Archive

Archive for the ‘Cyber Security’ Category

Social Engineered/Tricked by a Six Year Old.

November 6, 2016 Leave a comment

Originally, I posted this on Facebook  10/30/2016 as a note, but thought it would have a home here too.

My iPhone was hacked last night, it wasn’t by the Russians, the Jester, or Feds, but Charlotte. She used a technique called social engineering. Here is the story.
Recently, I put a password on the iPhone and this bothers Charlotte when she wants to play Flappy Bird. I know she has been watching me put the password in. Earlier in the day, she figured out after weeks of watching me. So, I gave her the phone and told her “prove it.” She entered the correct password and got access. So, I changed the password and told her so. Fast forward to the evening.

Charlotte and I are watching the Cubs game. She casually asked if “Trick-or-Treating time was from 4 pm to 10 pm?”. I said “No that seems early, let me check my phone.” I reach for the phone and type the in the password, proceed to ineffectively search for the information. I tell respond to her that I believe the times are “6 pm to 8 pm, like it had been in the past.”

Thinking about it, I ask her, “You weren’t interested in Trick-or-Treat times, were you? You just wanted to watch as I put the password into the phone?” She responded honestly. She was correct in reciting the password back to me.

A few things were happening here. First, she knew I would reach for the phone to find the information. I always do this, recent searches include: “Alec Guinness,” “Parkour,” “Duvet,” and “Napoleon Dynamite.” She knew my tendency or habit to just go online and search. Second, she knew the previous password wasn’t too sophisticated, because she was able to learn it over time. Like many of the passwords we use, it wasn’t for the record the it was “111222.” A better password might have been “121212” or “238391” or at least something a little tricky. Easy passwords to remember are often easy ones to crack.

Free Cyber Security Short Course

Lately, I have found myself very interested in cyber security. Looking for resources, I discovered Heimdal Security’s Cyber Security Course for Beginners.

Every couple of days they send a new lesson (more like a highly informative email) on a cyber security topic. The topics range from basic vocabulary to selecting a AV software.

Although not the most technical or advanced introduction to the topic, seems to provide a nice introduction for non-techs interested in the topic. It would be just about perfect for your grandma.

Normally when I agree (reluctantly) to have things sent to my email, I am disappointed. Usually it is “spammy crapola” of little value. The experience ends with me unsubscribing. This has been different, I have enjoyed getting the email lessons every two days.

Disclosures: Heimdal Security does sell products. The email lessons have not pitched their products, but have offered a variety of security solutions and tools — many of them free and available online. In 7 lessons there has been only 1 or 2 links to their products. So, nothing to spammy and sleazy! Just good information.

 

Cyber security Predictions via Inc.

December 19, 2015 Leave a comment

Too titillating not to post, this article  from Inc. came across my Facebook feed. I found the predictions interesting and scary. I think infrastructure hacking is going to become a “thing” in 2016.