Ben Woelk, Author at BenWoelk.com

20
Jan 11
0

Top Ten Ways to Shockproof Your Use of Social Media

Category:Cyberstalking,Facebook,Information Security,Infosec Communicator,Internet Safety,Presentations,Social Networking,STC,Uncategorized Tags : Best practice Facebook Facebook privacy Information security Internet Safety Phishing Security social networking

How do you stay safe online? Here are ten ways to shockproof your use of social media:

Tip #1: Use strong passwords

Tip #2: Keep your computer patched and updated

Tip #3: Use appropriate security software

Tip #4: Learn to recognize phishing and other scams

Tip #5: Use social networks safely

Tip #6: Remember who else is using social networking sites

Tip #7: Be wary of others

Tip #8: Search for your name

Tip #9: Guard your personal information

Tip #10: Use privacy settings

Top Ten Ways to Shockproof Your Use of Social Media Presentation

01
Dec 10
1

Call for Proposals, Spectrum 2011 (April 1, 2011)

Category:Infosec Communicator,STC,STC Rochester Tags : Best practice Communication Rochester Institute of Technology Rochester New York Society for Technical Communication STC Rochester Technical Writing

Spectrum 2011 – Building Better Solutions: A Skills Symposium
Rochester Chapter, Society for Technical Communication (STC)

Submittal deadline: December 17, 2010

You and your colleagues are invited to submit proposals for Spectrum 2011. Spectrum is the annual educational conference of the Rochester Chapter of the Society for Technical Communication (STC).

STC is an international professional organization that seeks to promote education, communication, and shared resources among communications professionals such as instructional designers, writers, web designers, graphic artists, social media developers, and others who deal with technical information.

Who attends and speaks at Spectrum?

Spectrum is a regional professional conference and generally draws attendees from New York, Eastern Canada, and surrounding areas. Attendance in past years has normally ranged from 100-180 attendees. This year will be the chapter’s 52^nd consecutive Spectrum conference, making it the longest running STC chapter conference. Speakers are selected from local presenters and speakers from around the country who have expertise in subject matter relevant to technical communications professionals, and pertinent to the conference theme.

When and where is Spectrum 2011?

This year’s conference will be held on April 1st at the Rochester Institute of Technology, in the Center for Integrated Manufacturing Studies (CIMS) located at 111 Lomb Memorial Drive, Rochester, NY 14623-5608.

For more information, visit the STC-Rochester website.

I’ve participated in this conference for a number of years and helped organize it last year. We consistently receive high marks from participants and have been told that the conference is every bit as valuable as the larger international conferences.

01
Nov 10
0

Digital Self Defense Workshop 101 (RRLC)

Category:Cyberstalking,Facebook,Higher Education,Information Security,Infosec Communicator,Internet Safety,Presentations,Privacy,Social Networking,Uncategorized Tags : Best practice Facebook privacy Higher education Information security Internet Safety Phishing Privacy RIT Rochester Institute of Technology Social media social networking

I had the pleasure of presenting the following presentation to the Rochester Regional Library Council on Oct. 25th. It contains general Internet and computer safety tips and is slightly modified from a session we provide to faculty and staff at RIT.

27
Oct 10
1

Developing a Security Mindset

Category:Higher Education,Information Security,Infosec Communicator,Risk,Uncategorized Tags : Bruce Schneier EDUCAUSE Higher education Information security Risk Rochester Institute of Technology security awareness video Tadayoshi Kohno

In my Cyber Self Defense course at the Rochester Institute of Technology, I teach a module on Developing a Security Mindset. Based on a class exercise by Tadayoshi Kohno at the University of Washington (mentioned in a blog posting by Bruce Schneier), the goal of the module is to reorient students’ thinking from the features of a product and how those features are supposed to be used to thinking about how someone might “hack” the product. In other words, develop a security mindset.

I ask the students to determine product assets and vulnerabilities and identify how someone might attack the product. The students are told that they do not have resources to counter every possible threat.

I also have the students create a risk map that depicts the likelihood of a particular attack and the potential impact of that attack. Placing specific threats on a risk map helps students understand that since not all threats bear the same weight they need to choose what is most important to defend against.

The twist to the exercise is that students may not conduct an analysis of a computer-related product. For example, subjects presented by my students this quarter included Water Purification, Bicycle Safety, Running a Pizza Business, etc. As the students presented, we discussed their risk maps and the choices they made.

Group one risk map for a water purification plant

Although we may not agree with the students’ risk map, the exercise stretches IT students to think “outside the box.”

Bruce Schneier: “The Security Mindset” (schneier.com)

16
Sep 10
0

Covert Affairs Gets It (mostly) Right

Category:Information Security,Infosec Communicator,Risk Tags : Crime Information security Information Technology Security United States Cyber Command

: Image via Wikipedia

When television and movies use information security as their storyline, they typically pass up accuracy for the sake of drama. I was pleasantly surprised when a recent episode of Covert Affairs actually got the information security content mostly right.

In the episode in question, the character Natasha plays a freelance hacker who was employed by Russian organized crime to develop malware. Natasha demonstrates a successful hack that immobilizes a communications satellite and most computer-controlled infrastructure such as phones, television, traffic lights, etc. Although the ability to create a hack that could accomplish all of these goals is a bit of a stretch, Covert Affairs got some things right.

Organized crime and freelance hackers

When I first began working in information security several years ago I was told by a co-worker that organized crime was responsible for much of the malware developed today. I was very surprised as I had not thought about how malware attacks might be funded. Organized crime does hire freelance hackers to develop malware, although the most common purpose is to aid in identity theft. Although the hack demonstrated in the episode is something you might expect to see in a cyber attack and is not as common as that developed for identity theft, there have been computer attacks on infrastructure in Estonia and Georgia, and the United States certainly attempted to paralyze the infrastructure of Iraq before Desert Storm. In 2010, the United States Cyber Command was announced.

Using computer code in a way that it’s possible to identify the author

Security experts do examine some hacks to try to determine its author, especially if its a severe attack. Check out this article in Wired Magazine “Pentagon Searches for ‘Digital DNA’ to Identify Hackers” (https://www.wired.com)

Kudos to Covert Affairs for making an effort to get the technical details correct.

Hollywood Links Pirate Bay Founding Group To Cyber Attack (torrentfreak.com)

Author Archives: Ben Woelk

Dec 10

1