Jump to content

Cyber Security Awareness Month


Corrine

Recommended Posts

October is National Cyber Security Awareness Month (NCSAM). The 2017 Cyber Security Awareness Month marks the seventh anniversary of the campaign. It is also European Cyber Security Awareness Month (ECSM) https://cybersecuritymonth.eu/ and in Canada, https://www.getcyber.../index-eng.aspx

 

Stop | Think | Connect

 

With that in mind, consider the following suggestions not only during Cyber Security Awareness month but every day:

 

Stop: Before you click that formatted link in your email, search results or social media account, mouse over the link to ensure the URL matches the description.

 

Think: Whether it is email, Facebook, Twitter, an online forum or other online media, instead of spouting off the first reply that comes to mind when you disagree, think before you click the send button. Remember that your online reputation can follow you in "real life".

 

Connect: When you connect to the Internet, ensure your device software as well as any apps or third-party software are up to date.

 

Each week, Malwarebytes Labs will

focus on a theme and provide helpful articles, useful tips, and valuable analysis so that you can increase awareness and spread the word. This week’s theme: simple steps to online safety.

The first: National cybersecurity awareness month: simple steps to online safety | Malwarebytes Labs

  • Like 3
Link to comment
Share on other sites

V.T. Eric Layton

Speaking of security, I just got an email from Yahoo explaining about their 1 billion hacked email accounts from 2016. :(

 

I wish more folks I know would sign up for Proton Mail. I also wish Proton Mail's IMAP services would get started.

Link to comment
Share on other sites

securitybreach

Speaking of security, I just got an email from Yahoo explaining about their 1 billion hacked email accounts from 2016. :(

 

I wish more folks I know would sign up for Proton Mail. I also wish Proton Mail's IMAP services would get started.

 

Agreed. I really should use it more than I do. I just wish they would let you export the keys as it's useless to anyone that doesn't use it.

Link to comment
Share on other sites

Speaking of security, I just got an email from Yahoo explaining about their 1 billion hacked email accounts from 2016. :(

Except it was not 1 billion but over 3 billion - that is EVERY single Yahoo account was hacked. :( And that Russian hack was way back in 2013. Yahoo only decided to tell everyone in 2016. :angry2: It is only now the real truth about the extent of the hack is coming out because Verizon took over Yahoo recently and in an effort to be transparent and forthcoming, uncovered and revealed the truth.

 

The worry is the bad guys know the answers to common security questions. This information, along with similar information from other hacks lets bad guys know all about you: mother's maiden name, first pet, favorite food, high school mascot, favorite book or movie and more.

 

Years ago, I started answering these questions with nonsense. Favorite movie? Pepperoni. Favorite book? 10011001. Grandfather's middle name? CoffeePot.

 

Different answers for every account. Yeah, it takes a little longer to set up accounts but oh well. It is just another added cost for freedom. Then I put the answers in my password safe.

 

If everyone did not change their Yahoo account passwords back in 2016, they sure should now. And make sure it is not the same as used anywhere else. Sadly, requesting the account be closed does not purge the account, your data, or your emails from every where.

  • Like 1
Link to comment
Share on other sites

I've had a Yahoo account since 1999. I've changed the password so many times when there was any hint of trouble. My account has never been hacked because a) I chose NEVER to reuse passwords B) I store no passwords in the cloud where they could also get hacked and c) I change passwords when I hear rumblings of problems about any site.

 

There is one major thing I truly dislike about Yahoo. Since they bought Flickr, you are forced to use the same password in both places. I really don't think that's a good idea.

Link to comment
Share on other sites

My account has never been hacked...
That you know of. Your Yahoo account information surely was hacked, however.

 

I don't store passwords in the cloud either. In fact, I don't store anything in the cloud. I might put a photo or document up there temporarily for someone to see/get. But it does not stay there for long.

Link to comment
Share on other sites

V.T. Eric Layton

My Yahoo email account is one of my oldest (Hotmail is the oldest). I started it in 2000. I've never had any issues with Yahoo. I change my account passwords and such regularly.

Link to comment
Share on other sites

My account has never been hacked...
My Yahoo email account is one of my oldest (Hotmail is the oldest). I started it in 2000. I've never had any issues with Yahoo. I change my account passwords and such regularly.
Not the point. It is not about individual accounts being hacked, having issues, or being used by a bad guy. It is about the information used to create, access, modify, and authenticate account ownership being hacked that matters.

 

It is very likely you would not notice if your individual accounts were hacked.

Link to comment
Share on other sites

Well I just read every Yahoo account was hacked in 2013. Wonderful.

Source: https://www.darkread...in-2013-breach/

 

So, if they got a password - that was quite a few passwords ago and wouldn't help them at Yahoo or any other site 4 years later.

 

No way can we fully protect ourselves from all the companies who do next to nothing in the way of protecting our information!

 

In Yahoo mail: You can go to Settings, Account Info and select Recent Activity. It shows you the browser used and the location. I also see dates of times going back to 2014 with password changes I made.

 

Nothing looked suspicious in terms of a browser or a strange location.

Edited by zlim
  • Like 1
Link to comment
Share on other sites

V.T. Eric Layton

It is about the information used to create, access, modify, and authenticate account ownership being hacked that matters.

 

They'll get no usable data from hacking my account at any email, forum, or other such site because since the very beginning of my internet odyssey, I've used an alias along with a wonderfully crafted alias profile. To tie that information to my REAL® identity would be somewhat difficult. Only a few very close friends on the Internet know my actual identity and I've rarely exposed my real identity to the Internet. Security by obscurity. It's not foolproof, but it's better than having my REAL® data and information floating around on thousands of servers around the world.

Link to comment
Share on other sites

We still have not heard if the hacked Equifax data was encrypted or not. You would think surely they encrypted it. But if so, why not say so?

 

They'll get no usable data from hacking my account at any email, forum, or other such site
That's good - but note they likely also got IP addresses and with that, someone might be able to glean physical locations too.

 

I think it would be wise to assume the bad guys know everything about us rather than believe we have outsmarted them. This is even more true if there are others living under the same roof.

 

I am reminded of what the military calls EEFI (pronounced "eefee") for "essential elements of friendly information". It is a part of OPSEC (operations security) and is a series of unclassified information that, when put together, reveals a classified mission or data.

 

Base supply gets an order for 7 cold weather parkas.

Base transportation gets an order for a shuttle bus to arrive at point A by 0330.

21 MREs (meal ready to eat) are ordered to be ready for pickup.

The armory orders 100lbs of munitions to replace what was checked out.

The Life Support shop is ordered to pack 7 parachutes.

Fuels are told to have a C-130 fueled by 0400.

 

Individually, those are common, unclassified events that mean little. Put together and you learn 7 people are leaving very early in the morning, likely to jump in to a cold climate area and planning to stay for up to 3 days. The more bits of unclassified information that is learned, the more details about the mission are determined.

 

Securing passwords is certainly important, but not very effective. With an email address and answers to common security questions, a bad guy can reset a password and change email addresses. That's one reason there is a push to do away with passwords completely. Using an alias is a great idea, but unless you use a different alias at every location, not sure that helps. And it only takes one very close friend to get his or her accounts hacked for your "real identity" ("contact") information to be exposed.

 

While I am confident my network and none of my computers have been compromised, I am assuming that is not the case with every one of my close friends and families who might have my real identity information stored on their computers.

 

In the case of Equifax, if you ever co-signed for a loan for one of your kids, your information may be compromised. If someone used you (with your real name, phone number, street address and relationship) as a reference, you might be (probably are) compromised. I fully believe no matter how careful an individual is and has been, that in no way ensures they have not or will not be compromised.

  • Like 2
Link to comment
Share on other sites

V.T. Eric Layton

That's good - but note they likely also got IP addresses and with that, someone might be able to glean physical locations too.

 

I think it would be wise to assume the bad guys know everything about us rather than believe we have outsmarted them. This is even more true if there are others living under the same roof.

 

 

Nope. I'm safe there, too. IPs are currently from all over the world; different on different days --> VPN in use. Prior to using the VPN my IP was nothing more than one of millions in Verizon's IP range. It was dynamic and changed daily.

 

I'm OK with other users in my household because there aren't any... unless, of course, my cats are logging in when I'm not around. You never know. ;)

  • Like 1
Link to comment
Share on other sites

securitybreach

Ah, yes... Equifax has screwed us ALL. :(

 

And the ex-CEO got 18 million for doing so.

 

I wish I could fired and be given 18 million.... B)

  • Like 1
Link to comment
Share on other sites

Yeah, I saw that but note that is just his "pension benefits". He also is getting all sorts of bonus and stock options and more.

 

Regardless, IMO, he had one job - protecting our information - and he failed miserably. He needs to be in jail.

 

And we now know, Hacked data wasn't encrypted. :bang: :rant: How irresponsible (and arrogant) can you get? There is just no excuse for that. Probably too late but the other credit bureaus better wake up and make sure their data is fully encrypted.

Link to comment
Share on other sites

WPA-2 gets hacked.
It is important to note WPA2 did NOT get hacked. Rather a vulnerability (that's been there all along) was recently discovered. There is no evidence the vulnerability has been exploited - yet.
  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...