Semester-End Thoughts

Chapter One – Wrap It Up!

by Debi Ides

During this assignment/project I do not believe my opinion regarding “Fraud, Phishing, and Identity Theft” has changed. I have learned a bit more on the subject, more than anything; I have learned that there is so much more that I need to know, and learn so I can be a productive, successful IT Security Professional.

Regarding, the use of “WordPress” itself, (which was another learning experience) I had never “blogged” before and found that to be a little scary, yet liberating. There are lots of tools at hand, at WordPress, that I have not had the chance  to apply to my blog. I plan to keep updating and hopefully someday will actually have a following audience.

I am happy to have been a part of this project but again feel there is so much more to learn. With all of that said, this is just the end of “Chapter One” for me. I choose to keep searching, and learning…..which will always be necessary for me to reach my goals.

Futuristic Cyber-Sleuthing?

Will Cyber-Crime be an issue in the future?

- by Debi Ides

There will always be controversy regarding “Fraud, Phishing, and Identity Theft.” Because, these issues are human generated and sometimes affect people personally. There are many opinions and views regarding using “hackers” as security professionals, and new cyber-security threats all of the time. There is corporate, government, and “just people” in jeopardy due to these genius hackers that are most likely high-school kids or even younger! Some of who, just do it for fun, or because they can, while others have a more evil, devious plan to crash servers or completely render a network useless.

As new technology is discovered and implemented there are new avenues to hack or new securities that need to be implemented, each of these opening up a point of access to guard and keep unauthorized users out. However, this is good news to IT professionals, especially those who are educated in security and auditing; at the corporate level we are beginning to see CIO’s (Chief Information Officers) rising to the top of business ladder because of the new age of Information Technology and the need to have professional in place to guard these technologies.

These issues, in my opinion, will never go away. They will continue to escalate, as the need and use of new technology is introduced. I believe education is are best weapon against these cyber predators. The more we learn how are networks and electronic devices are breached, we are more capable of protecting these sources.

International Cyber-Crime site:

http://www.4law.co.il/6.html

Information regarding  educational programs in Cyber-Security:

http://www.e-evidence.info/education.html

Keep up-to-date on current “hacker” news:

The Hacker News

We Don’t Think IT Security Is Important!

We Don’t Think IT Security is Important:

by Debi Ides

Just last week, while talking with a friend, he casually mentions “yeah, I got an alert from my bank that my credit card was used again.” I said, “Again!, you haven’t done anything to prevent this?” He answers with, “my bank doesn’t charge me, they reverse charges, it takes a couple of days.”

The conversation did not end there. I probed a little bit. First I asked if he was at home when he made these purchases….yes, he was. Secondly, I asked him when he logs on is he using Administrator or Standard user. “I only have one user on my computer.” I explained to him that he needs to remedy this immediately as well as always making sure he is on a “https” site when using his credit card.

Well, sad but true, that’s the attitude of most people. Those that are security professionals need to talk to more people in their personal networks. Get the word out, talk to your relatives and co-workers. With the little knowledge I have, I try to drive the importance of IT security into people around me, especially those I know that use Social Networking such as Facebook, etc. When it comes down to it, most people just don’t care!!

Below is a perfect example of what could actually happen, and probably does. It’s really scary to watch. I myself, was forced to “unfriend” many of my contacts from my Facebook, and have not finished cleaning-up yet; I still need to “remove apps” from my page.

If you are one of those skeptical people or one that dismisses internet or computer security or believe it’s not important. Click on the “Take this lollipop” link below. It might change your mind!

http://www.takethislollipop.com/

http://defintel.blogspot.com/2011/07/it-security-isnt-important.html

Murky Waters

It might seem kind of “phishy,” but I believe the most secure Networks and Systems are secured by “hackers.” Because hackers have the knowledge and skills to get in, this means they will have the knowledge and skills to keep others out. For myself, I am just beginning. There is so much information out on the Web and Internet regarding security. The Internet is a great provider of information, instant access to probably anything you can think of. It has become so easy, and a way of life for most to simply pick up your device like a tablet or smartphone and “Google” any information you may need or want. We browse the Web, check email several times a day putting ourselves at risk of becoming victims of cyber-crime. New technology leads to new threats. The need of more technology to fight those threats becomes necessary. It’s an evil catch-22.

With that said, I believe education and awareness are our best plan of action to avoid becoming victims of cyber-security . Many people I know are still extremely cautious and avoid using the Internet and Web- based services to shop or bank. I would like to think I have found a happy medium, keeping strong passwords and only using secure sites…

…but, we are all human, and by nature are curious. We all will inevitably click once too many times, and unlike turning down the wrong road and just making a “k” turn, if navigated to an unsecure site or you are tricked into sharing personal and or sensitive information; the “back” click or going in reverse will not help.

Be careful where you surf. Do not open emails from unknown sources, if you must, and cannot help yourself or, “just check them out,” be very wary of links and attachments. Before you use your PC and/or Laptop again; be sure to setup a second user with standard user permissions. Never use your “Administrator” user on a regular basis. This leaves you wide open for malicious attacks.

Please make sure that you are using a recently updated password with at least 8 characters in total, while using upper, lower case, special characters, and numbers. This helps avoid any access to your information whenever you are logged on websites.

Lastly, make sure to keep your computer and devices updated with new versions and security patches.  These tips will hopefully help you keep your home computers, Smartphone’s, and portable devices safe.

Happy Surfing!

Amazing source of information can be found regarding all aspects of security interests at:

The Open Web Applications Security Project:

https://www.owasp.org/index.php/Top_10_2010-A9

                                                

                                                         “https://www.trustwave.comRoy Lamond, M.Ed.,Trustwave, n.p, n.d.

Keep Yourself “Off The Hook”

-History of Phishing

Phishing originated sometime around 1995. It was not until around 2005, everyday people heard or knew about it. People all over the globe fall victim to phishing scams every minute of every day. To avoid being a part of the statistics, it is smart to do some research to understand how phishing works.

Phishing scams use fake emails and websites to lure people using links and/or prompts for use in fooling the user to provide personal/sensitive information. The earliest hackers were called “phreaks.” Phreaking is a term to describe the underground communities which explore and study different telecommunication systems. This is the reason the “ph” is used in place of the “f” in the spelling.

“America Online” is the first known case of criminal issues regarding Phishing. As per record on the internet, the first event using the term “phishing” occurred in a Usenet newsgroup called alt.online-service.america-online and was recorded on January 2, 1996.

In 2001, phishing attention was targeted at online payment systems. The first recorded attack is known to be E-Gold in June, 2001, which was not considered successful. By 2003, phishers used email worms and spoofed email to PayPal customers, leading these people to sites that requested them to update credit card information. These phishers had dozens of  registered domains that appeared legitimate using eBay and PayPal. By 2004, phishers graduated to banking sites and their customers. Since then, more sophisticated ploys and methods have been executed and deployed.

The best defense is knowledge and awareness. if you think you have been the victim of phishing or identify theft, please contact the following agencies:

Report all phishing activity to the Federal Trade Commission at www.consumer.gov/idtheft or call  (877) IDTHEFT

Major Credit Bureaus:

Equifax (800) 525-6285

P.O. Box 740250

Atlanta, GA 30374

www.equifax.com

Experian (888) 397-3742

P.O. Box 1017

Allen, TX 75013

www.experian.com

TransUnion (800) 680-7289

P.O. Box 6790

Fullerton, CA 92634

www.transunion.com

                                                                               “History of Phishing,” n.a, n.p, Phishing.org, © 2012

Using & Choosing Strong Passwords To Avoid Identity Theft

As my first weeks blog assignment relating to Fraud, Phishing, and Identity Theft; I chose to talk about passwords. Passwords are one way of protecting our data and systems from Identity Theft. You could be a victim of a hackers that reads and/or deletes your files when you are browsing the internet. Hackers can use your computer to do illegal searches and send malicious data and or viruses to end user of their choosing. Sometimes banking institutions or local police or government agencies. They can also collect passwords stored on your computer without your knowledge.

This blog was prompted by a remark made by a team member at my job yesterday. Her password had been changed by our MIS Department and though she did not share what it was, it was very apparent to me that it was some obscure letters and characters she was sure she would never remember.

All of us that use computers (including you, if you are reading this) need to remember several passwords for different programs and applications whether at work or home.

I personally like using sentences as prompts to remember passwords like: “Strong Passwords are very important to use” would be SPavi2u

Here are some other tips I gathered that I believe make sense and might be helpful to you if you are struggling for new passwords, or a way to remember them.

  • Use strong passwords, at least 8 characters long
  • Never use name, address, or birth date
  • Do not use children, grandchildren or relatives names
  • Use upper case, lower case, numbers, and special characters or symbols ((!,@,#,$,%, etc.)
  • Avoid Dictionary words

http://www.microsoft.com/atwork/security/worksecure.aspx#fbid=kSRZw329kjz 

 

“10 ways to work more securely”  Microsoft, n.pag. © 2012