Archive for June 30, 2015

| June 30, 2015
Comments Off on How Social Engineering Works

How Social Engineering Works

From where I sit in my Bach Seat, it isHow Social Engineering Works clear that cyber-attackers will try anything to penetrate your online security. They will even exploit human nature to get access to a firm’s digital assets. In the human world, people who exploit human nature are often called politicians, con-men, or grifters. In the digital domain, we call it social engineering. Most online attackers use some sort of social engineering to get users to do something risky.

Social engineering psychological tricks

Here is a list of 6 psychological tricks that social engineers use to trick staff.

1- Reciprocation – When people are provided with something, they tend to feel obligated and then repay the favor.

2 – Scarcity – People tend to comply when they believe something is in short supply. As an example, consider a spoof email claiming to be from a bank asking the user to comply with a request or else have their account disabled within 24 hours.

3 – Consistency –  Once targets have promised to do something, they usually stick to their promises because people do not wish to appear untrustworthy or unreliable. For example, a hacker posing as a company’s IT team could have an employee agree to abide by all security processes, then ask them to do a suspicious task supposedly in line with security requirements.

4 – Liking – Targets are more likely to comply when the social engineer is someone they like. A hacker could use charm via the phone or online to win over an unsuspecting victim.

stick to their promises5 – Authority – People tend to comply when a request comes from a figure of authority. So a targeted email to the finance team that appears to come from the CEO or company president will likely prove effective.

6 – Social validation – People tend to comply when others are doing the same thing. For example, a phishing email might look as if it’s sent to a group of employees, which makes each employee believe the message must be valid if other colleagues also received it.

Conditioned to click

An article at Help Net Security Proofpoint argues that humans are psychologically conditioned (rb- Remember Pavlov’s dogs from Pysch 101?to click on links. Cyber-criminals leverage this conditioning by designing phishing emails most likely to trigger your automatic click response.

Proofpoint says that social engineering emails are so convincing and compelling that they fool 10% of recipients into clicking on the malicious link. To put that into context a legitimate marketing department typically expects a <2% click rate on their advertising campaigns.

Steps to protect against social engineering

They offer the following suggestions to protect against social engineering phishing emails:

  1. Understand that you are not being targeted specifically, you and your machine are just collateral damage.
  2. Upgrade your computer from Windows XP (as Microsoft is no longer providing security updates to the OS) or disconnect it from the internet – it’s that dangerous.
  3. Don’t use simple predictable passwords that are easy to crack.

Businesses need to:

  1. Put in place layered security to provide an in-depth defense against the latest attacks and malware.
  2. Run awareness campaigns with your staff telling them not to click on links within social networking emails such as LinkedIn invitations. They should instead open their browser or app, log in, and manage their invites/messages from there.
  3. Deploy new technologies that combine big data security analytics with advanced malware analysis. These technologies provide predictive and click-time defense, end-to-end attack campaign insight. They also offer automated incident containment capabilities through connectors to your existing security layers.
Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| June 25, 2015
Comments Off on Emoji Passcodes Replace PIN at ATM

Emoji Passcodes Replace PIN at ATM

Emoji Passcodes Replace PIN at ATMFollowers of the Bach Seat know that passwords are evil. I have written about dumb passwords again, again and again. Now a firm in the UK wants us to replace our ATM PINs with Emoji passcodes. The Verge brings us the latest theory to get users to use passwords better than “123456,” “password,” and “12345678.” EMOJI. Yes, those Japanese pictographs that anybody over 15 loves to hate. 

users just don't care about their passwords Intelligent Environments, a UK firm that makes digital banking software figured most users just don’t care about their passwords. So they created what it’s calling the “world’s first emoji-only passcode.” The world’s first emoji-only passcode offers a choice of 44 emoji that can be used to create a four-character PIN. The company told Verge the 44 emojis can create 3,498,308 possible permutations for non-repeating emoji passcodes. That compares to just 7,290 for a traditional non-repeating PIN.

Replace your ATM PIN with an emoji

The firm believes that everyone loves emojis, so why not replace those pesky digits with emojis?  Intelligent Environments is betting that forcing people to use emoji instead of numbers would also stop them from choosing weak PINs. Weak PINs are based on memorable events — birthdays and weddings for example — that might be easily guessed.

The company quotes Tony Buzan, inventor of the Mind Map technique. He adds that the idea, “plays to humans’ extraordinary ability to remember pictures, which is anchored in our evolutionary history.” Memory expert Buzan explains, “Forgetting passwords is because the brain doesn’t work digitally or verbally. It works imagistically.”

The author points out while it is a clever idea, certainly, but don’t get too excited yet. This is not the first PIN replacement we’ve seen. Implementing these ideas is always far more difficult than just coming up with them.

Intelligent Environments presser

Password dressIntelligent Environments’ press release is also a little too heavy on the hyperbole (it claims that “64 percent of millennials regularly communicate only using emojis” — really? Only using emoji?) and a little too light on actual industry support. Intelligent Environments’ managing director David Webber told BBC News that the company hadn’t patented the idea, meaning any bank that wants to introduce emoji PIN codes can do so. Although, there’s always the chance that security wouldn’t be increased as everyone picked what is objectively the best emoji passcode ever: four smiling poops.

rb-
There is some research that says this makes sense. But then there is the problem of getting systems to accept the emoji PIN. There are still websites out there that can’t handle a passphrase of more than 12 text characters, what is it going to do with emoji? Also, remember that there are still lots of ATM’s out there quietly running Microsoft’s Windows XP operating system more than two years after Redmond stopped updating the software.

The kids think they are so cool with their newfangled emoji. What about old-school?

: )

:-O

(-_-)

(^_^)

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| June 23, 2015
Comments Off on 2Gbps Coming To Detroit

2Gbps Coming To Detroit

2Gbps Coming To DetroitNot so long ago, Comcast was leaving Detroit. Now, the embattled cable provider has announced a 2 Gbps fiber-to-the-home (FTTH) campaign in Motown. FierceTelecom reports that Comcast will bring its Gigabit Pro service to about 1.5 million homes in Michigan. The service will be offered to residential customers in Detroit, Flint, Grand Rapids, Jackson, and Lansing. Tim Collins, senior VP of Comcast’s Heartland Region, said in a release that the company’s move into Michigan is designed to address “tech-savvy residents who have a need for even faster speeds.

a need for even faster speedsSimilar to other markets, Detroit customers that live near Comcast’s fiber network will be eligible to get Gigabit Pro service. Comcast technicians will install an optical network terminal and related equipment at the customer’s home for the service. In addition to the metro-Detroit area, Comcast plans to offer the service in Benton Harbor and St. Joseph (as part of the Greater Chicago region).

Options in Detroit

Comcast has not yet disclosed what it will charge Detroiters for the Gigabit Pro offering. The author cites a DSL Reports article where Comcast was planning a $299 per month price tag for the service. That price would make it much more expensive than it competition. Google charge $70 per month for Google Fiber service or AT&T‘s (T) $120 per month charge for its gigabit services. However, it’s unclear if Comcast will adhere to that pricing when it does launch the service.

The article says today, Comcast charges $399.95 a month for its 505 Mbps tier. An Ars Technica report said Comcast’s 2 Gbps service will cost less than that. It also said that all 505 Mbps customers will be upgraded to the new Gigabit Pro service. As the MSO tries to work out pricing, it decided to delay the initial May release of the service in Detroit to a new, undetermined date.

rb-

Let’s be honest, the real hero here is Dan Gilbert and his Rocket Fiber project. As has been the case where Google Fiber has gone in, the other players suddenly show an interest in that market. I predict a win for RocketFiber, because Mr. Gilbert’s people understand customer service and Comcast hates its customers.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , ,
| June 20, 2015
Comments Off on GOP Ordred to Gut FCC Over Net Neutrality

GOP Ordred to Gut FCC Over Net Neutrality

GOP Ordred to Gut FCC Over Net NeutralityThe courts turned down big Telecom’s demands to immediately kill Net Neutrality and somehow the Internet still works. But big Telecom’s House Republican stooges continue their war against consumers and the open Internet. The telecom lackeys have buried riders in a budget bill that would stop the FCC from enforcing the Net Neutrally regs until courts decide several challenges.

According to FierceCable, the GOP’s 2016 Financial Services and General Government Appropriations bill, unveiled recently, has three riders buried in the budget rules that:

  1. riders buried in the budgetPrevent the FCC from enforcing its net neutrality rules, pending what could be years of litigation.
  2. Cut the FCC budget by $73 million.
  3. Prohibits the FCC from regulating rates for both wireline and wireless Internet services.

Harold Feld, senior VP at Public Knowledge, in a responding statement told FierceCable:

Worst of all, the Appropriations Committee ban on FCC enforcement that ‘directly or indirectly’ regulates prices would prevent the FCC from ban on FCC enforcementperforming even the most basic consumer protection action, such as the recent FCC enforcement against wireless carriers requiring them to refund charges for services customers did not order or had discontinued.

Public Knowledge VP Feld concludes:

The Appropriations Committee would rather declare open season to rob American broadband subscribers with overcharges and ripoffs than allow the FCC to do its job.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
| June 18, 2015
Comments Off on Run Your DC with a Chevy

Run Your DC with a Chevy

Run Your DC with a ChevyGeneral Motors (GM) is using Chevy Volt batteries to power a data center. MLive reports that expired lithium-ion batteries retrieved from Chevrolet Volt’s help power the General Motors Enterprise Data Center at the Milford Proving Grounds in Milford, MI.

GM logoGM recently announced that five batteries from first-generation Volts are working in parallel with a 74-kilowatt solar array and two 2-kilowatt wind turbines to green up the data center. The batteries have the capacity to provide backup power for four hours in the event of an outage, GM said. According to the article, the set-up has given the Enterprise Data Center a net-zero energy use on an annual basis, and extra power will be sent back to the grid used by the Milford Proving Ground.

First-gen Chevy Volts still have a lot of juice

As it readies to sell its all-new, second-generation Volt, GM said first-gen cars still have a lot of leftover juice in their battery packs for stationary use. Pablo Valencia, GM’s senior manager of battery life cycle management, said in a presser that the batteries still have value after they come out of the car.

Chevy Volt batteries to power a data center.Even after the battery has reached the end of its useful life in a Chevrolet Volt, up to 80 percent of its storage capacity remains … This secondary use application extends its life, while delivering waste reduction and economic benefits on an industrial scale.

The first-generation plug-in hybrid Volt went on sale in 2010 for the 2011 model year. It uses battery power to get an electric range of about 35-38 miles, before switching to gasoline.

Battery powered carThe 2016 Volt, unveiled last January in Detroit, will have about a 31% greater electric range than its predecessor. The second-gen Volt has about a 50-mile, all-electric range, and a total driving range of about 400 miles when combined with a gasoline engine.

Rb-
According to the Detroit News, GM is working with unidentified partners to validate and test systems for other commercial and non-commercial uses. 

Elon Musk‘s Tesla (TSLA) is also leveraging its car-based battery systems to develop a line of storage batteries designed for homes and SMB’s called Powerwall. Powerwall is designed to store electricity for home use, to be used during peak consumption times when utilities charge the most. The device comes in several colors including white, charcoal, red, and blue. There are two options — a 7-kilowatt-hour package using nickel-manganese-cobalt batteries and a 10 kilowatt-hour unit with a nickel-cobalt-aluminum battery.

 

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Cars | Tags: , , , , , , , , , , , ,
« Older Entries