Tuesday, September 30, 2014
Sunday, September 28, 2014
Saturday, September 27, 2014
Monday, September 22, 2014
- Passwords that are simple are easy to guess or crack using tools by cyber criminals. The secret questions used to reclaim a forgotten password in many cases are easier to guess than the password itself. If these passwords were reused on other more important sites, the cybercriminal gains access to those services too. To avoid, these types of attacks, cybercitizens should use strong passwords and difficult to guess secret questions and not reuse them.
- In large data breaches the entire password database was stolen by the misuse of privileged access rights by trusted insiders, compromised administrative authentication codes or via an application flaw. In this way the cyber intruder obtains a large bulk of passwords which are used to compromise accounts on the affected services as well as on other services where the password may have been reused. To avoid these types of attacks, cybercitizens should regularly change their passwords, not reuse them and if notified about a breach immediately change the password.
- Sophisticated malware that has been unintentionally downloaded as part of free software or during a visit to malware infected sites helps steal authentication credentials from user devices. Such malware intercepts user credentials when the user logons to online services. Sophisticated malware besides stealing authentication credentials can intercept one time passwords sent from financial sites via sms, which when used in conjunction with spoofed sites are highly effective in compromising a user’s financial transactions. Cybercitizens should install a reliable antimalware product that blocks malicious sites and filters malware. Though not foolproof, it helps reduce the risk. To avoid spoofed sites, it is best to check the ownership and validity of the SSL certificate by clicking on the padlock in the address field of the browser.
- Passwords, in many instances are naively handed over to cybercriminals impersonating law enforcement officers, bank officials or even as IT support. Cybercitizens are tricked into believing that these requests to share passwords come from genuine and authoritative sources. To avoid such types of attacks cybercitizens should never share their passwords, as no organization will ever ask for them by phone or mail.
Saturday, September 20, 2014
Wednesday, September 17, 2014
The ability of Twitter to police rogue usage is minimal. Many times their posts fall in “grey” areas of offensive versus inoffensive content, making it difficult to moderate. In most cases, deletion or inactivation of accounts happens much after the damage has occurred. This does not prevent the perpetrators from establishing alternate or slightly different twitter id’s to resume their propaganda. Most of these rogue accounts cannot be acted upon by law enforcement because those countries from where they operate do not have effective law enforcement or they do not consider it a crime yet.
Inciteful posts have high impact, and are often unsubstantiated. Being public broadcasts they rapidly go viral and reach a large global audience. Posts such as those sent by ISIS have been effective in influencing youngster to join their ranks from across the world. Youngsters, taken up by these messages sign up for a cause from which there is no return even when the harsher realization dawns.
Governments, have an active interest to not bar these tweets, as they form a rich source of real-time information, in many ways more useful than covert intelligence. Sympathizers in countries with effective law enforcement may put themselves into trouble, if they draw attention through retweet or likes. Of late, governments have attempted to spread counter messages to negate the effect of these broadcasts.
Monday, September 15, 2014
Indian Internet Addicts: Boy stabs mom for cutting internet access while another finds a Facebook Mom
- Cybersex is the compulsive use of Internet pornography and adult chat rooms.
- Cyber-Relationship addiction is an addiction to social networking, chat rooms, texting, and messaging.
- Online Gaming addiction is compulsive online gaming with virtual friends and currency.
- Becomes irritable or agitated when time online is interrupted. In the case of the Pune student he turned violent, threatened to harm himself and even stripped naked.
- Withdrawal from activities that involve socialization with real people. Most addicts isolate themselves from people and spend most of their time with virtual friends
- Spends a lot of time online at all or odd hours. Addicts constantly message driven by the urge to respond to their online constituency instantly. They carry their phone everywhere even to the toilet.
Friday, September 12, 2014
- Lack of communication between the hacker community and the industry is a big problem. Hackers are seem as untouchables except when they are needed he most
- Bug bounty trends are increasing and rewards are sufficient to sustain a hacker’s income
- Industry has maligned the word “hacker”. Today, the word and community is associated with criminals.
- Companies need to transform and build a new security architecture to meet new and emerging threats
- Industry competitors need to collaborate to build secure supply chains to ensure that common suppliers do not skip investing in security
- Agile security should be the new paradigm. The current models of reacting to incidents or building defense in depth is too slow to combat the spate of attacks
- Security is today beyond CIA and assets – looks towards the business
- We need to brave the risks of using the cloud by using secure technology. We cannot go back to the bullock cart age because cars today are unsafe
- It is a matter of time before we see the first big attack on a cloud provider. They are a big target that cybercriminals cannot ignore
- The case of a refrigerator sending spam, is simply the tip of the iceberg as far as the Internet of things is concerned
- The Indian Government is researching on the use of alternate protocols to IP for setting up our secure critical infrastructure like nuclear stations
- The Indian Government has allocated large funds to the enhancement of IT and security
- Entrepreneurship is difficult and needs perseverance
- Signal protection will be the next security wave
- Consumer education is a must to thwart cloud risks as they are easy prey for social engineering attacks
- Many miss the gorilla in the room when focusing on routine tasks
- Fraud happens because enterprises miss the obvious
Monday, September 8, 2014
Saturday, September 6, 2014
delighted to have conducted my first tutorial for parents on "How to keep
children safe online" on Teachers Day, 5th Sept. It was a proud moment and
I was able to receive feedback from enthusiastic parents on how to improve the
material. The audience was very touched and emotional as I showed them the
video on Amanda Todd
and explained to them what happened to her. For many she remains a teacher and
a hope. The tutorial description is given below and for those interested; the
training content “Keeping
your child safe online” is available to download.