I posted this article as a reply to an earlier post about CAPTCHA codes and how they keep out automated bots but I think this is still interesting:

http://www.physorg.com/news/2011-11-stanford-outsmart-captcha-codes.html

It’s just more proof that the more we fight all the new malware and bots, they can always fight back. This time luckily it was from people who had no intention of doing anything bad with it (hopefully) but what if others had created that with the intention of maliciously attacking sites such as Ebay? This like this are how we stay ahead of the game. Whenever a new system to keep things out comes along, the first thing people need to do to make sure it works is to try as hard as they can to break it because there will most definitely be others trying.

Gaming Safety

In a time where online games are so common, many people can get lost in the game and not think about safety while playing. Often, people will simply give out their personal information to players online. This can be as simple as a first name or even giving out an address. It is very easy to get somebody to reveal information about themselves simply by being friendly and developing connections with people that aren’t really there. As an example, and yes this worked way too often, while playing a game online most people would tell me if they lived in the United States and then go on to tell me what state they lived in. If I just told them I lived in that same state, more often than not I got towns and streets out of people online as well as their name if I asked nicely enough.

This is exactly what people do to try to attack a person through their identity. People are always concerned with if they are keeping their information safe and not downloading sketchy things or visiting unsafe sites, and yet they will give out that same information to random strangers online without a second thought. This kind of behavior seems to follow along the same lines as giving out passwords for chocolate (another test that worked much better than it should have.)

Social Networking Pros and Cons

So much time is spent talking about how terrible social networking sites are but few people ever see that these sites can have a real benefit to society in some ways. In this article:

http://socialnetworking.procon.org/#Background

the topic of politics brings up an interesting case in social networking. Especially in a younger generation who spends a great deal of time on sites like Facebook, social networking helped to spike their interest and get them following politics through the sites themselves. Apparently they were a good source of information regarding political campaigns.

Unfortunately, most of the time the cons outweigh the pros when it comes to social networking and the big issue with these sites is security. While many of these sites are doing a good job of trying to protect against security issues, the one thing none of them can get around is the ignorance of the average user. According to the article, in just one year, phishing on these sites went up by 240%. This wouldn’t be nearly so high if it didn’t work a good amount of the time and unfortunately, many people grow up knowing how to use the internet but not about how to protect themselves against obvious scams such as this.

Tips for Avoiding Malware

http://www.microsoft.com/security/pc-security/protect-pc.aspx

 

This just had some basic tips in order to avoid malware issues. Most of it is common knowledge but just some key points:

- Install anti-malware programs on the computer. More than one can be beneficial since different programs update at different times so one might not catch something that another would. Also, make sure they are always fully updated.

- Use strong passwords. The article recommends passwords at least 14 characters long but even longer is better. Stronger passwords use upper and lowercase letters, non-alphabetic characters, and tend not to follow a recognizable pattern.

- Don’t be tricked. Possibly the most important piece of information contained in the article had nothing to do with technology. If something online doesn’t seem safe, odds are that it isn’t and a good amount of the time things that do seem relatively safe can still contain malware. Knowing this, one of the most effective strategies is to distrust any unknown sites, downloads, or links and hopefully whatever anti-malware software is installed can filter out anything that might slip by.

Link

A good example of phishing is what happened to Apple recently. Emails were sent out that, according to an Apple employee, looked very similar to a real email that had gone out very recently. The email was regarding a supposed change in account information and linked anyone receiving the email to a site where they could verify their account information by providing their log in information.

While this can very easily be a legitimate email, this one led to an alternate site that sent any information entered to the people who set up the scam. Unfortunately, many people simply accept strange things happening with online accounts when they aren’t particularly technology literate and with a very large population for an easy to understand program such as Itunes, odds are there are going to be many people eager to make sure their account hasn’t been compromised and do the very thing they were trying to avoid.

Since the sites look very legitimate, the only way to tell if the site can be trusted is by actually looking at what site the email forwards people to or, in other cases, the return email itself can be a giveaway. Fortunately, as the article points out, websites are much harder to spoof than an email and with this kind of attack, most people would see quickly that the site they are being directed to wasn’t affiliated with Apple or Itunes and leave.

 

The article is here: http://cyberinsecure.com/phishing-campaign-fake-legitimate-apple-emails-steals-victims-id-and-password/

Dumpster Documents

Just to prove that data isn’t safe no matter whether it’s physical or on a computer somewhere, documents containing vital information from the Ministry of Children and Family Development were found in a dumpster behind an apartment building. For security this was a serious concern since vital information got leaked, supposedly by an old employee who was required by law to turn in any private information when leaving a government position such as his.

Concern with network safety isn’t enough. There are many ways of obtaining private information that need to be analyzed in order to prevent occurrences such as this from happening where the big mistake was throwing away information.

 

The article can be found here: http://cyberinsecure.com/private-canadian-childrens-ministry-papers-dumped-in-trash-contain-names-addresses-birth-dates/

Computer Monitoring

This article advocates for computer monitoring in the workplace. According to the article, doing so can secure data by blocking websites or alerting people to new threats or malware. Overall, the only legitimate reasons the article gave for monitoring computers was to ensure that employees in a business are using the computers for work purposes only. The only reasons in the article for network security do not require computer monitoring software to be effective. Websites can still be blocked and emails regarding threats can still be sent via email. The fact that employees might not support this kind of “safety” was addressed very briefly but overall, it didn’t seem to really be considered. This is a very good example of people trying to avoid the problem of network security instead of addressing it and educating employees about the threats they are supposedly being protected from.

The article can be found here: http://smallbusiness.chron.com/benefits-effects-computer-monitoring-workplace-897.html

Laws of Security Administration

In this article (http://technet.microsoft.com/en-us/library/cc722488.aspx), what they consider the “10 Laws of Security Administration” are covered. Not surprisingly, many of the laws they post are exactly what was covered in Cyber Self Defense.  The last one especially “Technology is not a Panacea” is what most people fail to realize. They go on to cover that there is no guaranteed safety from software or hardware alone. It takes lots of awareness, planning, and constant administration. All of the tips in the article should be obvious to anybody in a network security field, but it seems to be a very good article for people who don’t typically concern themselves with this area or tend to ignore it altogether.