These days everyone is going on the internet. It doesn’t matter the age of the person, or the race, or where they live, people are using the internet everywhere. And it really makes sense since the world that we are living in is becoming more digital. That is the great thing about the internet. It allows a democracy that we have never had before. It allows people from all over the world to be able to access data that they normally would not have been able to access in the past. And the way that most of these people are getting online is through wireless networks. But it was not always that way.

The takeover of wireless networks is only a recent thing. With the way that they have spread out you would think that it was something that has been going on for a long time now. But that is not a fact. The takeover of wireless networks all over the place has only been something that we have seen for the past 6 or 7 years. Before that when people wanted to hook up more than one computer in their home to go on the internet they would used a wired router.

Wired routers are the same thing as wireless routers but instead of the internet signal going over the air, the signal would instead go over a pair cables. The type of cable used was called CAT 5 cable. It kind of looked like the same cable that you would use for telephones except that it was thicker. But if you really think about it we do not use those types of cables for phones anymore either. While there are still a lot of people who have a house phones, most people use a cellphone to do most of their talking.

But while it may seem old school to use a wired router, there are actually benefits to using one. While you may not be able to get the long distance range that you can get with a wireless network, well at least without having wires all over the house, you will be able to get a faster connection. That is because there is less interference that the signal has to deal with since it is going over a dedicated wire and not over the free air. But there is also another benefit that you get as well. And that benefit is the fact that a person has to actually physically connect to the router to be able to get on your internet connection.

That means you do not have to worry about people sitting outside of your house using your connection. There are a bunch of people who look for open wireless connections so that they can perform illegal downloads and the person who owns the connection is the one that gets blamed for it. You also do not have to worry about people who see that you have a secure connection on your wireless router trying to break into it. While most routers have a default setting to be secured there are ways around even the most secure set up. And people get past this type of protections all of the time.

So as you can see, while a wired network might be something that is looked at as being old school, there are actually some benefits that you can get from using one. There are even sets ups that will allow you to have both if you want. While it may not be exactly what you want it is an option that you should really look at.

photo: flickrsven

If you are looking to secure something, whether that be a computer, network, house or anything else, then your ambition should, surely, be to make it so secure that it ceases to offer any kind of risk at all.

If your security measures are so good, so infallible, then the trust in them will be rock solid and so they will cease to be a point of worry or concern.

And thats a good thing isn’t it?

Maybe. Maybe not.

In much the same way that Mac users were once extremely complacent about the risks of malware on their systems, some Canadians seem to have placed too much trust in their bank notes.

Canada’s polymer $100 bills were meant to go a long way in terms of reducing counterfeiting but it is still happening all the same -

“Because the polymer series’ notes are so secure … there’s almost an overconfidence among retailers and the public in terms of when you sort of see the strip, the polymer looking materials, everybody says ‘oh, this one’s going to be good because you know it’s impossible to counterfeit,’” he said.

“So people don’t actually check it.”
globalpost.com

So I guess there are a few lessons to be learned here -

• Nothing is ever 100% secure, even if you think it is
• If you claim something can’t be broken/copied/etc then you can bet your life that someone will try to prove you wrong
• Humans really are the weakest link when it comes to security – we like to get the job done with the least effort so if we think we don’t need to verify a security measure then we won’t.

photo: wilsonhui

If you are person that is always on the go then you know that things can get a little stressful very quickly. You are trying to get to a place in a certain amount of time with all of the baggage that you need to accomplish your goals when you get there. Making sure that you have all of that right is enough to drive anyone a little crazy. Or it might make you a little forgetful about the things that you do every day. This includes your habits while you are on the computer. There are certain habits that you pick up if you are heavy computer user. And if you are someone who travels then there is a good chance that you use your computer more than the average person. It is a way for us to be able to get work done a lot easier while we are on the go.

And while you are doing that work or entertaining yourself in the middle of your travels you have to remember that you need to be careful just like you are at home. But as a matter of fact, you might need to be more careful while you are travelling then you are at home because you are depending on resources that you cannot fully trust. For example when you are on a strange WIFI network you have to be careful. You do not know who else is on that network and you do not know how secure the network is. There might be a chance that there is a black hat hacker on the network spying on anyone who is using it. And that is certainly possible if the network is not properly secured. If it is easy for you to get on the network then that means that it is easy for the bad guys to get on the network as well.

But you also have to remember that the network itself can be a trap. There are a lot of people out there who set up wireless networks for people to use just so that they can look at the traffic and pick up anything of value. This happens a lot and it is something that you have to be concerned about. Basically, if you do not trust the network then there is a good chance that you do not want to do anything serious on there. For example, you might not want to check your bank account or look at your stock picks. And if you have any private information in your email account you probably do not want to check it on a strange network as well.

But if you are on a network that you do not fully trust and you need to check the items that I have just listed then you want to make sure that you are using SSL. Make sure that in the web address box that the http part is followed by an s. So it would look like https and not the normal http. While this is not 100% secure it is a lot better than how you would normally check these accounts. Some websites will give you an option to use this setup and some websites will offer it as the default.

When you are travelling you want to be sure that you are safe while you are on the go. And that means all of the activities that you do including on your computer. Treat your computer session with the same care that you do while you are at home.

photo: Beraldo Leal

If you get out and go to security shows much, especially the likes of InfoSec, then you will quickly realise that many security firms give out free items in the hope of turning you or your business into paying customers.

Over the years I’ve realised that much of what is given away is worth about as much as you’ve paid for it but, occasionally  some real gems are offered too.

The really good stuff, however, is reserved for people who are devilishly good looking, highly successful with women and all round top people.

Or at least thats the lie I tell myself before bed every night.

But, anyways, I have just recently received the coolest of cool T-shirts from my friends at Bitdefender -

- via Abdur Rehman and Catalin Cosoi – thanks guys, I love it!!

I’ve already worn it and had many people stop and ask me where I got it and what it was all about so I’ve had ample opportunity over the weekend to give out some security education, as well as let people know just how good a choice Bitdefender is for protecting their computers (the Romanian company recently proved to be the only security product to have a 100% detection rate in AV Comparitives test).

And, even more importantly, my girlfriend loved her t-shirt too – but I’ll still derive much satisfaction in getting her to take it off

When you work on the white hat side of computer security most of the time you are playing defense. That is just the nature of the game. When you are on the home team you have to wait to see what the bad guys are going to do next. While you can try your best to guess what they are going to do you have to remember that the bad guys you are going against are humans and humans tend to be very creative when they need to be. There are too many ways to attack even a well secured system so there is no way that you are going to be able to guess all of the angles of attack that someone will be able to make on your system. That’s why you have to be creative when you are trying to be proactive against the bad guys. It is not enough to try and think like they think. Sometimes you are going to have to see how they think as well.

And that means you have to watch their actions and be able to analyze them. You can do that by setting up traps and see what they do with it. This kind of trap is known as a honey pot and it is the kind of trap that you use when you are trying to see the actions of black hat hackers. Think of it is a bear trap in the woods that watches the bear instead of catching them right away. You instead watch the bear, see what he does, and this way you can catch him and other bears later on down the line. While humans tend to be creative in the face of diversity, when they are successful they tend to let up off of the gas and get lazy and start to stick to habits. This includes very smart black hat hackers and this is when you can trap them.

And that is the feeling that they are going to get when they are able to penetrate a honey pot. This is especially true if it is a young black hat hacker. They are going to think that they were able to beat the system and that they were able to get inside and get past serious security. But you know that is not the case. You know that you let them in so that you can see what they are going to do next. So you can just sit back and bide your time and wait for the right time to strike.

A honey pot will also allow you to defend yourself from future attacks. There are very few black hat hackers out there who are what you would consider elite level. Most of them just follow the tricks of all of the other black hat hackers out there. When you see these tricks in action you will be able to defend your network from them later on. So not only will you be able to stop the bad guy that you were watching but you will be able to stop most of the other bad guys who try to get in later on.

But you should not feel too secure when it comes to honey pots. While they do help, it is not going to give you all of the secrets of the bad guys on the internet. You are still going to have to work at other lines of defense to stop them as well. Basically honey pots are very helpful but only when you have other forms of defense as well.

When you first start on the web you probably do not have any idea how many different types of websites there are out there. Well just to let you know there are many. And you might find one that strikes your interest one day. You might want to create an informational site about your favourite hobby. Or you might want to start a site that will allow you to talk to people in real time about business. No matter what you are in the mood to start, with the power of the web behind you, you will be able to make that happen.

But the one thing that you have to remember when you are starting a website is that you must keep it safe. Your users are depending on you to make sure they have a good experience while they are on your site. And when we say good experience we are not just talking about having a fun time. We are talking about having an enjoyable experience on the site without the threat of their computers becoming infected. And the only way you can do that is by realizing the threats that exist on the web. Only then will you be able to weed out the threats that might be facing you and your users.

One threat that you really have to worry about when it comes to your users is the fact that they might click on links on your site that leads them to dangerous websites. While the links might not come from you directly it is still your responsibility to make sure you try to stop them the best way that you can. If you do not then your website can become a place that is known to be infested with links that are dangerous and not worth the price of admission even if it is free.

There are several ways that you can get dangerous links on your website without you knowing about it. When most people think of this they think that we are talking about someone hacking into your website and laying the links down. While that does and can happen, that is not what we are talking about right now. We are talking about ways that are a lot simpler than that. We are talking about people using SEO techniques to make your website a landmine.

First of all, there are a lot of black hat hackers who will use an old SEO technique and go to the older comment sections of a website and lay the comments out with links. They know that people will find that page on the website due to Google indexing it based on a keyword and they will then see the link. And hopefully a good percentage of the people who see the link will click on it. Most webmasters do not look at the links that are that old and they will never know that the infected link is there. At least until someone complains about it.

Another way that the bad guys are able to get infected links on a site is through the use of redirection. They will place a good link on the site and then have the site that you land on redirect you to another webpage after a few minutes. This makes the original linked site seem innocent and the user thinks that it was something that they did to cause this problem to happen.

If you are a webmaster it is your responsibility to check on your website every now and then to make sure it is safe. And that means you also have to check the links that are appearing on your site as well.

photo: t r e v y

One of the great things about the internet is that we are able to use it as a gigantic communication tool. Where else are we able to communicate with people all around the world at such a cheap price? Not only are we able to communicate with people around the world at a cheap price but we are also able to give them tons and tons of information about whatever we want. When you buy a spot in a SuperBowl ad, sure you are able to be seen by tons of people around the world but it only last for 30 seconds and you have spent millions of dollars to do it. The internet allows you to be able to target your audience and go after the people who you know would be interested in either the product or the service that you offer. And if you become big enough the exposure could possibly start to get up to millions of people around the world.

When you are in the computer security field there is probably a good chance that you really do not think about marketing yourself. And that is a big mistake that you are making. Just like with everything else in life you have to be able to get people to notice you to be able to show off the skills that you might have. What good is being a good security researcher if the only people who know about your work are you and a few friends? You need to be able to get the word out for a few reasons. One you will be able to warn more people about the security hole that you found and two you will be able to make a living at your work which will allow you to get better at it.

If you want to be able promote yourself there is no better way than social media to it. Social media is the great equalizer when it comes to getting people to know about you and what you do. You do not have to be famous to get a lot of people to follow you on a social media account. While it does help to be famous, the most important thing that you can do is to be interesting and engaging on your social media accounts. That way people will always want to visit your account and see what you kind of work you are up to.

By posting your work on your social media accounts you will start to gain followers who are interested in that type of thing. And that is exactly what you want. That way you will be able to engage with your followers and you will become known as an expert in your industry. Just think about all of the popular computer security figures and programmers that are on twitter and Facebook. They did not start off as people who had huge followings. They did something interesting, put the word out about it, got people who were interested attention, and then they started to gain a following. While it is a simple formula you have to remember that it takes time to build up a following in the social media space.

No matter who you are, promotion is very important when it comes to building up your recognition in the computer security communication. And when you do start to get that recognition you will find that it will lead to better opportunities and more higher paying gigs. So do not treat marketing like it is a bad word and utilize the social media space to the best of your ability. In the end, you will be glad that you did.

A very good friend of mine is faced with something of a conundrum. He works for a reasonably well known company, one that has a turnover of over a £billion per year, but in terms of IT and, especially security, they are like a dinosaur — many of the instore PCs are 486s for example.

Well, anyways, he and I were talking recently and he has discovered more than a few issues that are either causing the company financial loss right now or certainly could do in the future. Not to mention the potential for bad press they’ll cop when some of their policies, or lack thereof, lead them into being another one of those bad news company hacked stories you keep seeing on Twitter.

So… he goes looking through the internal staff directories to find out who is responsible for information security within the company, or at least a phone number for the department. But… nothing. As far as he can tell there is no security. At all.

LOL

So, what action should he take here? Should he contact the guy who is responsible for the corporate website (as buggy as that is), tell his manager or perhaps contact someone much higher up the food chain and share his concerns with them?

Should he give this information over freely, for the good of the company, knowing full well that he likely won’t get any thanks whatsoever for doing so? (and knowing it would spell the end of his days accessing Sky Sports on the web when he is supposed to be working)

Or should he leverage his knowledge in the hope of attaining something from it for himself?

Or does he just sit on what he knows, waiting for the day when his company appears in the news following a major breach, or reports losses due to fraud, and then smile wryly to himself, knowing that all of that could have been preventable (to a big degree)?

How would you advise him?

photo: David Michael Morris

When you are trying to protect a network you are going to usually play a lot of defence  It is just the nature of the game. You have to wait to see what the bad guys are going to do before you get a chance to stop them. That is because you cannot protect something that you have never seen before. The bad guys are always going to come up with something new so you have to wait to see what that new attack is. No one is psychic and you would have to have psychic ability to be able to stop something like that.

But you do not have to have psychic ability to be able to stop something that you have seen in the past. And while it is true that all of the top black hat hackers are going to have the ability to be able to come up with something new all of the time, the truth of the matter is that you are not dealing with the top hackers most of the time. Most of the time you are going to be dealing with the lower tier and mid level black hat hackers. There are only so many top level black hat hackers in the world and there is a good chance that they are not going to be the ones that you are dealing with.

So if you want to be able to go on the offence to stop attacks that are going to happen to your network then all you need to do is study the past. Not all of the attacks that are going to hit you are going to come from fresh zero day attacks. So look at whatever resources that you need to and see if any of the attacks in the past would be able to affect the software and the hardware that you have in your setup now.

When you do find that you have security issues in your setup then you are going to have to be proactive and fix them. This is how you are going to be able to be proactive and go on offence when it comes to protecting your network. Being able to stop an attack before it even reaches you is a great way to go on offence and you will most likely find that it is the best way.

You are not going to be able to stop every attack like that. Like we said earlier in the article you are going to see new attacks hit your network. But do not be afraid of them. Another way that you can be sure that these new attacks have minimum effect on you is to make sure that the software that you use is up to date. Even the new attacks, most of the time, hope that the person being attacked has not updated their software. So while the attacks itself has not been seen in the wild before there is a good chance that the software vulnerability that it is using has been seen and known about for a while now.

When you want to be able to protect your network, you of course want to do the things that will help you on defence  But you want to go above and beyond that as well. You want to try and go on offence and try to stop attacks before they are able to affect your network.

photo: RichardBowen

Four British members of hacktivist group LulzSec have been imprisoned for their roles in various cyberattacks committed by the group in 2011. Their attacks against government and corporate sites (such as Sony, Nintendo, the FBI, SOCA and the CIA) led to a date in Southwark Crown Court today where each were sentenced following their earlier pleas of guilty in relation to charges of carrying out unauthorized acts with the intention of impairing the operation of computers.

In a statement about the four men – Jake Davis (“Topiary”), Ryan Ackroyd (“Kayla”), Mustafa Al-Bassam (“T-Flow”) and Ryan Cleary (“Viral”) – the CPS said,

“The actions of these LulzSec hackers were cowardly and vindictive. The harm they caused was foreseeable, extensive and intended. Indeed, they boasted of how clever they were with a complete disregard for the impact their actions had on real people’s lives.

“Whilst aggressively protecting their own privacy and identities, they set out to hack and publish hundreds of thousands of innocent individuals’ private details. Companies also suffered serious financial and reputational damage. A senior executive of one American company lost his job and had to move his young family because of death threats.

“Coordinating and carrying out these attacks from the safety of their own bedrooms may have made the group feel detached from the consequences of their actions.

“But to say it was all a bit of fun in no way reflects the reality of their actions. They were in fact committing serious criminal offences for which they have been successfully prosecuted. This case should serve as a warning to other cyber-criminals that they are not invincible.”
Crown Prosecution Service

The sentences given out were as follows -

Ryan Cleary – 32 months in prison

Jake Davis – 24 months in prison

Ryan Ackroyd – 30 months in prison

Mustafa Al-Bassam – 20 months in prison, suspended for 2 years, plus 200 hours of unpaid work.

With the three men who received instant custodial sentences being aged between 20 and 26 I do wonder how they will survive in prison. I imagine it will be a hard couple of years for them but, personally, I think the fact that Ackroyd posed as a 16 year old girl online should enable him to fit into prison life quite seamlessly

Interestingly, another member in the US called Cody Andrew Kretsinger (“Recursion”) only received a one year sentence for his role in the Sony Pictures attack – I always assumed those convicted in America would receive harsher sentences that those who met justice in our overly lenient courts here in Britain.