Cyber Security Awareness month is coming to a close. We’ve already touched on
best practices for email and Twitter direct message links, search engine
searches, WiFi, and passwords. For our
send off of the month, we offer the following final tips:
your antivirus and all other programs (Microsoft, Adobe, Java, etc.) when you
receive update notifications. (Double check with the software directly that it
requires an update as rogue pop ups can mislead you into downloading unwanted
well formed passwords on your computer, laptop, smart phone, and tablet. Not
only will this help you avoid being hacked by some cyber-criminal but it can
also save you from family or friends tweeting or posting how much you love Rick
Astley. (Don’t ask.)
your data on a regular basis. This can be with an external hard drive or a
cloud data storage plan. Don’t wait until it’s too late because we WILL say “I
told you so.”
|Angry Birds Space – 082/366 (Photo credit: Frikjan)
thoughtful when adding new apps; don’t add unnecessary apps to your phone. Is it a known trusted source for an app?
Don’t forget that apps even from trusted sources are used to collect data from
your laptop, smart phone, and tablet. A recent article in New York Times’ discusses how this is legally still a grey area. Applications that seem so handy and innocent such as Angry Birds or the one that turns your phone
into a flashlight, are also collecting personal information, usually the user’s
location and sex and the unique identification number of the smartphone. What
is even more unsettling is that “in some cases, they cull information from
contact lists and pictures from photo libraries.” So think twice before
downloading that app.
We hope we’ve contributed to your
awareness of security this all important month. Be sure to use what you’ve
learned here all year-round. Be safe out there. The Internet is a spooky place. Why not check out our complimentary Nemesis trial
The topic of creating great passwords
has been visited many
times by many people, yet it remains relevant and important because common
passwords are still too common. As educators often feel the pain of knowledge
falling on deaf ears, we beat this horse once again in hopes that one or two
new pupils may take heed.
Make better passwords!
You can also visit our previous blog
that covers the basics
on making passwords more effective. Let’s say that your email password is
“whiskers”, the name of your no doubt lovable cat. You can easily keep
the familiarity of the password while increasing its effectiveness as a
Old password: whiskersNew password: I have loved Whiskers since
Easy to remember, and vastly more secure than
the original password. If you can’t use spaces, simply remove them.
Whenever possible, use words and terms which
can’t be found in a dictionary. This sounds harder than it is. You
can use altered spelling, nicknames, and clues instead of the actual term.
Old password: I love icecream
New password: !love1c3cr3am
- · Don’t stay logged into a site but login each
time you visit the site
- · Clear browsing history or cache after online
banking and shopping
- · Avoid using a single dictionary word
- · Keep a separate password for each account
- · Make passwords long and strong including
capital, lowercase, numbers and symbols
- · Limit how and who has access to what you post by
using privacy settings on websites and set to your level of comfort
Our next blog will cover a list of resources.
|NEW YORK, NY – JULY 11: A free Wi-Fi hotspot beams broadband internet from atop a public phone booth on July 11, 2012 in Manhattan, New York City. New York City launched a pilot program Wednesday to provide free public Wi-Fi at public phone booths around the five boroughs. The first ten booths were lit up with Wi-Fi routers attached to the top of existing phone booths, with six booths in Manhattan, two in Brooklyn, and one in Queens. Additional locations, including ones in the Bronx and Staten Island, are to be added soon. (Image credit: Getty Images via @daylife)
With all the talk of cyber
security in the news it is common knowledge that the Internet is not a secure
channel for exchanging information. Most
people keep this in mind with making their home network secure. Public WiFi
is another story. To see exactly how easy it is to be hacked using
public WiFi, watch the W5 interview
. Part one looks at how
easy it is to view someone else’s laptop and part two looks at how easy it is
to access someone’s password for personal banking.
It is advised when using
public WiFi to avoid logging into areas of the Internet where you may have
sensitive data, such as online banking. As a rule of thumb, when on public
WiFi, pretend everything you are doing is on a giant screen for everyone to
view and all passwords are visible. If you must get on the Internet, when no
familiar and secure network is available, try using your smart phone as a
wireless hotspot instead.
Note: In order to be able to
do this you need to have a data plan that is large enough to support this
Here are the steps for an
Step 1: Go to Settings
Step 2: Select Personal
Step 3: Select how you want
to make the connection through Bluetooth, WiFi, or USB.
Step 4: Create password.
Typically it will be 8 characters and you should use best practices including
lower and capital case letters, numbers and symbols.
Step 5: Choose the newly created hotspot from your other
device and key in the password created in the previous step.
In our next installment of
this series we look at best practices for passwords.
is encouraging news on the horizon for those in the professional security
field. A recently published survey by NCSA and APWG confirms a shift in
attitude towards online security. Not only are people taking it seriously, but
they also view it as their personal responsibility and welcome the opportunity
to learn more. Below are a few key statistics from the survey.
percent of Americans feel a personal responsibility to be safer and more secure
percent believe their online actions can protect not only friends and family
but also help to make the Web safer for everyone around the world.
percent believe that much of the online safety and security falls under their
own personal control, and consistent with those feelings, 90 percent said they
want to learn more about keeping safer on the Internet.
it easier to educate those 90 percent, here’s our overview on how to safely
search the Internet.
could possibly go wrong when searching online with a popular search engine? As
with everything if you do it absent-mindedly and click on the first item that
comes up you might end up with more than just the answer to your search, you
might end up with an infected computer.
should be able to answer yes to each of the questions below if not then don’t
click on the link.
- Is the text that shows up in the preview for the page grammatically correct?
- Is the domain a name that you recognize?
- Does the domain of the link end with a country tag that has a history of NOT being associated with malware?For
the complete list of country abbreviations you can source on Wikipedia.
the domain name and the text describing the page seem logical?
don’t click on a link just because it piques your interest because it seems
such a random response to your search.
- Simple one or two word searches give you the broadest results.
- Use common terms for example instead of my head hurts use headache.
- Use quotation marks around your search for an exact search. For example searching for “Samuel Clemmens” will not include results for Samuel Langhorne Clemens or Mark Twain.
best and easiest advice to give is limit your searching to trusted sites, not
search engines. If you always get your news from three places, go to those
places first when looking for news. If you usually rely on Wikipedia for your
facts, go to Wikipedia and search there. Find some safe zones that you know and
trust and stick to them. It’s when you stray and explore that you can get lost.
Our next blog in this series we’ll look at using WiFi
|the R&D building of Huawei Technology in Shenzhen, China. (Photo credit: Wikipedia)
like the price of Chinese goods but now it seems there might be a hidden cost.
a year-long study the U.S. House Select Committee on Intelligence has warned Americans not to do business with Huawei or state owned ZTE. When asked by CBS 60 Minutes, if he would do business with Huawei Mike Rogers replied, “If
I were an American today, and I tell this to you as the Chairman of the House Permanent
Select Committee on Intelligence, and you were looking at Huawei I would find
another vendor. If you care about your intellectual property, if you care about
your consumer’s privacy and you care about the national security of the United
States of America.”
security issues were also in the news as recently as this past July at DEFCON 2012. Computerworld covers the discussion and lists the main concerns as: there
was no specific contact for security issues, no security advisory updates and there
was no update on bugs found and fixed. The researchers couldn’t comment on any
issues with the “big
boxes” like the Huawei NE series routers because they couldn’t
obtain them. The article ended with a hope that Huawei would follow the lead of American companies like Microsoft, Cisco and Apple that had listened to consumer
demand and improved their security.
are significant concerns being expressed that need to be taken
seriously especially when it comes to infrastructure. While we can’t
prevent cyber-espionage, are we giving them the keys to the vault by bringing
them into our data centres? There shouldn’t be any question of trust or security.
these concerns in mind the Canadian government is building out and replacing
their data systems that were “contaminated beyond repair” by massive Chinesecyber-attacks in 2010. Among the list of companies that is being considered for
this multi-billion dollar project is Huawei.
the equipment may not have malware or vulnerabilities built into it now, it does have this
potential through updates and patches.While the Chinese
government may have no role in either of these companies now, they may in the
We all like the price
of Chiese goods. What we might not like is the potential security costs.
What do you think? Should Huawei and ZTE
be singled out? Should the government source only domestic equipment? Have they crossed the line by going public
with this? Is this a case of the
government meddling in corporate affairs or do you think the issues that were
reported at DEFCON and by the committee provide enough justification?
|English: A candidate icon for Portal:Computer security (Photo credit: Wikipedia)
is national cyber security month and offers an ideal opportunity for online
security professionals to reach out to help educate their community. This is the month when security-wise people
help their friends, family and colleagues in taking proper steps to be safe online.
are more receptive to learn how to be cyber safe after incidents such as Wired
magazine’seditor, Matt Honan, had his online life hacked. Honan said his life was ‘digitally destroyed’. He lost a year’s worth of
photos, as well as documents and email that he hadn’t stored anywhere else.
A recent LinkedIn article by Daniel Solove talks about the
real weak link in security: people.
“According to a stat
in SC Magazine, 90% of malware requires a human interaction
to infect. One of the biggest data security threats isn’t technical –
it’s the human factor. People click when they shouldn’t click, put data
on portable devices when they shouldn’t, email sensitive information, and
engage in a host of risky behaviors. A lot of hacking doesn’t involve
technical wizardry but is essentially con artistry. I’m a fan of the
ex-hacker Kevin Mitnick’s books where he relates some of his clever
tricks. He didn’t need to hack in order to get access to a computer
system – he could trick people into readily telling him their passwords.”
help with mitigating the human error through security education, we’ve created a blog series that
will offer best practices on how to be cyber safe.
we look at best practices for email and twitter links.
real life examples include links sent through Twitter as direct messages
containing a fake Facebook update that infected the user’s device. The direct message suggested that someone
had posted or tagged the receiver in a Facebook video. Those who clicked on the
link had their computer infected with malware.”
recently in the news was an email that contained ‘here you have’ in the subject
line. The body of the email would typically read
as “This is The Document I told you about, you can find it Here” or “This is
The Free Download Sex Movies, you can find it Here.” Those who clicked on the link in the email message found they had downloaded and launched
a program that spams the same Trojan Horse out to everyone in their address book,
flooding and crippling e-mail servers.
you click on that link in your email or Twitter direct message?
Answer “yes” or “no” to each of the following.
If there’s even one question where you answer “no”, then don’t click on the link. As the
saying goes, ‘When in doubt don’t click.’
you recognize the email address of who sent the email?
the subject line and content of the message written in the same style that your
friend, family, acquaintance or the corporation usually communicates?
the email contain a link with no text introducing the link?
the spelling correct?
the email sent at the usual time that is typical of the sender?
If you are still curious about an email or link you can search text from the
suspicious email or link to see if it comes up as a malware. But as said if you
have any hesitations don’t click on link – it’s just not worth the risk.
Our next blog will look at tips for searching safely on