Month: August 2016

Talk of the Town Podcast: Staying Safe Online #3

Welcome to HakProof.com. This site is my attempt to reach out beyond the physical classroom to the community at large to help each of you increase your personal SQ or Security Quotient.  Today was my third visit to WHTC 1450 AM radio station in Holland Michigan to be a guest on the daily show, Talk of the Town.

Click on Link to access the Podcast, of my time on today’s show:
http://whtc.com/podcasts/talk-of-the-town-today/99/staying-safe-in-cyber-space-james-allen-aug-10/

I promised the listeners to provide an outline of what we talked about today. Hopefully, you will also find the information beneficial.

Keeping Your Privacy Intact While in a Crowd
When going to a special event where there will be a lot of people and/or vendors it is important to take some basic precautions to keep your identity and personal information safe.

  1. Take a minimum amount of Personal stuff with you. The less you bring the less that can be stolen or compromised.
  2. Use cash whenever possible. Using credit cards at these events is risky business and an easy way for your credit card’s information to be swiped, pun intended.
  3. Credit cards with the RFID, Radio Frequency ID, chip are still at risk even though they are much safer than cards that only contain a magnetic strip. This is especially true for the current version of the American credit cards. Most of them still contain a magnetic strip along with the chip as a backup, when the chip cannot be used to make a purchase.
  4. It is a good idea to shield any card you carry that uses a RFID chip. Remote card readers are cheap and can be carried in a backpack collecting information from unsuspecting bystanders. Large gatherings are prime targets. Be aware that not all commercial shields are of the same quality. Search for reviews to see which brands will be the most effective in blocking the unintentional transmission of your credit card’s data.
  5. If you are the D-I-Y type then you can create your own shielded card holder using aluminum foil and Duct Tape that is as effective as the best shields that you can buy.
  6. Some of the other age-old advice to minimize the chance of being pickpocketed includes:
    1. Keep your wallet in either your front pocket or in a pocket that has a zipper. Zipped up of course.
    2. When bringing a purse keep it small if possible and sling it over your head and shoulder, with the purse in front of you.
  7. It is also important to take precautions with your phone or tablet while in a crowd.
    1. At the very least require a passcode to access your device to prevent unauthorized access if it is lost or stolen.
    2. Future topics will cover phone security in greater detail.

Social Engineering Overview

According to a recent study publish by Proofpoint.com approximately 99% of all malware requires some level of human intervention to complete it’s intended task. Unfortunately, that means hackers/thieves spend a lot of their time figuring out ways to convince you to do what they want. This process is called social engineering and if done right is highly effect.

  1. Here are some types of Social Engineering with links to provide more information about them. (This is not a comprehensive list):
    1. Phishing Attack:  Usually done through email
    2. Spear Phishing Attack:  Targeted towards a specific group.
    3. Watering Hole Attack:  Indirect attack. Hacker infects website commonly used by targeted organization.
    4. Pretexting: Attacker creates a fake scenario and then interacts with the victim in such a way as to increase the likelihood that the victim will provide the information or complete the task requested by the attacker.
    5. Baiting: An example would be finding an infected USB stick in the parking lot of work that was left there by the attacker. The average person would plug it into a computer to find out what is on it and who it might belong to.
    6. Quid Pro Quo: something for something.
    7. Tailgating: Gaining unauthorized access to a building with the unintentional help of authorized individuals.

Recommendations to help minimize the threat of Social Engineering:

  1. Do not open any emails from an untrusted source.
    1. Verify emails from people you know if the message does not look right.
  2. Do not give offers from strangers the benefit of the doubt.
    1. If it is too good to be true it probably isn’t.
  3. Lock your device when stepping away from it to prevent attackers who have gained access to your devices from accessing critical data or installing unwanted software.
  4. Use reputable antivirus software.
    1. This will not find all problems but still helps.
  5. Find out the proper procedure for work or other limited access organizations to prevent an attacker from using you to help them tailgate.

Until next month… (September 14th, 9:30am)