Discover how mastering email communication can boost business efficiency, avoid common pitfalls, and ensure secure, respectful online interactions.
Turkey Revenge
The turkeys are pissed this Thanksgiving they are seeking revenge.
Germs Infest 60% of Americas Phones
60% of Americans sleep with their phones, harboring germs. Cleaning regularly with UV sanitizer or alcohol wipes can help keep your phone and bed germ-free.
Smartphone Sanitizing: A Practical Guide
Securely erase personal data from your old smartphone before recycling. Protect your identity from hackers—easy steps to follow.
Why Soft Skills Matter in Today’s Job Market
Boost your career with essential soft skills like communication, teamwork, and emotional intelligence. Learn why they’re crucial for workplace success.
The Enemy Within at School
Naked Security reports on a hack that combines two of our favorite things on the Bach Seat, Florida, and lax data security at school. The way the Sophos blog tells the story, a 14-year-old Florida boy is charged with being a hacker by trespassing on his school’s computer system.
Florida school hacker
The charges came after he shoulder-surfed a teacher typing in his password and used it without permission to trespass in the network. The student then tried to embarrass a teacher he doesn’t like by swapping his desktop wallpaper with an image of two men kissing.
A Tampa Bay Times article says that an eighth-grader was recently arrested for “an offense against a computer system and unauthorized access.” This is a felony in Fla. Sheriff Chris Nocco said that the teen logged onto the network of a Pasco County School District school using an administrative-level password without permission.
A spokesman for the Pasco County Sheriff’s Office told Network World that the student was not detained. Rather, he was questioned at the school before being released to his mother. His sentence remains to be seen, But at this point, it’s looking like the boy isn’t going to suffer much more than a 10-day school suspension. Sheriff’s detective Anthony Bossone says is likely to be “pretrial intervention” by a judge with regards to the felony charge, the Tampa Bay Times reports. Naked Security says this is the student’s second offense.
When the newspaper interviewed the student, he said that he’s not the only one who uses that password. Other students commonly log into the administrative account to screen-share with their friends, he said. It’s a well-known trick, the student said. He claimed the password was a snap to remember, it’s just the teacher’s last name, which the boy says he learned by watching the teacher type it in.
The sheriff says that the student didn’t just access the teacher’s computer to pull his wallpaper prank. He also reportedly accessed a computer with sensitive data – the state’s standardized tests – (now we know why he is in trouble – NCLB! – Common Core!!) while logged in as an administrator. Those are files he well could have viewed or tampered with, though he denies having done so. Sheriff Nocco says that’s the reason why this can’t be dismissed as being just a bit of fun. Even though some might say this is just a teenage prank, who knows what this teenager might have done.
I logged out of that computer and logged into a different one and I logged into a teacher’s computer who I didn’t like and tried putting inappropriate pictures onto his computer to annoy him.
in typical HS-er logic, he told the newspaper:
If they’d have notified me it was illegal, I wouldn’t have done it in the first place. But all they said was ‘You shouldn’t be doing that.‘
Idaho school hacker
Another report from the other side of the continent comes from Engadget. They report that a teenager from Idaho took advantage of the latest trend in online criminal activity. He likely rented a cloud-based botnet to launch a distributed denial of service (DDos) against the largest school district in Idaho. The alleged DDoS took down the school district’s internet access according to media reports.
KTVB News reports that the 17-year-old student paid a third party to conduct a distributed denial-of-service attack/ The attack forced the entire West Ada school district offline. The act disrupted more than 50 schools, bringing everything from payroll to standardized tests (More high stakes testing – NCLB! Common Core!!) grinding to a halt. Unfortunate students undertaking the Idaho Standard Achievement test had to go through the process multiple times because the system kept losing their work and results.
The report goes on to say that authorities have found the Eagle High student from their IP address. The students could now face State and Federal felony charges. If found guilty, the unnamed individual is likely to serve up to 180 days in jail, as well as being expelled from school. In addition, the suspect’s parents will be asked to pay for the financial losses suffered as a consequence of the attack.
rb-
Many school networks have bigger pipes than the business world. Some EDU networks I have worked on have had 10 GigE for years. In the rest of the online world, these incidents would serve as a wake-up call to network managers that hey, we might be at risk too, but not schools. Oh yeah – Passwords are Evil
Rightly or wrongly schools rely on the Intertubes for their core business – instruction, and NCLB high-stakes testing. However, they do not take steps to protect themselves. Administrators fight common tactics like periodic password changes, enforcing password complexity, or blacklisting common weak passwords. None bother with an anti-DDOS strategy let alone buying a tool to fight off a denial of service attack.
Related articles
- Stop DDoS attacks, CISOs urged (itworldcanada.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2015, Administrative Privledge, Cloud, Common Core, DDOS, Florida, Hack, High school, Idaho, Insider threat, K12, NCLB, Password, Security, Shoulder surf, Social engineering
How Social Engineering Works
From where I sit in my Bach Seat, it is
clear that cyber-attackers will try anything to penetrate your online security. They will even exploit human nature to get access to a firm’s digital assets. In the human world, people who exploit human nature are often called politicians, con-men, or grifters. In the digital domain, we call it social engineering. Most online attackers use some sort of social engineering to get users to do something risky.
Social engineering psychological tricks
Here is a list of 6 psychological tricks that social engineers use to trick staff.
1- Reciprocation – When people are provided with something, they tend to feel obligated and then repay the favor.
2 – Scarcity – People tend to comply when they believe something is in short supply. As an example, consider a spoof email claiming to be from a bank asking the user to comply with a request or else have their account disabled within 24 hours.
3 – Consistency – Once targets have promised to do something, they usually stick to their promises because people do not wish to appear untrustworthy or unreliable. For example, a hacker posing as a company’s IT team could have an employee agree to abide by all security processes, then ask them to do a suspicious task supposedly in line with security requirements.
4 – Liking – Targets are more likely to comply when the social engineer is someone they like. A hacker could use charm via the phone or online to win over an unsuspecting victim.
5 – Authority – People tend to comply when a request comes from a figure of authority. So a targeted email to the finance team that appears to come from the CEO or company president will likely prove effective.
6 – Social validation – People tend to comply when others are doing the same thing. For example, a phishing email might look as if it’s sent to a group of employees, which makes each employee believe the message must be valid if other colleagues also received it.
Conditioned to click
An article at Help Net Security Proofpoint argues that humans are psychologically conditioned (rb- Remember Pavlov’s dogs from Pysch 101?) to click on links. Cyber-criminals leverage this conditioning by designing phishing emails most likely to trigger your automatic click response.
Proofpoint says that social engineering emails are so convincing and compelling that they fool 10% of recipients into clicking on the malicious link. To put that into context a legitimate marketing department typically expects a <2% click rate on their advertising campaigns.
Steps to protect against social engineering
They offer the following suggestions to protect against social engineering phishing emails:
- Understand that you are not being targeted specifically, you and your machine are just collateral damage.
- Upgrade your computer from Windows XP (as Microsoft is no longer providing security updates to the OS) or disconnect it from the internet – it’s that dangerous.
- Don’t use simple predictable passwords that are easy to crack.
Businesses need to:
- Put in place layered security to provide an in-depth defense against the latest attacks and malware.
- Run awareness campaigns with your staff telling them not to click on links within social networking emails such as LinkedIn invitations. They should instead open their browser or app, log in, and manage their invites/messages from there.
- Deploy new technologies that combine big data security analytics with advanced malware analysis. These technologies provide predictive and click-time defense, end-to-end attack campaign insight. They also offer automated incident containment capabilities through connectors to your existing security layers.
Related articles
- 6 Ways to Cope With a Scary Social World (cmswire.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2015, Exploit, Human Nature, Phishing, Psychology, Security, Social engineering, Social media, SPAM
Emoji Passcodes Replace PIN at ATM
Followers of the Bach Seat know that passwords are evil. I have written about dumb passwords again, again and again. Now a firm in the UK wants us to replace our ATM PINs with Emoji passcodes. The Verge brings us the latest theory to get users to use passwords better than “123456,” “password,” and “12345678.” EMOJI. Yes, those Japanese pictographs that anybody over 15 loves to hate.
Intelligent Environments, a UK firm that makes digital banking software figured most users just don’t care about their passwords. So they created what it’s calling the “world’s first emoji-only passcode.” The world’s first emoji-only passcode offers a choice of 44 emoji that can be used to create a four-character PIN. The company told Verge the 44 emojis can create 3,498,308 possible permutations for non-repeating emoji passcodes. That compares to just 7,290 for a traditional non-repeating PIN.
Replace your ATM PIN with an emoji
The firm believes that everyone loves emojis, so why not replace those pesky digits with emojis? Intelligent Environments is betting that forcing people to use emoji instead of numbers would also stop them from choosing weak PINs. Weak PINs are based on memorable events — birthdays and weddings for example — that might be easily guessed.
The company quotes Tony Buzan, inventor of the Mind Map technique. He adds that the idea, “plays to humans’ extraordinary ability to remember pictures, which is anchored in our evolutionary history.” Memory expert Buzan explains, “Forgetting passwords is because the brain doesn’t work digitally or verbally. It works imagistically.”
The author points out while it is a clever idea, certainly, but don’t get too excited yet. This is not the first PIN replacement we’ve seen. Implementing these ideas is always far more difficult than just coming up with them.
Intelligent Environments presser
Intelligent Environments’ press release is also a little too heavy on the hyperbole (it claims that “64 percent of millennials regularly communicate only using emojis” — really? Only using emoji?) and a little too light on actual industry support. Intelligent Environments’ managing director David Webber told BBC News that the company hadn’t patented the idea, meaning any bank that wants to introduce emoji PIN codes can do so. Although, there’s always the chance that security wouldn’t be increased as everyone picked what is objectively the best emoji passcode ever: four smiling poops.
rb-
There is some research that says this makes sense. But then there is the problem of getting systems to accept the emoji PIN. There are still websites out there that can’t handle a passphrase of more than 12 text characters, what is it going to do with emoji? Also, remember that there are still lots of ATM’s out there quietly running Microsoft’s Windows XP operating system more than two years after Redmond stopped updating the software.
The kids think they are so cool with their newfangled emoji. What about old-school?
: )
:-O
(-_-)
(^_^)
Related articles
- Domino’s Pizza lets customers order with a pizza emoji on Twitter (andriod community.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
2Gbps Coming To Detroit
Not so long ago, Comcast was leaving Detroit. Now, the embattled cable provider has announced a 2 Gbps fiber-to-the-home (FTTH) campaign in Motown. FierceTelecom reports that Comcast will bring its Gigabit Pro service to about 1.5 million homes in Michigan. The service will be offered to residential customers in Detroit, Flint, Grand Rapids, Jackson, and Lansing. Tim Collins, senior VP of Comcast’s Heartland Region, said in a release that the company’s move into Michigan is designed to address “tech-savvy residents who have a need for even faster speeds.”
Similar to other markets, Detroit customers that live near Comcast’s fiber network will be eligible to get Gigabit Pro service. Comcast technicians will install an optical network terminal and related equipment at the customer’s home for the service. In addition to the metro-Detroit area, Comcast plans to offer the service in Benton Harbor and St. Joseph (as part of the Greater Chicago region).
Options in Detroit
Comcast has not yet disclosed what it will charge Detroiters for the Gigabit Pro offering. The author cites a DSL Reports article where Comcast was planning a $299 per month price tag for the service. That price would make it much more expensive than it competition. Google charge $70 per month for Google Fiber service or AT&T‘s (T) $120 per month charge for its gigabit services. However, it’s unclear if Comcast will adhere to that pricing when it does launch the service.
T
he article says today, Comcast charges $399.95 a month for its 505 Mbps tier. An Ars Technica report said Comcast’s 2 Gbps service will cost less than that. It also said that all 505 Mbps customers will be upgraded to the new Gigabit Pro service. As the MSO tries to work out pricing, it decided to delay the initial May release of the service in Detroit to a new, undetermined date.
rb-
Let’s be honest, the real hero here is Dan Gilbert and his Rocket Fiber project. As has been the case where Google Fiber has gone in, the other players suddenly show an interest in that market. I predict a win for RocketFiber, because Mr. Gilbert’s people understand customer service and Comcast hates its customers.
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2015, AT&T, Broadband, CMCSA, Comcast, Dan Gilbert, Detroit, Gigabit, GOOG, Google, Michigan, Networking, Optical fiber, Rocket Fiber, T
GOP Ordred to Gut FCC Over Net Neutrality
The courts turned down big Telecom’s demands to immediately kill Net Neutrality and somehow the Internet still works. But big Telecom’s House Republican stooges continue their war against consumers and the open Internet. The telecom lackeys have buried riders in a budget bill that would stop the FCC from enforcing the Net Neutrally regs until courts decide several challenges.
According to FierceCable, the GOP’s 2016 Financial Services and General Government Appropriations bill, unveiled recently, has three riders buried in the budget rules that:
Prevent the FCC from enforcing its net neutrality rules, pending what could be years of litigation.- Cut the FCC budget by $73 million.
- Prohibits the FCC from regulating rates for both wireline and wireless Internet services.
Harold Feld, senior VP at Public Knowledge, in a responding statement told FierceCable:
Worst of all, the Appropriations Committee ban on FCC enforcement that ‘directly or indirectly’ regulates prices would prevent the FCC from 
performing even the most basic consumer protection action, such as the recent FCC enforcement against wireless carriers requiring them to refund charges for services customers did not order or had discontinued.
Public Knowledge VP Feld concludes:
The Appropriations Committee would rather declare open season to rob American broadband subscribers with overcharges and ripoffs than allow the FCC to do its job.
Related articles
- So Far Net Neutrality Hasn’t Broken The Internet (techcrunch.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2015, AT&T, CMCSA, Comcast, GOP, Internet, ISP, Net neutrality, Politics, Public Knowledge, T, Time Warner Cable, TWC