Security Awareness

This won’t be long because I don’t have enough time. There are lots of discussions on whether or not awareness programs are worth the time, effort, and cost. The short answer is no. Most of them aren’t. Not because there is not value in making users aware but because the programs are crap. They are forced down users throat like a spoonful of Caster Oil. The only difference is that Caster  Oil works. There are those who say that awareness can be effective if done right and I’m one of those. The problem is that most companies don’t want to put the money or time into implementing a good program when they have seen dismal returns from their other programs. They assume that all programs will give the same return. That’s too bad.

So what do we do? Do we continue down the same path or do we try to find a solution that works? Obviously the second option is the ideal route but it takes time and effort that most of us just don’t have. Do we whine and gripe about how bad things are and tell others to stop wasting their time? That is irresponsible, but we have a pretty good track record of making irresponsible comments and it stokes the masses so why not.

We can’t give up on awareness because technology has failed us in protecting users just as much as users have failed us. We can’t turn our back on awareness and we can’t rely on technology and we can’t convince the business that implementing a good program will make a difference. So we have to come up with something else. Users have to know what is and isn’t good to do. They have to know that links and cute kittens can be evil. They have to know that their actions can take down a system or worse. They have to know that sending sensitive data over a hostile network or to a unprotected system can lead to loss of information. So we tell them. We don’t make them sit through stupid, boring videos. We don’t make them play dumb games that insult their intelligence. We don’t cover or walls with useless posters that no one bothers to read. Sure we can keep some of that stuff around for those who want them but that’s about it.

What we do is that people with respect and dignity. Give them the information they need to do their job in a safe and effective way. Expect them to make wise decisions and prepare for the times when they will be careless. If we expect them to be stupid they will and that is pretty stupid of us.  Just like the time you made changes to the firewall and forgot to save the config they will mess up. We deal with it and move on.

Social Networking Sites

These days nearly everyone uses at least one social networking site. Social networking sites potentially expose users to a myriad of security risks including social engineering and malicious code attacks.
So what can you do to try to protect yourself? Here are some tips from the United States Computer Emergency Readiness Team (US-CERT):

Limit the amount of personal information you post - Do not post information that would make you vulnerable, such as your address or information about your schedule or routine. If your connections post information about you, make sure the combined information is not more than you would be comfortable with strangers knowing. Also be considerate when posting information, including photos, about your connections.
Remember that the internet is a public resource - Only post information you are comfortable with anyone seeing. This includes information and photos in your profile and in blogs and other forums. Also, once you post information online, you can't retract it. Even if you remove the information from a site, saved or cached versions may still exist on other people's machines.
Be wary of strangers - The internet makes it easy for people to misrepresent their identities and motives. Consider limiting the people who are allowed to contact you on these sites. If you interact with people you do not know, be cautious about the amount of information you reveal or agreeing to meet them in person.
Be skeptical - Don't believe everything you read online. People may post false or misleading information about various topics, including their own identities. This is not necessarily done with malicious intent; it could be unintentional, an exaggeration, or a joke. Take appropriate precautions, though, and try to verify the authenticity of any information before taking any action.
Evaluate your settings - Take advantage of a site's privacy settings. The default settings for some sites may allow anyone to see your profile. You can customize your settings to restrict access to only certain people. However, there is risk that even this private information could be exposed, so don't post anything that you wouldn't want the public to see. Also, be cautious when deciding which applications to enable, and check your settings to see what information the applications will be able to access.
Use strong passwords - Protect your account with passwords that cannot easily be guessed. If your password is compromised, someone else may be able to access your account and pretend to be you.
Check privacy policies - Some sites may share information such as email addresses or user preferences with other companies. This may lead to an increase in spam. Also, try to locate the policy for handling referrals to make sure that you do not unintentionally sign your friends up for spam. Some sites will continue to send email messages to anyone you refer until they join.
Use and maintain anti-virus software - Anti-virus software recognizes most known viruses and protects your computer against them, so you may be able to detect and remove the virus before it can do any damage. Because attackers are continually writing new viruses, it is important to keep your definitions up to date.

Introduction – Social Networking and Security Risks

With any new tool or application, it is always important to keep a close watch on its security implications. Facebook comes with its own set of security concerns which can put your information systems and/or personal data at risk. This article will look at some of these risks and identify possible solutions to help protect you, your personal information and your company data.

Facebook - Three of the most popular features of Facebook are the ability to add Friends, update your status and run applications such as games and quizzes. A “Friend” is anyone on the Facebook network whom you allow to see various levels of personal information, such as job, birth date, photos, group membership, comments and list of other Friends. You can even play online games and keep others updated on your daily life. Friends can also see Friends of Friends, meaning individuals, whom you have officially befriended and may never have met, may have visibility into your personal information and whereabouts.

Updates - At the top of the user’s Facebook profile is the Update field, which allows the user to post a sentence or paragraph regarding any topic at any time. Here are some examples of updates that my Facebook friends have recently posted. These are very typical:

»» “Just received a job offer. Hooray!”

»» “I’m tired of all the rain.”

»» “Looking forward to the family vacation next week at Disney World.”

Although these might seem relatively harmless, the third bullet point could raise some concern. You have just told all your friends, as well as all their friends, that you will be away from home for a full week. This is comparable to putting a sign on the main road that shouts “Empty House” for passers-by to see. Even if you have a burglar alarm or neighbors keeping an occasional eye on the home, you still don’t want to create the temptation for strangers (Friends of Friends) to consider helping them to that wonderful, new 52” flat screen TV you just purchased.

Twenty things you didn’t know about me - Not long after I joined Facebook, I received a message from a Facebook Friend who had just created a list called “Twenty Things You Didn’t Know About Me.” I was then invited to read it, create one for myself and then notify others in turn. The list had questions I needed to answer so that my Friends could learn a little bit more about me. I had some initial concern as this seemed very much like a chain letter, and I never forward those. Yet, it also seemed harmless enough; I wasn’t being asked to send money or forward a false virus alert. I decided to give this a try and went through the bullet points. Here are some of the items that I was supposed to identify about myself:

»» What was my most embarrassing moment?

»» Have I ever played hooky?

»» What was the name of my first elementary school?

»» What was my favorite pet’s name?

In ordinary conversation with friends and colleagues, these are questions that we aren’t typically afraid to answer. But look more closely at the last two questions, and now think about the way that you may have set up your online bank account, Amazon.com profile or the access to your work’s Human Resources system. When setting up online accounts, in addition to creating a User ID and a password, you often provide answers to a set of “secret questions” that you need to answer if you forget your credentials. If you can answer the questions, you will receive the password (or a new one) and have full access to the system which likely contains very personal and sensitive information. Now consider what “secret questions” are often asked: “What was the name of your first elementary school?” “What was the name of your favorite pet?” By providing the personal information asked in these Facebook questionnaires, you may unwittingly be providing an easy channel for identity theft. Is it worth compromising your online bank account for the bit of amusement that Facebook provides? Probably not. If you still want to have fun with these questionnaires, then by all means do so. But be very careful about the type of information that you provide and how that information could be used if it fell into the wrong hands.

Applications - Facebook offers thousands of applications that its users can install and run. These applications include calendars that allow Friends to be reminded when it’s your birthday, tools to send Friends online greeting cards, quizzes on myriad topics and much more. Many of the applications were designed by Facebook end-users.

Although the applications on Facebook may look harmless, and in fact most probably are, there are always some that may deliver malicious content to your computer. This holds true not only to Facebook, but also to other social networking sites and to the Internet in general, when downloading from the web or opening attachments in email messages. Therefore, make certain that your computer has a proper and functional firewall, as well as up-to-date antivirus/anti-malware software, and only install or run these applications if they are from a trusted source or approved by your corporate IT department.

 

I'm Back!!!!

I am back and back with a vengeance. Time to write what I want when I want. Ok, so you think I am a bit nuts, mad, insane...NOT!!!! I am done with Facebook and have moved onto Google. I miss writing and its time to let everyone read what I have to say. So sit back and enjoy...


HOPPER!!!!

12-step security program

Good security advice can be hard to find. Lots of security experts offer help, but not all of their tips are accurate or up-to-date, and many address PC security only. So even if you follow their advice, you may be more vulnerable than you think. That's where this document comes in. I have assembled a dozen simple but essential tips--a 12-step security program--to keep your PC, smartphone, gadgets, and identity safe. The steps are practical and fairly easy to perform, so you can strengthen your security without losing your mind in the process.
1. Use Virtual Credit Card Numbers to Shop Online
You have good reason to be nervous when using your credit card number to shop online. After all, you may know little or nothing about the company you're buying from, and your credit card information is at risk of being comprom­ised in a data breach. Using a virtual credit card number is one way to make your Internet shopping excursions more secure.
Essentially a wrapper for your regular credit card or debit card account, a virtual card number is good for one use only. When you use the virtual number, the bank that supplied it charges your purchase to your regular credit or debit card, but hackers never gain access to the underlying credit card information.
Various financial institutions maintain some sort of virtual credit card program. Bank of America, for instance, offers a ShopSafe service, and Discover has a similar service built around what it calls a Secure Online Account Number. Check with your bank or card issuer to see what options are available. Alternatively, consider Shop Shield, a virtual card number service that you can use with any credit card or checking account.
2. Secure Your Wi-Fi
Is your Wi-Fi network at home password-protected? If not, it should be. You might not care if your neighbors use your Wi-Fi connection to surf the Web, but someone with more sinister motives could take advantage of your generosity (and lack of protection) to gain access to data stored on your home PCs.
The easiest way to guard against Wi-Fi interlopers is to encrypt your Wi-Fi network. Afterward you'll have to enter a password whenever you connect to your Wi-Fi network, but that's a small price to pay for improved security. Most Wi-Fi routers support WEP, WPA, and WPA2 encryption standards. Be sure to use either the WPA or WPA2 encryption settings, which provide a much higher level of security than WEP encryption.
Another safeguard is to set your router not to broadcast the SSID (your network's name). With SSID broadcasting disabled, your wireless network won't be visible to computers nearby, and only people who specifically know your network's name will be able to find it. The procedure for locking down your Wi-Fi will vary depending on your router's model and manufacturer. Check the router's documentation for instructions.
3. Encrypt Your Hard Drives
Hard drives and USB flash drives are treasure troves of personal data. They're also among the most common sources of data leaks. If you lose a flash drive, external hard drive, or laptop containing sensitive personal information, you will be at risk. Fortunately, en­­crypting your hard drive can give your data an extra layer of protection be­­yond setting up a system password. Encryption will conceal your drive's data and make accessing the files almost im­­possible for anyone who does not know your encryption password.
The Ultimate and Business editions of Windows 7 and Vista come with BitLocker, a tool that lets you encrypt your entire hard drive. If you don't have the Ultimate or Business version, another alternative is to use TrueCrypt, a free, open-source tool that can encrypt your entire disk, a portion of a disk, or an external drive. For its part, Mac OS X includes FileVault, a tool for encrypting your Mac's home folder; Lion, the next major Mac OS X release on the horizon, will be able to encrypt a whole hard drive.
Another option is to buy external hard drives and flash drives equipped with en­­cryption tools. Some of these drives have built-in fingerprint readers for additional security. See "Secure Flash Drives Lock Down Your Data" for more about secure flash-drive options.
4. Keep Your Software Up-to-Date
One of the simplest but most important security precautions you should take is to keep your PC's software up-to-date. I'm not talking exclusively about Windows here: Adobe, Apple, Mozilla, and other software makers periodically release fixes for various bugs and security flaws. Cybercriminals commonly exploit known vulnerabilities, and Adobe Reader is a constant target of such assaults.
Not infrequently, the latest version of a popular program introduces entirely new security features. For example, Adobe Reader X, the newest version of the company's PDF reader, uses something called Protected Mode to shut down malware attacks. If you still use an earlier version of Adobe Reader, you aren't benefiting from Reader X's security enhancements.
Most major commercial software packages come with some sort of automatic updating feature that will inform you when a new update is available. Don't ignore these messages; install updates as soon as you can when you're prompted to do so. It's a little bit of a hassle, but it can prevent major headaches later on.
5. Upgrade to the Latest Antivirus Software
If you're running antivirus software from two or three years ago, you should up­­grade to the most recent version, even if you still receive up-to-date malware signature files for the older edition. The underlying technology for antivirus software has im­­proved significantly in recent years.
To detect threats, antivirus products today don't rely solely on the traditional signature files (regularly updated files that identify the latest malware). They also use heuristic techniques to de­­tect and block infections that no one has seen yet. Given how frequently new viruses crop up in the wild, the ability to protect against unknown malware is critical.
Not sure what to use? Consult our latest reviews of antivirus software and security suites. And you don't even have to spend money to protect yourself, look at AVG Free.
6. Lock Down Your Smartphone
If you use your smartphone, your handset probably contains lots of personal information--e-mail addresses, photos, phone contacts, Facebook and Twitter apps, and the like. That accumulation of valuable data makes smartphones a tempting target for thieves and cybercriminals, which is why the smartphone is shaping up as the next big security battleground.
Android phones are already being hit with Trojan horses and other types of malware, and security experts agree that mobile malware is still in its infancy. Worse, many users don't think of their phones as computers (though that's what the devices are), so they don't take the same security precautions they would with a PC. If you haven't downloaded a security app for your Android phone, you should. Most smartphone security apps are free, and it's far better to have one and never need it than to get caught off-guard and exposed without one.
If you have an Android phone, the first app you should install on it is an antivirus program. Besides scanning for malware, mobile antivirus apps may support such features as a remote wipe (so you can securely remove all data stored on the phone if you lose it), GPS tracking (for locating your phone if you misplace it), and SMS spam blocking.
My favorite freebie in this category is the Lookout Mobile Security app. Lookout scans your phone for existing malware threats and automatically scans any new applications you install on your handset. Other popular antivirus apps, available for a subscription fee, are Symantec's Norton Mobile Security (beta version), AVG's Antivirus Pro, and McAfee's Wave­Secure
Because Apple's App Store takes a more restrictive approach to apps offered for sale there, iPhone owners generally don't have to worry as much about malware, though it's always possible for something to slip through the cracks. Apple hasn't allowed any proper antivirus applications into the App Store, either, but you do have some security options.
One is a device tracking and remote-wipe service from Apple called Find My iPhone. It comes as part of Apple's paid MobileMe service ($99 per year), but Apple also offers it to any iPhone, iPad, or iPod Touch owner, free of charge. With Find My iPhone, you can lock and remotely delete data stored on your iPhone, track the device via GPS, remotely set a passcode, and display an on-screen message with an alarm sound (so you can find it if you misplace it around your house or office).
One more tip: When choosing a mobile antivirus program, it's safest to stick with well-known brands. Otherwise, you risk getting infected by malware disguised as an antivirus app.

7. Install a Link-Checker Plug-In
Security threats may lurk in seemingly innocuous Web pages. Le­­gitimate sites may get hacked, cybercriminals game search engines to make sure that their infected pages come up in searches for hot topics (a technique known as "search engine poisoning"), and seemingly safe sites may harbor malware. Although you have no way to guard against these attacks completely, using a link checker can help protect you from many of them.
Link-checker tools typically show small badges next to links in search results and elsewhere to indicate whether a site is trustworthy, dangerous, or questionable. Many such tools also add a status indicator to your browser's toolbar to signal the presence of any problems with the site that you're currently visiting.
Various options are available: AVG LinkScanner, McAfee SiteAdvisor, Symantec Norton Safe Web Lite, and Web of Trust are all available for free. Many security suites come with a link scanner, too.
8. Don't Neglect Physical Security
A thief can snatch an unattended laptop from a desk and walk away in a matter of seconds. And a thief who has your laptop may have access to your files and personal information. A notebook lock won't prevent someone from cutting the cable, but it can deter crimes of opportunity.
Kensington is probably best-known for its notebook locks; it offers an array of locks for laptops and desktops. Targus is a second vendor that specializes in laptop security gear, including one lock that sounds an alarm when someone tries to pick up the attached laptop or cut the lock cable.
Prying eyes are a common security hazard. To prevent unauthorized viewing of your data when you step away from your desk, always lock your screen before leaving your PC unattended. To do this, simply hold down the Windows key and type the letter L. This will bring up the lock screen. To get back to work, press Ctrl-Alt-Delete, and enter your login password at the prompt.
Another way to shield your screen is to install a privacy filter over the display. These filters fit directly on a monitor so other people can't peer over your shoulder and see what's on the screen. A privacy filter may be particularly useful if you work in an "open" office that lacks cubicle walls. Various companies sell these filters, including Targus, 3M, and Fellowes.
9. HTTPS Is Your Friend
When you're browsing the Web, protect yourself by using HTTPS (Hypertext Transfer Protocol Secure) whenever possible. HTTPS encrypts the connection between your PC and the Website you're visiting. Though HTTPS doesn't guarantee that a site is secure, it can help prevent other parties from hacking into the network and gaining access to your account.
Many sites use HTTPS by default: When you purchase an item online or log in to online banking, for instance, your browser will probably connect to the site via HTTPS automatically. But you can go one step further by enabling HTTPS on Facebook, Twitter, and Gmail.
To use Facebook's HTTPS feature, log in to Facebook and click Account in the upper-right corner. Select Account Settings from the drop-down menu, and look for ‘Account Security' on the resulting page. Under the Account Security heading, click Change, check the box next to Browse Facebook on a secure connection (https) whenever possible, and click Save.
For Twitter, first log in to your account. If you're using the new Twitter interface, click your account name in the upper-right part of the screen, and select settings. (If you're still using the old Twitter interface, click the Settings link in the upper right of the window.) From there, scroll down to the bottom of the resulting page, check the box next to Always use HTTPS, and click Save.
To enable HTTPS on Gmail, log in to your account, click the gear icon in the upper-right corner, and select Mail Settings from the drop-down menu. Next, under the Browser Connection heading, select the button labeled Always use https. When you're all set, scroll to the bottom of the page and click Save Changes. To learn more about Gmail security, visit Google's Gmail Security Checklist page.
10. Avoid Public Computers and Wi-Fi
As convenient as free Wi-Fi and publicly available computers may be at, say, a public library or café, using them can leave you and your personal information exposed. Public computers might be infected with spyware and other types of malware designed to track your movements online and harvest your passwords.
The same is true of open Wi-Fi networks. Cyberthieves may set up rogue Wi-Fi networks that look legitimate (for instance, one may be named for the café that you're visiting) but enable the crooks to collect your personal information. Even legitimate open Wi-Fi networks may leave you vulnerable. For an example, look no further than the Firesheep plug-in for Firefox, which allows just about anyone to hijack log-in sessions for various social networks.
Sometimes, you may have no choice but to use a public computer or Wi-Fi network. When you do, don't use it to check your e-mail or social network accounts, conduct online banking, or perform any other action that entails logging in to a site.
11. Be Password Smart
You probably know already that using obvious or easy-to-discover passwords like "password" or your pet's name is a bad idea. But how can you make your passwords significantly more secure?
First, you need to use a different long, strong password for each account. Hackers often attempt to break into accounts by employing a "dictionary attack," which involves using words straight from the dictionary to guess your password. So don't use standard words as your passwords; instead, try creating them from a combination of letters, numbers, and symbols. And don't simply replace letters in a word with a symbol (for example, using the @ symbol in place of an A); it's too common a trick. You can also strengthen your passwords by using a mix of lowercase and capital letters.
Basically, the more complex a password is, the better. But try to use something that you'll be able to remember--a mnemonic of some sort that incorporates various alphanumeric symbols--and that nobody but you would know.
Remembering multiple passwords can be a challenge, which is why many people find that a good password manager is indispensable. KeePass is a good, free password-management option that works on Windows and Mac OS X systems.
12. Check Your Credit Report Each Year
Unfortunately, even if you do everything right, bad guys might still succeed in stealing your identity. After all, you can control who has access to your personal information, but you can't control how well a company that you do business with secures its personal-data records.
Nevertheless, you can limit the damage that would result from undetected identity theft by checking your credit report regularly. Periodically checking your credit report is a good way to make sure that no one has opened credit card or bank accounts under your name.
If you are a U.S. citizen, you're entitled to receive one free credit report every 12 months from each of the three major credit agencies--Equifax, Experian, and TransUnion--via AnnualCreditReport.com. The service will let you examine and print out your credit report for free, but if you want to obtain your actual credit score, you'll have to pay for it. Since your freebie credit report is just a once-a-year affair, it's a good idea to insert a reminder in your calendar to check in again with AnnualCreditReport.com in 12 months

Random Thoughts...

Soon silence will have passed into legend. Man has turned his back on silence. Day after day he invents machines and devices that increase noise and distract humanity from the essence of life, contemplation, meditation...tooting, howling, screeching, booming, crashing, whistling, grinding, and trilling bolster his eg...o. His anxiety subsides. His inhuman void spreads monstrously like a gray vegetation

Three Persistent Security Myths

I have this Friend, and you probably know someone like this too—the one that is always sending forwards even though you asked them to stop 10 years ago, and even though you’ve told them that forwarded messages can present safety risks online.
Besides the fact that netiquette has been well established and widely understood for years, and these friends (or relatives) are being impolite by spamming you, the more important fact is the messages also present a security risk, for individuals as well as organizations.
After the most recent forwarded link, I mentioned to my Friend that I hoped she had good security software. Her response: “My friend sent this to me. It’s a valid clip/link and virus free.”
And I just had to shake my head at the security fallacies in those brief statements. I hate to be the smart-ass of the family who tries to lecture or educate the less tech-savvy, but I also don’t want to see my relatives fall victim to dumb social engineering scams. Now, this particular link probably was virus-free and safe enough, but when someone continually sends links and forwards, I start to worry they don’t know how to stay safe online.
So, what’s a conscientious security professional or blogger to do?
I’d love to hear your approaches and comments on this topic. For now, I’m going to try breaking down the myths that seem to persist, and see if I can think of a way to quietly explain the issue.
1. “My friend sent this to me.”
Of course you trust your friend, but that doesn’t make it safe to always trust the links they send out. First, the link could contain a virus or malware that your friend doesn’t know about either. Say your friend’s coming down with a cold, but doesn’t know it yet. You both share a drink at a café—two days later, you both get sick because your friend passed the cold on to you. Same idea.
In computers, it’s even more dangerous, because you may never know you’re sick. Spyware, for example, is designed to watch what you do and send information to the hackers about your online behavior, or even about your passwords. Malware can install itself on your computer without your even knowing. Many people get infected with software that forms a network with other computers, called a botnet. When the hacker contacts all those computers, they can be activated and do whatever he wants—like send messages from your computer to your friends.
These hackers don’t want your or friends to know you’ve been hacked. Your computer might just slow down a few hours a day…because it’s being used secretly by someone else. They can change your security settings, see your passwords, or even corrupt your files and shut down your computer without your permission.
If your password information is stolen, hackers can access your accounts and send forwarded links and emails to your friends without your even knowing. Those messages can contain more malware that installs on your friends’ computers, or spreads through your accounts.
Of course we trust our friends. But that doesn’t mean that our friends won’t have problems online, or that they won’t get infected.
2. “It’s a valid clip/link.”
Images, documents, and all sorts of valid files are used to send viruses and malware to users. The most popular are PDFs and Microsoft Office documents lately, but picture and video files can also be suspect—and for many years it was images most of all that were most dangerous. The link might contain something useful, entertaining, or even work-related. Just because the link works and does what you expect it to, doesn’t mean that it’s safe. It could also contain other problematic files– while you’re being entertained or even learning a fun factoid, something bad might be happening in the background…
3. “And it’s virus-free.”
Again, just because it works and your friend sent it, you can’t assume it’s virus free.
First, did you scan it for viruses? If your scanner says it’s virus-free, how well do you trust your scanner? Many well known and popular anti-virus programs, even if they’re mostly reliable, can’t pick up every infection. Additionally, viruses aren’t the only problems you have to worry about online.
Everyone—hey, even MAC users—should get themselves a good anti-virus/malware program and check regularly for updates. But it’s also good to keep in mind that even the best program won’t always protect you. The best defense is being careful about what you click, and what the source is.

Most of us will be going grocery shopping or other types of shopping this weekend. Here are a few things to do to keep yourself entertained...
1. Take 24 boxes of condoms and randomly place them in other people's carts when there not looking.
2. Set all the alarm clocks in Housewares to go off at 5-minute intervals.
3. Make a trail of tomato juice on the floor leading to the women's restroom.
4. Walk up to an employee and tell her in an official voice, 'Code 3 in
Housewares. Get on it right away'. This causes the employee to leave
his/her assigned station and receive a reprimand from his/her Supervisor that in
turn results with a union grievance, causing management to lose time and
costing the company money
5. Proceed to the Service Desk and try to put a bag of M&Ms on layaway.
6. Move a 'CAUTION - WET FLOOR' sign to a carpeted area.
7 When a clerk asked if they can help you begin crying and
scream, 'Why can't you people just leave me alone?'
8. Look right into the security camera and use it as a mirror
while you pick your nose.
9. While handling guns in the hunting department, ask the
clerk where the antidepressants are.
10. Dart around the store suspiciously while loudly humming the 'Mission Impossible' theme.
11. Hide in a clothing rack and when people browse through, yell 'PICK ME! PICK
ME!'
12. When an announcement came over the loud speaker, assume a fetal position and scream 'OH NO! IT'S THOSE
VOICES AGAIN!'


And maybe my favorite...

Go into a fitting room, shut the door, wait awhile, then yell very loudly, 'Hey! There's no toilet paper
in here.'