Jump to content


Cyber Security Awareness Month


  • Please log in to reply
32 replies to this topic

#1 OFFLINE   Corrine

Corrine

    The Mystical Rose

  • Forum Admins
  • 4,109 posts

Posted 03 October 2017 - 02:34 PM

October is National Cyber Security Awareness Month (NCSAM).  The 2017 Cyber Security Awareness Month marks the seventh anniversary of the campaign.  It is also European Cyber Security Awareness Month (ECSM) https://cybersecuritymonth.eu/ and in Canada, https://www.getcyber.../index-eng.aspx  

  Stop | Think | Connect

With that in mind, consider the following suggestions not only during Cyber Security Awareness month but every day:

Stop:  Before you click that formatted link in your email, search results or social media account, mouse over the link to ensure the URL matches the description.

Think:  Whether it is email, Facebook, Twitter, an online forum or other online media, instead of spouting off the first reply that comes to mind when you disagree, think before you click the send button.  Remember that your online reputation can follow you in "real life".

Connect:  When you connect to the Internet, ensure your device software as well as any apps or third-party software are up to date.

Each week, Malwarebytes Labs will

Quote

focus on a theme and provide helpful articles, useful tips, and valuable analysis so that you can increase awareness and spread the word. This week’s theme: simple steps to online safety.
The first:  National cybersecurity awareness month: simple steps to online safety | Malwarebytes Labs
Posted Image

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

#2 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 23,160 posts

Posted 03 October 2017 - 02:37 PM

And run Linux ;)

All kidding aside, nice tips.
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#3 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,253 posts

Posted 03 October 2017 - 03:02 PM

I wonder if Equifax is aware of this. :(

#4 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 23,160 posts

Posted 03 October 2017 - 04:30 PM

View PostV.T. Eric Layton, on 03 October 2017 - 03:02 PM, said:

I wonder if Equifax is aware of this. :(

They were aware and did nothing....
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#5 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,253 posts

Posted 03 October 2017 - 07:42 PM

Speaking of security, I just got an email from Yahoo explaining about their 1 billion hacked email accounts from 2016. :(

I wish more folks I know would sign up for Proton Mail. I also wish Proton Mail's IMAP services would get started.

#6 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 23,160 posts

Posted 03 October 2017 - 08:18 PM

View PostV.T. Eric Layton, on 03 October 2017 - 07:42 PM, said:

Speaking of security, I just got an email from Yahoo explaining about their 1 billion hacked email accounts from 2016. :(

I wish more folks I know would sign up for Proton Mail. I also wish Proton Mail's IMAP services would get started.

Agreed. I really should use it more than I do. I just wish they would let you export the keys as it's useless to anyone that doesn't use it.
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#7 ONLINE   Digerati

Digerati

    Post Master

  • Members
  • PipPipPipPip
  • 144 posts

Posted 04 October 2017 - 11:40 AM

View PostV.T. Eric Layton, on 03 October 2017 - 07:42 PM, said:

Speaking of security, I just got an email from Yahoo explaining about their 1 billion hacked email accounts from 2016. :(
Except it was not 1 billion but over 3 billion - that is EVERY single Yahoo account was hacked. :(  And that Russian hack was way back in 2013. Yahoo only decided to tell everyone in 2016. :angry2:  It is only now the real truth about the extent of the hack is coming out because Verizon took over Yahoo recently and in an effort to be transparent and forthcoming, uncovered and revealed the truth.

The worry is the bad guys know the answers to common security questions. This information, along with similar information from other hacks lets bad guys know all about you: mother's maiden name, first pet, favorite food, high school mascot, favorite book or movie and more.

Years ago, I started answering these questions with nonsense. Favorite movie? Pepperoni. Favorite book? 10011001. Grandfather's middle name? CoffeePot.

Different answers for every account. Yeah, it takes a little longer to set up accounts but oh well. It is just another added cost for freedom. Then I put the answers in my password safe.

If everyone did not change their Yahoo account passwords back in 2016, they sure should now. And make sure it is not the same as used anywhere else. Sadly, requesting the account be closed does not purge the account, your data, or your emails from every where.
Posted Image Bill (AFE7Ret)
Freedom is NOT Free!
Posted Image Windows and Devices for IT, 2007 - 2018

Heat is the bane of all electronics!

____________________________________________

#8 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 23,160 posts

Posted 04 October 2017 - 11:42 AM

Luckily I closed my yahoo account years ago as their spam filters were completely horrid.
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#9 OFFLINE   zlim

zlim

    It's me, plodr

  • Forum MVP
  • 7,046 posts

Posted 04 October 2017 - 11:48 AM

I've had a Yahoo account since 1999. I've changed the password so many times when there was any hint of trouble. My account has never been hacked because a) I chose NEVER to reuse passwords B) I store no passwords in the cloud where they could also get hacked and c) I change passwords when I hear rumblings of problems about any site.

There is one major thing I truly dislike about Yahoo. Since they bought Flickr, you are forced to use the same password in both places. I really don't think that's a good idea.
Liz
Registered Linux User # 401459
Posted Image

#10 ONLINE   Digerati

Digerati

    Post Master

  • Members
  • PipPipPipPip
  • 144 posts

Posted 04 October 2017 - 12:44 PM

Quote

My account has never been hacked...
That you know of. Your Yahoo account information surely was hacked, however.

I don't store passwords in the cloud either. In fact, I don't store anything in the cloud. I might put a photo or document up there temporarily for someone to see/get. But it does not stay there for long.
Posted Image Bill (AFE7Ret)
Freedom is NOT Free!
Posted Image Windows and Devices for IT, 2007 - 2018

Heat is the bane of all electronics!

____________________________________________

#11 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,253 posts

Posted 04 October 2017 - 01:18 PM

My Yahoo email account is one of my oldest (Hotmail is the oldest). I started it in 2000. I've never had any issues with Yahoo. I change my account passwords and such regularly.

#12 ONLINE   Digerati

Digerati

    Post Master

  • Members
  • PipPipPipPip
  • 144 posts

Posted 04 October 2017 - 02:11 PM

Quote

My account has never been hacked...

Quote

My Yahoo email account is one of my oldest (Hotmail is the oldest). I started it in 2000. I've never had any issues with Yahoo. I change my account passwords and such regularly.
Not the point. It is not about individual accounts being hacked, having issues, or being used by a bad guy. It is about the information used to create, access, modify, and authenticate account ownership being hacked that matters.

It is very likely you would not notice if your individual accounts were hacked.
Posted Image Bill (AFE7Ret)
Freedom is NOT Free!
Posted Image Windows and Devices for IT, 2007 - 2018

Heat is the bane of all electronics!

____________________________________________

#13 OFFLINE   zlim

zlim

    It's me, plodr

  • Forum MVP
  • 7,046 posts

Posted 04 October 2017 - 02:32 PM

Well I just read every Yahoo account was hacked in 2013. Wonderful.
Source: https://www.darkread...in-2013-breach/

So, if they got a password - that was quite a few passwords ago and wouldn't help them at Yahoo or any other site 4 years later.

No way can we fully protect ourselves from all the companies who do next to nothing in the way of protecting our information!

In Yahoo mail: You can go to Settings, Account Info and select Recent Activity. It shows you the browser used and the location. I also see dates of times going back to 2014 with password changes I made.

Nothing looked suspicious in terms of a browser or a strange location.

Edited by zlim, 04 October 2017 - 02:33 PM.

Liz
Registered Linux User # 401459
Posted Image

#14 OFFLINE   Corrine

Corrine

    The Mystical Rose

  • Forum Admins
  • 4,109 posts

Posted 04 October 2017 - 05:59 PM

It gets worse:  IRS awards multimillion-dollar fraud-prevention contract to Equifax - POLITICO.
Posted Image

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

#15 OFFLINE   Pete!

Pete!

    Message Mogul

  • Members
  • PipPipPipPipPip
  • 263 posts

Posted 04 October 2017 - 06:17 PM

View PostCorrine, on 04 October 2017 - 05:59 PM, said:

I wonder if that means the IRS will be sending my checks back, because Equifax can't verify that they came from the right person.

#16 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,253 posts

Posted 04 October 2017 - 06:27 PM

View PostDigerati, on 04 October 2017 - 02:11 PM, said:

It is about the information used to create, access, modify, and authenticate account ownership being hacked that matters.

They'll get no usable data from hacking my account at any email, forum, or other such site because since the very beginning of my internet odyssey, I've used an alias along with a wonderfully crafted alias profile. To tie that information to my REAL® identity would be somewhat difficult. Only a few very close friends on the Internet know my actual identity and I've rarely exposed my real identity to the Internet. Security by obscurity. It's not foolproof, but it's better than having my REAL® data and information floating around on thousands of servers around the world.

#17 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 23,160 posts

Posted 04 October 2017 - 06:48 PM

View PostCorrine, on 04 October 2017 - 05:59 PM, said:


That is insane!!!
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#18 ONLINE   Digerati

Digerati

    Post Master

  • Members
  • PipPipPipPip
  • 144 posts

Posted 05 October 2017 - 12:11 PM

We still have not heard if the hacked Equifax data was encrypted or not. You would think surely they encrypted it. But if so, why not say so?

Quote

They'll get no usable data from hacking my account at any email, forum, or other such site
That's good - but note they likely also got IP addresses and with that, someone might be able to glean physical locations too.

I think it would be wise to assume the bad guys know everything about us rather than believe we have outsmarted them. This is even more true if there are others living under the same roof.

I am reminded of what the military calls EEFI (pronounced "eefee") for "essential elements of friendly information". It is a part of OPSEC (operations security) and is a series of unclassified information that, when put together, reveals a classified mission or data.

Base supply gets an order for 7 cold weather parkas.
Base transportation gets an order for a shuttle bus to arrive at point A by 0330.
21 MREs (meal ready to eat) are ordered to be ready for pickup.
The armory orders 100lbs of munitions to replace what was checked out.

The Life Support shop is ordered to pack 7 parachutes.
Fuels are told to have a C-130 fueled by 0400.


Individually, those are common, unclassified events that mean little. Put together and you learn 7 people are leaving very early in the morning, likely to jump in to a cold climate area and planning to stay for up to 3 days. The more bits of unclassified information that is learned, the more details about the mission are determined.

Securing passwords is certainly important, but not very effective. With an email address and answers to common security questions, a bad guy can reset a password and change email addresses. That's one reason there is a push to do away with passwords completely. Using an alias is a great idea, but unless you use a different alias at every location, not sure that helps. And it only takes one very close friend to get his or her accounts hacked for your "real identity" ("contact") information to be exposed.

While I am confident my network and none of my computers have been compromised, I am assuming that is not the case with every one of my close friends and families who might have my real identity information stored on their computers.

In the case of Equifax, if you ever co-signed for a loan for one of your kids, your information may be compromised. If someone used you (with your real name, phone number, street address and relationship) as a reference, you might be (probably are) compromised. I fully believe no matter how careful an individual is and has been, that in no way ensures they have not or will not be compromised.
Posted Image Bill (AFE7Ret)
Freedom is NOT Free!
Posted Image Windows and Devices for IT, 2007 - 2018

Heat is the bane of all electronics!

____________________________________________

#19 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,253 posts

Posted 05 October 2017 - 02:53 PM

View PostDigerati, on 05 October 2017 - 12:11 PM, said:

That's good - but note they likely also got IP addresses and with that, someone might be able to glean physical locations too.

I think it would be wise to assume the bad guys know everything about us rather than believe we have outsmarted them. This is even more true if there are others living under the same roof.


Nope. I'm safe there, too. IPs are currently from all over the world; different on different days --> VPN in use. Prior to using the VPN my IP was nothing more than one of millions in Verizon's IP range. It was dynamic and changed daily.

I'm OK with other users in my household because there aren't any... unless, of course, my cats are logging in when I'm not around. You never know. ;)

#20 ONLINE   Digerati

Digerati

    Post Master

  • Members
  • PipPipPipPip
  • 144 posts

Posted 05 October 2017 - 03:07 PM

Well, that's good as far as Internet accounts go. Equifax is another issue all together.
Posted Image Bill (AFE7Ret)
Freedom is NOT Free!
Posted Image Windows and Devices for IT, 2007 - 2018

Heat is the bane of all electronics!

____________________________________________

#21 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum Admins
  • 21,253 posts

Posted 05 October 2017 - 03:12 PM

Ah, yes... Equifax has screwed us ALL. :(

#22 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 23,160 posts

Posted 05 October 2017 - 04:37 PM

View PostV.T. Eric Layton, on 05 October 2017 - 03:12 PM, said:

Ah, yes... Equifax has screwed us ALL. :(

And the ex-CEO got 18 million for doing so.

I wish I could fired and be given 18 million.... B)
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#23 ONLINE   Digerati

Digerati

    Post Master

  • Members
  • PipPipPipPip
  • 144 posts

Posted 05 October 2017 - 04:48 PM

$18 million? Not hardly. Try a $90 million golden parachute!
Posted Image Bill (AFE7Ret)
Freedom is NOT Free!
Posted Image Windows and Devices for IT, 2007 - 2018

Heat is the bane of all electronics!

____________________________________________

#24 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 23,160 posts

Posted 05 October 2017 - 05:34 PM

I was going by this: Equifax CEO walks away with $18 million after data breach affecting half the US occurs on his watch
Posted ImagePosted Image Posted Image
CNI Radio/G+ Profile/Configs/PGP Key/comhack π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#25 ONLINE   Digerati

Digerati

    Post Master

  • Members
  • PipPipPipPip
  • 144 posts

Posted 06 October 2017 - 12:11 PM

Yeah, I saw that but note that is just his "pension benefits". He also is getting all sorts of bonus and stock options and more.

Regardless, IMO, he had one job - protecting our information - and he failed miserably. He needs to be in jail.

And we now know, Hacked data wasn't encrypted. :bang: :rant: How irresponsible (and arrogant) can you get? There is just no excuse for that. Probably too late but the other credit bureaus better wake up and make sure their data is fully encrypted.
Posted Image Bill (AFE7Ret)
Freedom is NOT Free!
Posted Image Windows and Devices for IT, 2007 - 2018

Heat is the bane of all electronics!

____________________________________________




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users