I don’t talk a lot about what I do but my About Me section of this site I mention that I am a Certified Information Systems Security Professional, Certified Information Systems Auditor, and Offensive Security Certified Professional. You can infer from that what you will but lets say security is an important part of my life. Security makes my wife crazy but it makes me comfortable. For the most part people are annoyed when they are “required” to change their password or use an RSA token to logon from home. These are just a few of the things corporations due to protect their intellectual property and businesses from compromise and theft. Very few people actually take these principals and apply them to their home life which is a problem in America which not enough people are working to resolve. Those same principals which your employer uses to protect their sensitive information can be used to help you protect your identity and prevent identity theft and fraud.
Shredding your documents
Seriously this should be the first thing you do with every credit card offer you ever get, shred it. Don’t throw it away, just shred it and then recycle it. People really do dig through garbage and find stuff. You may think they don’t do crazy stuff like that, but they really do. A good hacker, or even an ok one, is going to scope out their target and dig through their garbage. If for no other reason you can learn what the person does, what they like, and what groups they belong to. If you are throwing out gardening books and magazines then I can infer that you like to garden and I can then use that as an “IN” when conducting a social engineering attack against you. I can use that information to convince you that I am also a gardening aficionado and get additional facts about your life and you that could allow me to further assume your identity.
Wireless Access
This is my biggest pet peeve, DO NOT be that guy in the neighborhood with the wide open wireless access point sitting in your living room serving out your internet connection to the entire world. You might think to yourself nothing bad could happen, or even better, “who would want anything I have.” These are just crazy thoughts. People are constantly looking for easy access to the internet to perform nefarious acts. So while your wide open internet may not cost you anything, there is a good chance it could be costing someone else everything and when that happens the FBI will be knocking on your door. If your are thinking about leaving your wireless unsecured think about how you would explain to the FBI why your computer just hacked that DOE database while you were at work. Along those same lines WEP encryption is the same as leaving your network open so either go with WPA or go with nothing. If I can get access to your WEP secured network in less than an hour you had better be certain someone else can do it a crap ton quicker.
Password Management
We live in a networked world where everything we do requires us to have an id and a password to get it done. It covers both our personal and our professional lives to a point where event the brightest minds in the world can’t keep up with every password they have. This typically results in people using the same password for every account they possess. This works from the users standpoint but it also means that a single compromise of only one account password could result in the collapse of all of your financial accounts. Passwords are the simplest form of authentication and you shouldn’t take them lightly because hackers still look at these as the low hanging fruit. Each of your online accounts should have a separate password associated with it and each password should be complex and not consist of easily guessable words or phrases. If your childs name is Ethan and he was born in 2003 then the your password should not be Ethan2003. If you think I won’t know that about you then you had better have been doing a damn good job at the first tip I gave. Vary your passwords and use uppercase, lowercase, symbols, and numbers in your password. There are plenty of ways you can come up with complex passwords and if you have a hard time keeping track you can use a program like KeePass to keep track of them.
The Internet
This is my biggest vice and could at some point be a downfall. The Internet is like the wild west of the old days, the rules are constantly changing and the sherriff is mostly drunk. We, as bloggers, provide a giant amount of information about ourselves to the world for scrutiny. The information you post on sites like facebook, myspace, twitter, blogs, and other social media can provide an exorbitant amount of information which hackers and identity thieves can use to build a social profile of you that makes social engineering attempts seem much more plausible. If you can gather enough information about a person and their likes, dislikes, and life you can use that information to further convince them that what you are doing is a genuine endeavor.
Photo: (Anonymous Collective)
{ 3 comments }
Wow, great article….. I care about security too, so it looks like I can come bug you with my questions:) I worry about the rise and integration of social media and other online apps, etc. like Facebook – younger ppl probably don’t because they think “who cares, I’m not doing anything wrong” – but that’s not the point…. Anyways, your post is motivating me to fix up my passwords again, thanks:)
If your kid’s name is Ethan and he was born in 2003, you also should never mention that on the internet. (I know this is only an example you are using.) Sometimes it shocks me how much people blab the name of their kids online. It’s not that hard to target someone when they put all their information out there in a news feature or blog. It’s scary and parents ought be way more circumspect.
Second, I’m sick of social networking applications that want to troll your addressbook and get all your friends to join. I show my friendship by avoiding blanket options to invite everyone I know. I am extremely selective about which networking websites I use and I’m so glad I was too old for Facebook when it started, otherwise I might have made a horrible mistake by joining it. They don’t give a damn about their customers’ concerns for privacy or information control.
Heck, I should be checking your blog’s email harvesting policy right now! LOL
One unintended issue that companies/corporations never consider when having stupid password requirements, though, is that it could increase the risk of security breaches.
When my company started making people change passwords every 60 days (without the ability to go back to an already used password until 6 months later), I noticed a substantial increase in peoples passwords written down in plain sight.
How’s that for security? Ethan2003 is better than 3ifh@Ff2!sd if the latter is written down for the whole world to see.
Just some food for thought!
Comments on this entry are closed.