cybersecurity

Things are so different today…
— 

I mean, I grew up in the era of, I’m sure you Millenials have heard the term, “The Iron Curtain”.  I do remember getting under my school desk to survive a nuclear attack by the Russians…

But a friend of mine never heard of the “The Bamboo Curtain”, aka China. Of course there was its infamous cousin the Berlin Wall, which btw never made much sense to me as a calling card for Communism…

So for whatever the “artistic value” "The Interview" has or does not have, and with its distribution for now cancelled, due to (possibly) real threats, I get that part, the “other side” has put their metaphorical claws into more than our cyberspace, in a way that was unimaginable when I was in my twenties….creeps me the f**k out.

Stranger than fiction….to my generation, a generation ago.

I’ve always felt sorry for the People of North Korea….

The Senate passed a bill meant to protect the nation’s critical infrastructure against cybersecurity threats on Thursday. The Cybersecurity Act (S. 1353) would allow for the creation of a set of industrial standards to protect key industrial sectors including energy, telecommunications and finance.

The standards would be voluntary, and developed as a partnership between the Department of Homeland Security with private industry leaders to reduce the risk of cyber attacks. The bill now heads to the House of Representatives for further review.

The Cybersecurity Act has four major components including the creation of new standards. They include a federal “research and development plan to meet cybersecurity objectives, including how to guarantee individual privacy, verify third-party software and hardware, address insider threats, determine the origin of messages transmitted over the Internet, and protect information stored using cloud computing or transmitted through wireless services.”

The act also calls for federal support of “competitions and challenges” meant to stimulate innovations in cyber security, as well as national campaigns to raise awareness and understanding of the risks involved with “use of the Internet” and “social media.”

The act codifies the Department of Homeland Security’s existing National Cybersecurity and Communications Integration Center. The bill calls on the center to serve as a federal civilian information sharing interface for cybersecurity. It also authorizes the center’s current activities to share cybersecurity information and analysis with the private sector, provide incident response and technical assistance to companies and federal agencies and recommend security measures to enhance cybersecurity.

“Cyber security is one of the biggest national security challenges our country faces. Our laws should reflect that reality,” Sen. Tom Carper (D-DE) said in a statement. “It is critical that the Department continues to build strong relationships with businesses, state and local governments, and other entities across the country so that we can all be better prepared to stop cyber attacks and quickly address those intrusions that do occur.”

Sen. John Rockefeller (D-W.V.) authored the legislation, which passed with unanimous consent, according to The Hill. Rockefeller is chair of the Senate Commerce, Science and Transportation Committee, but has announced he will not seek reelection this year.

As I keep saying, we no longer live in a world where technology allows us to separate communications we want to protect from communications we want to exploit. Assume that anything we learn about what the NSA does today is a preview of what cybercriminals are going to do in six months to two years. That the NSA chooses to exploit the vulnerabilities it finds, rather than fix them, puts us all at risk.
—  Bruce Schneier at Schneier on Security. NSA Hacking of Cell Phone Networks

The latest news is in! http://exploitarchive.com/hackers-may-have-exploited-sonys-weakest-link/

Hackers may have exploited Sony’s weakest link

SAN FRANCISCO: Hackers who forced Sony Pictures to cancel recover of a comedy about North Korea expected slipped past a party titan’s defences by exploiting a diseased mark — humans. That theory prevailed on Thursday (Dec 18) among cyber confidence specialists piecing together clues…

Cybersecurity expert: Answering North Korea hack on Sony is tricky

HAMPTON ROADS, Va. (WAVY) – U.S. officials say they are planning to respond to the cyberattack against Sony Pictures, but a one security expert told WAVY.com that could be a difficult task.

Officials said they believe North Korea was behind the hack into the entertainment company, which included terrorist threats and led to the cancellation of the premiere of “The Interview.” The movie follows…

View On WordPress

Cyber-security experts discover lapses in Heartbleed bug fix

Cyber-security experts discover lapses in Heartbleed bug fix

TORONTO: Cyber-security experts have found an “extremely serious” bug that may pose an even more preponderant risk than the recent Heartbleed bug, and could affect hundreds of millions of computers ecumenical. It was the middle of tax season. Millions of Canadians were rushing to file their 2013 tax returns afore the April 30 deadline and then, without admonishment, the Canada Revenue Agency’s…

View On WordPress

Social Media Safety: Privacy Tips

image

It’s Not You, It’s Me

When hackers broke into the Home Depot database and stole massive amounts of credit card information, they did it by targeting a vendor who had a valid username and password. In other words, they didn’t pick the lock so much as they stole a key.

This is a similar concern for social media. You may think you know who can see what you post and share online, but the truth of the matter is that somewhere in your social network is a vulnerable weak link.

A good rule of thumb is to not post anything that you wouldn’t want made public knowledge. You may have the best privacy settings possible, but if your friend’s account gets compromised, those settings go right out the window.

Example: You may think you’re only sharing something with your friend Samantha, but if Samantha - who has used the same password for everything since High School - get’s hacked by her ex boyfriend…drama ensues.

Between Coursen Security GroupDate Site Data and pro bono work with a survivor advocacy group, I spend a good part of my day helping people who are being harassed, threatened and stalked both online and in person. In order to minimize risk, one of the first things I do is to conduct a vulnerability assessment. Many clients are surprised to learn how much “open source” information can be obtained through a “Deep Web" search and how easily their computers, wifi routers, and mobile applications are vulnerable to attack.

One of the first steps to ensuring safety is to embrace a positive protective posture; one that embraces a preventative methodology rather than a reactive response.

Here are a few tips and tricks to help get you started:

 

Security Settings Exist For A Reason

The recent cyber attack on Sony have brought much attention to online security protocol. The FBI was quoted saying that “90% of US Companies are vulnerable to attack.” Other security firms have estimated this likelihood as high as 97%.

Hacking is going to happen. It’s just the nature of today’s marketplace. However, it is important to understand that while it is nearly impossible to protect everything all of the time, the bad guys can’t attack everything at the same time either.

So what do we do?

  1. We don’t make it easy for them to get in. Strong passwords and protective measures matter.
  2. We don’t give away the store if they get inside the door. We compartmentalize and segregate the most critical information.

(Like a Bank: Security at the front door. More security behind the teller desk. Yet, even more security to get into the vault.)

PASSWORDS AND UPDATES

You don’t need a bullet proof door to keep your home safe, and you don’t need CIA-level encryption programs to keep your computer safe. But you DO want your front door to be shut and locked and you DO want your computer to have a strong password. Not being bothered enough to take even the most basic of precautions will most certainly come back to haunt you. (Remember Jennifer Lawrence talking on the red carpet about not bothering with her iPhone updates?)

Strong passwords combine capital and lowercase letters with numbers and symbols to create a more secure password. Separate passwords for every account to help thwart cybercriminals. It’s best if passwords are changed frequently (every 90 days) and immediately after ending any personal or professional relationships.

Avoid using words found in the dictionary. Instead, modify words you can easily remember and spell them using symbols and numbers whenever possible. Example: B@seB*11

Most of the updates that come across your screen are related to security updates that reduce vulnerability and patch security flaws. Always choose Yes!

 

Privacy Settings

The privacy settings on mobile applications and social networks allow you to control who can view the different aspects of your profile. Take a few minutes right now to update your settings and take control of your online experience in a positive way.

ALL FRIENDS ARE NOT CREATED EQUAL

Connecting a large group of friends and coworkers who would otherwise never meet helps foster new friendships. This DOES NOT mean they should all have the same level of access to everything you say and do online.

Consider making groups that compartmentalize your social network into smaller groups like work, family, friends, and perhaps a more specific “trusted” group that may include those who overlap certain boundaries.

THINK BEFORE YOU LINK

Research shows that 75% of corporate recruiters have rejected candidates based on information they found online. Recruiters respond positively to a strong personal brand so think before you link and don’t post anything online you wouldn’t want to be made globally available. (SONY)

  WHEN IN DOUBT, THROW IT OUT

Most malware is delivered in the form of downloads, links, fake profiles, and false friends. If it looks suspicious, throw it out. Always check the address bar for a known and trusted address like, “www.facebook.com/" and not something like "www.facebook35.ki" or "www.2facebook1.php." Fraudulent domains names like these are a giveaway of nefarious activity intending to compromise your private information.

STOP UPDATING YOUR RELATIONSHIP STATUS

The people in your life who matter already know if you are single, married, dating, on-a-break, or involved in something “complicated.” Regardless of your personal situation it is usually unfavorable to make your relationship status public knowledge.

Those who have harassed or stalked you in the past would love to know that you just became newly single. In the mind of a pursuer, changing your status to “Single” is a green-light for them to use your update as an excuse to contact you. It also let’s them know that you are likely now spending your nights home alone. A positive protective posture is your best course of action, so it”s best to leave the relationship section blank.

KEEP PRIVATE INFORMATION PRIVATE

Embrace the “less is more” philosophy when it comes to your personal information. Be mindful to not post pictures of your home, your car, your office, your parking spot, and other distinguishable facets of information that make it easier for you to be singled out of the crowd and identified. The more information you provide to your online audience, the easier it may be for someone to use that information to target you for identity theft, data breaches, harassment, or stalking.

KEEP SENSITIVE CONTENT ON A PASSWORD PROTECTED EXTERNAL DRIVE

In addition to being a preferred practice for regularly backing up your computer, it is best to keep photos, emails, documents, and other files which may be private or sensitive in nature on an password protected external hard drive that is not connected to the internet.

These devices are lightweight, mobile, and small enough to travel with you yet keep your private files compartmentalized and separated from being compromised by a security breach to your network.

REAL FRIENDS LOOK OUT FOR EACH OTHER

Everyone has a different tolerance for how much they want the world know about them. Similarly, everyone has a million things going on in their own life that may not be for public knowledge. Be honest about those pictures, posts, and tags that make you feel uncomfortable and let your friends know how you feel. Likewise, be sure to keep an open mind and respect the opinions of others when it comes to postings you have made with regard to them.

DON’T CHECK-IN UNTIL YOU CHECK-OUT

Lot’s of people love to use the geo-location and “check-in” features of Instagram, Facebook, and Twitter. The problem is that now you’ve just told everyone where you are and where you are not. If a stalker is trying to find you, you’ve just told them where you are. Same goes for the robber determining which homes offer the highest likelihood of success. Live-tweeting your vacation from the beach makes you that much more of a candidate.

When in doubt, turn off the geotagging and if you want to share the moment with friends and family who aren’t there with you, use text or email. Wait until you get home to share with those who don’t matter the most.

UPDATE BASIC INFRASTRUCTURE SETTINGS

Regularly running virus scans on your computer and updating the security features of your wireless router are extremely important. This is especially the case if you have had your wireless router for a few years and you are still using WEPencryption.

Standard WEP is easily cracked within minutes and only provides a false sense of security. An amateur hacker can defeat WEP security in a matter of minutes. If you are still using the default router password posted on the bottom of the router, it’s even easier. Unfortunately, many people set their wireless routers up years ago and have never bothered to change their wireless encryption from WEP to the newer and stronger WPA2 security. Updating your router to WPA2 is easy as browsing the manufacturer’s website for details.

Interested in learning more?

www.SpencerCoursen.com

Follow on Twitter: @SpencerCoursen

Files of More Than 40,000 Federal Workers Breached - Contract Cancelled

Files of More Than 40,000 Federal Workers Breached – Contract Cancelled

http://www.ready.gov/ (Photo credit: Wikipedia)

More and more we are seeing computers being breached and files being exposed into the wild. Smartfile by Cybergy Partners has the ability to notify you that someone is accessing your files before it shows up on the front page of the Washington Post.

What is even more concerning is that this is the second firm that handles the security clearanceproce…

View On WordPress

Sony hack renews cybersecurity push
Via Google Yahoo & Bing News Search Cybersecurity
December 19, 2014 at 11:37AM

White House Economic Council Director Jeff Zients pointed fingers at Congress on Thursday for not acting fast enough on cybersecurity legislation, in the wake of news that North Korea was behind the Sony Entertainment cyberattack. “We’re doing what w…

Read more: http://ift.tt/1zFQOTR

The latest news is in! http://exploitarchive.com/brandpost-how-to-train-your-staff-on-cyber-security-and-make-it-stick/

BrandPost: How to train your staff on cyber security (and make it stick)

A clever confidence process is one thing. Employees’ tangible confidence behaviors are mostly utterly another. In a formidable and fast changing universe of cyber security, experts contend that training is essential to keep workers adult to speed – and safeguard your business stays safe. How do …

Despite the accusations, there's still little evidence linking North Korea to the Sony hack

Despite the accusations, there’s still little evidence linking North Korea to the Sony hack

After weeks of rumors and speculation, it looked like the mystery surrounding the hackers who hit and embarassed Sony Pictures in the last few weeks may have finally been solved: North Korea did it, according to anonymous U.S. officials quoted in various news reports on Wednesday. “We have found linkage to the North Korean government,” said one of the anonymous sources See also: Sony ends ‘The…

View On WordPress

youtube

Is Sony greed the reason why it had to pull “The Interview?”