I look buff.
In my short time on this earth, I’ve seen a lot of changes in how people do business and share information, thanks to many advances in technology.
I’m a fan. I practically sleep with my phone and I am pretty sure that my relationship with Google is unhealthy.
Having said that, with all this wonderful progress comes a certain amount of danger.
I’ve read posts and received messages asking about scams, hoaxes, and so far, none of my friends have fallen prey.
In an effort to help out my many writer friends who find themselves spending more time plugged in than they ever expected, I took some time out to interview a securities expert on some best practices when online.
Ian Thompson. No Photo Available.
Without further delay, welcome Ian Thompson, CISSP, OSCP, MCSA, CCNA, Security + Expert, and many other letters of the alphabet I can’t remember. He’s spent a great deal of brainpower and time earning those letters. Thanks for joining us, Ian.
Please don’t hack me.
I only use my powers for good.
Mostly.
That’s a relief. Unfortunately, there are hackers out there that don’t use their powers for good. How does an average Joe keep their computer safe? Is that possible?
Sure, turn off your computer, unplug it, and place it in a vault. I think most people would sleep
well at night knowing that their computer is protected from unwanted access, don’t you?
Is this how the whole interview is going to go?
::grins::
Actually, some computers are turned off and placed in a vault to protect the information stored on them. But realistically that’s not possible for most.
Right. So for the “most” of us, what should we do?
To be reasonably protected, it is important to do a few things.
- First, continually educate yourself about best security practices like you are doing right now. Keep in mind that security is not a state that one can attain; it is a process that must be repeated frequently.
- Second, you need to know what software is on your computer. Once you know what you have, make sure all of it is up to date and fully patched. Security products can assist in this, but a nice free tool called Secunia Personal Software Inspector is available to help you with this part of the process. Remember, new updates may come out daily. You can schedule this product to
regularly scan your system and it will show you what needs to be updated and even point you to the updates to install. Always make sure Windows, Adobe, Java, and Office updates are applied.
- Third, use a security product and keep it updated. Ideally it will have anti-virus, generic buffer overflow protection, intrusion prevention, and a firewall built into it. Companies like eEye Digital Security, and Symantec have products that contain these types of protection.
Lather, rinse, repeat.
Awesome. Thanks for the link for Secunia. We all like free stuff that helps protect us. Does that mean when a random window pops up telling us we need to download a virus protection, we should do it? I mean, I had one the other day saying it was Windows Defender. That sounds totally legit.
When in doubt, don’t. All sorts of malware is out there made to appear like legit software.
Hmmm. Ok. I totally knew that.
::tosses laptop out window::
How about this email here? Ebay needs me to confirm my log in information. I don’t want an interruption in my eBay service. I’m in the middle of bidding on some sweet Star Wars memorabilia.
This is an example of a social engineering attack called phishing. This attack is very common over email. For example someone may send you an email pretending to be a company or a bank cleverly asking you for some personal information, accounts/passwords, or enticing you to click a link.
Clicking the link is the last thing you would want to do. Let me repeat this, NEVER click a link in an email. It is always best to open a web browser and navigate to the site you wish to visit.
For example, this will allow you to go to the real site “ebay.com” and not the fake site “ebay.ee.com” (I just made up that URL). These fake sites may look like the real site but many times they will infect your computer with malware automatically even if you are full patched and up-to-date with your security product updates.
::gasp:: Really??
Yes, it’s true. Also, do NOT reply to these emails as that would confirm a valid email address and could also allow for further social engineering attempts. Keep this in mind, many advertisements, content on social networking sites, and other genuine sites link to malware too. Be very cautious about what you click on. Products that contain host intrusion protection and 0 day protection or generic buffer overflow protection can offer some protection from these types of attacks. Educating yourself will go very far in preventing social engineering attacks as people are always the weakest link.
We are the weakest link!
::rolls eyes::
What if I get an email from a friend saying they are stranded in a foreign country and need money?
Don’t send any.
A Nigerian prince who needs my banking info?
Not so much.
My email provider saying that they need me to confirm my account or they’ll close it?
Don’t click.
But the IRS is trying to send me a notice. Surely…
Don’t click.
But if I don’t act now, this refinancing deal is going to slip through my fingers.
Let it slip. Don’t click. Do you have that out of your system now?
I think so.
How about passwords? I have maybe a bajillion of them. I am pretty sure that if I just make them all “password123” that would be best. Then, I can remember them all easily, and no one will ever guess that.
Er, no. Not a good idea.
If you choose to set a password yourself follow some basic guidelines:
- Make sure you never reuse a password. This can be hard to do but it keeps your other information from easy access if a password was found.
- Make it something you can easily remember plus as long and complex as you can including upper/lower case letters, numbers, and special characters. Fifteen or more characters is especially good.
- Do not include things that someone might find out about you such as pet names, important dates, and information found on your social networking sites.
Dude. We’ve met before, right? What makes you think I can remember a bajillion different passwords?
You don’t have to. The site lastpass.com is a great site and is safe to use. You can check out this pod-cast for more information.
Oh. That’s cool! And only a dollar a month. My brain thanks you, sir.
You’re, uh, she’s welcome…?
How about my phone? I don’t want to be stalked because I have technology in my pocket.
Well…
Sorry, hold on. I’m checking in at “My Crib” on Foursquare. And Facebook. And…
Yeah, you might want to skip that.
Oh.
::puts down phone::
::picks up phone::
Just because you aren’t intentionally “checking in” doesn’t mean your location isn’t being appended to what you upload. Geotagging allows a photo to be tagged with the GPS location your phone feeds it. But, you can turn off this setting. On your iPhone, we can do it here. [Settings, General, Location Services] You also want to look at the individual applications you load to see what their settings are.
::hands phone back::
I am now unstalkable!
Technically, no.
Having a GPS on your phone is not the only way you can be tracked. Your cell phone communicates with cell phone towers and your location can be tracked that way as well. You can find some good information on the eff.org site about this and other privacy issues.
I believe this quote says it all:
“Unfortunately, if you want to use your cell phone at all, avoiding the threat of this kind of real-time tracking is nearly impossible. That’s because the government can track your cell phone whenever it’s on, even if you aren’t making a call. The government can even track some cell phones when they are powered down, unless you have also removed the battery. So, once again, there is a security trade-off: the only way to eliminate the risk of location tracking is to leave the cell phone at home, or remove the battery.”
That sounds like an episode of CSI. Or Law & Order. Or…well, you get the idea.
Last question for today, although I make no guarantees it will be the last ever. Google has been telling me to read it’s new privacy terms. In basic terms, is there anything I need to know?
Very simply, I would not expect any privacy. If you don’t want your searches tied to your account then you would want to log out before you do any google searches. Remember, though, that your ISP can see what you’re doing and they can offer up that information.
So, Google has me in their clutches either way, huh?
Pretty much. That being said I still use google all the time. You can check out the this podcast if you want more details on the subject.
Well, that’s about all the time and space we have today. Thank you so much for joining us Ian.
No problem.
I’ll be sure to stalk you online, I MEAN, give you a call if my readers have more questions.
Riiiiiight.
Readers, what answers did you find helpful? If you have more questions or would like more clarification, please let me know!
I’m securing (no pun intended) exclusive rights to our expert as we speak. He’s not the only tech savvy fellow around these parts, so feel free to all sorts of questions!
Enter Ivy (Megan Hilty), a blonde bombshell with a voice to match. Experienced in the world of theater, but still looking to snag that big part, she seems to be a shoe in. Then there is Karen Cartwright (Katharine McPhee), a fresh faced girl from Iowa trying to break in to theater.
