Week of February 7, 2005
Last posting
Xmas resolutions and lots of tips
Beware of emails from relatives seeking accident money
General word to the wise
Cyber scamsters are getting better at dreaming up innovative ways to take our money. The only real advise to be given is: "watch your back". It's ugly out there. If you have a tendency to be the nice, trusting type- your days of solvency are numbered.
Read every e-mail you receive (at home and work) as if Bin Laden might have sent it. Study the 'subject' line for hints that it is not what it seems to be. Ask friends and colleagues not to send you email with oblique- 'could be from anyone' subject lines. Use a personal code where you can. Just don't click on every old thing that flashes past your eyeballs. And never open unknown attachments - if in any doubt - hit delete.
The worst that can happen is that if it was legitimate, it will be sent again.
If chastised for deleting an email from the CEO demanding your immediate attention- assume your most ethically conscious and innocent face and point to the acceptable use policy/email policy, and numerous threatening emails from IT (saying not to open attachments). Sob to HR about the inequity of the situation, etc.
Almost certainly it will be the CEO who has breached protocol by sending dodgy looking attachments to security conscious staff...
Harry Potter scam
It appears,as if we didn't know, that nothing is sacred.
Even Harry Potter fans are being targeted in the latest phishing scam. The author J.K.Rowling, and one time welfare mother, has warned fans desperate to get their paws on her latest tome - officially out on July 16 - that her lawyers have closed down a fraudulent Web site that purported to sell the latest Potter book in e- form.
It was really a phishing scam to deprive wannabe Wizards of their credit card numbers and other personal data- to later fleece them. A most unhappy outcome.
When in doubt- remember- Rowling has not granted any rights - to anyone- to release e-versions of her books. You have to buy the enormous great real McCoy (I fear for the backs of the world's kids) paper version.
Read the story
Paedophiles target kids blogs
Not strictly security, but sufficiently nasty to warrant a mention.
Many kids, sometimes unbeknownst to parents, have a blog. A way to express themselves, develop their writing skills, post holiday photos - and generally showcase their lives with family and friends.
All good wholesome fun, one might reasonably assume. Indeed, so it ought to be - in a perfect world. On another planet.
The intimate, but seemingly harmless details the kids supply about their lives in these innocent postings reveals enough about them, their hobbies, lifestyle and friends, to enable the bad guys target them (what the cops call 'grooming') to establish and build a friendship (often posing as a teen, or merely exploiting their curiousity about the opposite sex) - with the ultimate aim of luring them into a face to face meeting.
Read a scary story about what can happen.
So talk to them- explain why a blog isn't such a good idea, and just get used to the idea that you will be considered the uncoolest, most uptight guy or gal for some time to come.
Better that than the alternative.
Read the story
In addition- a macabre twist- depressed teens in France acted out a suicide pact developed in on line blogs and jumped off the cliffs at Calais. There are tools available (even keying in your child's name into google to see what comes back is useful - with any nickname he/she may have- ask her pals, keep your ears open; use a keylogger on her computer) to track blogs and ensure your child is not publishing a 'cry for help' on line.
Wily kid spies on teacher
Be aware that numerous cases exist of kids breaking (in cyberspace) into school records to meddle with psychology reports and to bully class mates; changing school grades, using wireless to get answers to exam questions in classroom, etc.
The latest twist is a student in Houston, Texas, installing a keylogger on a teachers's PC to steal exams to sell to other students. Police took him away.
Not the kind of entrepreneurial spirit you want to see develop at such a young age. This type of case shows though why monitoring your kids on line can be challenging.
A kid such, as this teenager, will be wily enough to search for Daddy installed keyloggers. You may need to up your game and buy a keyboard logger - unless he takes the keyboard apart, he won't (easily) spot that one.
Call to Action
To all you frustrated, under appreciated security programmers and developers out there in your Dogbert infested pens, now is your chance to do something noble for mankind.
Send us your ideas for Tip of the Week and we will publish the best. It must be in language that your granny would understand and be able to follow. Assuming your granny is not an MIT graduate. |
 |
 |
We are trying to build a body of knowledge that helps the average user, as well as more sophisticated folk
who already have wads of techno babble infested sites to turn to.
We believe the average user gets little help from anyone, and we sorely need his or her co-operation to
secure cyberspace. The vendors try to communicate with them, but don’t seem to comprehend how truly
mystified the well- educated (non lunk headed) user really is. They make a lot of ill judged assumptions
about what people know, and as a result the message falls flat.
Bill Gates supposedly once said ‘ we don’t talk to end users’.
Needless to say, that far sighted strategic insight has long died a death and Microsoft are positively
falling over themselves to get down and dirty with the common man, or woman, as the case may be.
So keep it simple. An ABC of ‘what to do, how to do it, or what to look out for’ is particularly useful.
Remember- you may not be appreciated in your pen, but you can be in cyberspace.
|
