Post by Gary on Aug 7, 2009 11:12:15 GMT -5
I hear at least one a week, "I thought I was protected". From viruses, to theft, to scams, We get this all the time. Today I would like to talk about thinking about security. From the small business to the home user, people are inundated every day with advertising and "free" "security" measures that aren't secure.
Most people just want to do their thing or run their business. They don't want to have to actually spend time thinking about security. This is probably the worst problem in society today. There are millions of bad people out there and millions of viruses. The attitude of "it can't happen to me" is just wrong. Everyone should spend at least a few hours actually thinking about security. I will be discussing a few different problems and the issues involved with them. I don't want to get really technical about these problems. I just want to convince you to spend a little time, and think about your own security and habits.
Starting with the biggest threat to your security is malware. These can include viruses, spyware, and website scams. Many people think because they don't go surfing porn sites they are safe. This is dead wrong. You can get malware from just about anything you do online. If someone sends you a nice picture over Instant Messenger, or you even view a picture on say, Myspace that has a virus embedded you just caught it.
Many think if they don't hit an actual "download" button they are not downloading anything. This is untrue. If you can see something it has been moved to your local machine. Outlook is notorious for spreading malware. It has a preview pane that opens stuff for you. If you are sent an infection, it automatically opens it for you and can install it. Then the malware can just send itself to everyone on your contact list.
You can even get malware from legitimate websites. Say a site sells advertising. This is all automated. So the bad guy builds a nifty little banner add that gives you a pop-up. This pop-up could say things like Your computer has a virus. Click here to get rid of it." They embed and on close action, so that even if you manually close the window, it executes. This installs the trojan or connects it to an application. Then next time you use that application it spreads throughout your computer.
People have asked me thousands of times "Why would people do this?". It is all about the money. The program tries to sell you a fake anti-virus program. This allows them to first make what looks like legitimate money off of you. Then a few months down the road they can start doing micro transactions. Little charges that you may not notice. They make more money off of you for a while. Then they sell your card number and any other information they can get from you to bad guys over seas, who may do anything with it. Identity theft is common on the web.
So the biggest problem with all of this web scam stuff, is that people think that because their computer came with Norton, or their ISP gave them McCafee, they are safe. This is false. Those 2 programs do not work. They are given free for a reason, and they are also trying to get money out of you for upgrades and such. Though legitimate businesses and true anti-malware programs, they just aren't very good at their jobs. I won't go into our anti-malware package here as it is already posted on our boards. I just want you to think about what you do on your computer and what you use for security.
The next thing I want to rant about is the fingerprint scanner. This though touted as a security feature, is not. It is nothing more than a time saving device. Rather than bothering with a relatively secure password, many use a fingerprint scanner on their laptops. First unless you use gloves or wipe down your computer every time you use it, your keys are all over it. It takes about 5 minutes to lift and recreate a fingerprint. Secondly, the scanner doesn't hold your fingerprint as a picture. It maps a few points and then sets a number depending on whether there is contact there. This means that the code is actually easier to crack than a decently secure password. So as far as laptop and secure data go, you are much better off with a USB key or good secure password.
The next thing I would like to discuss is network security. I will not go in to serious detail here, but it takes about 4 minutes to crack any wireless signal based on the standard programming of a wireless router. I don't care how strong you think WEP or WPA is. These keys can actually be bypassed completely by someone who knows what they are doing, or even just hacked by anyone that cares to download the right software. Though the bypass only takes about 4 or 5 minutes, hacking the key can take as much as 20. So if you are doing anything over a wireless signal, be aware that anyone could be watching. And if they are good and you aren't, any data on your computer could be stolen.
Finally I would like to mention small business security. Many small store that I have seen, have security camera. I use them myself. The problem with many situations using cameras is that they are connected to an unsecured system. These cameras need to be connected to a separate computer that is not accessible. The data also needs to be sent off site. For example, a New Hampshire Gas Station/ Convenience Store was robbed a couple of months ago. They took the security computer when they left. No witnesses no arrests, no security. I have seen security cameras connected into systems that are accessible to any employee. Most theft is generally from employees or ex employees. If they use the system the cameras are plugged in to, they can turn them off. They can also load software that can cause them to turn off at certain times so they can know when it is safe to steal. If you are going to bother using cameras, and I suggest you do, make the system secure. The best way is to have your security server in a locked place that regular employees do not have access to. Have that data streamed to another server off-site. That way even if someone shuts it down you can see who did it and when.
In conclusion, be aware. This is not paranoia. They really are out to get you. I see it every day. Take some time to think about your security. Think about what you are trying to secure. Think about who you are trying to secure it from. Though there is no such thing as perfect security, if you spend some time thinking, you will spend less money in the long run for a much more secure system.
Most people just want to do their thing or run their business. They don't want to have to actually spend time thinking about security. This is probably the worst problem in society today. There are millions of bad people out there and millions of viruses. The attitude of "it can't happen to me" is just wrong. Everyone should spend at least a few hours actually thinking about security. I will be discussing a few different problems and the issues involved with them. I don't want to get really technical about these problems. I just want to convince you to spend a little time, and think about your own security and habits.
Starting with the biggest threat to your security is malware. These can include viruses, spyware, and website scams. Many people think because they don't go surfing porn sites they are safe. This is dead wrong. You can get malware from just about anything you do online. If someone sends you a nice picture over Instant Messenger, or you even view a picture on say, Myspace that has a virus embedded you just caught it.
Many think if they don't hit an actual "download" button they are not downloading anything. This is untrue. If you can see something it has been moved to your local machine. Outlook is notorious for spreading malware. It has a preview pane that opens stuff for you. If you are sent an infection, it automatically opens it for you and can install it. Then the malware can just send itself to everyone on your contact list.
You can even get malware from legitimate websites. Say a site sells advertising. This is all automated. So the bad guy builds a nifty little banner add that gives you a pop-up. This pop-up could say things like Your computer has a virus. Click here to get rid of it." They embed and on close action, so that even if you manually close the window, it executes. This installs the trojan or connects it to an application. Then next time you use that application it spreads throughout your computer.
People have asked me thousands of times "Why would people do this?". It is all about the money. The program tries to sell you a fake anti-virus program. This allows them to first make what looks like legitimate money off of you. Then a few months down the road they can start doing micro transactions. Little charges that you may not notice. They make more money off of you for a while. Then they sell your card number and any other information they can get from you to bad guys over seas, who may do anything with it. Identity theft is common on the web.
So the biggest problem with all of this web scam stuff, is that people think that because their computer came with Norton, or their ISP gave them McCafee, they are safe. This is false. Those 2 programs do not work. They are given free for a reason, and they are also trying to get money out of you for upgrades and such. Though legitimate businesses and true anti-malware programs, they just aren't very good at their jobs. I won't go into our anti-malware package here as it is already posted on our boards. I just want you to think about what you do on your computer and what you use for security.
The next thing I want to rant about is the fingerprint scanner. This though touted as a security feature, is not. It is nothing more than a time saving device. Rather than bothering with a relatively secure password, many use a fingerprint scanner on their laptops. First unless you use gloves or wipe down your computer every time you use it, your keys are all over it. It takes about 5 minutes to lift and recreate a fingerprint. Secondly, the scanner doesn't hold your fingerprint as a picture. It maps a few points and then sets a number depending on whether there is contact there. This means that the code is actually easier to crack than a decently secure password. So as far as laptop and secure data go, you are much better off with a USB key or good secure password.
The next thing I would like to discuss is network security. I will not go in to serious detail here, but it takes about 4 minutes to crack any wireless signal based on the standard programming of a wireless router. I don't care how strong you think WEP or WPA is. These keys can actually be bypassed completely by someone who knows what they are doing, or even just hacked by anyone that cares to download the right software. Though the bypass only takes about 4 or 5 minutes, hacking the key can take as much as 20. So if you are doing anything over a wireless signal, be aware that anyone could be watching. And if they are good and you aren't, any data on your computer could be stolen.
Finally I would like to mention small business security. Many small store that I have seen, have security camera. I use them myself. The problem with many situations using cameras is that they are connected to an unsecured system. These cameras need to be connected to a separate computer that is not accessible. The data also needs to be sent off site. For example, a New Hampshire Gas Station/ Convenience Store was robbed a couple of months ago. They took the security computer when they left. No witnesses no arrests, no security. I have seen security cameras connected into systems that are accessible to any employee. Most theft is generally from employees or ex employees. If they use the system the cameras are plugged in to, they can turn them off. They can also load software that can cause them to turn off at certain times so they can know when it is safe to steal. If you are going to bother using cameras, and I suggest you do, make the system secure. The best way is to have your security server in a locked place that regular employees do not have access to. Have that data streamed to another server off-site. That way even if someone shuts it down you can see who did it and when.
In conclusion, be aware. This is not paranoia. They really are out to get you. I see it every day. Take some time to think about your security. Think about what you are trying to secure. Think about who you are trying to secure it from. Though there is no such thing as perfect security, if you spend some time thinking, you will spend less money in the long run for a much more secure system.