The Ultimate Lock Picker Hacks Pentagon, Beats Corporate Security for Fun and Profit.
Being a former professional locksmith of 7 years, and an aficionado of the art of picking and bypassing locks, I found this article to hit pretty close to home. It is a fascinating look into the brain of a hacker — not the computer geek hacker, but a person who lives and breathes the true hacker ethic.
The Buncombe County web site is reporting that scammers have been targeting area restaurants, telling them they need to pay $19.95 each for “hand washing” signs which are required to be posted in restrooms.
An interesting, if not original scam, probably concocted while someone was using the restroom, saw the sign, and got the bright idea. Fascinating.
In my revised capacity at my current job, I’ve been handling a lot of
security issues: hardening of systems, software, and processes. I’ve
also been studying for the Security+ certification, so needless to say,
security has been at the top of my mind the last 5 months, and I wish it
would be at least a little closer to the tops of the general public’s
mind.
I’m going to start a new series of blog posts here called Practical
Security in which I will pass on some of the more relevant best
practices relating to the typical internet user, in hopes of helping to
raise awareness amongst anyone who happens to read this blog. (Yes, all
4 of you).
Question:
How often do you stop at a coffee shop to check your email with your
laptop, or leech that open ‘linksys’ network while sitting at a traffic
light with your PDA to shoot off a quick note to your boss? OK, maybe
I’m the only one who does that at traffic lights, but you get my point.
If you have a portable device that can access the Internet, my guess is
that your answer is “quite often”.
Question:
How many of you have configured your email to use some sort of
encryption? (Cue the crickets chirping).
As this excellent StopDesign
article explains:
What you may not realize is how easy these low security settings
allow someone else on the same network to spy on the data passing around
on that network. Just because you’re the only person who can see your
laptop screen, doesn’t necessarily mean you’re the only one who can see
the email message you just got from a friend. Just as easily as someone
could sit near you in a quiet cafe or library and overhear your entire
verbal conversation with another person, so could they “listen in” on
all the usernames, passwords, and messages passing to and from your
computer. (And everyone else’s computer for that matter.)
Kinda scary, huh? If you think about it, once they have your email
account password, it’s not too hard to go to your bank and generate a
“lost password” request, which will get sent to your email address,
which they now have control of. Or they might simply decide to send a
breakup letter to your boyfriend on your behalf if they are not feeling
so malicious. Or maybe they thought it would be funny to email your
boss and tell him how good he looks when he gets out of the shower.
By default, email is not secure!
Yes, this includes you, Mac user. Yes, this includes you,
Gmail/Yahoo/Hotmail/AOL user.
Make sure your email is on a secure connection!
The Lowdown
If you use a webmail service such as Hotmail, Yahoo Mail, Gmail, or the
like, make sure your web browser (Internet Explorer, Safari, Firefox,
etc) is in “secure” mode by looking for the lock icon. Alternately (or
additionally), look at the address bar of your web browser to make sure
the address showing starts with https and not just http.
If you use Outlook, Outlook Express, Thunderbird, Mac Mail, or any other
’program’ on your computer to manage your email, there are ways to set
up these applications to run only on secure connections using SSL, TLS,
SSH, and other methods. You may need to consult your local IT guru or
read the rest of the StopDesign
article, or this well-written article entitled “5 Steps to Make Your Email Secure”.
Whatever you do, stop checking your email at Starbucks unless you know
it is secure!
Still using Microsoft’s Internet Explorer browser on your Windows machine? Stop already!
With the most recent critical, unpatched security exploits running wild, reports are coming in regarding otherwise innocent web sites silently installing malicious programs that steal your passwords and other sensitive information.
Do yourself a favor and install Firefox or Opera, both free browsers that provide a much better, safer Internet experience. There is no reason not to do this now, unless you like other people having access to your computer and everything you do on it.
If you are still using Microsoft’s Internet Explorer on your Macintosh computer, well, you are missing out on the Internet as it is today. This browser is not subject to the same exploits that the Windows version is, but it is no longer updated or supported by Microsoft, and doesn’t take advantage of many of the newer features of the World Wide Web as we know it. You too can upgrade to Firefox for free.
Recent Comments