A bug recently found in Oracle's Java software, which is installed on many machines, that may allow a hacker to obtain unauthorized access to your machine. It is important that everyone update their Java software (and ensure that all your other software is updated as well!).
Wireless networks are not as secure as the traditional "wired" networks, but you can minimize the risk on your wireless network (at home or at work) by following the tips below.
How Does it Work?
The standard setup for a wireless network requires two components: a Wireless Access Point (WAP) and a computer with a wireless network adapter. Properly configuring a wireless device can be challenging and the steps will vary depending on the manufacturer.
The WAP connects to your high-speed Internet connection and/or your internal network. It provides the ability to use a computing device (copier, printer, etc) without being constrained by the distance of a wire. A wireless network adapter, used for transmitting and receiving information, may be required for each device you intend to connect to a WAP. The wireless network adapter is usually built into laptop computers, while it is an add-on component for other devices.
Tips for Securing Your Wireless Network
It is critical that every wireless network has encryption enabled. Encryption scrambles the data in a way that if your signal is intercepted there is reduced risk of someone being able to eavesdrop or monitor your communications. There are several standards of encryption common to most WAPs. Newer wireless access points include Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2). WPA2 is stronger and the preferred method of encryption. If WPA2 is not available, it is recommended that you use WPA. If your network only allows for WEP (Wired Equivalency Privacy), an older standard of encryption, it is recommended that you replace your wireless network with one that supports WPA2 or WPA.
Change the Default Password
Change the default password that comes with your WAP. The default passwords used by manufacturers are well known to the hacking community. Be sure to use a strong password, that is at least eight characters in length and include a mix of upper and lower case letters, as well as special characters.
Change SSID Name
The Service Set Identifier (SSID) is the name of your wireless network. Default SSIDs are well knownâ€”often the name of the manufacturerâ€”or easy to guess. Change the SSID name to something unique and be careful not to use a name that freely discloses information. For example, avoid using your family name. Avoid descriptive or functional names as well, such as "Payroll" or "Accounting" since this would advertise an attractive target for an attacker.
According to a June 2012 CNN Tech article, “Facebook pulls location-tracking feature,” the company had been testing a feature that would allow you to find out if your Facebook friends and other Facebook users were nearby in real time.
A person would need to login to the “Find Friends Nearby” site in order to have their information shared, and the goal of the app was to allow you to quickly link with a person you just met in person.
One of the developers related the application to exchanging business cards. Remember that practice back in the olden days? The feature was pulled after a backlash by people concerned about privacy.
I remember using the “check-in” feature on Facebook for the first time, when I was in an airport and looking forward to getting home.
Here is a great opportunity to make your friends and family aware that Octover is National Cyber Security Awareness Month! Use your Twitter and Facebook pages to send out these sample messages (and more, linked here) to your friends to get this topic into the forefront of discussion!
Day 1: October is National Cyber Security Awareness Month. Let’s make our online lives safer & more secure! Details athttp://staysafeonline.org/ncsam/ #ncsam
Day 2: National Cyber Security Awareness Month is a time to STOP. THINK. CONNECT. Learn more: http://bit.ly/MXMNmA #ncsam
Day 3: #Cybersecurity begins w/ STOP. THINK. CONNECT. These 3 words remind us to stay safer #online. Learn more http://bit.ly/LEYakj#ncsam
Day 4: When in doubt, throw it out! Don’t open suspicious links in #email, tweets, posts, & ads. Learn more: http://bit.ly/LEYakj #ncsam
Day 5: Make passwords long & strong. Use mix of letters/numbers/symbols. Use different #password for each account.http://bit.ly/LEYakj #ncsam
Day 6: Keep list of #passwords stored in safe place away from your #computer. Learn more about #onlinesafety: http://bit.ly/LF58pm#ncsam
Day 1: October 2012 is National Cyber Security Awareness Month. Let’s make our online lives safer and more secure! Check out details athttp://staysafeonline.org/ncsam/.
Day 2: National Cyber Security Awareness Month is a time to STOP. THINK. CONNECT. Learn more about staying safe and secure online athttp://stopthinkconnect.org/.
Day 3: Cybersecurity begins with STOP. THINK. CONNECT. These three simple words help remind us how to stay safer and more secure online. Learn more at http://stopthinkconnect.org/.
Day 4: When in doubt, throw it out! Don’t open links in email, tweets, posts, and online advertising—unless from a trusted source. Learn more at http://stopthinkconnect.org/tips-and-advice/.
Day 5: Make online passwords long and strong. Use a mix of upper and lowercase letters and numbers and symbols. Have a different password for every account. Learn more at http://stopthinkconnect.org/tips-and-advice/.
Day 6: Keep your list of online passwords stored in a safe, secure place away from your computer. Learn more about online safety athttp://staysafeonline.org/stay-safe-online/protect-your-personal-information/passwords-and-securing-your-accounts.
How many times do you access your bank account online? How many email addresses do you own? Do you play online video games? How many social networking sites do you access?
These questions are all factors in determining your exposure to identity theft.
According to the Federal Trade Commission, it takes people an average of six months and 200 hours to recover from identity theft.
So how do you know if you're at risk?
You can start by using the Online Identity Risk Calculator.
We partnered with our friends and NCSA Board Member Company EMC2/RSA to bring you the Online Identity Risk Calculator.
The Online Identity Risk Calculator is game that allows people to find their personal identity risk score and get practical tips on keeping their online identity protected.
Players answer 10 questions to discover how their online activities – from banking to shopping to social networking – can potentially make them more vulnerable to identity theft and fraud.
When you’re done playing, make sure to check out the “Helpful Hints” section, where you’ll find STOP. THINK. CONNECT. tips and advice and links to other helpful websites.
We think the Online Identity Risk Calculator is fantastic, interactive way to learn how you can protect yourself and your family from identity theft.
For more ways to stay safe online, visit http://staysafeonline.org/stay-safe-online/protect-your-personal-information/id-theft-and-fraud.
Mat Honan is a senior reporter at the technology blog Gizmodo. Last weekend, Mat experienced just how easy it is for anyone to be hacked, but not in the way we generally think. Because of lax policies from the technical support at companies he frequented, a hacker was able to seize control of one account of his after another, causing havok for Mat. By the end of it all, his iPhone and Macbook had been remotely wiped, his Twitter account had been seized, and his e-mail would not longer let him in. He writes in Wired:
In the space of one hour, my entire digital life was destroyed... Had I been regularly backing up the data on my MacBook, I wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location.
This kind of incident details how important computer security is and how easily it can slip away from you. There is a detailed video podcast detailing the hack on Security Now, a weekly show on the TWiT network of technology-related shows. Here is that video in its entirity:
(Kristin Judge via AnnArbor.com)
Protecting our family at home is serious business. Personally, my family has a full plan in place to keep us safe in the case of a house fire. We have a place to meet (the mailbox), a portable ladder in the closet on the second floor, smoke detectors with batteries that are changed every New Year, and a lightning rod in our side yard.
Many Americans are probably as prepared as our family in this case. Our children have also been taught the “Stop, Drop and Roll” routine in school.
In the 21st century, families need an online safety plan in place to protect their family from becoming victims. Just consider how safe we will be as a community when the messages for online safety are as commonplace in our lives as the messages around fire safety.
Putting an online safety plan in place can be a great opportunity to have dialogue with your family about communication, cyber bullying, privacy issues and other topics
Here are some suggestions that may work for your family:
- Determine a central location for your computer so you can monitor your children’s activities online. Use parental control settings to block access to inappropriate sites when needed.
- Set parameters for acceptable online behavior and expectations. Clearly explain the rules and expectations regarding online behavior. Include issues such as cyber bullying, keeping personal information private (not posting it online), and treating people met online as the strangers that they are.
- Develop a monitoring strategy. How will you assure your family complies with your “Acceptable Use Policy?” You may choose to monitor your family’s online activities and let them know their activity is being monitored.
Most workplaces have cyber security policies, processes, and technologies. You can create a more cyber-secure environment at home by implementing similar strategies.
At home, determine:
- A central location for your computer so you can monitor your children's activities online.
- Whether you allow access to certain sites. You may choose to use parental control settings to block access to inappropriate sites.
- Acceptable online behavior and expectations. Clearly explain the rules and expectations regarding online behavior. Include issues such as cyber bullying, keeping personal information private (not posting it online), and treating people met online as the strangers that they are.
- Your monitoring strategy. How will you assure your family complies with your "Acceptable Use Policy?" You may choose to monitor your family's online activities, and let them know their activity is being monitored.
To create a more cyber-secure enviornment at home, implement and maintain the following processes:
- Develop strong passwords and change them every 60 to 90 days. Passwords should be changed periodically to reduce the risk of disclosure. The more critical the account, such as banking or e-mail, the more frequently the password should be changed. Use a minimum of eight characters with a combination of upper and lower case letters, numbers and special characters. Have different passwords for each account for which you provide personal information. Do not re-use work passwords for any personal accounts.
- Backup your information. Determine what needs to be saved, how frequently it needs to be saved, how to perform the backups, how to save the backups so you can restore information when needed, and to test the backups to make sure they work properly.
(Kristin Judge via AnnArbor.com)
I love my mother. She is so thoughtful and always wants to share fun, inspirational, and educational emails with me after she receives them from one of her friends.
If someone in your life is constantly sending those forwarded emails with 100 people listed in the body of the email and a cute picture of a cat doing something hilarious, it may be time to have a chat. Those emails can be from well-intentioned people who truly are just sharing a cute photo, but the chance of the email having an infected link or attachment is high.
Phishing is a term that refers to attempts by individuals or groups to solicit personal information from unsuspecting users by employing social engineering techniques. The bad guys are getting good at making these phishing attempts look like the real thing.
Phishing attacks are on the rise, and a person with bad intentions can easily purchase kits online to teach them the tricks needed to perpetrate these attacks. In the RSA 2012 report, "A Year in Phishing"some startling numbers are reported:
- In 2011, approximately one in 300 emails was “deemed to contain elements pointing to phishing”
- An average phishing attack yields the attacker $4,500 in stolen funds
- Approximately 86 percent of the U.S. banking sector brands were targeted with phishing scams in 2011.