Tag Archives: Crime

  • -

Cyber Self Defense Reading List

Category:EDUCAUSE,Higher Education,Information Security,Infosec Communicator,Risk Tags : 

Cyber Self Defense Reading List

I’ve created a reading list of books about Cyber Security suitable for both general readers and readers with a technical background. If there’s something you think I should add, either comment here or on the list in Goodreads.

Enhanced by Zemanta

  • -

Beware of Good Ole Scammer Claus

Category:Information Security,Infosec Communicator,Internet Safety,Privacy,Risk Tags : 

I’m sharing the contents of an advisory I sent out to the RIT community regarding holiday scams and phishing attempts. I think you’ll find the information helpful.

scammer-clausBeware of Good Ole Scammer Claus!

As we head towards our holiday break, remember that there are many scammers trying to trick you into revealing credit card numbers and other Private information–information that can be used for Identity Theft. As part of their attempts, we’re seeing an increase in phishing attempts–some disguised as delivery confirmations.

Follow these guidelines to help ensure your Private information (and your money) stays secure on the Internet.

Use a Secure Computer

Use Strong Passwords

  • Use a strong, unique password or passphrase where allowed. See our How to Create a Strong Password brochure for tips on choosing strong passwords.
  • Take advantage of any additional security features offered by your bank.

 Be alert for phishing and scams

  • Never respond to an e-mail requesting that you reply with your login information. Scammers go to great lengths to make e-mails appear genuine, but no legitimate bank or retailer will ever ask you to submit private information by e-mail.
  • Never give out a bank account number to anyone, and be wary of anyone who insists upon cash or wire transfer only.

Research the Company and Website

  • Investigate any  retailer you are considering using. How trustworthy are they?
  • Check the company’s privacy policy.
  • Check for negative reviews using a search engine.
  • If you’re shopping at an auction site, check out the seller’s feedback.

Make Sure the Website Uses Encryption

  • The address bar should begin with https (not just “http”) and there must be a padlock in your web browser (the location varies by browser, it usually appears in the address bar or the status bar at the bottom).

Monitor Your Accounts

  • Keep track of all your purchases and account history from start to finish and beyond.
  • Save copies of your orders and receipts, as well as e-mail confirmations and product descriptions.
  • Follow up on your purchases by monitoring your bank account and credit card statements for any unauthorized transactions.
  • You may also want to check your credit report annually (check for free at www.annualcreditreport.com).

Problems and Complaints

Identity Theft

Online Shopping Complaints

Additional Links

Have a good (safe) holiday!

Enhanced by Zemanta

  • -

Covert Affairs Gets It (mostly) Right

Category:Information Security,Infosec Communicator,Risk Tags : 
Artist's conception of a WGS satellite in orbit
Image via Wikipedia

When television and movies use information security as their storyline, they typically pass up accuracy for the sake of drama. I was pleasantly surprised when a recent episode of Covert Affairs actually got the information security content mostly right.

In the episode in question, the character Natasha plays a freelance hacker who was employed by Russian organized crime to develop malware. Natasha demonstrates a successful hack that immobilizes a communications satellite and most computer-controlled infrastructure such as phones, television, traffic lights, etc. Although the ability to create a hack that could accomplish all of these goals is a bit of a stretch, Covert Affairs got some things right.

Organized crime and freelance hackers

When I first began working in information security several years ago I was told by a co-worker that organized crime was responsible for much of the malware developed today. I was very surprised as I had not thought about how malware attacks might be funded. Organized crime does hire freelance hackers to develop malware, although the most common purpose is to aid in identity theft. Although the hack demonstrated in the episode is something you might expect to see in a cyber attack and is not as common as that developed for identity theft, there have been computer attacks on infrastructure in Estonia and Georgia, and the United States certainly attempted to paralyze the infrastructure of Iraq before Desert Storm. In 2010, the United States Cyber Command was announced.

Using computer code in a way that it’s possible to identify the author

Security experts do examine some hacks to try to determine its author, especially if its a severe attack. Check out this article in Wired Magazine “Pentagon Searches for ‘Digital DNA’ to Identify Hackers” (http://www.wired.com)

Kudos to Covert Affairs for making an effort to get the technical details correct.

Enhanced by Zemanta

Categories