Welcome

This blog is one of several resources intended to provide consumers with additional information related to my book on Information Security.

There are a number of other websites that I maintain that are related to this subject. In the list below, the first link is to my book on the subject which is the final repository for everything new that I learn. Information I obtain by reading other security related articles on the Internet first go into one of the listed eMagazines, and eventually the information gets incorporated into an update to the book. After the book is updated and republished, the articles are removed from the eMagazines, but the links are retained in the bibliography (on this blog) for anyone who wishes to read the original source information.

Here are links to the book, my Amazon author page, the eMagazines, and the presentation:

  1. Best Book About Computer Security (on Amazon.com)
  2. Author page (on Amazon.com)
  3. eMagazine (on Scoop.it) - Cybercrime and You
  4. eMagazine (on Scoop.it) - Best How-to Guides For Protecting Your Computer And Network
  5. eMagazine (on Scoop.it) - Help! I got a virus
  6. Best Presentation About Computer Security (on Slideshare.net)

The Menu Tabs of this blog contain lists of source articles, organized by book chapter, that provided the source material for the book (in addition to my own knowledge and experience). This information is provided for those who wish to explore or understand a topic better. The present and previous versions of the book are/were in e-Book format only. At some point, I will likely also provide a print edition. It is for that reason that, I am moving all of the links (URLs) in the book to this website so that both e-Book and printed book users can access the information via this website.

Handling those pesky security questions

Nearly as important as passwords are the responses to security questions that many websites have implemented for additional security.
If a site allows you to select your own questions, do so.
You not only don’t have to be totally honest with your responses to questions, but you probably shouldn’t be (honest).
For example, if the question is about your mother’s maiden name. Use any answer but the truth. A good answer might be telephonebooth.
How would you remember that? Store it in your password manager along with the record that takes you there. When the question is asked, you can then just copy/paste and your good to go.
Following this practice this will foil a thief who has obtained the accurate data from a public record or from social media.
The (current) US President lies an estimated 90% of the time, so why shouldn’t you?

Internet Security Lies

Lie # 1: If the lock icon in the browser bar is Illuminated, I’m good to go.
All that the padlock icon means is that there is a secure (encrypted) connection between your computer and the web server. It doesn’t say anything about what you may encounter while you are there. You’re still not protected from malware.
 
Lie # 2: Only adult sites are dangerous.
More than 83 percent of malware hosting sites are “trusted.” They have been hacked or infected through malware ridden advertising.
 
Lie # 3: There is nothing valuable on my computer.
You probably do have an email password, access to at least one social networking site and a resume in your documents folder, which are all someone needs to steal your identity. You could also lose access to all of your photos and contacts if you fall victim to ransomware.
 
Lie # 4: I already have antivirus software and don’t need to do more.
Antivirus protection only works on old viruses. Tens of thousands of new ones are released daily. You should keep your antivirus, but you have to do much more to be safe.
 
Lie # 5: My passwords are very strong and can’t be hacked.
Hackers use keyloggers, which can snatch and monitor keyboard activity. You might also be fooled into logging in to a bogus website in which case you, yourself, have given a hacker what he needs.
 
Lie # 6: Bells and whistles will go off when I’m infected.
Malware has evolved to the point where you won’t detect it – that’s kind of the point. Today’s threats are stealthy.
 
Lie #7: I have to download files to get infected.
Modern day malware infections may occur through “drive-by” downloads in which code “executes automatically” within the browser as a by-product of simply viewing the Web page. No clicking required.

Home Networking Explained

In this 7 part series, CNET editor Dong Ngo explains frequently asked home networking questions and answers about the technology.

Home Networking Explained Series

Part 1 – Basic Terms

http://news.cnet.com/8301-17938_105-57485724-1/home-networking-explained-heres-the-url-for-you/

Part 2 – Optimizing your WiFi Network

http://www.cnet.com/8301-17914_1-57493114-89/home-networking-explained-part-2-optimizing-your-wi-fi-network/

Part 3 – Taking control of your wires

http://howto.cnet.com/8301-11310_39-57498395-285/home-networking-explained-part-3-taking-control-of-your-wires/

Part 4 – WiFi vs. Internet

http://howto.cnet.com/8301-11310_39-57571188-285/home-networking-explained-part-4-wi-fi-vs-internet/

Part 5 – Setting up a home router

http://howto.cnet.com/8301-11310_39-57575434-285/home-networking-explained-part-5-setting-up-a-home-router/

Part 6 – Keeping your network secure

http://howto.cnet.com/8301-11310_39-57580527-285/home-networking-explained-part-6-keep-your-network-secure/

Part 7 – Power line connections explained

http://howto.cnet.com/8301-11310_39-57583742-285/home-networking-part-7-power-line-connections-explained/

More Ways That Scam Artists Use Technology to Rip People Off

Identity thieves and cyber crooks are getting better at coming up with ways to rip us off. A  Consumer Reports study reveals various ways hackers and crooks are using technology to steal from unsuspecting people. Here are just a few examples:

  • “Win an iPad!” links and cramming. If a pop-up ad lures you with a bid to win a hot new piece of technology, but you must include your cell-phone number to play, think twice! Submitting your bid sends a text message to your cell phone that, whether you respond or not, may authorize an unwanted $9.99 a month subscription to some useless service. The charge gets tacked onto your cell-phone bill, where you’re unlikely to notice it. Instead, guard your cell-phone number like a credit card and demand a refund from your cell provider if you’ve been crammed. Tell your wireless and landline carriers to block all third-party billing to your account, and check previous bills for cramming charges.
  • Social media ploys. Consumer Reports points out that social-media networks are “fertile ground for fakery” especially when it comes to fake apps that claim to let you see who’s checking out your profile. Such messages can be spam in disguise, leading to “bait pages” or a link that collects personal information. According to the study, “don’t reveal personal information online to anyone who initiated contact with you unless your trust is certain. Look for the survey company’s name and go to its website independently by reopening your browser, or call it. Ignore product promos from Facebook friends. Use caution in granting access to your profile. And think before you ‘like’.”
  • Smishing. In this type of fraud, a phony link from a major retailer appears in a text message offering, for instance, a $1,000 gift voucher. The goal? Grabbing your sensitive personal information.
  • Email phishing. These scams look like an email from a legitimate company or person but lure unsuspecting consumers into clicking on malicious links or providing personal information like date of birth or Social Security number. Never click on links in emails from banks, or other financial institutions — go directly to their URL and enter your log-in information from their homepage.
  • Old-fashioned scams. This could be a phone call offering a too-good-to-be-true deal, assuming a fee is paid or sensitive financial information is disclosed.

Thieves have their own research and development departments looking into the latest technologies and figuring out new ways to trick you, and the Internet makes it’s easier to reach and market their schemes to people than ever before.

Which path to Internet banking is safest? Your browser (on any device) or an app on your mobile device?

Most users want easier and more convenient access to their bank accounts, but they are not aware of how safe it is to use a mobile banking app. In reality, banking via a mobile app is the safest way to bank via the Internet, because banks can control the security on an app much easier than through a browser.

When customers use their browser to do their banking, they leave themselves open to malware and man-in-the-middle attacks. As we’ve seen in recent bank breaches, hackers can gain valuable information about users’ bank login credentials, even their two-factor authentication credentials in some cases, by keylogging and stepping in between a user and his or her bank’s website. Even when a bank has strong security, if users’ computers are infected with malware or a virus, they may be vulnerable to attack. This same threat is also possible on mobile browsers.

Mobile apps, on the other hand, provide a direct link from the device to the bank, without having to go through any software such as a browser or third-party application. This means banks have much better control over the security and connection of customer interactions. Because these apps are built specifically for a particular bank and its customers, the bank can provide a secure connection using SSL encryption and two-factor authentication that meets the institution’s unique needs.

A consumer may ask: “What if someone gets a hold of my phone? Can’t they then access my account?” Even if someone is able to obtain a customer’s phone, they will still be required to put in a username and password, and if available, provide a second factor of authentication, in order to gain access to the accounts.

According to the Federal Reserve, only about 20 percent of mobile phone users have used mobile banking applications in the past year. Yet most major financial institutions have mobile applications available for popular mobile phones. So why is only one in every five smartphone users utilizing those apps? Fear.

A recent study by Google found that many customers are worried about mobile banking security. This is mostly due to a misunderstanding or lack of knowledge of mobile banking security. Hopefully, this short article clears things up a bit.

Just make sure you download the correct app authorized by your financial institution. There are fakes out there, so don’t make that mistake. Another benefit is that the recent spate of ‘Denial of Service’ attacks launched by hacktivist organizations on major banking websites do not affect the app access channel.

A Reminder That Risks of Online Banking are different for Businesses vs. for Consumers

A $170,000 cyberheist last year against an Illinois nursing home provider starkly illustrates how (especially smaller) businesses are at risk of attacks by cybercriminals.

On Monday, Dec. 17, 2012, computer crooks logged into Niles Nursing’s online banking accounts using the controller’s credentials and tunneling their connection through his hacked PC.

At the beginning of the heist, the miscreants added 11 money mules to Niles’ payroll, sending them ACH (Automated Clearing House) payments totaling more than $58,000, asking each mule to withdraw their transfers in cash and wire the money to individuals in Ukraine and Russia.

Niles’ financial institution — Ft. Lauderdale, Fla. based Optimum Bank— evidently saw nothing suspicious about 11 new employees scattered across five states being added to its customer’s payroll overnight. From the bank’s perspective, the user submitting the payroll batch logged in to the account with the proper credentials and with the same PC that was typically used to administer the account. The thieves would put through another two fraudulent payment batches over next two days (the bank blocked the last batch on the 19th).

In total, the attackers appear to have recruited at least two dozen money mules to help haul the stolen loot. All but two of the mules used or opened accounts at four out of five of the nation’s top U.S. banks, including Bank of America, Chase, Citibank, and Wells Fargo. No doubt these institutions together account for a huge percentage of the retail banking accounts in America today, but interviews with mules recruited by this crime gang indicate that they were instructed to open accounts at these institutions if they did not already have them.

Banking online remains a legally and financially risky affair for any business, regardless of which bank it uses. Businesses do not enjoy the same fraud protections as consumers; if a Trojan lets the bad guys siphon an organization’s online accounts, that victim organization is legally responsible for the loss. The financial institution may decide to reimburse the victim for some or all of the costs of the fraud, but that is ENTIRELY UP TO THE BANK.

 

 Page 1 of 3  1  2  3 »