Skip to main content
Category

Cyber Security Awareness

Five Disappointingly Boring Methods of Hackers

By Cyber Security Awareness

hacker-keyboardThe movies tell us that hackers are hip young rebels and international secret agents with black leather jackets, cool shades and wild haircuts. They might work for secret organizations or they might be anarchists trying to shake things up. They stare at fields of green text that only they can comprehend and dance their fingers along the keyboards while shouting about jacking into mainframes and subverting the dot matrix.

Screenwriters have a lot of fun coming up with exciting ways to present the computer criminal, perhaps because the reality is so boring. Here are some of the more disappointing methods hackers use to swipe your stuff:

Mass Data Theft

The recent Ashley Madison hack is eye-opening for a number of reasons, one being that it helps to dispel the myth that hackers tend to specifically target their marks. Selecting a specific individual to steal from, and then succeeding in breaking their security, is actually a lot tougher than stealing from hundreds of people at a time through a single website hack, and hoping you wind up hitting a high-value target.

123456

123456 is the most common password on the planet. It’s easy enough to just guess passwords until you get one right, but it’s even easier to keep trying to log in to different accounts until you find one with 123456 as its password. Again, hackers aren’t picky. They don’t really aim to bust into the White House’s networks or steal code from Apple, they tend to just keep trying different targets until they find one that’s poorly secured.

Physical Theft

Some hackers don’t even use computers, they steal actual credit cards and receipts. Here, again, they tend to be opportunists. Why pickpocket when you can just hang around a coffee shop and wait for someone to forget their wallet on a table?

“Stay Logged In?”

If you ever feel like becoming a cybercriminal, hang around a library for a day, or anywhere else where computers are free for public use. Every time someone packs up and leaves, hop on their computer and find out if they forgot to log out of their bank accounts, Paypal accounts, or email providers. Nine people out of ten remember to log out, but it’s worth turning up nine misses for one hit.

Peekaboo

And then there’s just good old fashioned peeking. It’s not hard to watch someone’s hands as they enter a password, or look over their shoulder when they read their emails.

Data thieves who have any real computer skills are actually relatively few and far between. The vast majority are opportunists. Many of whom might never have considered data or identity theft until they saw that someone forgot their card in an ATM. This is why it’s important to stay secure, not because hackers are so gifted, but because most of them are not, and an unsecure network is a prime target for a lazy opportunist.

3 More Cyber Security Myths

By Cyber Security Awareness

cyber-feb-2016-1We’ve covered the subject of cyber-security myths before, but all it takes is one critical misunderstanding to harm your network, and we could write a phone book’s worth of content on all the misunderstandings floating around out there.

The Internet’s Safer Now

Some users are under the impression that the Internet is no longer the Wild Wild West that it was in the late nineties and early 00’s. Your computer is probably safer, cyber-security software has gotten more advanced, the general public has gotten smarter about web safety, but the Internet itself is still a Petri dish of viruses and worms that have only had greater opportunities to evolve and proliferate over the last two decades. Viruses don’t disappear from the Internet, they keep floating around out there, finding new means of distribution. The Internet is more dangerous than ever, we’ve just gotten a lot tougher.

Security is the Tech Team’s Job

Put simply: leaving security to the techies on staff is a little bit like leaving a tire to the mechanic when it’s low on air. There are a lot of things that you and the rest of your team can do to make the tech team’s job a little easier, and to keep the ship running a little more smoothly. Brief your people on basic security protocol, and you’ll be far less likely to have your tech guy come to you saying that he needs to hire three more people to handle all this extra workload.

It’s All in the Cloud, so What’s at Risk?

Your definition of valuable data might not quite be the same as a hacker’s. You’re thinking about work-related data and personal information. A hacker is looking for any access they can find. A hacker who gains access to your network might not even have any interest in accessing the encrypted information you keep on the cloud, they might be satisfied with simply using your system as a proxy through which to attack other users. Your system is a gateway, it isn’t just a locker for sensitive data, so keeping it empty won’t keep it safe.

Keeping your network safe isn’t that great of a challenge. All it takes is the right software, a little bit of common sense, and a basic sense of responsibility. Invest a little time, money and effort into your system, and it’s not hard to keep it running clean.

Is There Any Such Thing as a Virus-Proof Device?

By Cyber Security Awareness

app-1013616_960_720Is there any such thing as virus-proof? Although devices aren’t typically advertised as being “virus-proof,” many developers certainly enjoy the extra profits that come with being “commonly known” for being virus-proof. The question remains as to whether any device or operating system can ever truly be impervious to infection. Let’s do some myth-busting:When people sing the praises of Linux, un-infectability usually makes the list.

Without judgment, it’s fair to say that there’s an elitist bent to a lot of Linux communities. It’s not the operating system you install on your grandma’s laptop, it’s an OS for techies. If you’re technically inclined, then it does offer a ot of benefits over Windows and Mac operating systems, but is it virus-proof?Well, according to the official website: No.Put simply: Any computer attached to the internet is at risk. So scratch Linux off the list.

Mac Devices and Computers

Apple has been something of a holdout in the push towards open design, which has made it difficult to develop security software for. A great op-ed from back in 2012 does a good job of explaining the company’s mentality. It boils down to: People think Apple products are virus proof only because there aren’t a lot of iOS viruses out there right now. It’s easier to create viruses and worms for Windows, and Windows has been around longer. But more recently, we’ve seen that iOS is anything but impenetrable.

Android

The Android is known to have been designed from the ground up to be virus-resistant, from hardware to operating system. This isn’t the same thing as being virus-proof. Unfortunately, the Android’s permissive app-approval process is a double edged sword, allowing developers to pack apps with all the viruses they like. In short: Android doesn’t make the list, either.There is essentially no such thing as virus-proof. Some devices and operating systems are more resistant to viruses than others, but as long as you’re using the internet or USB drives or any other sort of data-input, you’re at risk.

Cross-site Viruses

By Cyber Security Awareness

cyber-1511-3The general understanding of viruses is that you can pretty much avoid them if you just never download anything that ends in dot exe, unless it comes from a source that you know for certain is legit. What some might not know is that simply browsing an unsafe website can infect your computer with a virus.

You’re probably thinking of those scuzzy websites that offer illegal torrents, adult content and so on. In fact, one of the worst places to go without any security software in place used to be MySpace. Youtube and Facebook have both been afflicted with cross-site scripted viruses and worms, as well  (in other words, there may be more than one reason to restrict your employees from checking their social media accounts at work if you enforce that policy).

The way it works is fairly simple: Cross-site scripting means that if Youtube or MySpace grants a website permission to cross-post content from their own site, then they may also grant them permission to post any content from that site. The website may take advantage of this to spread viruses and worms without even needing to host them on Youtube, simply using an ad placement or a comment thread as a channel through which to spread viruses from their own site.

Why do people do this? In some cases, cross-site scripting may allow them to gain higher access levels to the content on the targeted site, such as user information. On the other hand, some people who write viruses are just vandals and they like the idea of messing up your private data.

Most major websites are fairly vigilant when it comes to seeking out and dealing with cross-site scripts. Making sure that the right software is installed should generally help to keep your hardware from being infected, but if something seems off, don’t write your concerns off simply because you haven’t downloaded anything recently.

What Cyber Threats DO We Face?

By Cyber Security Awareness

1611-cyber-4“Hacked” is one of the major buzzwords this election cycle. From Hillary’s emails to fears of Russia to Trump’s promise to prioritize cyber-security. Unfortunately, neither candidate has really had much of an opportunity as of yet to really dig into cyber-security threats, and even if they could, it would be a difficult thing to communicate in 30 second sound bytes for public consumption.

So… what cyber-security threats will our next president have to deal with? Here’s what we know:

  • The ISIS Hacking Division

    There was a time when a group like ISIS would never have considered hacking classified documents. But these days, you can hack a server across the planet with a used eighty dollar smart phone off of eBay and a few dozen Youtube videos to teach you how to do it. Be that as it may, ISIS hackers aren’t exactly Neo and Morpheus just yet, but they are a growing threat. ISIS has already been using their hackers in order to attain sensitive information on “high-value targets,” and this is a threat that will continue to grow into the next president’s first term.

  • Russian Hackers

    Recent reports suggest that American servers are under “constant attack” by Russian hackers. They only seem to slip through the cracks every now and then, so you could say that they’re using a “human wave” attack, a method that is far from elegant, but also very far from ineffective.

  • Domestic Terrorism (and Trolls)

    Sometimes the greatest threat to our national security comes from within. Not all hackers even have a political agenda, some of them are just in it, “for the lolz,” as they like to say.

Both Clinton and Trump have promised to put the most recent technology to work in combating hackers, but… what does that really mean? It’s more of a canned response to assure the public not to worry, right?

They say that an ounce of prevention is worth a pound of cure, and it should be self-evident to anyone with a basic working knowledge of cyber-security that our next president could actually cut down on military spending by putting more money into advancements in computer technology. The NSA, CIA and freelance tech consultants could create a security system that is, if not completely hack-proof, at least decades ahead of anything that hackers domestic or abroad have access to. Einstein said that World War 4 would be fought with sticks and stones, but maybe not, if World War 3 is fought with a suped up version of Avira Antivirus.

Choosing an Operating System for the Office

By Cyber Security Awareness

1611-cyber-3Having the whole office running on the same operating system makes everything run a little more smoothly. When you know that you can use the same software, there are no worries about sharing a .PSD file and hoping that they know how to adapt it for GIMP, for instance. But what operating system should you be running?

The short answer is Windows. Whatever the most current version of Windows is, that’s what you should be running in nine offices out of ten. You can find any kind of software you might need for Windows, you can get constant updates from Microsoft, and whether or not you like the smartphone-inspired interface of newer versions, it is nevertheless one of the most accessible, easy-to-use operating systems out there.

The main reason to use Mac OS is because maybe you have some kind of partnership deal with Apple, or you’re running an animation studio or something and you really love how Macs are fine-tuned to fit the needs of artists and multimedia professionals. In any event, this choice is easy, too: Just use whatever Mac released last.

The rare instance where you’re actually going to be considering using any other operating system, you’re probably going to be looking at Linux, and if you might actually need Linux, then you know the answer better than we do when it comes to the question of which OS you should be installing.

Installing Linux across the typical office is sort of like assigning an M1 Abrams tank as the company car. In the right hands, it’s immensely powerful, but it’s also a little more muscle than you need to do most work. Being open source, and free, Linux is an incredibly popular operating system for very tech-oriented users. You know all those supercomputers you read about from time to time? The ones that are measured based on how much of a football field they take up? Almost all of those machines use Linux. IT teams frequently use Linux, as do many advanced tech companies. Using Linux is not a bad idea if your entire staff is very tech-savvy, and if your particular corner of the industry is focused on advanced technology. Otherwise, it’s more muscle than you need, and more trouble than it’s worth.

In short: Most of the time you can just use whatever operating system came with your computers, whether that’s Windows or Mac OS, but a supergeek company can get a lot of mileage out of an open-source OS like Linux.

Can Hardware Be Damaged By How A Computer Is Used?

By Cyber Security Awareness

1611-cyber-2In more than a few movies, you see people contract viruses on their computers, and then it isn’t long before the computer starts emitting smoke and sparks. That doesn’t really happen in real life, but there are instances wherein a computer can be damaged by how its used. It would take a little more than most hackers are capable of doing, of course, and anyone with a little bit of know-how (or the ability to use Google) could probably reverse the problem before it causes any major physical damage. But it is, technically, possible.

Speakers and Headphones

It’s possible to damage your speakers or headphones simply by the sounds you play through them. The most harmful things for speakers and headphones would be loud music played for extended lengths of time, and loud transients, being sudden loud noises that move the magnet in the speaker too quickly, tearing the cones of the speaker. It takes a very, very loud sound to do this. If you think this may have happened, play some music and listen for rattling and humming indicating punctured or torn cones.

Screens and Monitors

Turn your screensaver off and leave it off, and you’re going to wind up with an image burned into your screen. Gaming consoles can be bad news for HDTV sets, because most of them do not use a screensaver. Turning your monitor off when screensavers aren’t an option is your best bet to avoid long term damage.

Overheating

The main problem you’re going to face with your computer being damaged is overheating. A poorly ventilated system or a system that is being overclocked can suffer serious damage if made to run high-end graphical processes for an extended length of time. Most computers these days will automatically shut themselves down if they sense overheating. It would be possible to sabotage someone’s PC by turning off the automatic shutdown system, disabling the fans, and overclocking the system, all without needing to crack open the case or play with the physical components of the system at all. But chances are you would notice that something is wrong long before it would fry your motherboard or your hard drive.

In short, computers can be damaged physically without doing anything at all to the physical components themselves, but it would take a very dedicated hacker, and a victim who is very slow to catch on.

Cluttered Browsers And How To Avoid Them

By Cyber Security Awareness

1611-cyber-1You install a free program, and the software is fine, it does as advertised, but… you load up Google Chrome or Firefox and you see that your search bar has been changed to some engine you’ve never heard of, an engine that couldn’t snow in Siberia, and there are a dozen other doodads and widgets cluttering up your browser including MP3 converters, Youtube downloaders, shopping apps and all kinds of features you would never download and install on purpose, and will never use.

Here’s a few tips for dealing with all that bloatware:

Give Your Browser A Fresh Install

Honestly, this is often easier than sifting through your options and settings and uninstalling and deleting every single thing individually. A fresh install for your web browser lets you chunk the whole thing in the trash and start over without having to Google “How do I get rid of _____” for a dozen different things. You can save your bookmarks, and you won’t need to stress about why your browser isn’t working.

Check Your Uninstall List

If your new software installed fifty things into your browser, it may have installed other programs, as well. Find your uninstaller (“Uninstall a Program” for most Windows systems), sort by date, most recent to least recent, and look for anything that you don’t recognize.

Download From The Source When Possible

There are a lot of apps out there that aren’t available from their developer’s site anymore. But, when possible, it’s better to download from the source than to get your software through torrents or websites that share freeware. People often take freeware and shareware apps and add installers for their own adware to it before redistributing.

Uncheck All Those Installers

Sometimes, a piece of freeware with no developer support can only be attained through questionable sources. No matter where you get your software, no matter what you’re installing, pay attention to the installation process. Keep an eye out for anything you can uncheck and keep from installing.

No matter how careful you may be when downloading and installing new software, sometimes it happens, sometimes it’s unavoidable, and you wind up with a browser that only shows you about 200×1100 pixels of content with all the extra junk cluttering it up. These widgets are usually not malware, just junk. It’s unlikely that you’re infected if you find that your search engine has been changed, but it never hurts to run a virus check.

McDonald’s Defective Wearable Device

By Cyber Security Awareness

1610-cyber-4McDonald’s recently suffered an embarrassing recall of a Happy Meal prize, a wearable fitness tracker that children could use to keep tabs on how many steps they’ve taken in a day. The “Step-It Tracker” is a pedometer using a simple LCD wristwatch design, and if you’re wondering how they could produce those cheaply enough to pack into a Happy Meal, the answer is: It looks like maybe they can’t.

Incidentally, the hazardous part of the watch was actually not the device, but the band. The Chinese-made watchband on the Step-It was found to irritate the skin of many users, leading McDonald’s to immediately enact a voluntary product recall.

There’s an important lesson here as it pertains to product recalls and tech in general: Sometimes, quality control and product testing won’t do the trick. We release beta versions of software, for instance, because we know that there’s no way to find every single bug without releasing the software to the public. When it comes to physical products, the launch and the fixes are both more expensive than with an app launch, but the principle is the same. There are some things that you just can’t know until you put your work out in the public’s hands.

In theory, McDonald’s could have tested the toy on hundreds of users before launch, and found none of the test subjects to suffer an allergic reaction. But when you release it on a wide enough scale, you may wind up discovering that the chemicals in the plastic watchband are an irritant for people with certain skin types or allergies. Every time we release a product, we’re rolling the dice and hoping that nothing like that happens, but you just can’t test every possibility in the quality control process.

What McDonald’s did right in this scenario was call for an immediate, voluntary recall. No matter how expensive it may be to toss thousands of toys in the trash and roll out a replacement, you have to be willing to jump on that grenade in any industry, because losing customer trust will cost you a lot more in the long run. McDonald’s has enough issues with public relations, and by taking immediate control of this story, they managed to come across as a company that is genuinely concerned with the wellbeing of their customers. Waiting for the FDA to order a recall, or simply slapping an allergy warning on the package could have done considerable damage to their public relations. Managing the potential PR disaster that is a product recall is a bit like catching a tiger by the tail, but it beats letting the tiger run rampant.

What “Silicon Valley” Gets Right (and Wrong)

By Cyber Security Awareness

1610-cyber-3Mike Judge’s HBO series Silicon Valley has earned a lot of commendation for being an accurate spoof of tech culture, so accurate that even those of us who are being lampooned can’t help but laugh when we see ourselves and our colleagues reflected in the characters onscreen. A big part of the show’s appeal is in how extensively well-researched it is, but that’s not to say that they don’t tweak the truth here and there in service of the story (or just a good joke). Here’s what the show gets right and wrong about the real Silicon Valley.

What Silicon Valley Gets Right

The show’s lampoon of tech culture is a little exaggerated, but the way it presents the technology itself is surprisingly precise. Mike Judge actually has a background in tech, and the writing staff frequently checks with renowned developers, mathematicians and researchers in order to ensure that the show is accurate, or at least close enough to be plausible. One of the best jokes in season one has to be the “Beautiful Mind” moment wherein the guys at Pied Piper accidentally work out a new algorithm through an extensive conversation on, well, we don’t want to spoil anything, but the show’s writers actually contacted researchers and put together a research paper on their findings (Warning: Not exactly safe for work).

The show’s devotion to believability is so intensive that they’ve actually made real-life progress in the industry. The Weissman Score is frequently referred to on the show, and it rates how much data can be stored in proportion to how much can be compressed. It was actually developed by Vinith Misra, a grad student, and Tsachy Weissman, a Stanford professor, for the show itself, and is now used within the industry at companies like Dropbox.

What Silicon Valley Gets Wrong

If Silicon Valley can be said to get anything dead wrong, it would have to be the business proceedings at startups like Pied Piper and corporations like Hooli (the show’s stand-in for companies like Google and Apple). A season 2 plot thread involves a split decision at a meeting of board members leading to an empty CEO chair. This is a great plot twist for a story, but no experienced venture capitalist would fire their CEO without already having their replacement named, few meetings with the board of directors end in a split decision, and no serious meeting like this is going to take place without a corporate lawyer present. The truth is, of course, that accurate representation of firing and hiring CEO’s wouldn’t make for a very funny show.

Silicon Valley has lampooned 2010’s tech culture as efficiently as Office Space lampooned 90’s office culture. Just remember that it’s a sitcom, not a documentary, and take some of it with a grain of salt.