Archive for the ‘Security for Teens’ Category

Internet Safety While Traveling – Deeper Dive

Saturday, November 23rd, 2013

A “man in the middle” or MIM attack is not particularly difficult to pull off, and it represents one of the biggest cyber security threats we face when we are traveling – or in fact, any time we consider using an unknown wireless network.

Here’s how it works: it’s rather easy to find software which will monitor or “sniff” network traffic.  It’s even easier to set up a wireless network – by example, like many business travelers these days, I carry a portable wireless hub in my purse. If the intent is to trick other people into using it, all that’s left is giving it a name which sounds legit like, “Marriott SecureWifi”. These can even be set up as far as 15 miles away from the wifi area.

As people try to connect to the criminally controlled network, the cybercriminal allows them to do so (using the same password as the real network, or no password at all). Then the cybercriminal becomes the “man in the middle” (MIM). Sample scenario (there’s a more detailed example of a MIM in my book):
1. You ask for the gmail page in your browser and type in your gmail password.
2. The MIM intercepts your request and provides you a fake gmail login page (which looks pixel by pixel exactly like the legitimate one, including “https/gmail” in the browser, which indicates that it is securely linked to the gmail server).
3. The MIM sends your password to Google.
4. Google assumes it’s talking to you, and opens your gmail.
5. The MIM passes the gmail back to you and continues passing requests and information back and forth until your session is done.

(more…)

Gordon Snow on Cybersecurity at Home

Sunday, December 23rd, 2012

I’m a military brat.  Most Americans are familiar with this term, because it is a common way we brats answer the question: “Where are you from?”  Every other answer takes too long.  You know, like explaining why being born in Italy doesn’t mean I’m Italian.  And we really don’t have enough time to talk about all the schools we went to.

According to Wikipedia, we are an entire sub-culture.  One component of this subculture is a company called USAA.  USAA is an organization which provides financial services, loans and banking to anyone associated with the military.  And in their eyes, once a brat, always a brat.  This turns out to be a good thing, because the children of service men and women have a lifetime right to use their services.

The Fall 2012 issue of USAA’s magazine features an interview with Gordon Snow.  He was formerly the FBI’s top cybercrime cop.  Naturally I was curious to read about his tips for keeping our families safe.

You can find the on-line article here, but they cut out a lot of the good stuff (nice reference to my employer though).  Here are my two favorite useful tips:

1.)  Go Long!  – Here’s a password quiz: which is a stronger password – the hard-to-remember: “H7%doss!” or the easier: “MyLazyDogRex” (note: this second one is also called a “passphrase”)?

Believe it or not, the short one will take a password cracker 6 hours to crack; the longer (but easier to remember) one will take 317 years.

(more…)

The Pitch for Paying Attention to Internet Safety

Sunday, September 30th, 2012

I’ve been busy this month giving webinars on cybercrime for my day job at Kaspersky.  Here’s a link to the latest one.  It is called “Top Cybercrime Threats 2012” and it also promised “10 tips to better internet security”.

But it could have been “Twenty Tips”.  Or even “Thirty”.  Because there are at least this many small things we could do to be more secure.  However, people don’t have infinite amounts of time to watch webinars, even if it’s about their own security.  So I’ll continue to work on slicing and dicing the information into small, consumable chunks for the non-security geeks in the world.

Here are two fun facts I want to share:

connected world

*  in the year 2000, there were 316 million people on the internet worldwide

*  in the year 2011, there were 2.3 billion

Stunning change in just a decade, isn’t it?  Never have so many people become connected and enabled so fast.  And with so much money continuing to fund this growth – high-tech as a whole, plus all the charities we support – it shows no sign of slowing down.  So how long will it be until 70% of the world is connected?

 

(more…)