lead and muzzled at all times when in a public place
  • kept in a secure place so it can't escape
  • insured against injuring third parties

You'll have to pay for this.

As the owner, you must:

  • take out insurance against your dog injuring other people
  • be over the age of 16 to own or be in charge of the dog
  • show the Certificate of Exemption when asked by a police officer or local council warden, either at the time or within five days
  • let the IED know if you change address, or your dog dies

The Certificate of Exemption is valid for the life of the dog - as long as the above conditions are met.

© Crown copyright


All sorts of different frauds

So many different types, that Crimestoppers have focussed on the topic:


Contactless Credit/Debit cards

The questions Barclays, Visa and Amazon need to answer about contactless cards

Benjamin Cohen Technology Editor

23 contactless 602 2 The questions Barclays, Visa and Amazon need to answer about contactless cards

Thus far, we’ve had very little in the way of answers. Here are the big questions I want the Information Commissioner and the Department of Business who have condemned the findings to find the answer of for us consumers.

I’ve never been personally convinced about the sense of the contactless revolution at all. As someone who has been mugged in the past, I know that thieves can use my card to make small transactions without knowing my PIN.

Sure they can only use the cards in places like Pret A Manger and only until I report the cards stolen but they can use them none the less. This is a big issue for people who are pickpocketed and don’t realise it.

But the scary thing about our exposé is that you certainly wouldn’t realise that you have been electronically pickpocketed because you would still have your Barclays Visa card in your wallet. Nothing has gone missing and nothing would seem out of place until transactions appear on your statement.

1) Why aren’t Barclays contactless Visa cards encrypted or at least only giving partial information out?
We’ve been told that the guidelines for contactless cards recommend that not all of the details on the card are transmitted over the air. So for example, the card number is but your name isn’t. In the case of Barclays, for the multiple cards we tested, every piece of detail on the front of the card is transmitted. Why is this?

Barclays said the information we collated wasn’t of use because it didn’t contain all the details needed to make a transaction. But this isn’t true, we succeeded with the world’s largest online retailer.

Amazon refused to answer any questions, they didn’t return our multiple calls and emails over the course of the last week so we have a lot of questions.

2) Why does Amazon not check the name and address of card holders before processing payments?
We were surprised that Amazon processed our transactions using a Barclays Visa that didn’t belong to the person making the order. The name didn’t match and neither did the billing address. But the transactions went through without a hitch for physical product orders and also electronic orders that were downloaded immediately.

Some might argue that the physical orders would be unlikely to have been made by criminals because their home address would have been revealed. This isn’t quite true. Online fraudsters use a practise called ‘dead letter boxing’, basically using a delivery address that doesn’t exist. So for example in a building of 5 flats using the address ‘Flat F’ in the hope that a postman will leave the item in a communal area. Or they check into a cheap hotel, pay in cash and get items delivered to them under a fake name. £35 a night is well worth receiving a laptop for example.

When it comes to digital downloads like books or music, it’s pretty obvious that items never get sent to a real world address. Using open wifi or proxy server (which masks the real location of a user) makes it impossible for the police to track anyone down.

3) Why does Amazon not ask for the security code on the back of cards before processing a transaction?
Unlike most online retailers Amazon doesn’t ask for the three-digit so called CVV numbers on the back of your credit or debit card. We think we know the answer to this question but as Amazon hasn’t responded we can’t be sure.

One of the most important features of Amazon is “one click” shopping, where you can purchase an item without having to through loads of screens and forms. Like something? Order it in one click, then you won’t have to think about it very much.

But online shopping services are not allowed to store the CVV numbers along with credit and debit card details in their shopping cart systems. So it makes sense why Amazon might decide to skip this part of the system.

What we do know
Banks and credit card companies have to pay back the victims of fraud unless they have been reckless. It’s hardly your fault if someone bumps into you on the tube and steals your card details because Barclays contactless cards are not secure. This means that if a transaction is made in your name on a website like Amazon, the money will eventually get back to you. In the case of Amazon, because it doesn’t ask for the CVV numbers, we have been told that Amazon has to cover the losses because it doesn’t follow best practise.

Finally if you have a contactless card, you might wonder how you can make your card safe. One tip I’ve picked up is to wrap your card in tin foil. It basically messes up the signal and you should be safe from data thieves. There are some wallets and purses that claim to do this as well.



Blue disabled badge thefts

The Problem:

Callous thieves stealing blue parking badges from elderly and disabled in Redbridge

Wednesday, October 2, 2013
11:44 AM

Callous thieves are targeting blue parking badges used by elderly and disabled people.

Between January and December this year, 89 permits were stolen from vehicles in Redbridge, including some cars that were left unlocked.

Speaking to Ilford residents at an area committee seven meeting last week, Sgt Wayne McBride said police are launching a crackdown on theft from vehicles.

He added: “We’ve seen a huge increase in theft from motor vehicles, particularly blue badges.

“Parking charges have gone up so there’s been a rise in taking the badges.”

The badge scheme aims to help people with severe walking difficulties so that they can leave their vehicles close to shops or other places they need to visit.

Using a badge belonging to someone else when they are not in the car can be punished with a fine of up to £1,000.

Police advise permit holders to lock car doors and windows whilst the badge is in use and keep the badge out of view or remove it from the vehicle overnight.

A solution, by Criterion Packaging:

Blue Badge Protector - Single


Time’s up on Blue Badge Theft

Over 6000 Blue Badges were stolen from parked cars in 2004. It can take up to 6 weeks to replace disabled badges - leaving owners seriously compromised whenever they need to park their cars. This highly visable deterrant can help save all the hassle and stress associated with your car being broken into, and of course can save you the Insurance Excess to fix your window!


• Your Badge is locked into a steel case & protected by 5mm thick clear plastic.
• Sturdy Lock & flexible steel cable attaches the case securely to the steering wheel.
• Various lock lengths available.

This product on its own does not entitle the bearer to concessionary parking. Disabled badges shown are for illustration purposes only.





Subscribe to RSS - advice