sobeq.org

Cybersecurity tweets

2013-12-14T06:39:00.003+12:00

Tweets about "cybersecurity"

more news below

Follow @sobeqorg

StartPage, Ixquick, Encryption

2013-09-16T00:00:00.000+12:00

StartPage and Ixquick Deploy Newest Encryption Standards against Mass Surveillance: "SSL encryption has been proven to be an effective tool for protecting sensitive online traffic from eavesdropping and surveillance. However, security researchers now worry that SSL encryption may not provide adequate protection if Government agencies are scooping up large amounts of encrypted traffic and storing it for later decryption. With SSL alone, if a target website's "private key" can be obtained once in the future - perhaps through court order, social engineering, attack against the website, or cryptanalysis - that same key can then be used to unlock all other historical traffic of the affected website. For larger Internet services, that could expose the private data of millions of people. StartPage and Ixquick have now deployed a defense against this known as "Perfect Forward Secrecy," or PFS." (read more at link above)

more news below

Follow @sobeqorg

What It Means to Be An NSA Target

2013-09-12T23:19:00.002+12:00

What It Means to Be An NSA "Target": New Information Shows Why We Need Immediate FISA Amendments Act Reform | Electronic Frontier Foundation: "We’ve written before about the word games the government plays in describing its surveillance practices: “acquire,” “collect,” and “content” are all old government favorites. The New York Times report proves Feinstein statement is false, and it's clear it’s time to add “target” to the list of word games as well."

more news below

Follow @sobeqorg

Booz Allen Hamilton Wins Major Integrated Cyber Operations Pillar Contract

2013-08-13T00:00:00.000+12:00

Booz Allen Hamilton Wins Major Integrated Cyber Operations Pillar Contract to Support C4ISR, Cybersecurity Programs - WSJ.com: "August 02, 2013-- Booz Allen Hamilton today announced it has now won four of the Full and Open Pillar contracts involving a range of full system lifecycle support activities for the Space and Naval Warfare Systems Center Atlantic (SCC Atlantic). Most recently, the firm won a contract with a total ceiling of nearly $900 million to support the integrated cybersecurity and Command, Control, Communications, Computers, Intelligence, Surveillance, Reconnaissance (C4ISR) operations of the Space and Naval Warfare Systems Center Atlantic (SCC Atlantic)."

Cyber security company FireEye files for a $175 million IPO
NASDAQ
FireEye, which provides malware protection software to enterprises, filed on Friday with the SEC to raise up to $175 million in an initial public offering.

We Need a Dialogue on Cyber Security
Radio World
Like it or not, cyber security will continue to be a fact of life for broadcasters and ... EAS systems for any potential indications of attack or unauthorized access.

more news below

Follow @sobeqorg

Cyber Security, Cyber Funding

2013-08-10T00:00:00.000+12:00

Cyber Funding Under Our Noses
Government Technology
The recent leaks detailing the U.S. National Security Agency's extensive monitoring ... development for state and local governments and our overall cyber health.

Government Technology

The Tensions And Overlaps Between Cyber And Data Security
Metropolitan Corporate Counsel
The U.S. Food and Drug Administration (FDA) warns about the risk of cyber attacks on medical devices. The White House is implementing an Executive Order ...

DefCon: Former DHS cyber official to private sector: Gov't can't help ...
SC Magazine
The former deputy undersecretary for cyber security at the Department of ... can't act quickly enough to help private companies defend against a possible attack.

Klobuchar wants to reduce risk of cyber attacks to infrastructure
Alexandria Echo Press
The Cybersecurity Act of 2013 aims to help secure the nation from cyber threats by providing NIST, a non-regulatory agency within the Department of Commerce ...

BT and Vodafone helped UK cyber-spying effort, report claims
CNET UK
Snowden is a former National Security Agency (NSA) contractor who leaked the US ... Questions related to national security are a matter for governments not ...

CNET UK

more news below

Follow @sobeqorg

Cybersecurity, Cybercrime

2013-08-08T00:00:00.000+12:00

Cyber criminals try to steal fin data using fake tax ads: McAfee
Economic Times
Cyber criminals are busy using phishing e-mails and fake ads to steal confidential financial data of users, cyber security firm McAfee said today. NEW DELHI: As ...

Economic Times

Nasdaq faces huge cyber-security challenges
FierceFinanceIT
Nasdaq faces huge cyber-security challenges.... To be sure, all financial services companies are under attack these days. But the especially ...

UBA Advocates Increased Cyber-security Vigilance By Banks
Leadership Newspapers
UBA Advocates Increased Cyber-security Vigilance By Banks ... particular case, the probability of attack would be very high and the consequence, very severe.

Leadership Newspapers

more news below

Follow @sobeqorg

CEO concerns about malware attacks and cyber-espionage

2013-08-06T00:00:00.000+12:00

Cyber-Security Confidence Lacking Among Executives
eWeek
A whopping 97 percent of enterprises with annual security budgets totaling more than ... reported concerns about malware attacks and cyber-espionage tactics. ... in five say their biggest concern is not knowing whether an attack is underway, ...

Report recommends cyber-security white paper within a year
ABC Online
A new report by the Australian Strategic Policy Institute recommends the incoming government develop a white paper focusing on the country's cyber-security ...

Graduate Cyber Security Consultant
TARGETjobs
We are looking for talented Graduates to join BAE Systems Detica's Cyber Security Business Unit (BU). The Cyber Security BU supports our clients to identify, ...

Cyber and security of NBN emerging as election issues
The Australian Financial Review
“It's disappointing Australia doesn't have a national cyber security policy,” the institute's Tobias Feakin said. “This directly weakens our ability to respond to and ...

more news below

Follow @sobeqorg

Malware, Botnets

2013-08-03T00:00:00.000+12:00

Malware & Botnets | StaySafeOnline.org: "MALWARE & BOTNETS The Internet is a powerful and useful tool, but in the same way that you shouldn’t drive without buckling your seat belt or ride a bike without a helmet, you shouldn’t venture online without taking some basic precautions."

Viruses

Viruses are harmful computer programs that can be transmitted in a number of ways. Although they differ in many ways, all are designed to spread themselves from one computer to another through the Internet and cause havoc. Most commonly, they are designed to give the criminals who create them some sort of access to those infected computers.

Spyware

The terms "spyware" and "adware" apply to several different technologies. The two important things to know about them is that:

They can download themselves onto your computer without your permission (typically when you visit an unsafe website or via an attachment)
They can make your computer do things you don't want it to do. That might be as simple as opening an advertisement you didn't want to see. In the worst cases, spyware can track your online movements, steal your passwords and compromise your accounts.

Botnets

Botnets are networks of computers infected by malware (computer virus, key loggers and other malicious software) and controlled remotely by criminals, usually for financial gain or to launch attacks on website or networks.

If your computer is infected with botnet malware, it communicates and receives instructions about what it’s supposed to do from “command and control” computers located anywhere around the globe. What your computer does depends on what the cybercriminals are trying to accomplish.

Many botnets are designed to harvest data, such as passwords, social security numbers, credit card numbers, addresses, telephone numbers, and other personal information. The data is then used for nefarious purposes, such as identity theft, credit card fraud, spamming (sending junk email), website attacks, and malware distribution. For more information on botnets, visit the STOP. THINK. CONNECT. Keep a Clean Machine Campaign.

Protect Yourself with these STOP. THINK. CONNECT. Tips:

Keep a Clean Machine: Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.
When in doubt, throw it out: Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete or if appropriate, mark as junk email.
Protect all devices that connect to the Internet: Along with computers, smart phones, gaming systems, and other web-enabled devices also need protection from viruses and malware.
Plug & scan: “USBs” and other external devices can be infected by viruses and malware. Use your security software to scan them.

more news below

Follow @sobeqorg

Spam, Phishing

2013-08-01T00:00:00.000+12:00

Spam & Phishing | StaySafeOnline.org: "Cybercriminals have become quite savvy in their attempts to lure people in and get you to click on a link or open an attachment."

The email they send can look just like it comes from a financial institution, e-commerce site, government agency or any other service or business.

It often urges you to act quickly, because your account has been compromised, your order cannot be fulfilled or another matter.

If you are unsure whether an email request is legitimate, try to verify it with these steps:

Contact the company directly.
Contact the company using information provided on an account statement or back of a credit card.
Search for the company online – but not with information provided in the email.
SpamSpam is the electronic equivalent of junk mail. The term refers to unsolicited, bulk – and often unwanted – email.

Here are ways to reduce spam:

Enable filters on your email programs: Most ISPs (Internet Service Providers) and email providers offer spam filters. However, depending on the level you set, you may wind up blocking emails you want. It’s a good idea to occasionally check your junk folder to ensure the filters are working properly.
Report spam: Most email clients offer ways to mark an email as spam or report instances of spam. Reporting spam will also help to prevent the messages from being directly delivered to your inbox.
Own your online presence: Consider hiding your email address from online profiles and social networking sites or only allowing certain people to view your personal information.

PhishingPhishing attacks use email or malicious websites (clicking on a link) to collect personal and financial information or infect your machine with malware and viruses.

Spear PhishingSpear phishing is highly specialized attacks against a specific target or small group of targets to collect information of gain access to systems.

For example, a cybercriminal may launch a spear phishing attack against a business to gain credentials to access a list of customers. From that attack, they may launch a phishing attack against the customers of the business. Since they have gained access to the network, the email they send may look even more authentic and because the recipient is already customer of the business, the email may more easily make it through filters and the recipient maybe more likely to open the email.

The cybercriminal can use even more devious social engineering efforts such as indicating there is an important technical update or new lower pricing to lure people.

Spam & Phishing on Social NetworksSpam, phishing and other scams aren’t limited to just email. They’re also prevalent on social networking sites. The same rules apply on social networks: When in doubt, throw it out. This rule applies to links in online ads, status updates, tweets and other posts.

Here are ways to report spam and phishing on social networks:

How Do You Avoid Being a Victim?

Don’t reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in email.
Before sending sensitive information over the Internet, check the security of the website.
Pay attention to the website's URL. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net).
If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Contact the company using information provided on an account statement, not information provided in an email. Information about known phishing attacks is available online from groups such as the Anti-Phishing Working Group.
Keep a clean machine. Install and maintain anti-virus software, firewalls, and email filters to reduce spam.

What to Do if You Think You are a Victim?

Report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
If you believe your financial accounts may be compromised, contact your financial institution immediately and close the account(s).
Watch for any unauthorized charges to your account.
Consider reporting the attack to your local police department, and file a report with the Federal Trade Commission or the FBI's Internet Crime Complaint Center.

Additional Resources:

Protect Yourself with these STOP. THINK. CONNECT. Tips:

When in doubt, throw it out: Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete or if appropriate, mark as junk email.
Think before you act: Be wary of communications that implores you to act immediately, offers something that sounds too good to be true, or asks for personal information.
Secure your accounts: Ask for protection beyond passwords. Many account providers now offer additional ways for you verify who you are before you conduct business on that site.
Make passwords long and strong: Combine capital and lowercase letters with numbers and symbols to create a more secure password.
Unique account, unique password: Separate passwords for every account helps to thwart cybercriminals

more news below

Follow @sobeqorg

Hacked Accounts, what to do

2013-07-30T00:00:00.000+12:00

Hacked Accounts | StaySafeOnline.org:

If your account has been compromised or hacked, here are ways to regain control.

How do I know if my email or social network account has been hacked?

There are posts you never made on your social network page. These posts often encourage your friends to click on a link or download an App.
A friend, family member or colleague reports getting email from you that you never sent.
Your information was lost via a data breach, malware infection or lost/stolen device.

If you believe an account has been compromised, take the following steps:

Notify all of your contacts that they may receive spam messages that appear to come from your account. Tell your contacts they shouldn’t open messages or click on any links from your account and warn them about the potential for malware.
If you believe your computer is infected, be sure your security software is up to date and scan your system for malware. You can also use other scanners and removal tools.
Change passwords to all accounts that have been compromised and other key accounts ASAP. Remember, passwords should be long and strong and use a mix of upper and lowercase letters, and numbers and symbols. You should have a unique password for each account.

Keep a clean machine: Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.
Make passwords long and strong: Combine capital and lowercase letters with numbers and symbols to create a more secure password.
Unique account, unique password: Separate passwords for every account helps to thwart cybercriminals.
When in doubt, throw it out: Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete or if appropriate, mark as junk email.

more news below

Follow @sobeqorg

ID Theft and Fraud: If you become a victim of cybercrime

2013-07-27T00:00:00.000+12:00

ID Theft & Fraud | StaySafeOnline.org: "ID THEFT, FRAUD & VICTIMS OF CYBERCRIME"*

If you're the victim of cybercrime, you need to know what to do and respond quickly.

The Realities of Cybercrime
When dealing with cybercrime, an ounce of prevention is truly worth a pound of cure. Cybercrime in all its many forms (e.g., online identity theft, financial fraud, stalking, bullying, hacking, e-mail spoofing, information piracy and forgery, intellectual property crime, and more) can, at best, wreak havoc in victims’ lives through major inconvenience and annoyance. At worst, cybercrime can lead to financial ruin and potentially threaten a victim’s reputation and personal safety.

It’s always wise to do as much as possible to prevent cybercrime.

One of the best ways to learn how to prevent cybercrime is to check out STOP. THINK. CONNECT. at http://stopthinkconnect.org/tips-and-advice/.

But, despite our best efforts, our increasingly digital lives may put us in harm’s way. The fact remains that the bad guys continue to find new uses for ever-expanding—but easily accessible—online technologies to steal, harass, and commit all sorts of crime. If cybercrime happens to you, you need to know what to do and to respond quickly.

Should I Report Cybercrime?
Cybercrime can be particularly difficult to investigate and prosecute because it often crosses legal jurisdictions and even international boundaries. And, many offenders disband one online criminal operation—only to start up a new activity with a new approach—before an incident even comes to the attention of the authorities.

The good news is that federal, state, and local law enforcement authorities are becoming more sophisticated about and devoting more resources to responding to cybercrime. Furthermore, over the past several years, many new anti-cybercrime statutes have been passed empowering federal, state, and local authorities to investigate and prosecute these crimes. But, law enforcement needs your help to stop the nefarious behavior of cyber criminals and bring them to justice.

Who to contact:

Local law enforcement. Even if you have been the target of a multijurisdictional cybercrime, your local law enforcement agency (either police department or sheriff’s office) has an obligation to assist you, take a formal report, and make referrals to other agencies, when appropriate. Report your situation as soon as you find out about it. Some local agencies have detectives or departments that focus specifically on cybercrime.
IC3. The Internet Crime Complaint Center (IC3) will thoroughly review and evaluate your complaint and refer it to the appropriate federal, state, local, or international law enforcement or regulatory agency that has jurisdiction over the matter. IC3 is a partnership between the Federal Bureau of Investigation and the National White Collar Crime Center (funded, in part, by the Department of Justice’s Bureau of Justice Assistance). Complaints may be filed online at http://www.ic3.gov/default.aspx.
Federal Trade Commission. The FTC does not resolve individual consumer complaints, but does operate the Consumer Sentinel, a secure online database that is used by civil and criminal law enforcement authorities worldwide to detect patterns of wrong-doing, leading to investigations and prosecutions. File your complaint at https://www.ftccomplaintassistant.gov/FTC_Wizard.aspx?Lang=en. Victims of identity crime may receive additional help through the FTC hotline at 1-877-IDTHEFT (1-877-438-4388); the FTC website atwww.ftc.gov/IDTheft provides resources for victims, businesses, and law enforcement.
Your Local Victim Service Provider. Most communities in the United States have victim advocates ready to help following a crime. They can provide information, emotional support and advocacy as needed. Find local victims service providers here: http://ovc.ncjrs.gov/findvictimservices/search.asp

Collect and Keep Evidence
Even though you may not be asked to provide evidence when you first report the cybercrime, it is very important to keep any evidence you may have related to your complaint. Keep items in a safe location in the event you are requested to provide them for investigative or prosecutive evidence. Evidence may include, but is not limited to, the following:

Canceled checks
Certified or other mail receipts
Chatroom or newsgroup text
Credit card receipts
Envelopes (if you received items via FedEx, UPS, or U.S. Mail)
Facsimiles
Log files, if available, with date, time and time zone
Messages from Facebook, Twitter or other social networking sites
Money order receipts
Pamphlets or brochures
Phone bills
Printed or preferably electronic copies of emails (if printed, include full email header information)
Printed or preferably electronic copies of web pages
Wire receipts

Additional Tips for Specific Types of CybercrimeOnce you discover that you have become a victim of cybercrime, your response will depend, to some degree, on the type and particular circumstances of the crime. Here are useful tips to follow for some specific types of cybercrimes:

In cases of identity theft:
Make sure you change your passwords for all online accounts. When changing your password, make it long, strong and unique, with a mix of upper and lowercase letters, numbers and symbols. You also may need to contact your bank and other financial institutions to freeze your accounts so that the offender is not able to access your financial resources.
Close any unauthorized or compromised credit or charge accounts. Cancel each credit and charge card. Get new cards with new account numbers. Inform the companies that someone may be using your identity, and find out if there have been any unauthorized transactions. Close accounts so that future charges are denied. You may also want to write a letter to the company so there is a record of the problem.
Think about what other personal information may be at risk. You may need to contact other agencies depending on the type of theft. For example, if a thief has access to your Social Security number, you should contact the Social Security Administration. You should also contact your state Department of Motor Vehicles if your driver's license or car registration are stolen.
File a report with your local law enforcement agency. Even if your local police department or sheriff’s office doesn’t have jurisdiction over the crime (a common occurrence for online crime which may originate in another jurisdiction or even another country), you will need to provide a copy of the law enforcement report to your banks, creditors, other businesses, credit bureaus, and debt collectors.
If your personal information has been stolen through a corporate data breach (when a cyberthief hacks into a large database of accounts to steal information, such as Social Security numbers, home addresses, and personal email addresses), you will likely be contacted by the business or agency whose data was compromised with additional instructions, as appropriate. You may also contact the organization’s IT security officer for more information.
If stolen money or identity is involved, contact one of the three credit bureaus to report the crime (Equifax at 1-800-525-6285, Experian at 1-888-397-3742, or TransUnion at 1-800-680-7289). Request that the credit bureau place a fraud alert on your credit report to prevent any further fraudulent activity (such as opening an account with your identification) from occurring. As soon as one of the bureaus issues a fraud alert, the other two bureaus are automatically notified.

For additional resources, visit the Identity Theft Resource Center at www.idtheftcenter.orgor the Federal Trade Commission athttp://www.ftc.gov/bcp/edu/microsites/idtheft/tools.html.

In cases of Social Security fraud:
If you believe someone is using your social security number for employment purposes or to fraudulently receive Social Security benefits, contact the Social Security Administration’s fraud hotline at 1-800-269-0271. Request a copy of your social security statement to verify its accuracy.

For additional resources, visit the Social Security Administration athttp://oig.ssa.gov/report-fraud-waste-or-abuse.

In cases of online stalking:
In cases where the offender is known, send the stalker a clear written warning saying the contact is unwanted and asking that the perpetrator cease sending communications of any kind. Do this only once and do not communicate with the stalker again (Ongoing contact usually only encourages the stalker to continue the behavior).
Save copies of all communication from the stalker (e.g., emails, threatening messages, messages via social media) and document each contact, including dates, times and additional circumstances, when appropriate.
File a complaint with the stalker’s Internet Service Provider (ISP) and yours. Many ISPs offer tools that filter or block communications from specific individuals.
Own your online presence. Set security and privacy settings on social networks and other services to your comfort level of sharing.
Consider changing your email address and ISP; use encryption software or privacy protection programs on your computer and mobile devices. (You should consult with law enforcement before changing your email account. It can be beneficial to the investigation to continue using the email account so law enforcement can also monitor communication.)
File a report with local law enforcement or contact your local prosecutor’s office to see what charges, if any, can be pursued. Stalking is illegal in all 50 states and the District of Columbia.

For additional resources, visit the Stalking Resource Center at www.ncvc.org/src.

In cases of cyberbullying:

Tell a trusted adult about what’s going on.
Save any of the related emails, texts, or messages as evidence.
Keep a record of incidents.
Report the incident to the website’s administrator; many websites including Facebook and YouTube encourage users to report incidents of cyberbullying.
Block the person on social networks and in email.
Avoid escalating the situation: Responding with hostility is likely to provoke a bully. Depending on the circumstances, consider ignoring the issue. Often, bullies thrive on the reaction of their victims. If you or your child receives unwanted email messages, consider changing your email address. The problem may stop. If you continue to get messages at the new account, you may have a strong case for legal action.
If the communications become more frequent, the threats more severe, the methods more dangerous and if third-parties (such as hate groups and sexually deviant groups) become involved—the more likely law enforcement needs to be contacted and a legal process initiated.

For more information, visit www.stopcyberbullying.org and www.ncpc.org/cyberbullying.

How Did This Happen To Me? A Word about Malware.Many cybercrimes start with malware—short for “malicious software.” Malware includes viruses and spyware that get installed on your computer, phone, or mobile device without your consent—you may have downloaded the malware without even realizing it! These programs can cause your device to crash and can be used to monitor and control your online activity. Criminals use malware to steal personal information and commit fraud. If you think your computer has malware, you can file a complaint with the Federal Trade Commission at www.ftc.gov/complaint.

Avoid malware with the following tips from the STOP. THINK. CONNECT. campaign:
Keep a clean machine by making sure your security software, operating system and web browser are up to date.
When in doubt throw it out. Don’t click on any links or open attachments unless you trust the source.
Make your passwords long and strong and unique. Combine capital and lowercase letters with numbers and symbols to create a more secure password. Use a different password for each account.
Set your browser security high enough to detect unauthorized downloads.
Use a pop-up blocker (the links in pop-up ads are notorious sources of malware).
Back up your data regularly (just in case your computer crashes).
Protect all devices that connect to the Internet. Along with computers, smart phones, gaming systems, and other web-enabled devices also need protection from malware.
Make sure all members of your family follow these safety tips (one infected computer on a home network can infect other computers).

Other Places to Find Resources or File a Complaint:

Anti-Phishing Working Group (reportphishing@antiphishing.org)
Better Business Bureau (investigates disagreements between businesses and customers; https://www.bbb.org/consumer-complaints/file-a-complaint/get-started)
CyberTipLine, operated by the National Center for Missing & Exploited Children (investigates cases of online sexual exploitation of children; 1-800-843-5678 or www.cybertipline.com)
Electronic Crimes Task Forces and Working Groups (http://www.secretservice.gov/ectf.shtml)
The Secret Service (investigates fraudulent use of currency;http://www.secretservice.gov/field_offices.shtml)
StopFraud.Gov Victims of Fraud Resources (http://www.stopfraud.gov/victims.html)
U.S. Computer Emergency Readiness Team (www.us-cert.gov)
U.S. Department of Justice (www.justice.gov/criminal/cybercrime)
U.S. Postal Inspection Service (investigates fraudulent on-line auctions and other cases involving the mail;https://postalinspectors.uspis.gov/contactus/filecomplaint.aspx)
Your State Attorney General (the National Association of Attorneys General keeps a current contact list at http://www.naag.org/current-attorneys-general.php)
Ways to Prevent CybercrimeMany cybercrimes start with malware. Criminals use malware to steal personal information and commit fraud.

Avoid malware with these STOP. THINK. CONNECT. Tips:

Keep a clean machine: Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.
Automate software updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an available option.
Protect all devices that connect to the Internet: Along with computers, smart phones, gaming systems, and other web-enabled devices also need protection from viruses and malware.
Plug & scan: “USBs” and other external devices can be infected by viruses and malware. Use your security software to scan them.
Protect your $: When banking and shopping, check to be sure the sites is security enabled. Look for web addresses with “https://” or “shttp://”, which means the site takes extra measures to help secure your information. “Http://” is not secure.
Back it up: Protect your valuable work, music, photos, and other digital information by making an electronic copy and storing it safely.

Additional Resources:

*The National Cyber Security Alliance would like to thank the National Sheriffs’ Association and International Association of Chiefs of Police for their assistance in creating this resource.

more news below

Follow @sobeqorg

Passwords and Securing Your Accounts

2013-07-25T00:00:00.000+12:00

Passwords & Securing Your Accounts | StaySafeOnline.org: " PASSWORDS & SECURING YOUR ACCOUNTS - Passwords are like keys to your personal home online. You should do everything you can prevent people from gaining access to your password. You can also further secure your accounts by using additional authentication methods."

Passwords

When creating a password, make sure it is long and strong, with a minimum of eight characters and a mix of upper and lowercase letters, numbers and symbols.

You should also remember to:

Not share your password with others.
Make your password unique to your life and not something that is easily guessed.
Have a different password for each online account.
Write down your password and store it in a safe place away from your computer.
Change your password several times a year.

Other Ways to Secure an Account -Typing a username and password into a website isn't the only way to identify yourself on the web services you use.

Multi-factor authentication uses more than one form of authentication to verify an identity. Some examples are voice ID, facial recognition, iris recognition and fingerscanning.
Two-factor authentication uses a username and passowrd and another form of identifcation, often times a security code. Over time, more websites will be adopting multi-factor authentication. In some cases, the services may be available, but are not required.

Many email services offer two-step verification on an opt-in basis. Ask your financial institution and other online services if they offer multi-factor authentication or additional ways to verify your identity.

Additional Resources:

STOP. THINK. CONNECT. Tips:

Secure your accounts: Ask for protection beyond passwords. Many account providers now offer additional ways for you verify who you are before you conduct business on that site.
Make passwords long and strong: Combine capital and lowercase letters with numbers and symbols to create a more secure password.
Unique account, unique password: Separate passwords for every account helps to thwart cybercriminals.
Write it down and keep it safe: Everyone can forget a password. Keep a list that’s stored in a safe, secure place away from your computer.

more news below

Follow @sobeqorg

US Spy Chief Leading US Into Cyberwar

2013-07-23T05:10:00.002+12:00

NSA Snooping Was Only the Beginning. Meet the Spy Chief Leading Us Into Cyberwar | Threat Level | Wired.com: "And he and his cyberwarriors have already launched their first attack. The cyberweapon that came to be known as Stuxnet was created and built by the NSA in partnership with the CIA and Israeli intelligence in the mid-2000s. The first known piece of malware designed to destroy physical equipment, Stuxnet was aimed at Iran’s nuclear facility in Natanz. By surreptitiously taking control of an industrial control link known as a Scada (Supervisory Control and Data Acquisition) system, the sophisticated worm was able to damage about a thousand centrifuges used to enrich nuclear material." (read more at link above)

U.K. to Probe Huawei Cyber-Security Center | News & Opinion | PCMag.com: "The U.K. government will conduct a review of a cyber-security center run by Huawei to ensure that it is actually effective. The country's National Security Adviser will "carry out a review" of the center, which is known as the Cell, according to a new report from the U.K.'s Intelligence and Security Committee. The committee issued its report after Prime Minister David Cameron last month raised concerns in his own report to Parliament about Huawei's operations in the U.K."

more news below

Follow @sobeqorg

Attackers hide code to thwart defenders

2013-07-20T00:00:00.000+12:00

How Attackers Thwart Malware Investigation -- Dark Reading: " . . . Yet if the attackers find better ways of hiding their code and making analysis more difficult for defenders, it could result is less intelligence on attackers tools and techniques, ThreatGRID's De Beer says. "Ultimately, all of these things can be decoded and decrypted and figured out over time, whether it be through dynamic or static means, but the goal on the attackers' side is to increase the workload to the extent where it becomes a very difficult thing to scale," De Beer says. "If you can't scale your analysis and you can't scale your ability to produce actionable content and threat intelligence, then they have an advantage over you at any point in time."" (read more at link above)

more news below

Follow @sobeqorg

DDoS Attack Takes Down DNS Provider Network Solutions and Clients

2013-07-18T10:23:00.001+12:00

DDoS Attack Takes Down DNS Provider Network Solutions | Threatpost: "A distributed denial of service attack knocked the website of the domain name registrar Network Solutions LLC offline this morning and affected an unknown number of its clients’ sites as well. Network Solutions announced on its Facebook page that it was experiencing a DDoS attack just before 11 a.m. EST, and then at 1:30 p.m. said the attack had been mitigated. Beyond that, the company has been relatively mum on the issue, angering its customers by failing to keep them adequately updated on its website and various social media channels."

Emergency Alert System Vulnerable to Hackers

2013-07-18T00:00:00.000+12:00

Emergency Alert System Vulnerable to Hackers, Report Finds | News & Opinion | PCMag.com: "Hackers could have a field day with the Emergency Alert System (EAS), thanks to vulnerabilities with equipment used to transmit the alerts, according to a new report. According to Seattle-based IOActive, the systems that intercept emergency messages from federal officials and then interrupt regular broadcasts to transmit the message - known as DASDEC - are susceptible to cyber attacks."

more news below

Follow @sobeqorg

Students Question the NSA at Recruiting Session

2013-07-16T00:00:00.000+12:00

▶ Students Question the NSA at Recruiting Session by Madiha:

US Expands Role in Cyber Defense
Bloomberg
Reports on chinese hacking activity -- let's bring in a chief security officer at a cyber security firm who has published several reports on chinese hacking activity. This is a fairly new program. It's important to realize that the information ...

Dramatic increase in phishing scams as criminals target Apple IDs
Muscat Daily
Kaspersky Lab recently published a report that analysed increase in cyber criminal campaigns to steal users' Apple IDs and account information by creating fraudulent phishing sites that imitate the official Apple site (www.apple.com). Cyber criminals ...

more news below

Follow @sobeqorg

Port of Baltimore vulnerable to cyber attack

2013-07-13T00:00:00.000+12:00

Port of Baltimore is vulnerable to cyber attack, Brookings study says
Baltimore Sun
The port and the MDOT work with the FBI Baltimore Cyber Crime Unit and a liaison with the NationalSecurity Agency at Fort Meade to ensure the integrity of the computer network, he said. "We have the highest level of security available and a thorough ...read more at link above

more news below

Follow @sobeqorg

China and US to discuss cyber security at forum

2013-07-11T12:50:00.000+12:00

China, US to discuss cyber security at forum
Las Vegas Sun
It will include the inaugural gathering of a U.S.-Chinese cyber security group. Beijing is under U.S. pressure to crack down on cyberspying after security consultants tracked a wave of hacking attacks to China. An assistant foreign minister, Zheng ...read more at link above

more news below

Follow @sobeqorg

Cyber attacks growing more advanced

2013-07-09T00:00:00.000+12:00

Cyber attacks growing more advanced - report
Upstream Online
The threats posed by state-backed intelligence outfits, industry insiders and freelance hackers is evolving and could deal a blow to US national security and economic competitiveness, the non-partisan think tank said in a report this week. "Once in the ...

West must work with the rest to secure Internet
Xinhua
At a time when China and the US are striving to build a new type of relationship, it is imperative that both should be guided by good faith, one of the basic requirements of international relations of whichcyber security affairs is a part. They should ...

Nation at high risk of cyber attacks
VietNamNet Bridge
The study, which was based on data from the Kaspersky Security Network cloud service, found that what was once a subset of spam has evolved into a rapidly growing cyber threat in its own right.Phishing is a form of internet fraud in which criminals ...

more news below

Follow @sobeqorg

General in leak probe quit Pentagon post suddenly

2013-07-06T00:00:00.000+12:00

General in leak probe quit Pentagon post suddenly, citing health reasons
NBCNews.com (blog)
“He was a crucial voice in communicating both the opportunities and dangers of cyber warfare,” said Peter Singer, a national security expert at the Brookings Institution think tank. More from NBC News Investigations: Report: Millions wasted on ...

more news below

Follow @sobeqorg

Cyber threats are here to stay

2013-07-04T00:00:00.000+12:00

Panelists : Cyber threats are here to stay
Aspen Times
The two participated in a discussion called “The Cyber Threat to America's Economy, Infrastructure, and Security,” as a part of the Aspen Ideas Festival. ... So what's the motivation for this kind ofwarfare? ... “If there's a missile attack you have ...

more news below

Follow @sobeqorg

NSA wasting money and resources - Terrorists Don't Use Verizon. Skype or Gmail

2013-07-02T00:00:00.000+12:00

Sorry, NSA, Terrorists Don't Use Verizon. Or Skype. Or Gmail. | Motherboard: . . . Or, as Bloomberg more bluntly puts it, the "infrastructure set up by the National Security Agency ... may only be good for gathering information on the stupidest, lowest-ranking of terrorists. The Prism surveillance program focuses on access to the servers of America’s largest Internet companies, which support such popular services as Skype, Gmail and iCloud. These are not the services that truly dangerous elements typically use." Read more: http://motherboard.vice.com/blog/hey-nsa-terrorists-dont-use-verizon-or-skype-or-gmail#ixzz2XLaWIu4z Follow us: @motherboard on Twitter | motherboardtv on Facebook

more news below

Follow @sobeqorg

Social Networks safety and security

2013-06-29T00:00:00.000+12:00

Social Networks | StaySafeOnline.org: " SOCIAL NETWORKS Facebook, Twitter, Google+, YouTube, Pinterest, LinkedIn and other social networks have become an integral part of online lives. Social networks are a great way to stay connected with others, but you should be wary about how much personal information you post."

Have your family follow these tips to safely enjoy social networking:

Privacy and security settings exist for a reason: Learn about and use the privacy and security settings on social networks. They are there to help you control who sees what you post and manage your online experience in a positive way.
Once posted, always posted: Protect your reputation on social networks. What you post online stays online. Think twice before posting pictures you wouldn’t want your parents or future employers to see. Recent research (http://www.microsoft.com/privacy/dpd/research.aspx) found that 70% of job recruiters rejected candidates based on information they found online.
Your online reputation can be a good thing: Recent research (http://www.microsoft.com/privacy/dpd/research.aspx) also found that recruiters respond to a strong, positive personal brand online. So show your smarts, thoughtfulness, and mastery of the environment.
Keep personal info personal: Be cautious about how much personal information you provide on social networking sites. The more information you post, the easier it may be for a hacker or someone else to use that information to steal your identity, access your data, or commit other crimes such as stalking.
Know and manage your friends: Social networks can be used for a variety of purposes. Some of the fun is creating a large pool of friends from many aspects of your life. That doesn’t mean all friends are created equal. Use tools to manage the information you share with friends in different groups or even have multiple online pages. If you’re trying to create a public persona as a blogger or expert, create an open profile or a “fan” page that encourages broad participation and limits personal information. Use your personal profile to keep your real friends (the ones you know trust) more synched up with your daily life.
Be honest if you’re uncomfortable: If a friend posts something about you that makes you uncomfortable or you think is inappropriate, let them know. Likewise, stay open-minded if a friend approaches you because something you’ve posted makes him or her uncomfortable. People have different tolerances for how much the world knows about them respect those differences.

Know what action to take: If someone is harassing or threatening you, remove them from your friends list, block them, and report them to the site administrator.

Protect Yourself with these STOP. THINK. CONNECT. Tips:

Keep a clean machine: Having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats.
Own your online presence: When applicable, set the privacy and security settings on websites to your comfort level for information sharing. It’s ok to limit how you share information.
Make passwords long and strong: Combine capital and lowercase letters with numbers and symbols to create a more secure password.
Unique account, unique password: Separate passwords for every account helps to thwart cybercriminals.
When in doubt, throw it out: Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete or if appropriate, mark as junk email.
Post only about others as you have them post about you.

more news below

Follow @sobeqorg

Backdoor.AndroidOS.Obad.a, malware

2013-06-27T00:00:00.000+12:00

New Android malware should be wake-up call for security admins | TechRepublic: "Nicknamed Backdoor.AndroidOS.Obad.a, this malware used a hole in the code packing system to create an executable that should be found invalid, but still gets processed on an Android smartphone, by planting deliberate errors in the AndroidManifest file. Once there, it can get elevated to the Device Administrator status, but using a security hole in Android, it will not get listed in the apps listing, making it impossible to remove. And the complexity doesn’t stop there. The malware uses a lot of encryption to keep all of its variable names secret, and it will go out through a network connection, downloading a part of the Facebook home page, and use that as its encryption key, to ensure it is truly online and able to connect to its control servers. . . ." (read more at link above)

more news below

Follow @sobeqorg