Back To The Future?

Over the years we have made many assumptions about our technological advancements. Predictions on where we might be at a certain time as technology unfolds. Our guesses on what will happen when are generally hit or miss. By most predictions we were supposed to have flying cars and hover boards by now (Back To The Future). Even though I don't have the hover board I was hoping for, the advances we've made in the past 50 years alone are incredible. We don't have the Jetson's tube technology transportation(except in the bank drive-thru), but years ago no one had cell phones, hand held GPS units, computers, mp3 players, etc. Beyond all that we have incredible medical technology allowing us to do things we could never have imagined before. Here's an article on our predictions and whether or not we hit the mark.

Here's a video on some of our advancements. I'm not sure if the facts are 100%, but it's an interesting overview.

I'm all for technology and the advances we've been making, but I fear where this is taking us. The dependency we have on technology especially computers and cell phones is staggering. The prospect of automating many computer jobs and taking away jobs from actual people is a bit scary. Also, seeing a 6 year old kid walking around with a cellphone makes me nauseous. Practically everyone I know with a computer has a facebook account. This social networking thing is cool, but it's taking over everything and it scares me a bit. It's a combination of our reliance or bloated feel of self importance that we feel we must to connected to everything at all times. I'm not sure, and I'm guilty of it myself, but upon reflection it makes me feel uneasy about where we are headed. I don't fear a rise of the robots or anything, but I think we need to proceed with caution.

As technology advances our security must advance with it. That's been the purpose of this blog and this class I'm taking, to equip myself and others to apply security principles to many avenues. Years ago security was locking your door and possibly being armed. Now we need to worry about a seemingly more common yet less invasive threat of identity theft or digital intrusion. As we get more cool gadgets and different types of technology there is a period of vulnerability where we haven't yet discovered the dark side of this new thing. Wireless internet access is becoming more and more common and yet still some people have unsecured wireless networks. It's not hard to find one as we learned in this class by wardriving to look for a signal. Wardriver's will mark the spot of an unsecured or weak encypted wireless network. This is a crime that can be as profitable for a criminal to jump on your network and extract information than to actually break in and steal something. On your network without your knowledge they could have access to shared files and folders, or break the law with your very IP address. If a punk kid uses your wireless network to purchase something online with a stolen credit card or sends a Denial of Service attack to the government from your network, all roads lead back to you. Hopefully they would realize you weren't guilty, but only after a nasty investigation.

I've learned so much and yet there's so much more to learn. As we advance our knowledge must increase and we need to take the appropriate measures to protect ourselves. If anyone out there has been reading this blog I hope it has been informative to you. After this class is over I may continue to write about security or computers in general as I further my knowledge and career in IT. I'm hoping to get some certifications including the Security+ certificate in the next year. Having this certification will allow me to pursue a career in Network Security, which would be a dream come true.

This video is a couple years old but talks about careers in Network Security.

The fun stuff...

We're starting to get into the fun stuff now in my security class. Some of the topics we've just covered are: wardriving, WEP/WPA wireless encryption, spoofing, phreaking, and some p2p as well.

Out of everything we learned I was hit the most by something I thought I already knew. I've been using WEP on my network for years, I just chose it at random. I honestly didn't know the difference or which protocol was better, but from what I read WPA is more secure at this point. I'll be switching to WPA right away. My laptop isn't here at the moment, so I've taken a screen shot of a segment of my wireless router configuration page. I'd take a bigger screen shot with more information, but then I'd be handing out sensitive information which would go against the purpose of this blog. ;)



I watched a CBS video that maps it out pretty well, it's very informative.
Here's the video that discusses wardriving, the issues of WEP, and tells an interesting story about how some people stole tons of data from TJ Maxx a few years ago.


I learned years ago not to mess with programs like KaZaa. Not even so much for the legality issues but the corrupt files/viruses. Much of the music I would download was fake or something, it was very annoying. Not to mention, p2p is an excellent way to propagate viruses/worms.

Information Security Awareness Contest

Cyberwatch is having a contest poster/video contest. The idea is to submit a poster or video that raises awareness about information security issues. Whoever wins gets exposure of their creative work, and there are cash prizes as well. It's a very cool and educational contest that I'm excited to be apart of.

Here's a quick quote from Cyberwatch and what they are all about.

"The CyberWatch mission is to increase the quantity and quality of the information assurance (that is, cybersecurity) workforce."

For this assignment I will be working with two other people to create a video or poster to enter in the contest. So far we are undecided on the topic because the third member of our team is MIA. So far, the topic choices we've discussed include social engineering, securing data/information, and phishing/pharming. I'm not sure what the third member of the team might want to do, so we will still have to decide on that.

My ideal choices would be securing data/information or social engineering. I find both topics to be extremely fascinating.
Here's a video explaining social engineering and some experiences from one of the most famous social engineers Kevin Mitnick.

"The weakest link in the security chain is the human element" - Kevin Mitnick

I wish I knew what I know now...

My experience...

Over the years I have (unfortunately) experienced infections from various computer viruses. The positive side is that I've learned from my experiences with viruses and the like. One thing that I think is important to realize is that there is no way to be completely secure from any of these threats. No matter how much money you hand Norton or any other security company, you are not completely safe from computer threats. Anti-Virus and other security software is a preventative measure, or a tool used to remove infection once it's found.

The world of security threats is ever-changing and growing, and for every threat out there, there is a period of time before the Anti-Virus/Security companies are even aware of it's existence. During this time, the threat is able to run rampant, as no security suites are able to detect it. Strangely enough, most of the times I've been infected have not been from a newly released security threat, but one that has been out for years. No security program I've ever used has completely covered my back. In fact, most of the times I've been infected, I had some sort of acclaimed anti-virus installed and up to date.

Practical Application...

With all that being said, I still think it's a good idea to have security programs as a line of defense. I now make sure all of my computers have anti-virus with up to date definitions, and I usually will have a couple other programs to supplement them like Spybot or Malware Bytes. The biggest lesson I've learned is probably to exercise more intelligence and caution when navigating the internet. Many infections could be avoided by being more cautious of what links you click on, or what files you execute. Many infections spread through going to shady websites, or through file sharing programs. One my strongest recommendations for safe browsing would be to use an add-on for Firefox called Noscript.

"The NoScript Firefox extension provides extra protection for Firefox, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java and Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank), and provides the most powerful Anti-XSS protection available in a browser. "

Don't fall victim to anti-virus scams

Here is a video from Symantec regarding fake anti-virus programs. These are very popular these days and trick many unsuspecting people into thinking they are paying for a real product that is keeping them safe. This video underlines the importance of having some legitimate security software to block threats like this.



I'm currently using a free anti-virus program called avast! Antivirus. I just decided to try this program a few weeks ago, so it's difficult to form an opinion on it's performance. I'm pleased with it so far, but I haven't used it long enough to compare it to others. Previously, I've used AVG for years. I choose between these two programs because of one main reason: they both have free versions.AVG treated me well over the years, but I've also been infected and had AVG not detect it (even when it was an extremely old threat). Because of this, I decided to give avast! a shot. Here's a screen shot of avast's real time file shield.
http://screencast.com/t/a2ZuwPi9W

Another handy tool when you're infected would be System Restore. This is a function built into Windows from ME to Windows 7. This feature allows you to restore your system back to an earlier date before everything went haywire. Here is a screen shot of my System Restore dialog.

Victim

Many people have fallen victim to online scams through phishing or other various methods. At my job I deal with this on a regular basis, and although I've never fallen victim to it, I've talked to many who have.

I've seen many customers fall victim to phishing attempts where the scammer pretends to be from my company. The email tricks them into replying with their password or billing info. In this case, it's almost always their password. The scammers use the password to login to their account with us, and then create more email addresses under that customer's account. They use these emails to scam more people, it's an endless cycle. Each account we have can make up to 9 free mailboxes on their account, the spammers know this, and take full advantage.

As a result of the succeeded phishing attempt, the customer's account is usually suspended due to a violation of our Terms of Service. The account is flagged for suspicious/spam activity, even though the customer didn't do it. They call us wondering why they can't access the internet, and that's when we figure out that they fell for the scam, giving their password out, and ultimately getting their account deactivated. We reactivate their accounts, but we tell them to delete or report the scams, and to never respond.

Protect yourself

Upon my reflection of what I've learned in my security class, I've come to the conclusion that the world is a brood of vipers waiting to strike the unsuspecting and helpless.

I'm not saying that everyone is wicked or some other outlandish claim. However, this material reminds me that the world can be a dangerous place and the internet is not exempt from that danger.

Identity theft/fraud has been huge for years, and won't likely go away. At work I often speak to customers who have fallen victim to phishing attempts, giving out their password or billing information freely because they believed it to be from a trustworthy source. Usually within days or even hours from giving up that information, the customer has felt the consequences.

There are things we can do to lessen the likelihood of falling victim to identity fraud.

• Don't walk around with your Social Security #, and certainly do not freely give it out. If a company requires your SSN, make sure you find out why before you give it up. Sometimes there's no way around it, but if a man at the grocery stores wants your SSN, there's something shady going on.
• Don't fall victim to phishing attempts. No legitimate company is going to email you asking for your password or account info out of the blue. The company sets up your password, why would they need it from you? If you receive any email from what claims to be your bank, call them to verify the legitimacy. However, do not call any numbers listed in the suspicious email, as this would just be someone attempting to social engineer you out of your information, and since you believe it to be the bank, you wouldn't be skeptical. Call the actual establishment and chances are they will tell you right there that the email is bogus.
• Check URLs in your address bar... make sure the sites you think you are visiting are actually where you ended up. Scam artists can make a page look exactly like your banks, or any other site, and trick you into putting in valuable information.

The biggest one for me to remember is making sure I'm running security software. I'm an IT guy, so it shouldn't be an issue... but sometimes it's hard to remember to follow what you teach. Also, for people who are into computers, sometimes we feel as though it won't happen to us because "we know what we're doing". The smartest computer tech in the world will probably still get a virus at some point. The systems we use are vulnerable and are being exploited all the time.

We need to watch what information we're putting out there.

Elements of Digital Citizenship

This entry is based off an interesting article I read about Digital Citizenship: Elements of Digital Citizenship

I'm going to focus on three of the nine elements listed in the article.

Digital Communication: electronic exchange of information.
With this social networking phenomenon, we are in constant communication with anyone and everyone. It's difficult to imagine a time where we weren't so "connected" all the time. I can only think of a handful of people I know that still do not have cell phones, and even less that don't own a computer. I myself have only had a cell phone for about four years, and I'm still not one with a fancy phone with the data plan and all the applications. The majority of us are now constantly connected, sending and receiving data at all times in our very own pockets. Years ago, if I were out somewhere and remembered something I wanted to tell someone, I would perhaps write it down or hope to remember at a later time. Now, I can just text message them on the spot, call them, e-mail, or even post to their facebook page.

This constant connection can be a bit overboard in my opinion, but I can see some advantages, especially in the workplace. Being able to communicate with your coworkers by multiple forms of communication could certainly be helpful in collaboration on projects and other things. Where I work, we all have email accounts to be in contact with supervisors and each other. Supervisors have the ability to instant message each other and people in higher departments and other buildings. This communication is very helpful and less tedious than trying to get a hold of someone in person or on the telephone.


Digital Literacy: process of teaching and learning about technology and the use of technology.

I can see great advantage to Digital Literacy at school and in the workplace. I see more teachers getting connected with email, and online classes. Every class I'm enrolled in has some sort of web presence, most of them primarily being online. There's more that they can do, but it's light years ahead of where we were in colleges only fifteen years ago.

The fact is, my generation is definitely a tech generation. The majority of my peers have been raised on computers, cell phones, ipods, and the like. Digital literacy is necessary, and I find that most people I know find it coming more and more naturally.



Digital Security (self-protection): electronic precautions to guarantee safety.

Digital Security is an element that effects me personally. Actually, it's something that effects everyone, something we should all be concerned with. Just like there are criminals in dark alleys waiting to mug you when you pass by, there are shady individuals now using technology to rip you off. Our ever-advancing technology and social networking lifestyle has opened many new dimensions, both good and bad. Many people enjoy social networking, e-commerce, and many other things that can make someone more vulnerable to identity theft or even being stalked. With the use of the web, the unethical can pull off crimes from a distance, without having to come in direct contact with the victim.

"As responsible citizens, we must protect our information from outside forces that might cause disruption or harm."

We need to be cautious with our information. I've been using computers for years, and over time I've had a few different computer viruses infect my computer. Viruses and worms spread rapidly through the internet, and most people have probably been infected at one time or another whether they know it or not. Most of the viruses do little harm, but it's important to know if you're infected, you're potentially spilling out your information to whoever infected you. Most viruses will allow the attacker to upload/download anything off your computer. They could plant more useful viruses like trojans, to really monitor your every activity. A computer infected with a trojan could easily be emailing the criminal every keystroke: passwords, email addresses, personal exploits, credit card #s. They could download the contents of your hard drive and go over the data at their leisure. Most of the time, it's not likely that the culprit is taking the time to do all this to each victim, but it's important to know that it's possible.

As I was writing this entry, I realized that I myself have not yet installed anti-virus on my new computer. I apologize for my hypocrisy, and I leave you now to remedy this.



More information on Trojan Viruses
Internet Privacy: Using the Net safely