Security Corner


July 31, 2013  10:56 PM

Humor: Bob, you’ve been phished!

Ken Harthun Ken Harthun Profile: Ken Harthun

Time to lighten up a bit. This hokey “PSA” about phishing is really true, but the payoff in hilarity comes at the end. Pay careful attention to the “date” that Bob managed to finally get from that online dating site.

Hope your July was great and here’s to a fantastic month of August!

July 31, 2013  12:41 AM

Internet Safety: A Cautionary Tale

Ken Harthun Ken Harthun Profile: Ken Harthun

One more on the dangers of the internet and this one is the best yet. Good tips wrapped up in a credible story.


July 31, 2013  12:40 AM

Three ways to deal with an attack on your network

Ken Harthun Ken Harthun Profile: Ken Harthun

chuck-norris-thumbThe way I see it, you have three choices when it comes to dealing with an attack on your network:

  • Confront it. Be proactive. Go after the attackers and fight back. Bullies and cowards – which comprise most of the script kiddie population – will turn tail and run if you let them know you’re going to fight back. Even the few organized criminal elements, unless they have some political agenda and can use you to forward it, will give up easily in the face of a determined counter attack.
  • Neglect it. Let them play around and waste their time as long as they aren’t doing any real damage. Just make sure that they can’t get beyond your sandbox or firewall. Sooner or later, having not obtained anything of value, they’ll give up.
  • Turn in your resignation and run screaming out the door because you failed to put adequate security measures in place. Don’t laugh: It has happened.

By far, the best approach is to confront the threat and engage in an active counter strike. This can be done by immediately implementing logging of all attack traffic and engaging law enforcement to help trace the attack back to its source. The bad guys want to remain anonymous: Do everything you can to make them visible.

Do you agree, or disagree? Comments, please.


July 28, 2013  9:20 PM

Everyone knows Sarah

Ken Harthun Ken Harthun Profile: Ken Harthun

Every day, I see student computers and laptops infected with malware. Every day, I see questionable posts made by people who think only their friends can see what they write. That’s what “Sarah” thought and this video is a reminder that the internet is a very dangerous–and public–place. Please impress upon family, friends and co-workers that prudence is the best approach.


July 27, 2013  4:22 PM

Criminal ransomware tricks child sex abuse image addict into turning self in to cops

Ken Harthun Ken Harthun Profile: Ken Harthun

jay-rileyCall it poetic justice. Call it criminal stupidity. Call it what you want. I call it hilarious. I got a good laugh out of this at a time when I certainly need some laughs.  From Sophos’ Naked Security blog:

A US child abuse image collector turned himself in to local police earlier this month, after ransomware hit his PC and showed messages warning him that the FBI were on to his nasty activities.

Jay Matthew Riley, 21, of Woodbridge, Virginia, was apparently hit by the ransomware attack while surfing the web to add to his collection of unsavoury images.

As is usual with such malware, he was shown a warning demanding cash in return for keeping quiet about his suspicious activities.

He fell for the scam. Good for him. Maybe he’ll turn his life around.

The problem is that regular, law-abiding netizens get this ransomware, too, and those that fall for it and pay the bogus “fine” end up a few hundred dollars lighter in the wallet. Oh, and their banking information is probably comprised, too, so the losses can end up being much greater.

Law enforcement, especially the FBI and other three-letter agencies, do not enforce the law by such means, so NEVER comply with any directive to pay “fines” or “penalties” when such things pop up on your screen. Best to call your favorite Geek and have him/her clean the malware off your machine.

On the other hand, if you are a pedophile or sexual predator, feel free to head down to the local police station, where they should be able to help you out with three hots and a cot for a long time.


July 25, 2013  12:15 AM

Video: The internet is a dangerous place

Ken Harthun Ken Harthun Profile: Ken Harthun

video1This is a very interesting video produced as a promo for security firm Comodo. It is almost four years old. The statistics were alarming back then. I wonder how much the dangers have expanded since?


July 14, 2013  7:42 PM

How to defeat online surveillance

Ken Harthun Ken Harthun Profile: Ken Harthun

By now, we all know that each of us is being monitored: All of our electronic communications, email, Internet traffic, cell phone transmissions, faxes, even landline (which is really all delivered via microwave towers these days) is being intercepted and recorded in massive data centers run by the NSA. There are probably other secret three-letter (or four-letter, depending on your viewpoint) agencies that we don’t even know about yet who function as backups to the ones we do know about.

It’s unfortunate that our government is forcing its citizens to learn the art of surveillance in order to protect our First Amendment rights under the United States Constitution. This is being done, purportedly, to protect us from terrorism. The truth — and this is known by those who are doing it — is that our government is out of control and fears that its criminal activities will be exposed. I’m not talking about what we already know, I’m talking about those deep, dark secrets that, if discovered, could bring the government down.

But, that’s for others to address and fix.

There have long existed techniques for jamming radio transmissions to cripple enemy communications in times of war. One of these techniques is the transmission of high power carrier signals containing nothing but noise spread across the known frequency band the enemy is using, making it impossible for the enemy to get any valid traffic through the noise. This principle is applicable to internet traffic with a twist.

One could simply record random atmospheric noise in MP3 files, encrypt them to make them look like something of interest and keep a steady stream of them flowing from one’s internet connection to the cloud. Done with sufficient volume, this would tend to mask most of your valid traffic, burying it in the noise, so the watchers would have to sort through useless, random noise.

I’m not advocating this, mind you, just making an observation. I could probably turn this into a plausible plot for a cyber-thriller novel, but I’m not a novelist. If any novelist finds this an interesting plot, feel free to run with it.


July 4, 2013  3:32 PM

You ARE being monitored and here’s how

Ken Harthun Ken Harthun Profile: Ken Harthun

bigbrotherwatchingThe news has been filled with pieces about how your internet, telephone and email traffic is being monitored by the NSA. It’s called PRISM. That’s not an acronym, but a descriptive moniker according to Steve Gibson. A prism splits light into its spectrum; PRISM splits the light on fiber optic cables into two paths – one to the internet router and the other to the NSA data collection facility.

Security Now! podcast, Episode 408, “The State of Surveillance (How the NSA’s PRISM program works.),” is a must listen for everyone. Here’s why, in Steve’s own words:

Leo and I remind our listeners that we just had another Microsoft Patch Tuesday. Then I detail and carefully lay down a solid foundation of theory of the operation of the NSA’s PRISM program. This explains EVERYTHING about what the NSA is doing, and how. I even explain how and why the program got its name.

Big Brother is Watching You! The Thought Police aren’t far behind.


June 30, 2013  2:25 PM

Video: Three wireless security myths

Ken Harthun Ken Harthun Profile: Ken Harthun

Sophos produces some excellent videos and this one definitely qualifies. I have been saying these things for years, but this video punches home the whys and wherefores of the three biggest wireless security myths. Enjoy!


June 30, 2013  1:49 PM

The security processes

Ken Harthun Ken Harthun Profile: Ken Harthun

laptopinchainsI have been reading Bruce Schneier’s Secrets and Lies: Digital Security in a Networked World for some time now. Why it took me so long to finally read it, I don’t know – any security geek worth his salt needs the background this book provides. Granted, technology has changed and advanced since this book was first published in 2000, making some of the examples irrelevant in today’s environment, but the basics of security that they illustrate have not.

In Chapter 24, Mr. Schneier outlines and explains security processes in depth and states the obvious that most of us either never think about or take for granted:

Computer insecurity is inevitable. Technology can foil most of the casual attackers. Laws can deter, or at least prosecute, most criminals. But attacks will fall through the cracks. Networks will be hacked. Fraud will be committed. Money will be lost. People will die.

Technology alone cannot save us.

. . .

The only thing reasonable to do is to create processes that accept this reality, and allow us to go about our lives the best we can.

The following are the process principles Mr. Schneier outlines. I’ve printed this list and posted it as a reminder to look at my network with these points in mind when making changes or upgrading things.

  • Compartmentalize
  • Secure the Weakest Link
  • Use Choke Points
  • Provide Defense in Depth
  • Fail Securely
  • Leverage Unpredictability
  • Embrace Simplicity
  • Enlist the Users
  • Assure
  • Question

If you haven’t read the book, I highly recommend you do so now to get the in-depth take on each of these principles.

 


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: