Binary Code

Computers and other electronic devices store information as Binary Code (which is a series of 1s and 0s that might look like this: 10101001 01101100 11001010).
Network Topology Map

A Network Topology Map is a diagram of a computer network's components, including network access points and connections between its various parts.
Fake Anti-Virus Software

Fake Anti-Virus Software - also known as 'scareware' - is designed to trick you into buying worthless anti-virus protection that you do not need.
Domain Name System

The Domain Name System (DNS) is like the ‘telephone book’ of the Web – it translates a website's name into its corresponding numerical IP address on the Internet.
Social Engineering

A Phishing e-mail is an attempt to trick the recipient into giving up information, such as account, credit card or password information.
Data Encryption

Data Encryption is the intentional scrambling of information into unreadable form - until it is later converted back into its original form by the intended recipient.
Botnet, or Compromised Computers

A Botnet is a collection of computers compromised by a malware attack that can be controlled remotely (via the Internet) to attack websites, send out spam emails, etc.
Distributed Denial of Service Attack

A Distributed Denial of Service (DDoS) Attack can use a botnet to force a website, network or other resource to shut down by overloading it with requests for data.
USB Flash Drive

A USB Flash Drive, aka a 'stick drive' or 'thumb drive' is a portable data storage device which connects to a computer's USB port to send and receive data.
Electronic vs. Static Media

Static Media is something like a book, magazine or printed photo, while Electronic or Digital Media (websites, digital photos, etc.) requires power to be viewed.
Administrative Access

A user with Administrative Rights has unrestricted power to create, modify or delete files, folders, settings and programs on a particular computer.

The Phishing Gallery – November 2013

Posted on November 8, 2013 by Scott Aurnou

By Scott Aurnou

‘Phishing’ attacks are designed to steal your personal, financial and/or log in information. This can be done in a few ways, including via email or text message (referred to as ‘smishing’). They often contain links to websites that look legitimate but are really there to steal your account log in information or host malware ready to attack your computer as soon as you click on the link. These emails and messages can also be used to lure you into contact with scam artists posing as potential clients or officials offering to release substantial funds to you if only you would be so kind as to give them detailed personal information and/or a sum up front. Phishing attacks are generally designed to get you to take action by either frightening or tempting you. Some of them are actually very well crafted. Some not so much. And some border on the ridiculous. Each month at The Security Advocate, we will present a few examples, along with explanations of what to look out for to avoid falling victim to one of the scams.

First up, we have a message with the subject line: “You’ve Been Selected for Executive Who’s Who.” Sounds exciting, except that the impressive-sounding list is a fictional one. Moreover, the message is actually just the image above – and that’s not even text, just a picture of it. The pictured text reads:

Hello {{03}},

You were recently chosen as a potential candidate to represent your professional community in the new, 2013 Edition of Executive Who’s Who.

Once finalized, your listing will share registry space with tens-of-thousands of fellow accomplished individuals across the globe, each representing accomplishment within their own geographical area. To verify your profile and accept the candidacy, please visit here.

Sincerely Yours,

Robert McGwire
Nomination Committee Secretary
Who’s Who Among Executives and Professionals

The message asks you to verify a profile that you haven’t created in the first place. If you click on any part of the image, your computer will be hit with malware and/or you will be invited fill out a form with personal (and likely financial) details to “accept the candidacy.” Also, notice the mismatched sender’s name and email address. This generally indicates an automated message sent via a botnet solely to attack the recipient of the message. The vast majority of spam emails come from computers under the command of a botnet. Of course, your best move is to just delete it.
Read more ›

Tagged with: ADP, Bank, Botnet, Chase Bank, Chase Online, Christian Mingle, e-Banking, Email, Executive Who's Who, Fraud, Online Banking, Online Dating Scam, Phishing, Scam, The Security Advocate, Trojan, Who's Who
Posted in Fraud & Scams

Protect Your Computer Network Ports

Posted on November 2, 2013 by Scott Aurnou

Computer Security Tip of the Week

Scott Aurnou – Information flows into and out of a computer network through numbered ports and hackers use them to break in, too. How can you tell who has access to your network and what can you do to make it safer?

Websites referenced in this video include:
Nmap

If you enjoyed this video, you can see more on TheSecurityAdvocate YouTube channel.

Tagged with: Access Port, Computer Network, Default Settings, Network Port, Network Scanner, Network Security, Nmap, Ports, The Security Advocate
Posted in Network Security, Security Tip of the Week

Secure Your Wireless Network – a Few Tips

Posted on October 25, 2013 by Scott Aurnou

Computer Security Tip of the Week

Scott Aurnou – If it’s not set up (aka ‘configured’) properly, your wireless network can be exposed to electronic attacks in a number of ways. This can result in some unwelcome surprises, including – but not limited to – an attacker stealing your business, financial and personal data.

Websites referenced in this video include:
Secure Your Wi-Fi Router (it’s What Connects You to the Internet)
RouterPaswords.com
Use Strong Passwords to Protect Your Business from Hackers

If you enjoyed this video, you can see more on TheSecurityAdvocate YouTube channel.

Tagged with: Default Settings, Encryption, password, Router, SSID, The Security Advocate, Wardriving, WEP, Wi-Fi, Wireless Network, WPA, WPA2
Posted in Network Security, Security Tip of the Week

Advanced Persistent Threats: What Are They & How Do They Work?

Posted on October 21, 2013 by Scott Aurnou

By Scott Aurnou

Advanced persistent threats (also known as APTs) are deliberately slow-moving electronic attacks used to quietly compromise a computer network without revealing themselves. They often use a variety of attack methods to get unauthorized system access initially and then gradually spread throughout the network. To date, APTs have primarily been used to surreptitiously access intellectual property, sensitive internal business and legal documents and other data.

Unlike many other kinds of cyber attack, APTs tend to target large and/or influential companies and firms because they often have a greater stockpile of intellectual property and other valuable information for hackers to steal and profit from. These include financial institutions, law firms, government agencies and contractors, technology companies and, realistically, any organizations with information of value. For a company or firm with new product designs and/or non-public strategic business information on its network, the risk is enormous. Imagine walking into a high stakes negotiation with an adversary who has already seen all of your firm’s internal documents regarding the situation. And how damaging would it be for a competitor to gain access to your newest designs – with no research and development costs of their own – before they hit the market?

Given the value of the information targeted, APTs are often run by well-funded and highly skilled hacking teams. How do these attacks take place? There are five basic steps to a typical APT attack:
Read more ›

Tagged with: Access Controls, Advanced Persistent Threat, APT, Encryption, hackers, Honeypots, Network Monitoring, Network Security, Phishing, Security Awareness Training, Social Engineering, Spear Phishing, The Security Advocate, What is an APT, Whitelisting, Zero-Day Exploit, Zero-Day Malware
Posted in Network Security

What Are Rainbow Tables (and How Can You Protect Yourself From Them)?

Posted on October 18, 2013 by Scott Aurnou

Computer Security Tip of the Week

Scott Aurnou – Hackers use rainbow tables to easily crack the vast majority of passwords and there’s a good chance at least some of the ones you use are on them. Learn what they are and what you can do to protect yourself here…

If you enjoyed this video, you can see more on TheSecurityAdvocate YouTube channel (and subscribe if you like).

Tagged with: Dictionary Attack, Encryption, hackers, Hash, passphrase, password, Rainbow Table, The Security Advocate
Posted in Laptops & Desktops, Network Security, Security Tip of the Week

RT @JimBlasingame: How the government cyber-security forces guard the U.S. election. @saurnou joins Jim to report on how the #government #c… 01:44:47 AM December 06, 2020 from Twitter Web App Reply Retweet Favorite
RT @AndreiCherny: A family of Muslim immigrants from Turkey newly arrived in Germany. The boy in the yellow t-shirt went on to lead the te… 01:43:10 AM December 06, 2020 from Twitter Web App Reply Retweet Favorite
RT @_marcba: Developers can be cruel sometimes https://t.co/kpYvO9aZsu 03:46:39 PM June 29, 2020 from Twitter Web App Reply Retweet Favorite

@saurnou