Of note – this is an article that was published internally to a corporate website.  I thought it was more informative than what I had in store to write and loved the list of what you can do at the bottom.  So, it is my hope you enjoy this post on looking at threats that will be prevalent this year.

Danger AheadDuring 2012, cyber security incidents included theft of public and private intellectual property, hacktivism, ransomware, malware targeting mobile devices, and an increase in the use of malicious software including the Black Hole Rootkit and Zero Access Trojan.  What will we see in 2013?  Below is a brief roundup, listed in no particular order, of several threats and trends we can expect during the next 12 months.

Mobile Devices in the Enterprise

As the use of mobile devices grew in 2012, so too has the volume of attacks targeted to them.  Every new smartphone, tablet or other mobile device provides another opportunity for a potential cyber attack.  Risks include access to corporate email and files, as well as the ability for the mobile device apps to download malware, such as keyloggers or programs that eavesdrop on phone calls and text messages.

New capabilities, such as near field communication (NFC), will be on the rise in 2013 and will increase the opportunities for cyber criminals to exploit weaknesses.  NFC allows smartphones to communicate with each other by simply touching another smartphone, or being in close proximity to another smartphone with NFC capabilities or an NFC device.  This technology is being used for credit card purchases and advertisements in airports and magazines, and will most likely be incorporated into other uses in 2013.  Risks with using NFC include eavesdropping—through which the cyber criminal can intercept data transmission, such as credit card numbers—and transferring viruses or other malware from one NFC-enabled device to another.

Ransomware

Ransomware is a type of malware that is used for extortion.  The attacker distributes malware that will take over a system by encrypting the contents or locking the system; the attacker then demands money from the victim in exchange for releasing the data and/or unlocking the system.  Once payment is delivered, the attacker may or may not provide the data or access to the system.  Even if access is restored, the integrity of the data is still in question.  This type of malware and delivery mechanism will become more sophisticated in 2013.

Social Media

Use of social media sites has grown beyond just sharing personal information, such as vacation photos and messaging.  These sites are being used increasingly for advertising, purchasing and gaming.  For 2013, attackers will look to exploit this volume and variety of data being shared to credentials or other personally identifiable information (PII), such as Social Security numbers.

Hactivism

Attacks carried out as cyber protests for politically or socially motivated purposes, or “just because they can” have increased, and are expected to continue in 2013.  Common strategies used by hactivist groups include denial-of-service attacks and Web-based attacks, such as SQL injections.  Once a system is compromised, the attacker will harvest data, such as user credentials, to gain access to additional data, emails, credentials, credit card data and other sensitive information.

Advanced Persistent Threat

Advanced persistent threat (APT) refers to a long-term pattern of targeted hacking attacks using subversive and stealthy means to gain continual, persistent exfiltration of data.  The entry point for these types of espionage activities is often the unsuspecting end user or weak perimeter security.  Whether focused on exploiting vulnerable networks or unsuspecting end users, APT will remain a consistent threat to networks in 2013.

Spear Phishing Attacks

Spear phishing is a deceptive communication, such as email, text or tweet, targeting a specific individual, seeking to obtain unauthorized access to personal or sensitive data.  Spear phishing attempts are not typically initiated by “random hackers” but are more likely to be conducted by perpetrators seeking financial gain, trade secrets or sensitive information.  Spear phishing is often the nexus to cyber espionage/APT and will continue to increase this year.

What Can You Do?

By using sound cyber security practices, users and organizations can strengthen readiness and response to help defend against the myriad of challenges and mitigate potential impacts of incidents:

  •  Enable encryption and password features on your smartphones and other mobile devices.
  • Use strong passwords that combine upper and lower case letters, numbers, and special characters, and do not share them with anyone.  Use a separate password for every account.  In particular, do not use the same password for your work account on any other system.
  • Disable wireless, Bluetooth and NFC when not in use.
  • Properly configure and patch operating systems, browsers and other software programs.  This should be done not only on workstations and servers, but mobile devices as well.
  • Use and regularly update firewalls, anti-virus and anti-spyware programs.
  • Be cautious regarding all communications; think before you click.  Use common sense when communicating with users you do and do NOT know.  Do not open email or related attachments from untrusted sources.
  • Don’t reveal too much information about yourself online.  Depending on the information you reveal, you could become the target of identity or property theft.
  • Be careful with whom you communicate or provide information on social media sites.  Those ‘friends’ or games might be looking to steal your information.
  • Protect your access credentials – never share or tell others your credentials (user name, password).
  • If you have a device that is used for work purposes, do not share that device with friends or family.


 

To Click or Not to ClickWhile I know the internet is something that was a ‘life changer’ for all of us, one of the largest problems with the internet is not something we can totally solve with programs and access levels. One of the big things that we need to understand better – and provide more control over – is human. To be more clear (even though I have written about this before) – we need to change our behavior.

I’m going to let you know that I agree with our current Secretary of Homeland Security (Janet Napolitano) to a certain extent (more than likely on this one issue, but … who knows). Please note, I in no way want to legislate the internet or how people use it (that is a huge difference between Ms. Napolitano / current administration positions with various legislative attempts to do just that). However, she did let something out of the bag with the quote in this story – “Every individual on the net is vulner – is a potential, uh, opening.”

Our behavior is a key element in our experiences. Too often I get machines to fix with badware on it. Why is it there? Because of choices the owners or users of the machines made. Some have no virus protection (and even Mac users need that, contrary to their popular misconceptions). Some have no other protections installed against adware, malware, rootkits, you name it. But the common denominator – in my experience – is someone clicked on something, then things quickly spiraled downhill.

You don’t have to be surfing bad sites to have the opportunity to catch bad things. It could be something that seems as innocent as most anything (like an email from your mom). That email may be spoofed and the link you are clicking on could be just what a cybercrook needs to have a file installed in your computer so they can do many less than noble things with that equipment. It could be looking at a picture you have been tagged in on Facebook, and once you click on that image things start to go downhill.

The point of this post? We need to understand that there is opportunity to have bad things happen just because we are on the internet. Because we will get on the internet, it would be beneficial for all of us to have a stance of health skepticism. Just because something looks like a duck and quacks like a duck, on the internet is still may not be the duck you think it is! Protect yourself and your information by being less trusting than you would be if you were interfacing with someone face to face. It is just too easy to pretend to be someone else and send a spoofed tweet with a link asking to (no, really compelling you, for no good reason many times…) to click on it. A link in an email that promises you a happy or funny story, a video you just have to see, or a chance to get something for nothing. An too often we click on it and pay the price.

The day I wrote this article, I received a call from a customer.  They had also received a call – ostensibly letting them know they had infected computers and this individual could assist them right then by removing the infections.  They wanted to log in – through their network (over the web) and assist.  I’m thankful for their healthy dose of skepticism (and the phone call to me).  This was just another attempt at social engineering – leveraging most folks need to help others.  Imagine the damage that could have been leveled at this set of computers (about a dozen for a local business).  They just said no – excellent!

Since 2013 is still young, take a look at how you are interfacing with strangers and strange sites on the web. Are you enabling all those games and apps that communicate with information on your computer / smartphone so your contact list can be ransacked for data? Are you entering contests with lots of required information? Are you laissez faire about the links you click on? Why not make some good changes today – be skeptical! Thanks for reading.


 

Multi-Touch Family Size TabletTook a bit of time off from posting on the blog for the month of December – time well spent with my family and friends. Of course, it seems I never get away from technology, and technology never waits for my approval to move forward.

Take tablets as a recent entry in the market. These are coming up in many shapes and sizes. I’ve written before that our family has multiple ereaders and tablets, from the Nook 1st Edition, the Kindle (they call their 1st edition the Kindle Keyboard), the Kindle Fire, a Dell Streak, and a Samsung Galaxy Tab 2. Depending on the application, we love them all – and each has strengths and weaknesses.

But what if you wanted a tablet for the family? Like, to use all at the same time? Gives new meaning to ‘family night’ doesn’t it… well even that is being developed – see Lenovo to release giant 27-inch tablet PC; stands up as a regular PC, lies flat as tablet. Reading the article you will find that this is not the first attempt at filling this market space (Microsoft did this way back in 2008), but with tablets being adopted by the public and business, the chance for having an actual market space that makes money is now ripe for manufacturers.

Over the Christmas time I was able to fit in a technology upgrade for a family business that I have worked with for a number of years. It was time to do an almost wholesale upgrade of computers. They went from a couple of Windows 2000 machines to a Windows 7 and a Windows 8 set of computers. With this, they also are starting to use a tablet on job sites with a Verizon hotspot to connect it (and any other devices they add in the future) to the web.

Why do I bring this up? There comes a time we must move forward with our hardware and software. Either the software we depend on becomes obsolete (or no longer is supported) and upgrades require new specifications that our old goodies just can’t match up to, or it becomes more cost effective to replace hardware that has exceeded its life expectancy.

Software and hardware does not wait around for your approval or mine. Things move forward. Some are quickly adopted, others take years to mature and gain acceptance in the real world. Currently Windows 8 is what Microsoft sells and vendors include on all new Windows based computers. It is a change from the Windows 2000 / Windows XP / Windows Vista / Windows 7 world that is not a bad change – it is just a change that enables them to power computers / tablets / phones with a unified look and feel. It was not totally alien to me, but things are in different places and other things are accessed a different way.

It was interesting to see the business owners take to the tablet. That is even more shocking of a change as you use gestures and different ways to navigate, install and run software and apps. Currently it is a nifty new toy to them, I can see this becoming an integral part of their work space and a valuable tool for decision making in their business.

Moral of this post? Keep an eye out for what is taking place with new devices in the world. There will come a time that you need to move forward to better enable the work / things you do via technology that is constantly moving forward. Examine your need(s) and make the switch when you see the benefit! Technology should make what we do quicker, easier, better – not hold us back from doing the things that are really important (like spending time with our families). Have a great New Year!


 

Biometrics & PrivacyIt is no secret that we love convenience.  If this were not the case, most of us would still travel to a stream / river / water to wash our clothes against a rock instead of going to the laundromat / dry cleaners / washing machine in our home.  Or perhaps we would eschew electricity and heat our homes with fire, not use anything that required charging or the need to be ‘powered’ (like your computer, a television, your appliances, lights…).  Maybe we would walk more instead of using our cars to get around.

Not willing to give any of that up?  I get it!  We’re creatures of comfort and convenience.  Heaven knows we don’t have the time or patience to cook a meal instead of putting one in the microwave (or going to some fast food joint to pay for the convenience of others preparing something for us).  We built all this stuff and will hand it off to our children because we know best and have left them a better place than when we grew up in.

And that is the point of this post.  Since we marvel at the changes coming in technology and the convenience that this brings us, it is no surprise we don’t look at the long term effects or possibilities this holds for us.  We’re here in the ‘now’ and don’t have time to contemplate the future impact.  But make no mistake, the changes happening today and in our recent past continue to reverberate well into the future.

Let’s talk about privacy.  An entire organization has been built from the ground up under the auspices of protecting us – the TSA.  This very expensive and very (in my opinion) ineffective organization continues to grow and has started to permeate many other areas of society – apart from air travel – with barely any discussion of citizen concerns for their mission and tactics.  A new force of our government to dictate the behavior of the masses.

But I digress – how did we come here, what is happening now, and what is the potential impact on our (and our children’s) future.  Let’s look at a couple of experiments in our public schools.  Like it or not, once these experiments start in our schools they are more than well on their way into many other areas of society and our lives.

An article written in the USA Today (by Brian Shane) recently caught my eye – Palm scanners get thumbs up in schools, hospitals.  While many showed only superficial concern (transmission of germs by multiple folks using the device – really?  That’s all you have”  Don’t even think about all those folks grabbing the door handle of the bathroom you just existed without washing their hands…) there was one parent who opted their son out of this experiment.  Imagine that, his son would have to pay with (gasp) cash (talk about dirty!).  And would be (gasp) responsible for securing it until needing it.  How inconvenient for all involved – yet it certainly takes care of any privacy concerns.

Another article from CBS Houston had the headline of Schools’ Tracking Devices Causes Controversy.  Here the students movements are tracked like boxes of merchandise waiting to be shipped to fulfill our shopping needs at our local WalMart (or mom-n-pop store if you prefer).  RFID has been around and in use for some time, and expanding this technology seems to be on the rise.  But when one student refused to play well with this experiment (that was suppose to assist in tracking attendance, thus securing more federal funds according to the article) they were threatened with removal from the school.  How’s that for an education (or indoctrination – comply or else)?

Now my intent here is not to come across as someone that sees evil or ill intent with technology.  I did, however, want to use words to get you to think in stark terms of the initial convenience promised and the current tactics for asking for you to comply with these benevolent keepers of our kids.  And technology is good, it can be a great help, and I’m not suggesting we roll back the clock.  I am saying we may not have thought very far in the future about how these devices – and the information culled from us and shared in massive data repositories – will be used as we move forward.

Are you keeping an eye open for the advances in technology that are coming near you?  Where would you draw the line on privacy?  Biometrics (eye / finger / palm scanning)?  Naked body scanners and intrusive pat downs (coming or are already at an airport near you)?  Embedded RFID chips?  Dependence on credit cards (that are tracked well, but there are improvements and additional conveniences in the works)?  Think about the future of where all this information ends up and how the lives of those that follow will be impacted (for good, and perhaps not so good).


 

iGoogle is going awayIt seems like a long time ago that Google announced they would be shutting down their iGoogle option.  What is that?  Well, it was a great way for me to put information via RSS feeds into tabs that I set up – it allowed me to see important information to me!  It was announced in July of 2012 that the would take place in November of 2013 – so there was plenty of time to figure out where I needed to migrate to.

But it got me thinking – why should I wait?  The fact of the matter was the users of iGoogle knew a good thing when they found it, and they used it.  So there was no surprise that users were less than pleased with this decision by Google.  And the truth was, there were not many alternatives that let you do exactly what iGoogle let you do.  Or – do it as well as iGoogle did it.

So within a week of learning about the announcement I started to hunt for what I was going to switch to.  I was not super pleased about having to change what I was comfortable with, but there are a number of reasons a company can change, and I need to be flexible with a free service – I had gained everything and lost nothing!

The first article I read on alternatives as Three Alternatives to Your iGoogle Home Page on PC World by Rick Broida.  I found my answer in that post, however Rick kept getting feedback and posted Two More Alternatives to Your iGoogle Home Page as an update.  Then, he posts again in October an article titled igHome gives displaced iGoogle users a familiar home.  Each of these are a starting point for those of us wanting to replace a home page we had come to know and love.

Which one did the trick for me?  For me it was NetVibes.  It is a bit more powerful than iGoogle, and somewhat less configurable in some areas (you depend on feeds crafted by others).  And there are some ways that NetVibes just rocks over the old page (when doing a bit of mining and analytic work).

So – why write this?  Just to say whatever it is that you have come to cherish and rely on as tried and true or trusted – be aware it can and will change at some point as technology moves forward.  Be on the lookout for new trends and creative ways to do the things you want to do with your machine / laptop / tablet / smart phone.  The ways that worked well in the past just may go away as we move to something more useful.

Oh, just wondering – when was the last time you looked in the white or yellow pages for a phone number?  What about look at a paper map to plot directions?  Things keep moving forward – are you staying stagnant?


 

What Is Your PlanAfter the successful recovery of my computer, on the East Coast we were faced with a potential hurricane strike.  Since it’s a presidential election year, I thought most anything would be a better post than something that is tugging you one way or the other!  But, in honesty, this post should pull you one way – towards some plan to recover what you deem valuable / irreplaceable.

Planning for a disaster takes just a bit of thinking.  It also takes some action to prepare.  Lastly, you need to execute the plan.  Truly, it’s that simple.  If you think your computer could crash(and, this is entirely possible no matter what computer or device you have because hardware fails), perhaps you could benefit from a bit of planning / preparation / execution.  You would plan to back up your important files.  Ideally, you would back them up on some storage that could be kept away from your residence in the event … say, a hurricane blew through.

While that sounds odd, it is true.  There are entire services built on backing up your important items on your computer offsite (like carbonite.com, mozy.com or dropbox).  There are pluses and minuses with these services, just like any other solution you can review.  Where are your files?  Who else can access them?  The bottom line is, the important files you write up to these services are there and you should be able to get them back!  Perhaps that would not be possible if your computer was destroyed in the hurricane along with your backup CD’s/DVD’s/External Hard Drive.

However, the first step is thinking.  Don’t think a disaster won’t hit you – at some point it will (even if it is just a computer crash).  So get to thinking what you will do!

Next step is planning for a catastrophe.  Perhaps you purchase some backup means for your computer.  Great – now you need to figure out what to backup.  You are now putting your thoughts into action.  You are making decisions and doing tasks to ensure you have backed up and secured important stuff.  For our personal storm preparation around the house (for the hurricane) we do simple things that protect our home and our neighbors homes – we secure all the loose things in our yard.  Why?  So it doesn’t become missiles!

Lastly comes execution.  This is something that is done before the disaster so that we can recover from the disaster.  That means to backup your files.  Then check to make sure you can access those files.

The best plan in the world is of no use if it is never executed when needed.  Hard to believe?  Try this experiment.  If you are like me, I need a list to take with me when it is time to grocery shop (I wish it worked like that for the home improvement stores…).  So make your list, compile it as the week / weeks go on.  Add items you are running short on, make sure you have everything on it.  Next, forget the list and just go to the store.  Check to see how well you did with purchasing all the items that were on the forgotten list.  How did you do?  If I am any indication, you may have experienced an epic fail.

All those words to encourage you to plan to recover / survive failure.  You can plan before the storm and have a good chance of success.  Of course, you can plan after the storm, but your potential for success has plummeted.  It’s your choice!


 

Hard DriveIt must be October – at least that is my wife’s theory.  You see, it seems every year one of the computers in the house experiences some challenges during the fall time frame.  This year – it was my computer’s turn.  And of all the folks you may read about, I had best be the one taking my medicine about backing up data.

I thought I would recount this to you – not because I’m a glutton for punishment, but rather it is a story of how this can be done.  There are certainly other ways, some a bit more laborious, others a bit easier.  And the steps you may take could be based on the problem or issue you are experiencing.

In my case, all was well.  Purchased this laptop in November of 2011.  I keep it updated and tuned so I can get things done (my wife say too many things, working the machine to death).  Worked on my computer Monday until around 8pm with various items that needed attention (10/8/12).  Woke up Tuesday to start my day and was greeted with interesting messages on the screen.  My attempts to recover were not successful by the time I had to leave for work.  When I returned they were still not headed in a positive direction.

My suspicion was software corruption – at first.  Windows would not start but could get to the rescue screen.  However, not much from the rescue screen was being helpful, and I could hear a high pitched whine from the laptop.  Soon as I heard that I then suspected an eminent hardware failure.  I have been to this rodeo before with a machine or two.

After I had done my due diligence, I called the laptop vendor (I’m now using an HP laptop, this is my first HP after using many Dell’s – and I was not unhappy with Dell, just purchased this on based on price point for comparable computers this time).  While I knew the hard drive had failed, I went through the necessary tests the the agent on the phone, and they were shipping me a new hard drive.

Now I had some time to get fines off, if possible.  Not much was possible, but I was able to retrieve a few files off before the drive completely failed.  I knew any access could be the last time I accessed the files, so I got the most recent copies I could – why?  Because I actually DO back up my files regularly.  The last back up I had was from 10/1, so I had not ‘lost’ much of the work I had done or the files I needed.  I restored from back up with no issues at all – for the files I had backed up.

The new hard drive and restore disks were at my house when I got home from work Thursday (10/11) and before I went to bed the laptop was up and working, just needed to restore all my back up files.  And this went smooth, mostly!

The only areas I had not backed up – or did not back up as frequently as I should have – were my pictures (but all of them that I had not backed up were on the camera SD card, so no issues there) and my music.  When I put the music folder over, I only had about 8,500 songs in iTunes.  That was low by 2,000+ songs.  Now what should I do (other than learn the lesson to back this up a bit more often)?

Here is where a shout out to Music Rescue (from KennettNet) comes in.  I started to look for a solution to get this music off the proprietary iPod so the play lists, track names and all the meta data was in tact.  I know there are ways to hack through this, but none are super clean, and I had put many hours into the 2,000+ tracks that I had not backed up (ripping the CD’s, ensuring information was correct, adding artwork, etc.).  So the question to me was – how much time is this worth for me?

I found the answer – I’d pay the fine folks from Chicksands, Bedfordshire (in the UK) for their work to make my life easier.  For less than the price of 2 CD’s, I’d gain back hours of time doing a bit of rework.  And that was the most difficult part of the restore!

So, this was a success story.  Lost no access, could get to my email via the web, and am back up and running within a day (fully functional and all files needed).  The moral of the story?  It is worth the time and effort to back up your data.  You never can tell when hardware will fail!