Skip to content

The Best Replacements for Privacy-Invading Services: Hey! I just wrote about this!

The Best Replacements for Privacy-Invading Services

Now I really feel like a Borg – it’s like we’re all thinking (and writing) about the same thing. It’s hard to tell where the ideas come from sometimes.

Threatsaurus | The A-Z of computer and data security threats | from Sophos FOR ALL AUDIENCES

Threatsaurus | The A-Z of computer and data security threats | Sophos.

Major AntiVirus Software Offers ZERO Protection: Hacker Intelligence Initiative 2012 Report from Imperva

Results of Testing: More than 40 tested AV solutions provide zero protection against new viruses, and take weeks to update their signatures, according to new report from Imperva 2012 in-depth analysis. Thank you to Bill Mullins for finding this data. Thank you to Imperva http://www.imperva.com

I have a PDF link to the report below and an executive summary of the findings.

It’s not a long report and I consider it a must read for this week! Lot’s of graphs and charts – easy to understand.

Hard to know what do do about it though…

HII_Assessing_the_Effectiveness_of_Antivirus_Solutions.pdf application/pdf Object.

Executive Summary:

Assessing the Effectiveness of Antivirus Solutions
Executive Summary
In 2012, Imperva, with a group of students from The Technion – Israeli Institute of Technology, conducted a study of more than 80
malware samples to assess the effectiveness of antivirus software. Based on our review, we believe:
1. The initial detection rate of a newly created virus is less than 5%. Although vendors try to update their detection
mechanisms, the initial detection rate of new viruses is nearly zero. We believe that the majority of antivirus products on the
market can’t keep up with the rate of virus propagation on the Internet.
2. For certain antivirus vendors, it may take up to four weeks to detect a new virus from the time of the initial scan.
3. The vendors with the best detection capabilities include those with free antivirus packages, Avast and Emisoft,
though they do have a high false positive rate.
These findings have several ramifications:
1. Enterprises and consumers spend on antivirus is not proportional to its effectiveness. In 2011, Gartner reported that
consumers spent $4.5 billion on antivirus, while enterprises spent $2.9 billion, a total of $7.4 billion. This represents more
than a third of the total of $17.7 billion spent on security software. We believe both consumers and enterprises should look
into freeware as well as new security models for protection.
2. Compliance mandates requiring antivirus should ease up on this obligation. One reason why security budgets
devote too much money to antivirus is compliance. Easing the need for AV could free up money for more effective
security measures.
3. Security teams should focus more on identifying aberrant behavior to detect infection. Though we don’t
recommend removing antivirus altogether, a bigger portion of the security focus should leverage technologies that detect
abnormal behavior such as unusually fast access speeds or large volume of downloads.
To be clear, we don’t recommend eliminating antivirus.

Free Email Certificate for Digital Signatures and Encryption (personal use)- COMODO

Free Email Certificate, Secure Email Certificate, Email Digital Sign- COMODO.

They also offer free SSL certificates. There is a small fee for business use of these wonderful offerings.

Citadel: a cyber-criminal’s ultimate weapon? | Malwarebytes Unpacked

Citadel: a cyber-criminal’s ultimate weapon? | Malwarebytes Unpacked.

Sometimes you’ve just got to pay for the Lamborghini*** if you want to get there fast and you’re going after the big prize, right?

So – this ain’t one of the free ones that I’m going to be telling you about, know what I mean? But it all depends on what your goals are, doesn’t it?

Well.. I guess the Lamborghini analogy only goes so far… but I would just love to drive one ONCE in my life (forgettabout owning one…) I can dream, can’t I?

So – let’s choose which one:

http://www.lamborghini.com/en/models/

OK> I’m done! (yes, I can drive any stick shift)

code2600.com trailer link – Probably THE most important, contemporary, Cybersecurity film in recent memory !

Click Here:

code2600.com – the trailer

The MOST important film about information security and privacy that has come out in recent memory. For ALL audiences – no tech knowledge required.

PLEASE WATCH this trailer!

It doesn’t matter if you don’t know a mouse pad from an iPad. SERIOUSLY.

It is not even remotely technical – but it will open your eyes to what is REALLY going on out there every single moment of every single day of our lives. And that is NO exaggeration.

You might (I hope)t never look at your own interactions with the world in the same way again.  After just watching  this trailer! If you take it seriously.

Or, you might just write it off as paranoia and say “it’s not going to happen to me.”

Right now, those of us who write and speak about this are almost always written off as fringe extremists. Well-intentioned, but prone to paranoia you’d say. Right?

NOT!!!!

Don’t even read the rest of my long-winded post if you’re bored… just watch the trailer. Let’s see if we can get the film somehow (I don’t know how  – I contacted the distributor today).

I’m so embedded into the Google/Facebook matrix (will it become GoogleBook some day? Who will win in this quite sinister and insidious drama that you don’t even know about…) that I don’t know HOW to extract myself.

I will try – but the data is out there and these footprints are more permanent than the ones on Hollywood Blvd.

WAKE UP CALL PEOPLE!!

Take a real look at what it really means to be using EMAIL! (the way that most people use it right now…)

If you only focused on that ALONE,  you’d be five YEARS ahead of 99.999% of people…

Don’t trust me! Do some research on… dare I say it.. that data-mining powerhouse… Google!

Put in some search terms like “is email secure?” or something like that.  Or  – ‘implications of using plaintext email’ (which is what it is).

Check on the Comodo.com Website – just for example. There’s a nice little statement about email on there- they’re not even selling you anything (or rather – they have free versions of just about everything you’d need).  I think it’s right around where they offer free digital certificates from a trusted Certificate Authority. Read about Digital Signatures.  I did,  and I use one now on every email I send. It took me a little bit of brain power to figure out – but it was FAR from rocket science (because I’m far from a rocket scientist 🙂

Read my post about the new exponential increase in the “ways and means” by which Facebook is potentially going to give even Google a run for its money as GOD OF DATA-MINING!

I’ll start to  explain (from a beginner’s perspective however) how this is all so easily done with some basic training:

I’ll list the TOOLS and/or software (almost all free), most of which I don’t even really know how to use yet as a beginner, but I’m learning,  I’ll also try to create a compendium  or library of online, up-to-date, sources/resources for news and information, that verifies, explains, and reveals why you would be ABSOLUTELY mistaken if you decided not to take this seriously.

Or,  if you were foolish enough to think that it wasn’t already happening, en masse.

Free tools we can ALL download in seconds… that hackers use routinely:

Tool  ONE (of MANY)

Let’s start with Wireshark..   http://www.wireshark.org/

Then there’s Tenable Nessus

Airsnort

This is just a two second, off the top of my head list… I can come up with dozens and dozens of others and those are just the ones I know (which is probably the tip of the iceberg. .

Go to the DefCon Website

Note: There is no harm in posting these tools. They’re straight from my textbook for the most part. You can get them in seconds with any search engine for Pete’s sake! They’re not the problem. They need to be readily available and they are routinely used by network administrators and security professionals to find vulnerabilities in networks – it’s essential!

It’s like any ‘practicing’ that people do in sports or whatever. You simulate and learn from experiences that are as close to real (or probable) as possible. The military calls them wargames. They’re nothing new – just new tools for the job.  It’s called Penetration Testing (love the sexual innuendo there?) in the Information Security/Cybersecurity field.

Many more tools and links to what’s really going  will follow – I promise!

Are there solutions?

YES – one thing is called encryption (also ancient in origins) We need end-to-end encryption to become a matter-of fact for anything and everything we do!

Is it easy to use now? Not easy enough, unfortunately. Certainly not for the general consumer audience. It’s too hard, I think. It CAN be done,  but the likelihood of adoption in its current form is close to zero IMHO!

NOTE: This obviously will NOT stop folks from divulging stuff on so-called “social media sites,” even though behind that lovely facade of creating a wonderful world of sharing there lies a data-mining beast the likes of which has never been seen before in the history of humanity.

Read all about it on my site – and do your own research! But don’t trust the people selling you the product- – get it?
These sites, GoogleBook and such,  (and I’ll have to provide evidence to back this up)  are very much like magicians in how they interface with us – there is a lot of ‘slight of hand’  and misdirection going on.

They’ll continue to make LOUD public announcements stressing their new ‘security measures’ and how they are increasing your privacy day by day!!!!

That is what you’ll read about in the news and what you’ll believe – because you WANT TO believe it and because you know no other reality and have RELINQUISHED CONTROL.

You feel that privacy is an absurd notion in this day and age,  and it’s FAR too late to exert any control anyway. Right?

YOU ARE WRONG!

There is actually HOPE for us,  and certainly hope for those that we train correctly for their journey into The Matrix!

These TOOLS – the ones that allow invasion – and the ones that enable protection – have actually been around for AGES (in Internet time).

The social media nightmare though?

That’s sort of newer – and harder to grasp in terms of true implications because even the companies themselves haven’t yet ‘invented’ the ways in which they can and WILL use the data.

Read my posts as they develop, and if you think I’m some sort of lone gunman on this,  I can refer you to many other MAJOR bloggers and writers who have already written to me privately that they agree with every single thing I have just said.

Let me hear from you!

Questions, Comments, Suggestions,  etc. for stuff I’m looking for,  and stuff you want me to look for!

Anything goes. I want to start to make this a conversation instead of a lecture! 🙂

Cryptography…

food for thought… I can’t comment since I’m an absolute beginner as a first semester cybersecurity student – but I’m reading as much as I can!

Holy Hash!

Software developers regularly attempt to create new encryption and hashing algorithms, usually to speed up things. There is only one answer one can give in this respect:

What part of "NO" don't you understand?

Here is a short summary of reasons why you should never meddle in cryptography.

  1. Cryptography is mathematics, very advanced mathematics
  2. There are only a few good cryptographers and cryptanalysts and even they get it wrong most of the time
  3. If you are not one of them, never, ever, ever try to write your own cryptographic routines
  4. Cryptography is a very delicate matter, worse than bomb defusing
  5. Consequently you must know that most usual “cryptographic” functions are not
  6. Even when it is good, cryptography is too easy to abuse without knowing it
  7. Bad cryptography looks the same as good cryptography. You will not know whether cryptography is broken until it is too late

So, I hope you are sufficiently convinced not to create…

View original post 126 more words

From Sophos: The A-Z of Computer and Data Security Threats

Excellent! Exactly what we need to see more of! Get it out there so people can begin to let it sink in and do something about it! Thank you for creating this!

IS&T Security FYI

Sophos has written a guide that helps even your grandmother understand phishing and encryption. “Threatsaurus,” a .pdf guide you can download for free from Sophos, and is written in plain language, not security jargon.

According to Sophos, “Whether you’re an IT professional, use a computer at work, or just browse the Internet, our Threatsaurus is for you.” It includes an A-Z glossary on computer and data security risks as well as practical tips to stay safe from email scams, identity theft, malware and other threats.

Find the downloadable “Threatsaurus” here.

Disclaimer: MIT (and IS&T) does not officially endorse, support or recommend Sophos products. Please contact the company directly if you are interested in them.

View original post

Onion Routing – good article that tries to explain basic security online – one of many

Onion Routing.

Good article. If only people would start to listen and do some of these things.

Tomorrow – I’m going to start posting links to the TOOLS we (ummm… we cybersecurity students and they – hackers) can easily use to gain access to just about anything. Since I’m a beginner I’ll state right up front that I barely know how to use these tools (yet) – but I do know they’re out they’re – they’re mostly FREE – and they’re highly effective and very, very sophisticated.

Why do WE have or use them? Because it is the Prime Directive that those of us who seek to PROTECT networks (and therefore your information) MUST be able to probe those networks (penetration testing) for vulnerabilities just as well as the miscreant trying to access said networks…. You look for holes and you attempt to fix them. It’s how it works – or should work.

What ELSE is done with these same tools? I think you can guess. Can’t you? Let me know if you can’t. More on this tomorrow. Or today since it’s 3:43AM and I need to get some sleep!

When It Comes to Security, We’re Back to Feudalism | Wired Opinion | Wired.com

When It Comes to Security, We’re Back to Feudalism | Wired Opinion |Wired.com.

Personally, I think that the data-mining capabilities of Google and Facebook make them the two biggest threats to information security and privacy that have EVER existed in the history of the world.

Whatever they may offer (privacy tools???) and whatever they may say publicly, the reality as I see it is that there is an absolutely monstrous gap in the public consciousness between what it even MEANS to digitize information (those permanent footprints or fingerprints or whatever dopey thing you want to call them – that are there indelibly and irretrievably) and the potential implications and effects of that digitization.

These companies aren’t evil in any way. They’re just  – how do you say it? A-moral? Or Neutral when it comes to impact? We’ve seen this when it comes to the exposure of places like (well, really any big company) using Chinese (what is essentially sweat-shop) labor.. and countless ways that defy imagination.

The point is – people can’t even conceive of how their information could be used. In fact, I surmise that even these companies themselves have only just begun to figure out how they can use the untold terabytes of information that flows into them every single day. I’m not even sure there is a means of quantifying it. But, they hire the BEST and the BRIGHTEST and well they should.

The conundrum remains though. You can’t teach people about something they don’t even know exists. It’s just not on people’s RADAR in general. It won’t be until there’s a critical mass of exploitation. I’ve got NO clue as to what that breaking point will be – but it will happen.

Unfortunately, it is already too late (in a sense)  for most of us – who have been (including myself – and I’m a cybersecurity student!) streaming information out there for countless years… all in cleartext – all sitting on countless redundant servers in countless places around the world.

I’m staggered by the implications and I don’t even think I know the extent of the implications 🙂  Until encryption is (hate this word) UBIQUITOUS there is really not much hope. And until people stop putting their lives online (which is almost inconceivable actually at this point in how society functions) – or are much, much more selective about it – it is probably hopeless. We can only true to accelerate the seepage – and keep writing about it until it seeps into public consciousness and then maybe we can (or some generation can) come to grips with the Matrix that we’ve already created. Right now though? We aren’t even putting on the bandages that are out there – because people don’t even know they are bleeding!

%d bloggers like this: