I don’t talk a lot about what I do but my About Me section of this site I mention that I am a Certified Information Systems Security Professional, Certified Information Systems Auditor, and Offensive Security Certified Professional. You can infer from that what you will but lets say security is an important part of my life. Security makes my wife crazy but it makes me comfortable. For the most part people are annoyed when they are “required” to change their password or use an RSA token to logon from home. These are just a few of the things corporations due to protect their intellectual property and businesses from compromise and theft. Very few people actually take these principals and apply them to their home life which is a problem in America which not enough people are working to resolve. Those same principals which your employer uses to protect their sensitive information can be used to help you protect your identity and prevent identity theft and fraud.
Shredding your documents
Seriously this should be the first thing you do with every credit card offer you ever get, shred it. Don’t throw it away, just shred it and then recycle it. People really do dig through garbage and find stuff. You may think they don’t do crazy stuff like that, but they really do. A good hacker, or even an ok one, is going to scope out their target and dig through their garbage. If for no other reason you can learn what the person does, what they like, and what groups they belong to. If you are throwing out gardening books and magazines then I can infer that you like to garden and I can then use that as an “IN” when conducting a social engineering attack against you. I can use that information to convince you that I am also a gardening aficionado and get additional facts about your life and you that could allow me to further assume your identity.
This is my biggest pet peeve, DO NOT be that guy in the neighborhood with the wide open wireless access point sitting in your living room serving out your internet connection to the entire world. You might think to yourself nothing bad could happen, or even better, “who would want anything I have.” These are just crazy thoughts. People are constantly looking for easy access to the internet to perform nefarious acts. So while your wide open internet may not cost you anything, there is a good chance it could be costing someone else everything and when that happens the FBI will be knocking on your door. If your are thinking about leaving your wireless unsecured think about how you would explain to the FBI why your computer just hacked that DOE database while you were at work. Along those same lines WEP encryption is the same as leaving your network open so either go with WPA or go with nothing. If I can get access to your WEP secured network in less than an hour you had better be certain someone else can do it a crap ton quicker.
We live in a networked world where everything we do requires us to have an id and a password to get it done. It covers both our personal and our professional lives to a point where event the brightest minds in the world can’t keep up with every password they have. This typically results in people using the same password for every account they possess. This works from the users standpoint but it also means that a single compromise of only one account password could result in the collapse of all of your financial accounts. Passwords are the simplest form of authentication and you shouldn’t take them lightly because hackers still look at these as the low hanging fruit. Each of your online accounts should have a separate password associated with it and each password should be complex and not consist of easily guessable words or phrases. If your childs name is Ethan and he was born in 2003 then the your password should not be Ethan2003. If you think I won’t know that about you then you had better have been doing a damn good job at the first tip I gave. Vary your passwords and use uppercase, lowercase, symbols, and numbers in your password. There are plenty of ways you can come up with complex passwords and if you have a hard time keeping track you can use a program like KeePass to keep track of them.
This is my biggest vice and could at some point be a downfall. The Internet is like the wild west of the old days, the rules are constantly changing and the sherriff is mostly drunk. We, as bloggers, provide a giant amount of information about ourselves to the world for scrutiny. The information you post on sites like facebook, myspace, twitter, blogs, and other social media can provide an exorbitant amount of information which hackers and identity thieves can use to build a social profile of you that makes social engineering attempts seem much more plausible. If you can gather enough information about a person and their likes, dislikes, and life you can use that information to further convince them that what you are doing is a genuine endeavor.
Photo: (Anonymous Collective)