http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyId=12&articleId=9017825&intsrc=hm_topic
OK - so you're at this fashionable hotel - either staying or picking up someone - and you whip out your fashionable laptop, the one with diamonds and rubies encrusted on the logo that screams "YUCK!"
You power it up, and as expected, the 'top finds a few free networks (unsecured, of course, for easy exploitation). You connect to one of them start surfing. The name of the access point matches the name of the hotel, so there are no second thoughts of any warning bells in your head giving you an impromptu migraine.
Three days later, all of a sudden, you notice your email account has been hijacked, and also your credit cards. Hmmm how could this happen?
It could happen because the shifty-eyed person that was sitting just a few feet away from you WAS the access point and he simply named his AP the same as the name of the hotel to fool you.
This method of attack is virtually impossible to detect because the entire AP can be brought down by the attacker in a matter of seconds. So there is no trace of his presence.
How do you protect yourself? Simple - do not use any unsecured connections that appear 'free' - if in doubt ask the company about their WiFi policies and the name of their AP. Plus, warn them if you find an AP with a similar name or the same name. Be careful about submitting any sensitive data over these lines, and definitely do not submit passwords/SS numbers/medical/financial information. Use it to surf aimlessly while waiting for your date, but don't go beyond that. It's not worth it.
Be safe!
Wednesday, April 25, 2007
Friday, April 20, 2007
Universal Security Blunder?
There's been a spate of news concerning the threats posed by USB devices - including devices such as iPod, Zen etc. The main threat is that data could be very easily stolen using these seemingly harmless and innocuous devices.
Other threats may soon include viruses and trojans happily hopping from iPod to iPod, iPod to computer, and computer to computer.
When I say iPod I refer to the general class of such disk-based entertainment devices - sheer laziness and not any bias makes me refer to them so (I'm a huge fan of Apple's!).
A typical such device comes with a disk that's at least a few GBs, so it's not that difficult to steal large files using the USB ports.
Most companies permit employees to take their laptops with them - else what's the point of having one! The biggest problem is not that the laptop itself will go missing (which is an obvious threat) but that the data will be stolen (can't catch that unless you really audit the machine or install special tools to monitor data transfer). Now, with USB2.0 and FireWire, even GBs of data can be copied in minutes.
How do you protect against such an invisible, internal attack?
* Use software to lockdown the USB ports
* Educate employees on USB safety and security
* Order machines that have the ports disabled or not configured
* Glue them shut if all else fails
In any case, before we fall into this hysteria and become part of the USB-banning mob, we should give some thought to the level of crimes that occur using USB ports. How many people steal data using USB drives vs via hard copies of documents, CD-RW disks, email, illegal upload to online backup sites...the list is endless.
So, what do you learn from this? Definitely, USB ports are a threat, but maybe not to the extent that people make it out to be. At least not yet. Or maybe it already is, and we just haven't realized it yet.
Be safe!
Other threats may soon include viruses and trojans happily hopping from iPod to iPod, iPod to computer, and computer to computer.
When I say iPod I refer to the general class of such disk-based entertainment devices - sheer laziness and not any bias makes me refer to them so (I'm a huge fan of Apple's!).
A typical such device comes with a disk that's at least a few GBs, so it's not that difficult to steal large files using the USB ports.
Most companies permit employees to take their laptops with them - else what's the point of having one! The biggest problem is not that the laptop itself will go missing (which is an obvious threat) but that the data will be stolen (can't catch that unless you really audit the machine or install special tools to monitor data transfer). Now, with USB2.0 and FireWire, even GBs of data can be copied in minutes.
How do you protect against such an invisible, internal attack?
* Use software to lockdown the USB ports
* Educate employees on USB safety and security
* Order machines that have the ports disabled or not configured
* Glue them shut if all else fails
In any case, before we fall into this hysteria and become part of the USB-banning mob, we should give some thought to the level of crimes that occur using USB ports. How many people steal data using USB drives vs via hard copies of documents, CD-RW disks, email, illegal upload to online backup sites...the list is endless.
So, what do you learn from this? Definitely, USB ports are a threat, but maybe not to the extent that people make it out to be. At least not yet. Or maybe it already is, and we just haven't realized it yet.
Be safe!
Monday, April 16, 2007
Keeping Children Secure on the Net
http://www.mercurynews.com/business/ci_5677788
An inspiring read - however, the parents simply talk about online security. Here are the concerns:
1. Kids will be exposed to images/video/text that are totally inappropriate or even dangerous
2. Kids will download spyware and assorted malware/adware because they surf in ignorance
3. Kids are in danger from predators
4. Kids will communicate with anyone that seems friendly or offers comfort or shows interest or praises them (most kids nowadays are starved of love and attention because both parents typically work) - and provide easily identifiable information
How do you watch them?
Some tips:
1. Do not give them their own personal computer till they are at least 17
2. Do not let them take the computer to their room
3. Force them to interact with websites in 'public' - meaning the living room
4. Inform them that you have Internet monitoring software and that you know what they are doing anytime they're online
5. Monitor the sites they visit, noting down what they post and who they interact with on social networking sites
6. Have regular chats with them making them understand the dangers of being online without sufficient knowledge to protect oneself
7. Educate them on what the dangers are and how to spot them
8. Disable installation of all programs, and disable the USB ports
9. Give them a user id that has severely restricted access
10. Do not give them the password that'd enable them to go online
11. Do not let them go over an hour online per day - it's too much of a waste of time
12. And finally, watch out for any warning signs that may indicate unhealthy exposure of any sort
Be safe!
An inspiring read - however, the parents simply talk about online security. Here are the concerns:
1. Kids will be exposed to images/video/text that are totally inappropriate or even dangerous
2. Kids will download spyware and assorted malware/adware because they surf in ignorance
3. Kids are in danger from predators
4. Kids will communicate with anyone that seems friendly or offers comfort or shows interest or praises them (most kids nowadays are starved of love and attention because both parents typically work) - and provide easily identifiable information
How do you watch them?
Some tips:
1. Do not give them their own personal computer till they are at least 17
2. Do not let them take the computer to their room
3. Force them to interact with websites in 'public' - meaning the living room
4. Inform them that you have Internet monitoring software and that you know what they are doing anytime they're online
5. Monitor the sites they visit, noting down what they post and who they interact with on social networking sites
6. Have regular chats with them making them understand the dangers of being online without sufficient knowledge to protect oneself
7. Educate them on what the dangers are and how to spot them
8. Disable installation of all programs, and disable the USB ports
9. Give them a user id that has severely restricted access
10. Do not give them the password that'd enable them to go online
11. Do not let them go over an hour online per day - it's too much of a waste of time
12. And finally, watch out for any warning signs that may indicate unhealthy exposure of any sort
Be safe!
Even More Privacy Issues
http://www.buffalonews.com/185/story/54888.html?imw=Y
When you donate your old, pathetic, and mostly useless computer, keep one thing in mind: the disk. Forget everything else - just go after the data. Whitewash as much as possible. Many good software can accomplish the task painlessly, and they're worth the investment.
You simply do NOT want someone to have access to private data (SS numbers, medical records, employment details, financial data) etc. If they're a nice person as the one in the story above, you won't lose anything. However, if an ID thief buys up your computer from the local donation center, who knows what he can turn up? And imagine what he could do with it - a virtual goldmine of data begging to be (mis)used.
The main problem is (as it is everywhere else) lack of data awareness, and fear (even disdain) of technology itself. Luddites that may pride themselves on their 'simple' life have NO idea how vulnerable they are, every time they encounter technology that gets and/or dispenses private data.
You are SAFE if and only if:
1. You do not have an SS number
2. You do not exist
3. You are a wandering saint
4. You have NOTHING to lose - not even your identity
So, before you chuck that computer of yours for a tax write-off, download a good disk-cleaning software, and scrub as much as possible. Remember - deleting files or moving them to the Recycle Bin or emptying the RB has no effect. The data is simply marked to be overwritten but the data itself is still there - invisible, but there, and can be very easily read by someone sophisticated enough to know how to run the right tool.
Whitewashing a disk usually consists of writing garbage over and over again to the disk (or writing 0s) until there is nothing left to read.
Next time you donate a computer, whitewash the heck out of it. And when you buy a used computer, clean it the same way and then install a fresh OS on it. You don't want to see/read/hear someone else's secrets just as you don't want yours to be exposed.
Be safe!
When you donate your old, pathetic, and mostly useless computer, keep one thing in mind: the disk. Forget everything else - just go after the data. Whitewash as much as possible. Many good software can accomplish the task painlessly, and they're worth the investment.
You simply do NOT want someone to have access to private data (SS numbers, medical records, employment details, financial data) etc. If they're a nice person as the one in the story above, you won't lose anything. However, if an ID thief buys up your computer from the local donation center, who knows what he can turn up? And imagine what he could do with it - a virtual goldmine of data begging to be (mis)used.
The main problem is (as it is everywhere else) lack of data awareness, and fear (even disdain) of technology itself. Luddites that may pride themselves on their 'simple' life have NO idea how vulnerable they are, every time they encounter technology that gets and/or dispenses private data.
You are SAFE if and only if:
1. You do not have an SS number
2. You do not exist
3. You are a wandering saint
4. You have NOTHING to lose - not even your identity
So, before you chuck that computer of yours for a tax write-off, download a good disk-cleaning software, and scrub as much as possible. Remember - deleting files or moving them to the Recycle Bin or emptying the RB has no effect. The data is simply marked to be overwritten but the data itself is still there - invisible, but there, and can be very easily read by someone sophisticated enough to know how to run the right tool.
Whitewashing a disk usually consists of writing garbage over and over again to the disk (or writing 0s) until there is nothing left to read.
Next time you donate a computer, whitewash the heck out of it. And when you buy a used computer, clean it the same way and then install a fresh OS on it. You don't want to see/read/hear someone else's secrets just as you don't want yours to be exposed.
Be safe!
Thursday, April 5, 2007
More Windows Issues
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1250157,00.html
It must be quite maddening for Windows users to realize that 'secure computing' is nowhere near secure nor is it all about computing!
The animated cursor problem/exploit is more bad news for both IE and FF users - apparently both use the same vulnerable modules.
Where does that leave the average user? Nowhere, really. It's somewhat incomprehensible that a simple thing like an animated cursor could introduce a hugely devious problem where a hacker could completely take over a user's computer when they simply visit a website.
To make things worse some IT folks are reporting problems with installing the patch itself - the classic 'umbrella with a leak' problem. Well, better to have a leaking umbrella than get soaked, huh?
More terrible news for regular Joes: it looks like RadioShack dumped sensitive customer data in an alley in Portland, Texas. The Texas AG is suing them (they could get up to $50K/violation).
Also, a breach at UCSF has possibly exposed thousands.
When/where will it all end? Probably never. As long as people continue to have SS numbers liked to every aspect of their lives, as long as they continue to have credit cards, and as long as they have something to protect, the breach will go on...
Be safe!
It must be quite maddening for Windows users to realize that 'secure computing' is nowhere near secure nor is it all about computing!
The animated cursor problem/exploit is more bad news for both IE and FF users - apparently both use the same vulnerable modules.
Where does that leave the average user? Nowhere, really. It's somewhat incomprehensible that a simple thing like an animated cursor could introduce a hugely devious problem where a hacker could completely take over a user's computer when they simply visit a website.
To make things worse some IT folks are reporting problems with installing the patch itself - the classic 'umbrella with a leak' problem. Well, better to have a leaking umbrella than get soaked, huh?
More terrible news for regular Joes: it looks like RadioShack dumped sensitive customer data in an alley in Portland, Texas. The Texas AG is suing them (they could get up to $50K/violation).
Also, a breach at UCSF has possibly exposed thousands.
When/where will it all end? Probably never. As long as people continue to have SS numbers liked to every aspect of their lives, as long as they continue to have credit cards, and as long as they have something to protect, the breach will go on...
Be safe!
Subscribe to:
Posts (Atom)
