This article reminded me of a few things...http://news.yahoo.com/s/ap/20070804/ap_on_hi_te/social_networking_vulnerabilities

Some questions:

When, as a society, do we become less open?
How can you tell if you have become a victim of social engineering (http://en.wikipedia.org/wiki/Social_engineering_%28computer_security%29)?
Why the heck do we have to be so fricken suspicious of everyone? <ok, maybe that's me ranting a bit:(>
How do you protect your PC and all your personal info from hackers? And, even with all the security you can think of available to your PC, how do you tell when you've been "invaded"? Cuz, we all know that all the security in the world won't keep out the persistent.Yeah, I know I'm asking these questions in a club where there's more computer geeks than I have fingers. Hell, I consider myself a geek and I don't have all the answers either. Soooo, just some thoughts.

I'm running three virtual firewalls. The best security I could find: NOD32, And, I'm tunneling in/out encrypted. I can create email addresses on the fly. Nothing, I repeat nothing has been an issue since I made these changes. Having said that, I'm sure that some of you would want to try and hack me, ha.

Nonetheless, I'm sure that some data base has what I buy for dinner, and my favorite color on it.

Your on dialup your safe ;) hehe

Ha! Yeah, riiiiight! Anyway, it wasn't a curiosity for me....but rather a bunch'o general thoughts. I mean, think about the average person who has no geekish tendencies whatsoever and is just happily futzin around on the interweb. How do they protect themselves? Honestly? It's sad that technology and "safe" use of technology is, in a sense, only for the tech-literate and that some companies out there don't do enough to protect those with no concept of protection at all.

I guess the idea of being a "well-informed" consumer is getting harder and harder to keep up with.

Ha! Yeah, riiiiight! Anyway, it wasn't a curiosity for me....but rather a bunch'o general thoughts. I mean, think about the average person who has no geekish tendencies whatsoever and is just happily futzin around on the interweb. How do they protect themselves? Honestly? It's sad that technology and "safe" use of technology is, in a sense, only for the tech-literate and that some companies out there don't do enough to protect those with no concept of protection at all.

I guess the idea of being a "well-informed" consumer is getting harder and harder to keep up with.Most folks replace their computers/spend money on repairs because of viruses and such. Protection is much cheaper.

This article reminded me of a few things...http://news.yahoo.com/s/ap/20070804/ap_on_hi_te/social_networking_vulnerabilities

Some questions:
When, as a society, do we become less open?
How can you tell if you have become a victim of social engineering (http://en.wikipedia.org/wiki/Social_engineering_%28computer_security%29)?
Why the heck do we have to be so fricken suspicious of everyone? <ok, maybe that's me ranting a bit:(>
How do you protect your PC and all your personal info from hackers? And, even with all the security you can think of available to your PC, how do you tell when you've been "invaded"? Cuz, we all know that all the security in the world won't keep out the persistent. 1. We've been becoming less open since shortly after the dawn of the information age. Initially there was this big surge towards sharing information, but then people started to realize that it made them vulnerable. So there has been a swing the other way to protect information, particularly that which can harm you.

2. Well, if it's a good social engineering attack, you won't know you are a victim until they got whatever they were after and you experience the ramifications of that. Social engineering is as much an art form as a science, and some people are very, very good at it. It's also a key reason why no information is ever truly safe - despite your best intentions to protect it technologically, the fact is there is no firewall for our brains.

3. #2 is why we have to be so suspicious of everyone. It's a paradox of where I work and what I do, because we have a community built around trust - but there are those that try to exploit that. So we have several teams of some very smart people who work to protect the "community" against fraud and unauthorized access, among other things, using some common tools and some others I can't talk about. My whole job is based around being suspicious of people, so that others don't have to be. It's a weird mindset to be in. But fun to do. :)

4. Simple answer: Don't store that information on your PC. Seriously. NEVER store your credit card numbers, SSN's, PIN's, passwords, or anything else that is used to identify you or authenticate you, other than what is widely available through public means (such as name and phone number). Other ways to protect yourself:
- First, install a firewall. Software firewalls work good. I also have a hardware one at home, but it's probably overkill. A good broadband router will also help protect your PC from someone just hitting it with network traffic, since it effectively "translates" the public Internet from your private home network. NEVER just connect a PC up to a cable or DSL modem unless it does NAT (Network Address Translation), unless you enjoy the feeling of being hacked. My cable modem does not NAT; my DSL modem does. Your mileage may vary.
- Second, anti-virus/anti-trojan software, particularly if you use any variant of Windows. Even fully patched, your OS is probably vulnerable at some level. Also, keep your AV/AT software updated as often as possible (daily if you can)!
- Third, patch your OS. If you use Windows, I recommend the auto update feature it now has, which will install the Microsoft patches for you (or at least tell you to download them). If you don't use Auto Update, then at least visit windowsupdate.microsoft.com once every week or two. If you have a Mac, let the Software Update feature run once a week (it will by default). If you are on some other OS like Linux you probably already know how to patch that anyway, if not, go read up on it.
- Fourth, keep your applications patched. Having a non-vulnerable operating system is meaningless if someone can still get in by way of a security hole in your browser or email client. Let those applications auto-check for updates as well (and really, all applications - there have been holes in MS Word, Adobe Acrobat, and just about anything else you can think of).
- Lastly, think before you click. Don't open email attachments from people you don't know, and only open ones from people you know after they have been virus scanned, since they might have been owned and their computer could be sending it out as them without their knowledge (remember, an email from someone doesn't mean they sent it, just that their computer did). Don't click random links. Don't fall prey to phishing email asking you to verify your identity, respond to a new security program, or anything else. Short answer - all of those emails are fake, and designed to get at your personal information. Also don't plug your username/password into any site you didn't physically type the URL for, which is along the same lines as phishing email.

It's a brave new world, and bad people have lots of new ways to exploit technology to mess up your life. However once you get in the habit of also using the technology responsibly, you will be fine. The big issue is that people expect it to make life easier and better, but are not willing to accept the ramifications of that or take steps to understand what it means. No great new capability should be used until you understand what you are using; otherwise you are relying on luck to protect you, nothing more.

I feel its a double edge sword with information becoming so available to anyone with the skills to find it because just the other day a problem arose where someone wouldnt reimburse my gf for her gift card she used, she asked to get in contact with the owner but they wouldnt respond.

After I became involved i made a few phone calls and using the internet and various things like public records I was able to locate the owners of the company and after compiling a directory of information just in case i made a phone call back to the place, dropping the owners name, various other companies he owned (well his wife) and asked if they still resided on "whatever street". The employee took all my info and said it might be a couple days to get back to me....low and behold with in 15 mins i had a call back and a gift card waiting to be picked up and a apology.

I never threaten, I am in no way intimidating in person. It's just the fear of information that I guess got the job done.

I recommend reading "The Art of Deception" co-authored by Kevin Mitnick, what you learn is about 90% of what he shows in the book isnt done with a computer but shows that most information can be leaked by the people themselves. Of course this will just make you more paranoid.

Until the day comes we can invent a "human firewall" we will never truly be fully protected, but on the same coin there is nothing that is truly "hacker safe"

Very good info, which reminds me...school is starting soon and this makes for a great classroom topic.

Hmmm...anyone feeling like talking to a bunch of teenagers? And this year, I'm pulling dual-duty in two programs (CTE and the alternative HS). Volunteers?

Very good info, which reminds me...school is starting soon and this makes for a great classroom topic.

Hmmm...anyone feeling like talking to a bunch of teenagers? And this year, I'm pulling dual-duty in two programs (CTE and the alternative HS). Volunteers?

I just want to sit in and watch you work with the kiddo's ;)

What's CTE?

Very good info, which reminds me...school is starting soon and this makes for a great classroom topic.

Hmmm...anyone feeling like talking to a bunch of teenagers? And this year, I'm pulling dual-duty in two programs (CTE and the alternative HS). Volunteers?

Well, you know I am (and I still want to participate in the other ways we've talked about before), but I think for it to be of any value it would need to have more structure. The meet-and-greet was fun, but to really learn about this stuff there will need to be some actual instruction surrounding it.

I just want to sit in and watch you work with the kiddo's ;)

What's CTE?

Yeah, watch me work...ha! You may just learn sumpin...tee hee.

Oh and...CTE = Career and Technical Education (formerly known as Vocational Education)

Well, you know I am (and I still want to participate in the other ways we've talked about before), but I think for it to be of any value it would need to have more structure. The meet-and-greet was fun, but to really learn about this stuff there will need to be some actual instruction surrounding it.

Working on it. The alternative HS class I'll be teaching is a basic class, but the security issues, if discussed in the general sense, are things that students need to be aware of. I'll let ya know later when we get to that part of the class. Thanks.:)