Shop Safely on Cyber Monday
By Stephanie Humphrey
Shop Safely on Cyber Monday
3 tips to protect yourself online this holiday season and year-round
It’s the most wonderful time of the year! The holiday season is upon us, and judging by the fact that stores are opening for Black Friday shopping on Thursday (!), it appears that retailers are ready for the gift-buying rush. Cyber Monday should also be a boon for stores and shoppers alike, with experts predicting sales topping the $2 billion mark. Unfortunately with all the folks rushing to the web for a bargain, cyber criminals won’t be far behind trying to take advantage of the chaos. Here are a few tips you can use to try to stay safe while shopping online.
Be on the lookout for phishing scams: The easiest way for someone with bad intentions to take advantage of you is to get you to do the dirty work for them. Sure, that offer from what appears to be Amazon or Walmart for a $99 iPad Air might seem too good to pass up, but you know what they say about something that looks too good to be true, right? Steer clear of emails claiming “amazing” discounts, no matter who sent them, and it’s always a good idea NOT to click on any links. We all know that there are some folk that like to prey on your sympathies this time of year, so do your research before donating to any charities as well. If you insist on checking, copy and paste the link in your browser. Clicking the link could send you to a bogus website where someone is just waiting to steal your credit card info, or it could infect your computer with a virus. Also, make sure your anti-virus software is up-to-date.
Don’t do any shopping over public Wi-Fi: While it might be tempting to try to knock some of those names off your gift list while sipping a latte at Starbucks, try to resist doing any shopping online using public Wi-Fi. It’s much easier than you think to be hacked, and even easier for someone to steal your info simply by looking over your shoulder. If you absolutely have to use public Wi-Fi, consider setting up a virtual private network (VPN) for added security. Even if you’re shopping at home, make sure you have a strong Wi-Fi password, and always look for ‘https’ in the URL on the payment page of any website.
Read the rest here.
Hack for LA Starts the Ball Rolling at LA Tech Summit
An interesting article by Catherine Clinch:
Computer hacking gets a bum rap. When you see hackers in movies, they are rebellious social outcasts who dress slovenly and have a grudge against somebody or something that has done them wrong. Sometimes the hacker is portrayed as an upscale hipster who hacks for financial gain. Other times, the hacker is merely a terrorist with a high IQ and the ability to crash any government system with a line of code and the push of a button. Maybe that’s why I get such odd looks from people when I tell them that my newest obsession is participating in Hackathons.
The Urban Dictionary explains that the act of hacking can also be a positive thing.
“Hack: To program a computer in a clever, virtuosic, and wizardly manner. Ordinary computer jockeys merely write programs; hacking is the domain of digital poets. Hacking is a subtle and arguably mystical art, equal parts wit and technical ability, that is rarely appreciated by non-hackers.”
UD goes on to explain that there are three classifications of hackers: “White-hat (hacking for the enjoyment of exploration); Black-hat (hacking to find exploits and system weaknesses); and Grey-hat (someone who is a little of both).
Hackathons focus on White-hat hackers. Sponsor companies lift the veil of secrecy to share their Application Programming Interface (API) code with independent developers who may be the key to innovation in the specific topics featured at each hackathon. In other words, the same code that powers Google maps could be incorporated into an app developed by two kids from Boyle Heights to create a mobile tool that is useful to individuals or a community at large.
Read more here.
MIRCON 2013 Review
A Review by Chris Carpenter, a SecurityOrb.com contributor:
I attended Mircon this year for the first time. It was an interesting experience. I was very impressed with the keynote speakers but overall the security presentations were far too sales pitchy for my tastes. Maybe I have been spoiled by BlackHat and Defcon but I expected more. I really shouldn’t be surprised though. A conference named after Mandiant and sponsored by Mandiant can be expected to be a sales pitch for Mandiant.
Kevin Mandia kicked off the conference with the opening keynote, “Minding the Security Gap”. He highlighted the effectiveness of a recent Syrian Electronic Army (SEA) attack on the twitter account of the Associated Press. The hacked account was used to tweet that the White House had been attacked. These tweets resulted in a negative impact on the stock market. Mr. Mandia highlighted the fact that the attack was executed in less than 11 minutes. He used that point to highlight the speed and effectiveness of current attacks. He is proposing that network defenders need to be able to go from alert to fix in under 10 minutes. Naturally, the use of Mandiant products can help with this.
Kevin was joined by three of his Vice Presidents who each highlighted their experience in handling and responding to real world security incidents. One of the interesting points highlighted in the presentation was the overall decreased use of malware in attacks. Attackers now frequently execute attacks without installing malware on systems. After initial breach many attacks utilize existing software and trust to exploit the system.
The keynotes by General Michael Hayden and Director Robert Mueller were excellent. General Hayden’s “Cyber Security: Will it Always Be This Hard?” was very entertaining. He provided a wide overview of the threat landscape discussing in order of threat Nation States, Criminals and Hacktivists. He posed an interesting scenario around what if Edward Snowden was returned to the US, tried and convicted? Would the hacktivist community react? What would/could they do? His point being that with the right stimulation the hacktivist community could be as dangerous as a nation state.
The general also commented on the concept of hacking back. While not directly advocating the practice the General did acknowledge he believed US companies are already engaged in this practice. He went a step further to reference Article I of the US Constitution which states that, “The Congress shall have Power To … grant Letters of marquee and reprisal …” In its original context this related to hunting pirates on the open seas. Translated to 2013 this would be applied to the pirate’s modern electronic equivalents, hackers. The concept of Fortune 500 companies being authorized to hunt and attack the hackers who have attacked them is both fascinating and terrifying in its implications. His simple thought on this is that the US Government is not in position to defend every corporation nor does it necessarily have the authority to do so. Providing these companies the legal right to do so would be an interesting way to balance the scales. As the General put it, the Calvary is not coming you need to defend yourselves.
Another interesting point of the keynote was the assertion that the US is a Cyber offensive juggernaut but our dependence on technology leaves us vulnerable to attack. Along that same line of thought he made the analogy that the US has the most untapped talent similar to untested first round draft picks in sports. This is in contrast to how other countries such as Russia and China operate. In these countries there are loose and formal relationships between internal hackers and criminal groups. The basic rule being that as long as these groups hack targets of interest to the host government a blind eye will be turned to these activities. Further, if it suits the needs of these governments these elements may be engaged to gather information.
FBI Director Mueller gave a keynote more grounded in the physical world. He acknowledged the fact that computer attacks are inescapable. However, he also focused on the fact behind every computer sits a human. Traditionally, the FBI has focused on apprehending criminals and Director Mueller believes this a fact that is somewhat overlooked. He made a particularly pointed reference to the Anonymous case. He highlighted the fact that the case was handled as cases have been handled for years. During the investigation of the Anonymous computer attacks, the criminals made a mistake. This provided the investigators enough information to track down their location. In this case it was the careless use of an IP address during an attack. The IP address was utilized to physically locate the attacker. After that it was a traditional knock on the door with an ultimatum of jail or help the FBI. Utilizing these proven criminal investigation techniques multiple members of Anonymous were arrested. It was a very traditional FBI outlook on the world. Regardless of the technology in use to commit crime, human criminals are still behind it. The FBI investigates arrests and prosecutes criminals.
I attended several of the other presentations but many of them were simply retelling of Mandiant incident response engagements. While each of the presentations did contain useful information the combination of the Mandiant sales pitch and lack of cutting edge information made them less useful than expected. However, based on the excellent keynote speakers and addresses I will likely still attend next year.
9 Steps to Cybersecurity – Free eBook
Download this free book today and go well beyond the jargon and the confusion.
9 Steps to Cybersecurity from expert Dejan Kosutic is a free eBook designed specifically to take you through all cybersecurity basics in an easy-to-understand and easy-to-digest format. You will learn how to plan cybersecurity implementation from top-level management perspective. Additionally, Kosutic covers all of your options and how to choose the ones that ultimately will work best.
President Obama issued “Executive Order – Improving Critical Infrastructure Cybersecurity” on February 12, 2013. 9 Steps to Cybersecurity will inform you of what you need to know at this timely and critical juncture. The goal of this book is to give you the essential information you need to make decisions that are crucial for the future of your organization. Simply fill out the short form on the right-hand side of the screen to download 9 Steps to Cybersecurity today.
Why is this Book Essential for You?
- Learn how to use risk management to make your cybersecurity a profitable investment
- Find out how cybersecurity can give your company an invaluable marketing edge
- Learn how to comply with various information security laws and regulations, including U.S. Executive Order – Improving Critical Infrastructure Cybersecurity
- Discover the invaluable tips for persuading upper management to act immediately
- Uncover the key elements of the CIA triad (Confidentiality, Integrity and Availability) and why it is vital to your company
- Learn everything you need to know in order to develop a cybersecurity plan and monitor the implementation by setting measurable targets
Who Should Read this Timely, Free eBook on Cybersecurity?
Anyone interested in the cutting edge of cybersecurity and what is necessary to secure information should download 9 Steps to Cybersecurity, which can be read in less than 2 hours. This free eBook will be of tremendous interest to any executives wishing to be well versed in the latest cyber safety information. CEOs, CFOs, Chief Information Security Officers and other managers will find this detailed and informative examination of the current state of cybersecurity to be a must-read book. Additionally, 9 Steps to Cybersecurity is written in completely non-technical language – Kosutic’s goal was for the book to be easily accessible to all executives, regardless of whether they have technical knowledge.
Once you’ve read Dejan Kosutic’s book, you will have a clear concept of cybersecurity, and the direction that your company should take. You will be able to properly implement cybersecurity and comply with the regulations and relevant deadlines. 9 Steps to Cybersecurity was specifically written to provide much-needed clarity and help you chart the most direct and most effective path for your company, period.
Download this free book today and go well beyond the jargon and the confusion.
“This is one of the best e-books on the specific topic I have seen.”
Vijay Madan
Title: 9 Steps to Cybersecurity
Subtitle: The Manager’s Information Security Strategy Manual
Author: Dejan Kosutic
Publisher: EPPS Services Ltd. (2012)
Format: eBook, 80 pages
Language: English
ISBN: 978-953-57452-0-4
Price: Free
CryptoLocker Malware Can Locks Your Files Forever
CryptoLocker, a new and nasty piece of malicious software is infecting computers around the world – encrypting important files and demanding a ransom to unlock them.
According to Sophos, the worldwide digital security company, it’s been hitting pretty hard for the past six weeks or so.
“It systematically hunts down every one of your personal files – documents, databases, spreadsheets, photos, videos and music collections – and encrypts them with military-grade encryption and only the crooks can open it,” said Chester Wisniewski, a senior security advisor at Sophos.
Read More Here.
NullCon Call for Paper
|
||||||||||||||
|
||||||||||||||
|
Important Date’s
