Monthly Archives: October 2013

Ethical Hacking as a career – What do you want to be when you grow up?

Global Montreal TV News October 24, 2013

We’ve all heard this question. And, in all likelihood, chances are that you probably dabbled with the idea of becoming an astronaut or a superhero as a kid. In high school, you may have been dead-set on becoming president. Of course, by the time college graduation rolls around, many of us have moved on to more realistic career goals.

But with our hyper-connected world moving a mile a minute these days, the tried-and-true professions that everyone pursues today could quickly become a thing of the past.

So what does the future hold? Ever heard of ethical hacking? Yeah, neither had we. We spoke to Thomas Frey, author of “Communicating With the Future,” to suss out the six quickly growing power professions of the future that you should know about. Now tell us again: What do you want to be when you grow up?


2. Ethical Hacker

How can a hacker be ethical? It turns out that many companies hire these experts to purposefully hack systems in order to pinpoint problems in security measures before their less-ethical counterparts get the chance. You can even become a Certified Ethical Hacker (CEH), a professional who’s tasked with network policy creation, intrusion detection and virus creation.

Terry Cutler is a co-founder of Digital Locksmiths, Inc.( — an IT security and data defense firm based in Montreal — and serves as the company’s Chief Technology Officer. Terry’s career in the IT security space prior to his joining Digital Locksmiths has been long and distinguished. He was most recently a Premium Support Engineer for Novell in Canada where he analyzed network vulnerabilities and transitioned security technologies into production, and before that he held digital security leadership roles with a number of large corporations. Through the International Council of Electronic Commerce Consultants (EC-Council), Terry earned the rank Certified Ethical Hacker in recognition of his having mastered a range of industry best practices to thwart hackers by knowing how they think and operate from the inside out. In addition to being a licensed private investigator in Canada, Terry is an active member of both the High Technology Crime Investigation Association and the Center for Internet Security. An internationally known author, trainer, speaker, and security consultant, Terry has appeared in numerous television and radio programs and is very active on the conference circuit. More at


Digital Locksmiths Strengthens its Security Platform with Innovative Technology from PaulDotCom Enterprises

Turning the tables on present day hackers and attackers with real-time location and identity tracking capabilities

Original source

Montreal, Quebec (PRWEB) October 16, 2013

Digital Locksmiths, a leading provider of technology solutions that secure corporate and private data for organizations worldwide is pleased to announce a unique partnership with PaulDotCom Enterprises, integrating industry changing Active Defense Technology (ADT) into the Digital Locksmiths Security, Privacy, Electronic, Concierge® (S.P.E.C) cloud security platform.

A partnership designed to bring cyber attackers to their demise by combining the proven ecosystem of S.P.E.C with real-time location and identity tracking capabilities of ADT.

“We are very excited about this partnership with Digital Locksmiths. It enables the offensive countermeasure technologies to be used by a wider audience and embeds into different demographics,” said Paul Asadoorian, founder of PaulDotCom.

The S.P.E.C. Active CounterMeasures was designed to enable organizations to collect the intelligence needed to evaluate the attack methods, and fine tune their security measures and investments in shoring up their layered security strategy.

“If the bad guy falls into these traps, we can quickly identify the attacker’s tools, strategy and level of skill – a potent combination of information to be used against them,” said John Strand of PaulDotCom.

This advanced technology allows for a proactive approach in dealing with cyber warfare. In many instances, the analysis of an attack or breach is done after the fact – after the damage has occurred.

“Can you imagine going to law enforcement and being able to say, ‘Here is the real IP address and port number, latitude, and longitude of the person that attacked our site,’” said Terry Cutler, Chief Technology Officer, Digital Locksmiths. “And we did it legally. That is incredibly powerful, and this is what we’re talking about whenever it comes to turning the tables on the bad guy,” says Cutler.

Get started at

For further information:

Editorial Contacts:

Terry Cutler
Digital Locksmiths
888-HACK-514 x 24

John Strand
PaulDotCom Enterprises

About Digital Locksmiths
Digital Locksmiths is an action leader in the holistic application of security services for both government and private sector clients, especially those in the telecommunications. We aid in the implementation of state-of-the-art security technologies combating risks to integrity, trustworthiness and availability of critical information data and systems not only for the company but also for individuals. We believe in security at the forefront of everything we do, helping our customers become more competitive through the smart use and application of technology. 1-888-HACK-514

About PaulDotCom
PaulDotCom is an organization dedicated to security, hacking, and education. It encompasses weekly podcasts, monthly webcasts, security consulting, and numerous articles, papers, and presentations. Their mission is to provide free content within the subject matter of IT security news, vulnerabilities, hacking, and research. They strive to use new technologies to reach a wider audience across the globe to teach people how to grow their security knowledge.


Yahoo Recycled Emails: Users Find Security Surprises

Original source :

Some Yahoo users who took advantage of recycled IDs report they’re getting emails intended for the old account holders — including personal data.

by Kristin Burnham – Senior Editor,

Terry Cutler CTO Digital Locksmiths Certified Ethical HackerWhen Tom Jenkins, an IT security professional, learned in June that Yahoo planned to free up abandoned account IDs, he jumped on the opportunity to request a nickname he’s had since high school. He was thrilled when Yahoo emailed him in August to say the ID was available.

“I had tried periodically to obtain this email address, but I was never able to do it,” Jenkins said in an interview. “I was aware that these Yahoo IDs were once owned by someone else, but I was pretty surprised by the types of emails I immediately started getting.”

In less than a day, emails intended for the original account owner hit his inbox. Among them were marketing emails from retailers and catalogs, which were a nuisance, he said. But then came the emails with sensitive personal information: messages from the former Yahoo account holder’s Boost Mobile service, which included the account and pin numbers; emails from a Fidelity investment account; Facebook emails; Pandora account information; and more.

[ Need new ways to lock down your smartphone? See 9 Android Apps To Improve Security, Privacy. ]

Jenkins and other users who have obtained recycled Yahoo email IDs say, based on what they see in their inboxes, that identity theft concerns exist.

“I can gain access to their Pandora account, but I won’t. I can gain access to their Facebook account, but I won’t. I know their name, address and phone number. I know where their child goes to school, I know the last four digits of their social security number. I know they had an eye doctor’s appointment last week and I was just invited to their friend’s wedding,” Jenkins said. “The identity theft potential here is kind of crazy.”

Neil Harris, a software executive, also signed up for a recycled Yahoo ID. A Yahoo user for many years, Harris wanted a new username that was easier to remember than the one he currently had.

On the first day he logged into the account, he found that Yahoo merged his former account with the new one, giving him one inbox that funneled emails from both accounts. That wouldn’t have been a problem, Harris said, if it weren’t for the misdirected emails he suddenly started receiving.

“I immediately got email addressed to the [former] account owner and the nature of them made me uncomfortable,” Harris said in an interview, noting that a number of emails were from men looking to meet up with a woman.

In the following weeks, Harris was sent emails from department stores, including emailed receipts from recent purchases at Nordstrom. He also received timecards that detailed mileage reimbursements and included the former account holder’s name and address.

“It seemed odd to me that this email was coming from all over. It’s clear that while the owner supposedly hadn’t logged in in a while, she was still actively giving out that email address,” Harris said.

They’re not alone: Scott Newman, a Web developer, also signed up for one of Yahoo’s recycled IDs. “I thought it was a cool idea because when you’re standing at Williams-Sonoma and they ask for your email address it would be easier to give them something that made more sense than what I had,” he said.

Personal emails intended for someone else began arriving within the first day of account usage, Newman said.

“It started off with some stuff from catalogs and clothing companies and I thought, ‘That’s fine, I’ll just unsubscribe.’ I figured I’d have to deal with a little of that,” Newman said in an interview. “But then I started getting emails with court information, airline confirmations, a funeral announcement saying someone had just died — it was nuts.”

Yahoo’s initiative to free up dormant accounts began in mid-June when the company first announced its plan. “Today, I’m excited to share with you our next big push: We want to give our loyal users and new folks the opportunity to sign up for the Yahoo ID they’ve always wanted,” wrote Jay Rossiter, senior VP of platforms, on the company’s Tumblr. A Yahoo ID is a user name that lets you access all of the company’s personalized services, such as messenger, email and more.

Yahoo said it would alert users who had been inactive for at least 12 months and instruct them to login to their accounts if they wanted to keep them. Accounts that remained dormant would be recycled and up for grabs.

In July, Yahoo opened up a wish list where users could name their top five choices for a username. Come August, Yahoo would contact them if one of their IDs was available and send them instructions to claim it within 48 hours.

Almost immediately, privacy advocates and security analysts criticized Yahoo’s initiative. Some called it “an underhanded and risky way to get people to re-engage with Yahoo,” while others called attention to the real potential for others to take over people’s identities via password resets and other methods.

Following the criticism, Yahoo released a statement reaffirming its confidence in the initiative and shedding more light on the steps it would take to ensure privacy and security. The company said that personal data and private content associated with the accounts would be deleted and would not be accessible to the new account holder.

“To ensure that these accounts are recycled safely and securely, we’re doing several things. We will have a 30-day period between deactivation and before we recycle these IDs for new users. During this time, we’ll send bounce-back emails alerting senders that the deactivated account no longer exists. We will also unsubscribe these accounts from commercial emails such as newsletters and email alerts, among others. Upon deactivation, we will send notification for these potentially recycled accounts to merchants, e-commerce sites, financial institutions, social networks, email providers and other online properties.”

In July, Yahoo followed up with more details about its security efforts. The company said it would work with businesses to implement a “Require-Recipient-Valid-Since” (RRVS) header. If you submit a Facebook request to reset your password, for example, Facebook would add the RRVS header to the reset email, and the new header would signal to Yahoo to check the age of the account before delivering the mail. If the values don’t match, the email would bounce.

Yahoo’s security measures appeared sound in theory, said Gant Redmon, general counsel and VP with privacy and security company Co3 Systems, but failed in practice.

Yahoo’s idea was problematic from the start, Redmon said. “I can understand why Yahoo would want to do it: It’s a legacy email service that they’re trying to turn around and generate more interest in. But the initiative is troublesome,” he said in an interview. “Email has become a primary identifier because no two people are supposed to have the same email address. When you sign up for it, you think it’s yours for life.”

However, Terry Cutler, chief technology officer at IT security company Digital Locksmith, said he’s surprised that Yahoo’s security measures allowed for such a slip in the examples of Jenkins, Harris and Newman. “Yahoo seems to have done it right,” Cutler said in an interview. “They did the right thing by shutting down accounts for a period of time, which should have helped to clean them up. But something’s clearly not working, and that’s a big problem.”

Though Yahoo’s security measures weren’t effective for everyone, Redmon said the company isn’t liable for the misdirected personal emails. “Businesses are in trouble when they lose personal information they collected and were entrusted with, but that doesn’t fit the Yahoo scenario,” he said. “Yahoo hasn’t lost or disclosed information they shouldn’t have. They’re not responsible for the fact that it was disclosed to a third party — the user is.”

Yahoo performed what Redmon calls a “risk shift”: Yahoo transferred the burden of responsibility to the customer by requesting that the person log in to ensure the account remained active.

In a statement to InformationWeek, Dylan Casey, senior director of platforms at Yahoo, said that the company has received minimal complaints from recycled-account holders. “We take the security and privacy of our users very seriously. We have heard from a very small number of users who have received emails through other third parties which were intended for the previous account holder,” he said. “We are continuing to work with companies to implement the RRVS email header standard that we published to the [Internet Engineering Task Force].”

Today, Yahoo charges $1.99 for you to request up to five usernames on Yahoo’s Watch List. Jenkins, who signed up when it was free, said that the hassle of dealing with the misdirected email — which totals between six and 10 messages a day, in addition to the “boatloads” of junk email — hasn’t been worth it. He’s considering shutting down his account.

Harris, whose two Yahoo accounts were merged into one, said it took four phone calls and about four hours with Yahoo customer service to separate the two accounts and close the recycled one. “They were really helpful considering it’s a free service, but they had a lot of trouble figuring out how to do it.”

Newman said he’s actively filtering the former account holder’s email with hopes that the volume will eventually decrease. “I’m using the new account mostly for unimportant email because I’d probably go crazy trying to figure out what email is supposed to be mine and theirs,” he said. “It’s kind of disappointing because it’s a great username to have, but I don’t want to work this hard for it. Plus, getting someone else’s mail just feels gross.”

Those peeks into other people’s personal lives leave Newman and Jenkins uneasy about Yahoo’s continuation with recycled accounts, and concerned for others whose accounts may have closed.

“The most distressing part for me is that because I’m a Web developer, I know how easy it could be to reset all their passwords. It’s scary to think about the damage I could do,” Newman said. “Just yesterday I got an email confirmation for an apartment application. I could have canceled someone’s apartment.”

Jenkins said the opportunities for hackers are his biggest concern. “In some ways, the former user should be lucky that I’m getting this email because I would never do anything bad with it. But this whole situation made me nervous about my other email addresses. What happens when I stop using them?”