Where Are We Going?

I think one of the most important issues we face today is that of net neutrality. Unfortunately, with so much misunderstanding surrounding it, seemingly blatant misinformation stonewalls any attempt at a reasonable discourse regarding net neutrality. 

It is a complicated issue, with a lot of conflicting viewpoints. 

The concept of net neutrality is not new. It means that Internet service providers may not discriminate between different kinds of content and applications online. All packets are treated equally. No matter if they originate from a mega-site like YouTube, or some unknown start-up in a garage. It guarantees a level playing field for all Web sites and Internet technologies.

Without net neutrality, Google (who owns YouTube) could pay cable providers and telcos a fee to ensure their websites load faster than the unknown start-ups therefore stifling the competition.

In this scenario, we all lose.

Check out this NYT article for more information explaining what net neutrality is and about the current draft being proposed by the FCC right now.

This video does an excellent job of explaining what net neutrality is. It also talks about the current spat between Comcast and Level 3.

Also,  unless you've been living under a rock for the last few weeks, I'm sure you have heard of the circus surrounding WikiLeaks. I believe that all of the DDoS attacks on those who oppose WikiLeaks may also have an indirect impact on the net neutrality debate.

While I agree with the protests, which I liken them to old fashioned 'sit-ins', I fear they may have unintended consequences. It may help those who would like to censor WikiLeaks to further skew the publics perception of the issues and more easily vilify  them. This could in turn strengthen the argument to more tightly control the flow of information online.

 

For more interesting reading on the subject of WikiLeaks and net neutrality, check out the following links:

http://www.theatlantic.com/technology/archive/2010/12/net-neutrality-and-the-academics-who-love-it/67764/

http://thehill.com/blogs/hillicon-valley/technology/133181-fcc-should-shoot-down-harmful-net-neutrality-proposal-unless-it-is-strengthened
 

http://www.washingtonpost.com/wp-dyn/content/article/2010/12/07/AR2010120706533.html

http://www.guardian.co.uk/media/2010/dec/08/mastercard-hackers-wikileaks-revenge

http://www.boingboing.net/2010/12/09/anonymous-stops-drop.html


-------------------------------------------------------------------------------------------------------------------------------------

Well kids, the end of the semester is finally upon us. This blog has served as learning tool tracing my path through this course with each consecutive module.

I don't think I'll be updating this anymore. I'm sure it's glaringly obvious that writing isn't exactly my strong suit. Who knows, maybe someday I'll try my hand at it again. Until then, so long!

Risky Business & What Can We Do About It?

We all want to be wireless. No longer are we content to be tethered to a desk, but we still want to be connected to the world. And now, with the proliferation of smartphones and netbooks we can work or play from anywhere we happen to be. Home wireless networks are becoming the norm. Even businesses are going wireless due to it’s cost effectiveness. Unfortunately, if proper safeguards aren’t put in place, the convenience afforded by all of this exciting technology can be quite costly.

Take TJX for instance. TJX owns such companies as T.J. Maxx, Home Goods, Marshalls, and AJ Wright. In 2005, TJX’s network was hacked leading to the theft of more than 100 million credit and debit card numbers belonging to consumers of the popular chains.

Because TJX employed an outdated encryption method, WEP, hackers were able to break into the network and remain undetected for over a year and a half. Find out more in the video below:

It is possible to see what kind of encryption method is being used through free software on your laptop or smartphone. I went to the Home Depot around the corner from my house to see how their network secured. Using my phone I was able to ascertain that they have at least three wireless networks:

‘orange12’

‘concrete’

‘rebar’

I’m also pleased to note that all three were locked with WPA2 encryption.

Here are some steps to take at home to secure your wireless data:

1. Change the default password used to access your router. Usually when you buy a router, the default password is admin or administrator and hackers know this.

2. Enable WPA or WPA2 encryption. This will allow you to set a password for users to use to gain access to the network. Here’s a screenshot of my wireless network properties window in Windows 7:

3. You may wish to enable mac filtering. This means you will specify which computers and devices have the privilege to connect to your network. Any that you have not expressly permitted will be denied access.

4. Don’t broadcast your SSID (Service Set Identifier). The SSID is the name used to identify your network.

This is by no means a definitive list. But it is a good start towards securing your wireless home network. For more information visit GetNetWise.



Souces:
http://www.cbsnews.com/stories/2007/11/21/60minutes/main3530302_page2.shtml?tag=contentMain;contentBody

http://spotlight.getnetwise.org/wireless/wifitips/

http://www.wptv.com/dpp/news/local_news/investigations/consumers-still-in-danger-of-getting-hacked

Information Security Awareness Contest

Well, the instructions for our final project of the semester are in! The assignment is to enter the "Information Security Awareness Contest". The contest is conducted by Educause.

 According to their website, Educause is a nonprofit association whose mission is to advance higher education by promoting the intelligent use of information technology.

"The EDUCAUSE & Internet2 Higher Education Information Security Council (HEISC) is conducting its fourth contest in search of posters and short information security awareness videos developed by college students, for college students. The contest is sponsored by CyberWatch and the National Cyber Security Alliance (NCSA). Winners will receive cash prizes. The posters and videos will be featured on the EDUCAUSE website and may be used in campus security awareness campaigns. Winners will be notified in late April 2011."

 

My partner and I will be making a poster that will hopefully help educate people on the dangers of malware and how to avoid it. More details about the contest can be found here.

 

One of the sponsors of the contest is .CyberWATCH

.

  

Taken from cyberwatchcenter.org:

"CyberWATCH is a consortium of higher education institutions, businesses, and government agencies that is focused on building and maintaining a stronger information security/assurance workforce. In addition, CyberWATCH is committed to improving the quality and increasing the awareness of information security/assurance in the education and business communities. For more information: www.cyberwatchcenter.org. CyberWATCH is funded by the National Science Foundation."

Here's a sample of the information you'll find on CyberWATCH:

Don't Threaten Me!

So far in our CIS205 class, we’ve learned about viruses, worms and other forms of malware. We've learned about phishing scams, and how to protect ourselves from identity theft. We’ve also taken a look at bot nets and their armies of zombie computers.

The more we learn about cybercrime and how it is evolving, the more obvious it becomes that it’s impossible to eliminate all threats. We can only strive to mitigate them. ‘Black hatters’ will always be one step ahead of their ‘white hatted’ counterparts. Knowing this, it’s important to take every precaution we can and to utilize every resource at our disposal in order to mitigate the risks we endure in our online lives. We must take a layered approach to security.

Simple things like, running regular windows updates, and ensuring your firewall/anti-virus is updated with the latest patches and signatures can go a long way toward protecting us from those that would seek to harm us.

The video below shows a few more ways we can protect ourselves online:

Crime & Punishment

If you've ever posted an ad on craigslist.org, chances are you have received an email like the one below:  

                   ---------------------------------------------

I will have to inform you that i am okay with the price of the [item name] ($375)condition terms are also okay with me,For the Shippment from your location,i have my SHIPPER as soon as we seal this Transaction from your end.

I have a CLIENT of my that is owning me some Fund in United Kingdom that will issue you the cheque of ($2000) soon as you receive the cheque and when cleared you will deduct the cost of the [item name] and the remaining balance will be send to the Shipper through western union money transfer for the pick up from your location.

If this is okay by you, do e-mail me the following detail

FULL NAME ON CHEQUE:
CONTACTED ADDRESS:
MOBILE&LANDLINE PHONE NUMBER:AND ZIP CODE
I will compensate you $50 to remove the advert from the site and will wait until the cheque clear before the pick up commence.hope to read from you today. 

                   ---------------------------------------------

Complete with all the telltale signs of a scam designed to part you from your money. The typos, grammatical errors, and the feeling that it's a deal that's just too good to be true. You may have spotted these warning signs immediately. Others won't be so lucky.

Enter 38  year old Matthew Shinnick. Matthew was unfortunate enough to be on the wrong side of one such scam. The San Francisco resident listed a pair of mountain bikes on craigslist for which he received an offer of $600 from a buyer claiming to be in Canada. 

 After exchanging emails over the course of a couple of weeks, Shinnick said he received a check for $2,000 shortly after Christmas and was informed that the extra cash was to cover shipping costs "and for my trouble."

The sheer size of the check, supposedly drawn on the buyers Bank of America business account, raised a red flag for Shinnick. Not wanting to deposit it in his own account for fear it would bounce, he decided to play it safe and stop by a Bank of America branch to verify the checks validity.

He gave the check to a teller and asked if there were enough funds in the account to cover it. 

"She said it was a valid account and that there were funds to cover it," Shinnick recalled. "I said, 'Great,' and asked to cash the check." 

As it turned out, the business account was real, but the check was a fake. The teller handed the check to the branch manager who alerted the police and Mr. Shinnick was placed under arrest.

Fast forward to July of the following year, a San Francisco Superior Court judge ruled that Shinnick was innocent by "findings of fact" -- a decision that essentially erases all record of the case. By this time, he had already spent an estimated $14,000 fighting to clear his name. Money he has no legal recourse to recoup. 

Full story here:

http://articles.sfgate.com/2006-08-30/business/17308300_1_craigslist-bofa-bogus-check/2

Keeping it Private on the Wild, Wild Web

Identity theft can turn your life upside down. It can ruin your credit, cost you that job opportunity, or worse. Southern Californian Bronti Kelly found that out the hard way. It started when Kelly was repeatedly denied for dozens of jobs for no apparent reason. The few times he was actually hired, it was only days before he was fired. He was ultimately forced to file bankruptcy, lost his apartment. Only after becoming homeless, was Kelly able to piece together what happened. In May of 1990, his pocket was picked while at a comedy club. His identification was then used by a man that was arrested for shoplifting and other crimes. A report of the shoplifting incident wound up in a computer database used by over 100 retail chains to share information about retail employees.

While this is an extreme example, it illustrates how devastating identity theft can be.

Now in the case of Mr. Kelly, it was the theft of his wallet that facilitated his ordeal. There are many more ways for criminals to commit identity theft without ever coming into physical contact with their victims. 

Phishing

Nancy Boyle received an email purporting to be from Bank One asking her to verify critical account information to comply with new anti fraud procedures. Later, she received an email from eBay warning of possible fraudulent activity on her account. So she hands over her social security number, her bank account number, and even her mothers’ maiden name! Armed only with this information, the criminals had all they needed to steal Mrs. Boyles’ identity and wreak havoc on her life. She was the victim of an increasingly common scam called phishing.

Wikipedia defines phishing as:

"the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communications.”

Basically, cybercriminals use emails disguised to look like they are coming from legitimate businesses and organizations to trick people into handing over their personal information. A phishing email usually contains a link to a fake website that may closely mimic your banks website, or other popular sites like eBay.

Now that we know what phishing is, lets take a look at just a few ways to protect ourselves.

• Most web browsers have some form of anti-phishing protection built in. Make sure you keep it updated and heed any warning messages.
• Ensure that your anti-virus software is kept up to date
• Be suspicious. Never respond to any unsolicited emails or phone calls that request personal information. Most legitimate companies or organizations will never ask you for passwords or pin numbers.
• Check the address bar. Ensure that websites on which you use confidential information have a secure connection. The http: should change to https:// when a site is secured
• Look out for the padlock in the browser window
• Make sure you check your bank and credit card statements regularly and report any unusual account activity to your bank or card issuer.

For more information , check out the video below:

Resources:

http://en.wikipedia.org/wiki/Phishing

http://www.washingtonpost.com/wp-srv/frompost/march98/privacy9.htm

http://www.washingtonpost.com/ac2/wp-dyn/A59349-2004Nov18?language=printer

Welcome to my little corner of the interwebs! This blog is a class project for Intro to Principles of Computer Security. I've never had a blog or kept a journal so this will be a new experience for me. I'll be using this space to talk about what I learn in class. We'll cover things like viruses and spyware, phishing, security software, and much more.

Mike