Two men are being chased by a bear. One says to the other: “There’s no way you can outrun that bear.” The other man replies, “I don’t have to be faster than the bear. I just have to be faster than you.”
The basic premise of that joke also applies when it comes to computer and Internet security. Cyber attackers are your “bear”, and the fact is you don’t have to have the best security. You just need stronger security than the next guy. In many cases, simply having any protective measures at all makes you a more difficult target and ensures that you aren’t the “low-hanging fruit”.
Criminals in general are typically creatures of opportunity, and likely to take the path of least resistance. A skilled thief might be able to nab a wallet out of the pocket or purse of just about anyone, but given the choice between a person with a wallet in a zipped up purse slung over her shoulder, and a guy with his wallet hanging halfway out of the back pocket of his jeans, the guy in the jeans is much more likely to be the target of choice.
Stop for a minute and think about your smartphone or tablet. What sort of accounts and information might be compromised if the device was lost or stolen? Doesn’t it make sense to take steps to protect it?
Your mobile device most likely contains all of your contacts, and calendar information. It has personal photos of your family, friends, and co-workers. It has your email, and apps that connect to your various social networks like Facebook and Twitter.
Ideally, you shouldn’t store your password or logon credentials for any of the apps. But, nobody wants to have to enter their username and password every time they want to use the Facebook app, so odds are pretty good that someone who “finds” your smartphone or tablet would have unfettered access to much of your personal information--and possibly sensitive information about other people you know.
Do you have a LinkedIn account? If so, you need to go change the password right now. Hackers have apparently breached the social network and have exposed an estimated 6.5 million account passwords.
Look at the bright side. You have probably been using the same password on LinkedIn for far too long, and you’re most likely using the same password on multiple websites and social networking services. This is a perfect opportunity for some password housekeeping.
Standard password practice suggests that you should change your passwords periodically. The timeframe may vary depending on the site or service, but for any account that has access to sensitive personal information or financial account data you should be changing the password at least every 90 days. That way you’ll hopefully stay a step ahead of any password breaches such as this one.
The current Facebook rules require that users be at least 13 years old in order to join and set up a Facebook profile. However, Facebook may soon open the floodgates and allow younger children to join the social network as well.
A report in the Wall Street Journal suggests that Facebook is actively working on policies and controls aimed at allowing younger Facebook users. The article claims, “Mechanisms being tested include connecting children's accounts to their parents' and controls that would allow parents to decide whom their kids can "friend" and what applications they can use.”
The minimum age requirement on Facebook is more or less a joke anyway. Simply lying about your birthdate easily circumvents the policy, and Facebook does little (if anything) to enforce it. The arbitrary age cut-off seems to exist solely as some sort of legal protection for Facebook so it doesn’t have to address requirements stipulated in the Children’s Online Privacy Protection Act (COPPA).
It would be awesome if someone could develop a stealth computer program that could infiltrate enemy systems to surreptitiously gather data, or possibly even to shut down or damage elements of the nation’s critical infrastructure. It would be a much more efficient method of obtaining covert intelligence or crippling enemy capabilities without putting lives in danger.
Of course, the code might be discovered by the enemy or a third-party, and all of the brilliant engineering that went into developing the threat might also be used against its creator. Creating such a threat is a Pandora’s Box that can have serious negative consequences. In a nutshell, that seems to be how the Stuxnet virus is unfolding.
Flame (or Skywiper) is a massive, complex threat. Weighing in at 20 megabytes, and somewhere around 750,000 lines of code, Flame is much closer to a commercial application like Microsoft Word, or Intuit’s Quicken than it is to the vast majority of malware attacks out there. The question is should you be concerned and what can you do about it?
At a conference in November 2011 Regina Dugan, director of the United States Department of Defense DARPA network, explained, “On average, the malicious code, viruses, bots, worms and exploits that try to penetrate [our networks] rely on 125 lines of code.” Flame is comprised of more than 7,000 times that.
When a security vendor gets a hold of a malware sample, it generally takes a matter of hours--or even minutes--to reverse-engineer it, figure out what it does and how it does it, and develop a signature to detect the threat and protect systems against it. Fully deconstructing and analyzing Flame could take months, or even years.
Using Siri is like having a know-it-all friend you can carry around in your pocket. But, you might need to be concerned with what this “friend” knows about you or how it might use that information behind your back.