It is always nice to be able to get on a free Wifi so you are no using up all the data on your payed plan. One very common place to get free Wifi is at a coffee shop like Starbucks. The Wifi name is attwifi and it has a splash screen that makes you agree to some terms of service. You browse the web and do your normal surfing or just check your email real quick while you stop in for a coffee or tea. Many in the security field call this places like these a Target Rich Environment. The number of people, inherent trust, people not paying attention, the various devices be it cell phones or laptops or tablets. You don't wear only your underwear in public so don’t browse in the bare as well. So lets take a look at some ways to be safe and protected.
I have previously written on free or open Wifi but I will go over a few important parts to remember. Anyone can name any Wifi Access Point anything they want to. They can name it something offensive and vile and horrible. They can also name it attwifi. Thats right, it can be the same name as the Starbucks offered Wifi. No, there is no regulation on this or popup that comes up and says sorry this name already in use or please verify that you are a attwifi provider and insert vendor code or anything to that affect. They can set this Wifi access point up on the air and leave it open with no password just like at the coffee shop. The bad guy can set up the internet so that he is a bridge between the access point and the internet. Your phone, laptop, and tablets have a really nice feature that makes your life easier by remembering networks you have previously connected to and just reconnects for your convenience. But wait, how do you know if it is the right one?
You just have to keep in mind that open wifi is and always will be more risky then your home wifi. You do not know who is on the open wifi and what they are doing. Use your best judgment. Dont do anything personal in the clear, use hhtps. Turn off your wifi if you are not using it. I have started this practice since I noticed a few times that I had connected to wifi points I did not initiate myself. Be vigilant and use best practices and you will have a greater level of security.
Friday, April 27, 2012
Wednesday, April 18, 2012
Cell Phone Security Passwords
There are a couple of different types of Password entry methods like the Android Dot swipes or the Apple 4 digit combo. Each can be set to a lower or higher amount of security. The Apple iPhone can be just a simple 4 number code, or in the settings you can increase the ability to put in a full fledge password that you can enter a full password like you would for any website. You can also set it so that if the password is put in wrong 10 times it will wipe it-self. This will put your phone into an out of the box state. But with the right technology it can be recovered but your average regular joe or enemy will not have the skill to recover it. The Android phones have multiple security settings as well and the connect the dot style password can provide sound security if used correctly.
Find what works best for you. If you don’t like that you have to enter it every time the screen goes dark then make it so it requires the password after 20 minuets of not being used. Just know your phone and know what it can do for you. Try adding things and little at a time. If you don't like something then don't use it or try something different. The last thing you want to do is get frustrated at something and just turn everything off. It will make it harder to use or get into your phone. But that is the point. It will make it even harder for the people who don’t know the passwords or limitations.
Now here is the “No Brainer” section.
DO NOT LIST:
Make your code easy. Yes I said it. I know you want to remember it. I know you want to get to your text messages as quickly as possible. Just as quick as you get in makes it that much easier for someone else to get in as well.
Make it something common like: 0000,1234, SSN, Last 4 of Phone Number.
Do not use common swipe methods on the Android like a box or a single line.
Don’t forget to wipe of the screen once in a while you may have left finger impressions where the digits are.
Do not make it so hard you just turn the password option off because you hate typing it in all the time
Do not write it down on something that will be with the phone. If it is in a bag or purse it can possibly be found and used. Nothing better for someone then a piece of paper with Cell Phone Password ********** written on it to help the criminal.
You cant stop everything. Use your best judgement. I hope this helped.
Find what works best for you. If you don’t like that you have to enter it every time the screen goes dark then make it so it requires the password after 20 minuets of not being used. Just know your phone and know what it can do for you. Try adding things and little at a time. If you don't like something then don't use it or try something different. The last thing you want to do is get frustrated at something and just turn everything off. It will make it harder to use or get into your phone. But that is the point. It will make it even harder for the people who don’t know the passwords or limitations.
Now here is the “No Brainer” section.
DO NOT LIST:
Make your code easy. Yes I said it. I know you want to remember it. I know you want to get to your text messages as quickly as possible. Just as quick as you get in makes it that much easier for someone else to get in as well.
Make it something common like: 0000,1234, SSN, Last 4 of Phone Number.
Do not use common swipe methods on the Android like a box or a single line.
Don’t forget to wipe of the screen once in a while you may have left finger impressions where the digits are.
Do not make it so hard you just turn the password option off because you hate typing it in all the time
Do not write it down on something that will be with the phone. If it is in a bag or purse it can possibly be found and used. Nothing better for someone then a piece of paper with Cell Phone Password ********** written on it to help the criminal.
You cant stop everything. Use your best judgement. I hope this helped.
Thursday, April 12, 2012
Cell Phone Security Intro
So as today's cell phone market rapidly expands and technology gets better we use our cell phone for more than we used to with those “Zach Morris” brick phones with the long rubber antenna. Everything from family photos to word documents are now contained in this mini computer in our pocket or purse. These devices which people make references to often “have more technology than the space craft that put men on the moon” have the ability to go from texting to getting directions to checking your bank account. So it is our own responsibility to take the proper steps to protect our things with in reason. While we can not prevent everything. We are going to mitigate as much damage or loss as possible. How disconnected to you feel when you lose or don't have your cell phone with you. Accidents happen. You can drop your phone or leave it in a cab. The worst case it could be stolen by someone who just wants your purse or your nice phone.
But what is it inside these gadgets that we need to protect. Well that is up to you. Maybe you do not keep anything of importance on them. Others could be running their entire home business on them. With contacts and email or credit card numbers to personally identifiable information. We take pictures of precious moments with our children. The applications we use in most cases do not require passwords to be re-entered for ease of use and some people even make note pad entries with all of their passwords and login's since they always have their phone on them. They keep numbers for your family and work and access to the deep dark or not so dark secrets in your text messages. Do you really want a complete stranger or your worst enemy getting a hold of it? One of many security options to prevent the release of your personal information is to set a screen unlock code.
But what is it inside these gadgets that we need to protect. Well that is up to you. Maybe you do not keep anything of importance on them. Others could be running their entire home business on them. With contacts and email or credit card numbers to personally identifiable information. We take pictures of precious moments with our children. The applications we use in most cases do not require passwords to be re-entered for ease of use and some people even make note pad entries with all of their passwords and login's since they always have their phone on them. They keep numbers for your family and work and access to the deep dark or not so dark secrets in your text messages. Do you really want a complete stranger or your worst enemy getting a hold of it? One of many security options to prevent the release of your personal information is to set a screen unlock code.
Sunday, April 8, 2012
Fake Anti-Virus Pop Ups
So I recently received a call from a family member who was in distress. Windows said they had 17 root kits, 23 viruses, and 17 malware. I immediately knew what was wrong. A pop up that looks just like your installed Windows protection programs. You are told that you are infected and you need to act immediately. It will download a program or ask for money in order to cure you of this. The end result is either of to scenario's they want your credit card info or they want to install malware on your computer. THIS IS A SCAM DO NOT BE TRICKED.
This is what they want. But I assure you it is all a trick. I have also received these Pop Ups. But I use a Mac for my casual browsing. So when this Windows Anti-Virus program begins its fake scan and summation of my infection I know that it is a hoax. But to users that are on a Windows PC they think they are actually viewing a valid scan and report. Windows or Microsoft does not require you do download fixes or request payment from you. So all these facts in total prove its deception.
So what is happening here is a combination of amazing techniques. Social Engineering, the hopes that users are untrained and unskilled at Windows, improper Internet Browser settings that allow these Pop Ups, and the hopes that the combination of these will make you fall for the scam. I will help you try and understand or better defend yourself against such deception.
Fear is being used in the form of Social Engineering. Who would no be scared of having all these horrible things on their computer. The Pop Up is showing so many infections and in large numbers in a sight familiar to you or unfamiliar to you. They are preying on your fear of losing your pictures, documents, the fear of damage that will require a new install and have to start from scratch, and all the stories they have heard from their friends. It is common for most people to not have a backup procedure in place. So the videos of the kids or the pictures of your trip to distant place are now at the risk of being gone forever. This is what they want. This is what they expect. Of course you are going to do what ever or click what ever it takes to keep everything from being corrupted and gone forever.
Basis computer training and knowledge are not always as great as others. And everyone can not possibly know everything. So you may not notice this is a Pop Up initiated from your Web Browser. You may not run scans or have them run at a time that you are not actively using your computer. You may not know all the tricks and traps that attackers use. And they can change so frequent that you can not keep up unless that is your job. You should become familiar with all the security products and software you have installed on your computer. The Firewalls, the Anti-Virus, and the pre-installed security software from what ever flavor of Windows you use. While it is plausible that you have become infected and to some degree of the extreme the numbers the pop up give are only to induce fear. We are all becoming the residents of the Internet community. And we must educate ourselves at the most basic functions and use of the internet. I would not jump in the pool without knowing how to swim. And if you do I suggest wearing floaties.
There are a few different browsers that can be used to interact with the World Wide Web. Choose what you like best. They each have their strengths and weaknesses. It just comes down to personal opinion. You just need to become familiarized with the nuts and bolts. Go through the preferences. Download the addons. Find what works for you. There is always a balance to be found with Security and Convenience. The tighter the controls the harder it will be to display or use lots of bells and whistles on a website. But on the other side it will keep bad things from happening like remote code or pop ups. You just have to find what works for you because if it is too strict you are going to bypass it anyway.
Just use your best judgement. Close the Virus scan and open your own. The best security is the one you start yourself. That being said don’t use security that is offered to you when you did not seek yourself. I learned this from Steve Gibson a Master and Mentor to Security Professionals.
This is what they want. But I assure you it is all a trick. I have also received these Pop Ups. But I use a Mac for my casual browsing. So when this Windows Anti-Virus program begins its fake scan and summation of my infection I know that it is a hoax. But to users that are on a Windows PC they think they are actually viewing a valid scan and report. Windows or Microsoft does not require you do download fixes or request payment from you. So all these facts in total prove its deception.
So what is happening here is a combination of amazing techniques. Social Engineering, the hopes that users are untrained and unskilled at Windows, improper Internet Browser settings that allow these Pop Ups, and the hopes that the combination of these will make you fall for the scam. I will help you try and understand or better defend yourself against such deception.
Fear is being used in the form of Social Engineering. Who would no be scared of having all these horrible things on their computer. The Pop Up is showing so many infections and in large numbers in a sight familiar to you or unfamiliar to you. They are preying on your fear of losing your pictures, documents, the fear of damage that will require a new install and have to start from scratch, and all the stories they have heard from their friends. It is common for most people to not have a backup procedure in place. So the videos of the kids or the pictures of your trip to distant place are now at the risk of being gone forever. This is what they want. This is what they expect. Of course you are going to do what ever or click what ever it takes to keep everything from being corrupted and gone forever.
Basis computer training and knowledge are not always as great as others. And everyone can not possibly know everything. So you may not notice this is a Pop Up initiated from your Web Browser. You may not run scans or have them run at a time that you are not actively using your computer. You may not know all the tricks and traps that attackers use. And they can change so frequent that you can not keep up unless that is your job. You should become familiar with all the security products and software you have installed on your computer. The Firewalls, the Anti-Virus, and the pre-installed security software from what ever flavor of Windows you use. While it is plausible that you have become infected and to some degree of the extreme the numbers the pop up give are only to induce fear. We are all becoming the residents of the Internet community. And we must educate ourselves at the most basic functions and use of the internet. I would not jump in the pool without knowing how to swim. And if you do I suggest wearing floaties.
There are a few different browsers that can be used to interact with the World Wide Web. Choose what you like best. They each have their strengths and weaknesses. It just comes down to personal opinion. You just need to become familiarized with the nuts and bolts. Go through the preferences. Download the addons. Find what works for you. There is always a balance to be found with Security and Convenience. The tighter the controls the harder it will be to display or use lots of bells and whistles on a website. But on the other side it will keep bad things from happening like remote code or pop ups. You just have to find what works for you because if it is too strict you are going to bypass it anyway.
Just use your best judgement. Close the Virus scan and open your own. The best security is the one you start yourself. That being said don’t use security that is offered to you when you did not seek yourself. I learned this from Steve Gibson a Master and Mentor to Security Professionals.
Subscribe to:
Posts (Atom)