National Cyber Security Awareness Month 2007
Did you know that it is National Cyber Security Awareness Month 2007? What have you done this month to increase or even check your secutity? I didn't even know it was such a month and I have implemented a little troll blocking. I'm looking at the Google authentication API, and thinking that making a widget to make sure folks have to login with a Google account to see your blog wouldn't be a bad thing, and that using that to see if they are are on a list of people you don't want on your blog might be good. Kicking them out, if they are would be better.
I'd urge that anyone who doesn't use FireFox, to move to using it as their primary browser. I have seen many a time I would read of an exploit, only to have Firefox updated within a couple of days patched and updating, something you won't see with IE.
For those who have the resources and the technical leanings, there are other things you may want to do. Like installing an Intrusion Detection System. You've probably seen these referred to on TV(i.e. Criminal Minds, NCIS, etc.) Its good to know if somebody has been snooping on your systems. Always think security, it might save your life, or your bank account.
Don't show people screen-shots of your desktop! It gives them too many clues as to what you are running, what browser, what other software you might have that can be exploited to gain access. Just kindly decline for security reasons. Let them know what the reason is, so that if they don't know, they aren't exploited.
UPDATE Oct 19, 2007:
I just ran across this on Slashdot:
"ZDNet is reporting that hackers are actively exploiting a zero-day hole in RealNetworks' RealPlayer media player, a software program installed on tens of millions of Windows computers worldwide. The in-the-wild attacks targets a previously unknown and unpatched ActiveX vulnerability in the way RealPlayer interacts with Microsoft's Internet Explorer browser. The flaw is causing drive-by malware downloads when an IE user simply browsers to a maliciously rigged Web page."
Labels: Better Blogging
posted by Charles @ 5:21 PM
Comments: 28 <-<<Add One!
28 Comments:
Great tips Charles. I am looking into that intrusion detection system you mentioned.
charles..thanks for this great information and your tip about the desktop screenshot was greatly appreciated.:)
tc
I guess you are right about the intrusion detection instrument. I must see to that too lest some chicken wi...er bad guys get in.
I hope you have one against wi... er.. bad guys too...
Give Hallmark a chance and they'll soon have a card made for this day/month as well. pfffft!!
But I will check it out ;o)
Here are a few more tips:
1) Avoid using the admin account on your computer. Hackers assume you have full rights to the computer so they write their viruses and bad code to that. Create a user account with limited rights so you are protected.
2) Change your password often (every 3 months)
3) Verify web addresses before clicking on a link in an email. Bad links can be sent to you masking a ligit site, but the underlining link takes you to a hacker site.
4) NEVER give up personal information via email.
5) If you suspect you have been compromised, ask for help from experienced computer support.
Being safe is taking responsibility for your protect.
Mike,
Thank you for that, I didn't go into a lot of detail on this post, my desire was to raise awareness of security, but since you started perhaps others would like to chime in with suggestions.
I'll add that passwords should be at the least 8 characters long, and longer is far better, and they should include mixed case (upper and lower case) at least one digit and a special character that is neither letter or number. They should not be things like mother's name, the name of your pet, etc. Including two unrelated words is a good strategy (i.e. R2ocket_Bather!(please don't use my actual example).)
BTW. Notice, I broke up a word, this too is a good thing. By Using two words, breaking them up and using numbers and special characters, you reduce the possibility of hackers successfully using what is known as a dictionary attack. By its being long(I wouldn't recommend more than 15 characters, some systems want to puke when you do,) you DRASTICALLY increase the time and calculations necessary to crack your password. By breaking the words, even use of Rainbow tables are crippled, since most are created from entire words.
It burns me up that we even have to be concerned about all of this.
More good tips, Charles and Mike.
Thanks for sharing, I will take all the help I can get.
I was amazed about the fact that putting up a profile pic. can keep the slugs from faking your comments.
I was clueless when it came to blogs.
Charles, you rock!
National security month, huh?
What an ironic coincidence! ;)
(See, they are contagious!!)
hugs,
--snow
Snow,
HUH? What did I do? Did I miss something?
` Wow, you know I saw a 'tag' thing on someone's blog where you show screen shots of your desktop! Wow, that sucks!
` Glad to know Firefox still rules! I really hate it when internet cafe people are angry that someone has installed Firefox.
Sara,
Yeah, its a tag I've seen a couple of times recently. When I see it I cringe, I've put the warnings out there, some listen, some don't. What more can I do?
Oh--cause you wrote this: "I didn't even know it was such a month and I have implemented a little troll blocking."
:)
--snow
Snow, being an IT Chick, you didn't know about NCSAM???
Snow, we gotta talk!!
God knows we could all use a little troll blocking sooner or later.
` What if I put this up? What can people find from me of that? (I hope Imageshack doesn't delete my account for this....)
You know I have NO clue as to what the hell my comment is suppose to mean. I had been reading a different blog previously and for some reason I got a bit confused? Off the beaten path? Whew...talk about a blond moment....dang.
Gee Thanks for that update!
Jillie,
I assumed that you meant that the greeting card companies would make a card for National Cyber Security Month.
Mona,
This is the sort of thing we don't want folks to know about our systems, as far as what we may have installed.
Wow, I had no idea. Thanks Charles, betcha thought I was never comin' back! *wink* :) Anyway, how are you, Charles? I'm good, I just posted something earlier, if you're interested.
Jessica,
I figured the new beau was taking up all your attention. I'll head over now.
This comment has nothing to do with this post but I just noticed that your blog had reached a Google Page Rank of 3! Cool! :D
NGAC,
WHA? How'd that happen? You must have used some wacky search criteria.
Haha, very funny, Mr. Charles, you do know I'm into that....lol...anyway, hope you like the site...
dude, no good was right, just type in 'one man's intelligence'... google rocks
i don't even rank in the top 80...
Thanks Jessica,
Court also sent me
Dig Pagerank in 700+ datacenters.
'm still a bit on the mystified side of things, since I really don't know what would have pushed my ranking up so. Perhaps someone at Google liked my Top Post (WMD? GWB.) Maybe it has to do with the NCSAM post or with Troll blocking. I really don't know. Its not as if I have been trying to get good page rankings. My posts are erratic at best. Perhaps the second heading with the CONTENT="no-cache" in it caused it. hmmm...
As Alice once said, "Curiouser, and Curiouser!"
Charles, I meant PageRank and not Google search result rankings.
You can check yours here or here
Here's the really strange bit- I have a PageRank of 2! I think it's probably because of you and Mona linking to me ( she has a PageRank of 4, it's been there for a long time ).
Weird.
P.S. I noticed because of the PageRank indicator on the Google Toolbar.
Really! You Reached #3 with google!
ANOTHER TREAT!
Minus, Pizzas n coffee & buffalo wings...
:D :D :D
((((((((HUGE HUGS))))))))))
Post a Comment
<< Home