12 weeks of blogs and how many different subjects?

Week 1:  Social Media and what you can do to protect your kids.

Week 2:  Social Media and what not to do and Privacy protection.

Week 3:  Blocking stuff on the internet and keeping your kids away from it.  

               Updating our Knowledge.

Week 4:  Government wants you to spy on your neighbor.  Privacy issues.

Week 5:  Old habits and making security changes to stay safe and secure.

Week 6:  Staying informed and educating yourself about network security.

Week 7:  Cyber command unit funding.  Can the government really run it?

Week 8:  Password security and what to do and not to do.

Week 9:  Social Engineering and the importance of knowing what it is.

Week 10:  The new Blackphone and privacy concerns.

Week 11:  Educating friends about the importance of personal security via social 
media.

Week 12:  Privacy concerns and phone apps.

It looks like my main concerns or topics were staying safe when using any social media, keeping kids safe on the web, the importance of education, staying educated and privacy concerns.  Any one of these topics are crucial to a free and safe society.  In order for us to keep ourselves out of harm’s way, we first need to know what to look out for, how to detect it, how to fix it and what NOT to do.  But the biggest is to STAY INFORMED!!  Keep reading books and articles that explain the importance of network and personal security, take a class, talk to a friend or if you know good information, pass it along and help out your brethren. 

Keep your personal data just that… PERSONAL. Never willingly give it out unless you are absolutely sure who you are dealing with and what the impact will be.

I used several sources for my blogs including CNET.com, PCWorld, McClatchy report, Informationweek.com, homelandsecuritynewswire.com, SplashData.com, McAfee as well as others.  All of these sites have a common interest and goal and that is to educate and give us information about certain security issues and needs.  Hey just like one of my blog concerns…. EDUCATING YOURSELF…

Say NO to their terms.... YES to privacy.

Last week I received my new work phone and decided to download a very popular app (Game) to it.  Like all apps, before you download it, you have to accept the terms of the app and of course allow certain permissions for the app.  I went through the list of the permissions and saw the ones I have below.  I was a bit concerned though after reading through them.  Needless to say, I didn’t download it.

Phone Calls:

Allows the app to access the features of this device. This permission allows the app to determine the phone number and device ID’s, whether on a call is active, and the remote number connected by a call.

It needs to know what the phone is capable of, what the phone number is and all the phone numbers of people you call and call you? Why?

Approximate Location:

Allows apps to access your approximate location using location services based on network sources, such as mobile phone towers and Wi-Fi Aps. When these location services are available and enabled, this permission allows apps to determine your approximate location.

The app company needs to know all the hotspots and cell towers that the phone comes in contact with, why?

View Wi-Fi Connections:

Allows the app to view info about Wi-Fi networking, such as whether Wi-Fi is enabled and name of connected Wi-Fi devices.

Why does any of my Wi-Fi networking and devices need to be passed along to the app company?

View Network Connections:

Allows the app to view info about network connections such as which networks exist and are connected.

Again, why do they need to know about the networks I come in contact with? It isn’t just that they want to map out hotspots is it?

According to several articles I read, all of these can easily be explained by “Well we just don’t want to send too many of the same ads to the customer etc.” or “We need to be able to target our customers more effectively”.  I get it, if you download a “FREE” app, the company needs to make money somehow, but how much of my personal information, the information of those calling me or those that I call, are they allowed to have?  Am I asking the wrong questions? Am I just on old fuddy duddy, an 8-track tape guy living in a Blu-Ray era?

Parting Shots:

We live in a data centric era now where everything about anything is put out on display.  People use social media to show off or worse find out personal information about others and either laugh at them to feel better about themselves or use it in a dark manner.  We have allowed ourselves to become numb to the importance of privacy and the importance of anonymity but why? In these days of reality TV and instant fame, everyone has to be seen if not heard.  But by doing so, you always seem to show a little more of yourself than you need to or should.  We as a society need to start pulling back the reins and forcing our privacy and NOT blindly “Accept their terms”, accept your own terms and say no to the slow incrementalism of privacy loss.

ATTENTION... FRIENDS DON'T BE A VICTIM...

In some of my earlier works, you might have noticed that I do not feel too sorry for people when I hear that they were a victim of “The virus of the day” because they didn't take the time to secure their network or educate themselves properly.  Or maybe they got conned out of something because of a clever Social Engineer etc. My patience wears thin a bit because in these days of data leaks and hacking from a global perspective, It really is a must that everyone use caution and be leery when being presented with the next best web deal from an unknown e-mail. 

P.T. Barnum, the clever ol showman, allegedly coined the phrase, “There is a sucker born every minute.” I would like to think that number has dropped since he made the comment but I really don’t think so.  People these days are either too busy to take the time or they just don’t care or they are ostriches and put their heads in the sand in hopes no one bothers them.  In any one of those cases, they haven't a good excuse. 

So what can people like me do who want to scream and yell from the highest rooftop to “SECURE YOUR JUNK!, DON’T BE A CYBER VICTIM.” I know one thing is for sure; my neighbors wouldn't like me doing that from the top of my house… “It’s 10 o’clock and how secure is your network?” Long gone are the days of the Town Crier.  Aannyway… What can I do to help educate people? I have decided to go social, I plan on getting on Facebook and every once in a while post something that may actually get someone’s attention.

ATTENTION FRIENDS!!

PLEASE DON’T BE A VICTIM!!!

A little too much?? I think so, but I can post a little blurb about wireless security setup, password safety or any number of topics of the day and provide a little direction as to where to find answers to these common security concerns or risks. It may be a small effort but I am sure that some of my Facebook friends are lacking in this area, not a jab, just a fact and if I can point them in the right direction and help them out, then maybe I won’t want to hit my head against a wall when I hear all the daily Cyber-attack horror stories. 

This is a bit Scary....

I read an article about the new Blackphone that can allegedly disguise your phone from surveillance while you use it.  If this is true and I don’t have any reason to doubt that it isn’t, what a fantastic device it will be.  According to the Blackphone manufacturers, its a“Silent Phone, Silent text and Silent contacts.” If you can use a phone on a cellular network without peering eyes or bent ears, that would be fantastic. Now with that said, I move to an article in the New Yorker by Joshua Kopstein (2014), titled A Phone for the age of Snowden.   He starts off by saying this…

“Around midnight on Tuesday of last week, people near the barricaded city square at the center of mass protests in Kiev, Ukraine, received an ominous text message: “Dear subscriber, you are registered as a participant in a mass disturbance.  The message was most likely sent by the Ukrainian government using what’s popularly known as an “I.M.S.I. catcher”—a controversial tool that disguises itself as a cell-phone tower so that nearby devices connect to it, revealing their locations and serial numbers and, sometimes, the contents of outgoing messages. It was a bleak reminder of how cell phones, one of the past decade’s most indispensable and ubiquitous pieces of technology, can silently leave their owners exposed to governments and high-tech criminals.”

I have heard of these devices (IMSI catchers) but only in theory.  I wasn’t as versed in their operability as I should be.  Imagine a government being able to track your every move or a criminal watching you because they have access to this technology.  I can see when used in the proper context, this could be a very useful tool.  Someone goes missing and police are able to find them, a child gets abducted etc.  What scares the hell out of me is that a government entity is willing to use it to track who you are and tell you to “Move along, nothing to see hear citizen”. The day of the Blackphone has arrived and should be heralded as a “Good” device but I’m sure that there will be some who think that these devices are foolish and that the government should…. here it comes…. “Regulate” its usage.  

The Blackphone uses an encryption scheme that allows the phone to scramble the calls and any SMS message so that only the receiving phone can unscramble it. This will allow users to make and receive secure phone and texts messages, video chat and even send and receive files.
  
But alas, no matter how secure a device is, you still have to contend with any third party apps that your phone uses.  Here is where vulnerabilities reside, your favorite app can tell on you and tell a lot about your habits while using the device. 

Parting Shots:

I love it when I hear people say, “If you have nothing to hide, then what is the difference?” The difference is we are supposedly protected by a little known, (almost obscure now) document that says that our government or others do not have a right to do these sorts of things.  The Constitution grants us these privileges and every time we allow someone or the government to do these sorts of things, the hope, the rights of a free society and the luster fades from the document a little more.

References:

Kopstein, Joshua. (2014). A Phone for the age of Snowden. New Yorker Magazine.  Found at

http://www.newyorker.com/online/blogs/elements/2014/01/a-phone-for-the-age-of-snowden.html

Blackphone.  Found at https://www.blackphone.ch/

Murphy, Heather. (2014). Ominous Text Message Sent to Protesters in Kiev Sends Chills Around the Internet.  The Lede. Found at http://thelede.blogs.nytimes.com/2014/01/22/ominous-text-message-sent-to-protesters-in-kiev-sends-chills-around-the-internet/?_php=true&_type=blogs&action=click&contentCollection=Europe&module=RelatedCoverage&region=Marginalia&pgtype=article&_r=0

What college classes must I take to become a “Social Engineer?”

I went online to the college I am attending to see what the course requirements are to graduate with a Social Engineering degree and was flummoxed (I finally used that word… Awesome) to find out there aren't any….. I’m being facetious of course.  You know what a Social Engineer (SE) is but a lot of people do not.  I walked through my office today and asked some very smart folks what the definition of an SE is and I was very surprised to find out that only 64% (7 of 11) of my colleagues knew.  Some of these guys and gals are really smart too, so imagine my surprise if not dismay with my findings.  If they do not know what an SE is, then I think it is safe to say that the general public is less informed, I will be generous and say maybe only half know what they are.  Maybe it is just the fancy name, “Social Engineer”, it sounds so non-threatening but official, but either way, very sad.

The reason for the long winded diatribe is that I continue to get those bank notices in my e-mail or the SMS on my phone telling me that I need to log into the link conveniently provided, and look at the issues that have arisen.  With all my accounts, I have these types of notifications set up so I expect to get them from time to time.  Here is where I do my due diligence though, even when I get them I delete them immediately so no one will click on the link by accident, then log into the web site the way I normally would and see if there is indeed a problem, if there is, I deal with it.  I only use one e-mail account for these types of notifications but on occasion, I receive one on a different e-mail account that I have never set up on any account. These I know for sure are scams.

Social Engineering is on the rise in the past several years and these con-artists are really starting to get sophisticated in how they approach their targets (See how I used Target in this post J), I digress.. We all need to take a few minutes or even more and do some research on this subject and be on the lookout for these types of attacks.  So far, I have only focused on e-mails and SMS, a good SE will have many other types of attacks that they can use to solicit information from you.  Other types of “Human Hacking” include Phishing, Pre-texting, Hoaxes, Tailgating, Shoulder Surfing just to name a few.. Take a moment and do a search on all of these words and get a better understanding of what they are and how an SE can use them to manipulate you.  No links on this post, don’t want you to think I am trying to scam you. But, I will ask you to look up a blog by Neil DuPaul (2013) titled: Hacking the mind: How & Why Social Engineering Works. Found at Veracode.com.  It really discusses these topics in greater detail in a way I could not.

PARTING SHOTS:

Remember the movie “The Sting” it is one of my favorites of all time.  Today’s SE is a Redford or Newman character but can CON you from the comfort of their mothers basement.  They can reach their hands into your pockets electronically and you wouldn't know about it until it was way too late and the damage is done.  Be very leery of anyone you do not know and even leery of those you do, these Con artists can be very persuasive and even very powerful people.  You ever hear of Bernie Madoff?

"123456" pick up sticks....

“123456”

What do you think about when you read those numbers? Me? I see what my bank account should look like $123,456 (I aspire to be a 1%er) but alas, it is only $12.34.  That’s OK though, I will EARN my way.  I digress. This particular set of numbers, according to SplashData.com, seems to be one of the most common passwords that people seem to use.  HUHHHH???? WHATTT!!! OK, I get it, there are some people who just don’t get it or are too lazy to understand the importance of SECURITY when it comes to one’s personal data, but it can’t be that difficult to understand! When you leave your home, don’t you take the time to use a key to lock the deadbolt etc.? Then why would you not take the time and create a complex password for all your computing needs?

According to SplashData’s article “Password” unseated by "123456" on SplashData's annual Worst Passwords list, “password has lost its title as the most common and therefore Worst Password, and two-time runner-up "123456" took the dubious honor. "Password" fell to #2.”

I have a friend who is a farmer; he has a degree and makes a very good living for himself.  He does most of his book keeping the old fashioned way using ledger books etc.  I asked him why he doesn't use a computer and he told me “I just never got around to figuring out how to use one.” I thought to myself, he must be an anomaly an oddity, surely there can’t be that many people who can’t use or don’t know how to use a computer? (I have a feeling; the 123456 password would be his.) After reading this article, I see my assumptions are not correct.  There must be thousands or tens of thousands of people who don’t get it, so 123456 it is for their “defense against the dark arts” (Sorry, watched Harry Potter this weekend).

With all the hub bub in the news lately in regards to cyber security incident’s, you would think that people would wake up and realize they are in danger “Grave Danger” (Harry Potter again) and do a little research on good ol computer security measures especially password safety.  If you are one of these folks, please Check out the article by Robert Siciliano (2011) titled 15 Tips To Better Password Security from McAfee.com.  He has several, well 15, tips to better familiarize yourself with better password protection.

Now a word from our creator...

“A prudent man foresees the difficulties ahead and prepares for them; the simpleton goes blindly on and suffers the consequences.” Proverbs 22:3

References:

SplashData. (2013). "Password" unseated by "123456" on SplashData's annual "Worst Passwords" list.  Found at http://splashdata.com/press/worstpasswords2013.htm

Rowlings, J.K. (2007) Harry Potter and the Order of the Phoenix.

Siciliano, Robert. (2011). 15 Tips To Better Password Security. McAfee.com.  Found at http://blogs.mcafee.com/consumer/15-tips-to-better-password-security

 

 

Does the government have to run it?

“The House of Representatives approve Cyber security funding increase” or so it goes… According to an article in Homelandsecuritynewswire.com (Jan 20, 2014) the congress has allocated $447 million of our tax dollars to the Defense Department Cyber command unit.  I have mixed feelings about this only because I know the government can’t seem to run anything correctly and even efficiently.  So I look at the $447 million number and double it because, well… It isn’t their money it’s ours so they will once again spend like tomorrow was never coming and waste most of it.  To be clear, I do think that it is a good idea to have a centralized department to maintain our nation’s cyber security but can’t we partner with private firms to do this for the government?  In my opinion, having a private firm run this program would save US the tax payer more than if good ol Uncle Sam did it instead.  OK, my fiscal conservative side is showing I’ll back off…. According to the article, “The funding jump is mostly attributed to the growth of cyber mission forces, Pentagon officials told Nextgov on Tuesday.  In March 2013, about 834 active duty military and civilian personnel were on staff, Cyber Command chief Gen.  Keith Alexander told lawmakers at the time. The goal is to grow cyber forces by 2,000 personnel annually, until 2016.”  This looks to me that our government is starting to shift their collective focus on the nations cyber safety and cyber defenses instead of the conventional theaters of war we have been pursuing over the last several years, especially since the number of cyber incidents has almost doubled over the past few years.  I will say, this statement is a good thing for folks like me who are going to school just for this reason.  Our talents will be in high demand and very marketable… Now the Capitalist in me comes out.

Parting shot:

Our nation is under attack by a people who we cannot see, have really no idea where they are or really what they want until they strike.  It is our nations interest to find the best and brightest stars in this area and put them to work thwarting the onslaught of the advancing hoards of hackers and Hacktivists, etc. I just have an uneasy feeling when the government is the one in charge of the program.  It seems like the “C” students always seem to run things.

References:

House approves $447 for Cyber Command. (Jan, 2014) homelandsecuritynewswire.com

http://www.homelandsecuritynewswire.com/dr20140120-house-approves-447-for-cyber-command

Stay Informed.. Educate yourself and don't be a victim.

This week in my class, we are discussing many security issues, one of them being Security Awareness.  We were asked to design flyers that would be used in a business or even a school that would make a poignant point about some type of security that we all should deal with.  So, I made a few, one about the importance of computer security and not letting your “Stuff” get compromised and another about the need to be almost street smart and not being fooled by the wolf in sheep’s clothing.  Both of these themes are very important to me because they both deal with educating yourself before you put yourself out there.  It is so important that you have a secure and safe network so you can do what you need to in today’s online world. It seems that a week doesn’t go by when I don’t get a scam e-mail or now even a scam text on my cell phone about some “ACCOUNT ISSUE... Please call us at…” and “Oh a rich uncle in Nigeria that I never knew about….” And it is only going to get worse as troubles in our economy continue to escalate. The sad thing is that people actually fall for this garbage.   

A few years back, I went to a nieces apartment down in SoCal (BOO Dodgers!!) and saw that she had a nice Linksys router set up for her network and I asked her how she was securing it? She tilted her head a bit and said wha??? Huh? I then said “Did you change the default password and SSID?” again, a glazed unappreciated glaze… A friend hooked it up and left it totally unsecure and get this…. She does her online banking on a PC on that network.  I almost lost it, so, the good uncle I am, I scolded her, lovingly of course, and spent the next few hours setting up her network.  I tried to explain to her how important it is to stay secure and even used the comparison of locking your house; you don’t just leave your door open all the time so anyone can come in do you? Especially in greasy sleazy L.A.

Laker losers….

Parting shot:

My point to my rant is, we all need to get up to speed, stay up to speed and do what we have to do in order to stay safe offline as well as online.  Educating yourself is the best defense a person can have.  The Internet has so many resources to look at and use in order to get off on the right foot. Stay informed.

“Education costs money, but then so does ignorance.” Claus Moser.

"I promise to eat less and encrypt more"

HAPPY NEW YEAR!!! “Should auld acquaintance be forgot…..”  

I’ll stop… Truthfully, I thought it was “Should OLD acquaintance be forgot…” By the way, what does that mean?  Anyway, it’s a new year again which means it’s time for all of us to once again make promises to ourselves and our love ones and then forsake most if not all of them, casting our promises aside like yesterday’s rubbish.  We all mean well, but in these times of rush, rush rush it is very hard to stay focused on what NEEDS to be done since we constantly get bombarded with… Well, life.  I know that going to the gym or walking the dog more is beneficial but so is protecting your assets, your identity, you’re STUFF.  I always try and keep my personal info out of the hands of people who want to use it wrongly, but truth be told, I fail from time to time.  But this year “I vow to be more vigilant with my personal information!” and the Target hack has really got me thinking.  I usually only use one credit card for purchases but on occasion have used my debit card too.  This really isn't a good idea to do because if fraudsters drain your bank account, the bank may reimburse all the charges but you most likely will be on the hook for any overdraft charges that occur as a result of the fraudulent goings on.  DON'T USE YOUR DEBIT CARD FOR ANYTHING BUT THE ATM!!

How about encryption? We all should use this one.  E-mails are one of the biggest concerns to me.  I recently bought a house and I must have sent 20+ e-mails to and fro to various lenders and realtors etc. that had some very personal info and attachments on them.  Each time I hit send; I gulped, closed my eyes, did the sign of the cross and prayed for mercy.  Encrypting ones data really should be a no brainer.

Back it up… I know another no brainer but how often do we actually do it? I try and do it monthly but since I have 3 PC’s at home that I am in charge of, I occasionally forget.  This is one of the most important things we should do and it should be done weekly.  If you lose your device or it is compromised in some fashion, a solid backup can really save your behind and get you back on your feet quickly.

Finally, I am going to utilize a password manager.  I have wanted to do this for some time now but just haven pulled the trigger yet.  I found a great article in Informationweek.com written by Dino Londis (2013) that discussed his thoughts about this topic and even gives several options that you can consider.  If you are interested, check out the link below, it is a good read.

Parting shots: It seems that a day doesn't go by where we don’t hear something in the news about XYZ Company getting hacked or ABC group claiming they did some nefarious deed to XYZ etc. We all need to do our part to protect our assets and be vigilant so these clowns have a much harder time getting the goods…

“Run Silent, Run Deep” A novel by Edward Beach Jr.

Cited:

Londis, Dino. (2013). 10 Top Password Managers.  Informationweek.com.

http://www.informationweek.com/security/risk-management/10-top-password-managers/d/d-id/1109759?