Click image for larger version  Name:	code.JPG Views:	2 Size:	22.2 KB ID:	3015


I collect information about computer security from podcasts, from reading forums like this and from personal experiences gained while working in the field. As result I also like to pass along as much about the various topic's I study, to others. A few new terms to look into in 2017, Big Data, what is it? What will the long term effects be of collecting it be on the world? Ransomware, How many of the people you know will be infected with it in 2017. Why do these occurrences of malware infection seam to be on the rise rather then getting easier to defend, we are getting smarter after all, right? Although I don't claim to be an expert, Odd's are I may have knowledge about the topic and at the very least a unique personal take.

Big Data, They have been mining, filtering, targeting and analyzing our personal information for years. Every time we shop on-line, and search for and look at various products, the data collected from this action is being stored in a huge database. You might not understand it right now, but this information with an algorithm applied to it can be used as an incredible weapon of math destruction. This information used with clever advertising techniques can result in a huge payday for some while making a really bad day for others. The script used in this form of advertisement is an important part of the big data issue, without it web sites would not be able to target individuals with specific ad's aimed directly at them. It's also this script that makes it possible for Malware, and virus kiddie's and professionals alike. People tell me all the time that they never even clicked an ad, they never download email attachments and they always have anti-virus software installed and updated. It's unfortunate that they for the most part, make good choices but still fall victim to this battle for an extra few cent's collected from a billion people. Yahoo had it's email database stolen about 2 years ago, this database was then sold by one hacker to another for $300,000 and is now in the hands of who know's who. Sure it was made public eventually, but in my opinion, it should be in today's news reports before the new's that's always shown. How many people do you think have not changed their email password in the past 2 year's? It's stolen data like this together with mined data that can be used in incredible ways. Just think of all the way's someone could use your email account to harm you or anyone on your contact list. Now put that power together with that algorithm and the spear phishing attacks will just continue to increase.

The latest randsomeware, is combining old tech with new tech. Tactic's used by would be entrepreneurs made popular hundreds of years ago, are being used against us all over again but with the modern twist! Like we saw used by our future president, Donald Trump, this old school song and dance can be a powerful weapon when it's basic principals are implemented with the technology of today. When you fall victim to randsomeware yourself, you will be given the option to infect 2 of your friends, when they pay the 1 bit coin ransom, you receive your decrypt code free. This is the latest in old school idea's being used today with great success.

This past October, the Computer security aware people you may know, were alerted and surprised. Both a global and historical event, in the world of cyber security. I can't even fathom the implications possibly exposed by this flaw, and I doubt many Computer Security Experts can speculate on it much better then I at this point. What do we do? What is the real problem?
Click image for larger versionName:	image_566.jpgViews:	1Size:	20.6 KBID:	3012



The personal computer is just way to easy to use, it is like an AK-47 in the hands of babes. Sure those of us who grew up at the command line with our dark rimmed glasses and pocket protectors will be able to protect ourselves, our networks and possibly even our family's but that really is no where near enough. It's not my own systems that I need to be worried about it's the person down the street from me who buy's a new router and installs by himself. His password is still set at the default so anyone can login, he has never upgraded his firmware on his DVR or web Camera let alone his router. He has no idea even how to do it or that it even needs to be done. As an army of networked home devices attacks the world, all of us are the victims!


What is a strong password? I don't know about everyone else but I always draw a blank when typing to think up new passwords that are strong yet easily remembered. I have had many people over the years tell me what there "system" is for creating fresh passwords. Personally I have never found any such system that works for me.

Many years ago I gave up after I happened across a list of common password, the top 100 most commonly used passwords list. And when I saw my favorite password on that list It really opened my eye's.

I started using password managers and have used them ever since. But I didn't just do it on my own, it was not my idea. A hacker took down one of my website's. A group of hackers targeted my site and left an dancing gif with a link back to there website. I read up on what they had done. I learned how to add an .htaccess file with extra password protection and have not been hacked since. I started using a password manager after that and I love it.

I couldn't feel more strongly about a subject then I do about this one. Computer security starts with the user and requires vast amounts of education for a very large number of people. Working in the position I am in, it's incredible the amount of people who just don't have the knowledge to perform proper maintenance, data back up's, protect themselves from malware infections or apply the updates and patches for their operating system. I have always felt most people are more then capable of learning how to do it, but they just seam to procrastinate and avoid it. I am here to tell you, it takes allot of time to make a data backup. It takes allot of time to install security updates and patches. It costs money to keep your Anti Virus subscriptions up to date.

One of the most common issues I see today is people falling victim to the phishing and whaling scam's today. Three or four people per week come to me a say "I got a popup message that said I should call this Number". Sure, it's a clever costume, designed to look like it came from Microsoft, They call the number the tell the person on the other end of the phone everything, they allow remote access into their computer by a complete stranger. I have seen the messages myself and they do look good, Microsoft logo and all. My advise to everyone is don't call the number, call a professional.

If you see this one, or anything that asks you to phone a number, never do it! Bring your computer to Geek Squad or some other reputable computer repair place that you trust. Keep your computer updated and protected and if you don't know how, ask someone to help you, or pay a professional to do it for you.

The same analogy rings true though out this entire blog post, As security increases, convenience decreases. Terms new to me used in this year included, "Drive by download" The process that can occur when a computer user simply views a website. " Mobile Code " special code download and run on a computer to download other harmful code. Commonly found in those pesky ad's we see when we visit Facebook and YouTube.

People often ask me why their computer was infected when they never download anything and only use the computer for a few specific tasks. Technologies like these could explain why this still happens.

Stolen cookies is also an event that had not occurred to me. I was particularly interested to read about it. This seams like something that could be very bad and should be prevented at all costs. Most of the topic's discussed in this post are far beyond the understanding of the average computer user, but it's important to realize that they exist and need to be protected against.

The information we learned about in this year was complex and detailed and it's difficult to summarize. This really could be a separate class all in itself. The same analogy rings true though out this chapter and the entire coarse, As security increases, convenience decreases. "Drive by download" The process that can occur when a computer user simply views a website.
Click image for larger versionName:	fake-suspicious-activity-found-alert.jpgViews:	1Size:	22.2 KBID:	3011





People often ask me why their computer was infected when they never download anything and only use the computer for a few specific tasks. Technologies like these could explain why this still happens.

Stolen cookies is also an event that had not occurred to me. I was particularly interested to read about it. This seams like something that could be very bad and should be prevented at all costs. Most of the topic's discussed in this chapter are far beyond the understanding of the average computer user, but it's important to realize that they exist and need to be protected against.

War driving, Something of a hobby for some people, for others it is a way to earn extra cash. What is War Driving? you might be wondering. One or more people can get together in a car and drive around the neighborhood occasionally parking here or there, they are searching for exposed wifi networks. Networks with open access (no passwords) they are searching for networks with the default settings and default passwords and easy to guess passwords, such as last names and street addresses that can easily been found by looking at mail boxes.

Have I tried it myself? yes a few times, together with a groups of people we planned one evening to try it, in combination with a meeting at the community center in our neighborhood. With a list of members and addresses, before the meeting designed to educate fellow community members, we were able to access networks from 14 out of 32 members. When we gained access we sent a document to the members printer reminding them of the up coming meeting and warning them about the security hole in their protection.

The meeting was a huge success, we were able to educate community members about the proper wifi setup, and help protect them from un-authorized access to themselves and their networks. We did try to band together with several other community's around the area in an attempt to promote more education, however we were not successful as far as I know. It is rare that anyone would take such a proactive approach to this situation and we found out that our community was the exception.

There is little protection against "shoulder surfing". Just try to be aware of anyone with the correct angle to see over your shoulder or from the side what you are typing into a keypad writing down.

As I prepare myself for 2017, I believe that I can help someone, if they read this, they may at least realize something that had not occurred to them without it. I intend to try and write more idea's down here for everyone to benefit from or roll eye's at over the next year, your choice.