Norm W.

anyone Can Access All of Your Online Accounts at a wi-fi hotspot using this Free Program

I’m sitting here in Starbucks right now playing around with something called firesheep.  Some of you may have heard of it as it’s been in the web news a lot in the last few days.

Let me give you a bit of background on what exactly firesheep is.

Firesheep is a Firerfox add-in that demonstrates just exactly how insecure those ‘secure’ sites are.  The sites I’m talking about are:

Amazon.com, Basecamp, bit.ly, Cisco, CNET, Dropbox, Enom, Evernote, Facbook, Flickr, foursquare, GitHub, Google, Gowalla, Hacker News, Harvest, Windows Live, New York Times, Pivotal Tracker, ToorCon: San Diego, Slicehost SliceManager, tumblr.com, Twitter, WordPress, Yahoo and Yelp

What it does is monitor the wi-fi network and grab any of the cookies that are posted to those sites as people are logging in and authenticating to the sites with their accounts. The initial login may be encrypted, but the ensuing cookie used by the sites to keep a track of the sessions aren’t.

Click Here to Keep Reading – INFORMATION SECURITY: Sidejacking Wi-Fi Hotspots – How a Hacker Can Access All of Your Online Accounts With a Free Program >>>

{ 30 comments }

Ensure that you are on the right end of the e-crosshairs

You log into your favorite social network this morning and see a few requests from people you don’t know.  They look interesting and seem pretty cool, and hey, they’re friends with so and so, so why not.

Guess what, you’ve just been had – You may have just cost someone their life, or the lives of friends and/or family – What’s that you say? I’m being paranoid?

Well, it’s not paranoia if it’s true and just because you may be paranoid doesn’t mean they’re not out to get you.

If you think that I’m a whack-job, you can stop reading right here.  If not, or if you’re unsure, keep reading and I’ll explain to you WHY I’m not a complete nut job that’s drank too much coffee.

If you were going to break in (electronically) to Microsoft or IBM, or Oracle, or Apple, why would you go directly to the company to do it?  You wouldn’t because unless you’ve got one HELL of a background in hacking, you’re not going to get in unless it’s a fluke.

What you’re going to do is start small.  You’ll first find out who all they do business with. Do they do business with a temp agency? If so, they may have some sort of tie in with their network.

Hmmm, let’s look at this, how secure is the temp agency?  Well, they follow the same security rules as Microsoft does; actually, they’re forced to in order to have hooks into Microsoft.

Ok, let’s look who the temp agency does business with: Pitney Bowes, nope, probably just as secure, how about this little mom and pop shop they do business with.  Oh, and look, they have a link into the temp agencies network.  Ok, now we’re getting somewhere.

Click Here to Keep Reading – INFO SECURITY: Why YOU are a Target >>>

{ 23 comments }

Just like a computer or your email a car can be hacked

Back in the beginning of June, Fox News did a piece on 10 items that almost everyone own that are becoming new targets of attack by hackers.

I’m going to give my own personal thoughts on each of these items however I’m going to do it over several articles.

The first article I’m going to do is Your car.

I’m going to extend this to all portions of the vehicle and electronics included within the vehicle such as the computer terminal (for LEO, FF, EMS and some military vehicles), the GPS system which is now integrated in many vehicles, and the onboard mapping system.

This actually takes my list down as it’s combining several of the items on the original list.

Many vehicles out there are now coming stock with on board mapping software, GPS systems, etc as well as bluetooth, cellular, hands free, On-Star and a myriad of other computer oriented on board systems.  It has been proven that blue tooth is easy to hack providing almost no security whatsoever.

It’s easy to ‘blue snarf’ a vehicle and listen in to anything being said, phone conversations, map directions, confidential conversations, etc.  This is why some government agencies are disallowing blue-tooth as part of anything but a mouse connection these days, and even that can open up a hole for someone to connect and grab data.

Click Here to Keep Reading Don’t Have a Computer? You’re Still Hackable! >>>

{ 9 comments }

In today’s online connected world, there is a HIGH requirement for one to keep a user id and password for just about everything.

Back in the day, you were lucky to have to remember one or two user id’s and passwords.

Currently I’ve got at least 60-70 user id’s and passwords to remember between personal and work (and I’m sure I’m being conservative on the number there).

There’s a few different ways you can do this.  You can;

•    Use the same user id and password
•    Use the same user id and different password
•    Use the same password and different user id
•    Use different user id’s and passwords
•    Use easy user id’s and passwords
•    Use complex user id’s and passwords

Let’s take a look at a few of these.

Click Here to Keep Reading Password Complexity – How to Keep Your Crap Safe >>>

{ 9 comments }

So you’ve got a hard drive, USB drive, etc and you don’t use it anymore and want to either give it to a friend, donate it to a school, etc, or just plain old ditch it.

Well, normally, you’d just either do a format, or hammer it into pieces.  With both options, you run the risk of opening yourself up and letting whomever is interested in gaining your information off of the drive you either ‘formatted’ or ‘destroyed’.  As a matter of fact, there was a case several years ago with the state of Pennsylvania.

They ‘donated’ computers to a school.  Wonderful idea, great way to save on spending, right?  Wrong.  Yes, they did save money for the school system, but a reporter got a hold of one of the hard drives and ended up recovering an untold amount of data off of the ‘wiped’ drive.

The only sure fire way to destroy data on a drive is to melt it down.  Just destroying the device into pieces won’t do unless you use a special shredder and end up turning it into dust.  Even broken into pieces, a DVD/CD can be recovered (at least parts of it anyhow).

Software such as EnCase will allow you to recover data on an amazing amount of destroyed data and I have both seen and heard of cases where criminals had thought they had ‘destroyed’ the hard drive by smashing it with a hammer, but ended up only pissing the investigators off and working harder to find something.

Click Here to Keep Reading Nuking your Data >>>

{ 15 comments }

Google is wonderful.  They allow you to have access to a myriad of free things that make your life simpler.  It makes it easy to share data to your contacts, set up appointments, chat with them online, get the daily news, make money with adds, purchase items through web sites, and a metric crap ton of other things.

But, did you know that Google will track you like a malicious stalker?

Oh yes, it does.

Let’s take a look at what all it does and tracks…

Click Here to Keep Reading Google’ing your way into trouble >>>

{ 13 comments }

Be wary of using your cell phone for anything but casual conversation

Who reading this article has a cell phone.  I’d probably be pretty close in saying that at least 95-98% of the people reading this article have a cell phone of some sort. It may not be a smart phone (iPhone, blackberry, ms mobile, etc), but I’m willing to lay money that you’ve got one.

These are one of the most destructive pieces of personal privacy ever invented.

How you ask? – Well, let’s take a look.

There are applications out on the public market (and ones in the government sector that we’re not going into) that can track you, listen to your phone calls, read your e-mail and text messages, get your calendar items and MUCH more.  it can even turn on your video camera and take photos through your phones camera.

Any and all of these items can be done without your knowledge and/or consent. Spyware can be installed either through a text message, e-mail, physical or remote connection to the phone via Bluetooth, wireless or Wi-Fi. Some services online will allow tracking of someone based on their phone number and what cell towers they are connecting to.

Click Here to Read More About Cell Phone Security >>>

{ 27 comments }

My self-worth is based on how many FB farm friends I have

When you sign up for Facebook, they tend to want you to fill in as much information about yourself as possible.  They will then take that information and make it available basically to anyone who wants it.

There are 2 ways around letting Facebook just give your information away.

•    Don’t sign up for FB
•    Control your account

The first way is obviously the easiest and best, but then how would you be able to stay in touch with all of those high school plebes that used to pick on you and now want to be your friends?

After you set up your FB account, you’ll want to head on over to the account section.

Once there, you will have a number of options to choose from as far as privacy is concerned.  Someone did a chart of all of the privacy options and I am presenting it here for your review.  It was published by The New York Times and it’s a pretty decent representation of their privacy issues.  It also includes some eye opening statistics on their policy.

Click Here to Continue Reading Facebook Privacy 101 >>>

{ 23 comments }

Hi, This Is Bob From HD

To help demonstrate what exactly Social Engineering is, let me play out a scenario for you…

Mr Jones works for a large corporation.  He’s not very tech savvy and out of the blue one day, he gets a phone call.

‘Mr Jones’
Hello, Mr Jones, Acquisitions…

‘Helpdesk Bob’
Hey, Mr Jones, it’s Bob from the Help Desk. We’re having an issue with your account, it seems as though someone’s been calling down trying to get your password changed. We need to verify that you are the one who wants to change it. Have you tried calling us to change it?

‘Mr Jones’
Hey Bob, no, it’s not me; I’m in my account fine right now. They were trying to get my password changed?

‘Helpdesk Bob’
Yeah, they had your company ID and everything. At least I think it was your company ID.

‘Mr Jones’
Well, here, let me verify my ID for you.  It’s 1234567.

‘HDB’
Yup, that’s what we have; I wonder how they got that.

Click Here to Keep Reading Social Engineering 101 >>>

{ 23 comments }