A few tips for novices

I was speaking the other day to a non-IT friend who has now got the message – be careful…but he’s not sure where to be careful!

He was worried about people hacking into his home wifi network and was therefore turning it off when he wasn’t using it.  I would never tell people ‘don’t do that’ but it would drive me crazy.  It did make me think…what’s a few easy tips to help people understand risks

  1. Public wifi is always risky
    • It is easy for someone to sit with their PC and ‘sniff’ out various passwords
    • But a small local coffee shop, where a non local is obvious, is much safer than airports.  Airports wifi is always high risk – a dodgy person could sit for hours without raising any suspicions.
    • The hacker also wants big volume – the local coffee shop won’t have anywhere near as many people logon as the airport lounge
  2. Web browsers are riskier than an app
    • This is a broad generalisation  – but it is easy to mistype a bank’s web address.  You know the sort of thing, you type HBSC.com instead of HSBC.com and the bad guys are ready for you and your fat fingers.
    • The bank app – is generally going to send you to the right place!!
  3. The mobile network is generally safer than wifi
    • Its a bit harder to hack the mobile network

So here are the tips

  • Don’t use airport wifi
  • Use apps rather than web 
  • Use mobile network rather than wifi

But remember there are no guarantees in this world, these tips are about reducing the risk – not guaranteeing safety

Advertisements

Domino’s data breach

It seems like almost every week, another major corporate reports that they have been compromised.  In many cases it is a third party or outsource partner – but the consumer doesn’t care.  Their confidential data has been exposed.

In this case it seems fairly innocuous, simply email addresses and suburb – but it is just another step in building a profile of people.  It makes it easier to get through the spam filters, it makes the next step easier!!

If you are a Domino customer- be extra ready for odd things in your inbox

US Navy ships hacked – Surely not?

There has recently been two widely publicised collisions between US Navy vessels and cargo vessels.  I have zero naval knowledge but it seems hard to believe that this can happen with vessels that I understood to be very sophisticated.

There are now reports that perhaps the US naval vessels were hacked!!

Chief of US Naval Operations John Richardson on Monday said he could not rule out some kind of outside interference or a cyber attack being behind the latest collision.

I was always told to assume incompetence over conspiracy – I still think that incompetence is more likely but it is frightening to think that they were hacked.

The Singapore based Straits Times has a good article here

Which countries are the best prepared for cyber issues??

It seems the best prepared countries are

  1. Singapore
  2. USA
  3. Malaysia
  4. Oman and
  5. Estonia

These results are in the Global Cybersecurity Index 2017 (GCI-2017), published by the ITU (International Telecommunication Union).

Out of the 193 Member States, there is a huge range in cybersecurity commitments, as the heat map below illustrates.
Level of commitment: from Green (highest) to Red (lowest)

Capture

A short summary is here

The full report is here

Why is re-using passwords a problem

An ABC (Australia) journo had someone else using his Uber account recently…but Uber had not been hacked.  How does that happen??

Say the guy was using the same email address and password combo for his local golf club or his airline frequent flyer account.  That account gets hacked – surprise, surprise the local golf club does NOT have great security.  The bad guys then try the same combo in Uber, in various banks, in Amazon ..

In this case the guy thought he was clever, his passwords were a bit different – you know, lets swap a zero with a letter o.  Bad luck, you’ll be shocked to learn the bad guys know that trick.

You get the drift – do NOT re-use passwords.  I know it is hard that is why you really need to use a password manager.  I use a product called Dashlane – I find it great.  There is a free version or if you want the paid version, then use this code for a discount.

The full story on the ABC journo is here

Cyberattacks around the world – what to do?

Today there have been numerous reports of widespread computer problems and so called ransomware attacks.  They are typically ones where all of the data on your machine is encrypted, with the attacker then requesting a ransom fee to un-encrypt your data.

In many cases the fee is a few hundred dollars but, just like old school ransoms, sometimes the payment triggers good things and sometimes not.

Some of the reports are here and here and here

What should you do to stop the problem?

  1. Don’t click on links from unknown sources
  2. Make sure your copy of Windows has been updated