Binary Code

Computers and other electronic devices store information as Binary Code (which is a series of 1s and 0s that might look like this: 10101001 01101100 11001010).
Network Topology Map

A Network Topology Map is a diagram of a computer network's components, including network access points and connections between its various parts.
Fake Anti-Virus Software

Fake Anti-Virus Software - also known as 'scareware' - is designed to trick you into buying worthless anti-virus protection that you do not need.
Domain Name System

The Domain Name System (DNS) is like the ‘telephone book’ of the Web – it translates a website's name into its corresponding numerical IP address on the Internet.
Social Engineering

A Phishing e-mail is an attempt to trick the recipient into giving up information, such as account, credit card or password information.
Data Encryption

Data Encryption is the intentional scrambling of information into unreadable form - until it is later converted back into its original form by the intended recipient.
Botnet, or Compromised Computers

A Botnet is a collection of computers compromised by a malware attack that can be controlled remotely (via the Internet) to attack websites, send out spam emails, etc.
Distributed Denial of Service Attack

A Distributed Denial of Service (DDoS) Attack can use a botnet to force a website, network or other resource to shut down by overloading it with requests for data.
USB Flash Drive

A USB Flash Drive, aka a 'stick drive' or 'thumb drive' is a portable data storage device which connects to a computer's USB port to send and receive data.
Electronic vs. Static Media

Static Media is something like a book, magazine or printed photo, while Electronic or Digital Media (websites, digital photos, etc.) requires power to be viewed.
Administrative Access

A user with Administrative Rights has unrestricted power to create, modify or delete files, folders, settings and programs on a particular computer.

The Phishing Gallery – February 2013

Posted on February 7, 2013 by Scott Aurnou

By Scott Aurnou

Cyber criminals hackers and scammers use ‘phishing’ attacks to steal personal, financial and/or log in information. This can be done in a few ways, including via email or text message (referred to as ‘smishing’).

Image courtesy of Denise Ellen Pordy

These attacks frequently contain links to websites that look legitimate but are really there to steal your account log in information or host malware ready to attack your computer. These emails and messages can also be used to lure you into contact with scam artists posing as potential clients or officials offering to release substantial funds to you if only you would be so kind as to give them detailed personal information or a sum up front. Some of these attacks are actually very well crafted. Some not so much. And some border on the ridiculous. Each month at The Security Advocate, we will present a number of examples, along with explanations of what to look out for to avoid falling victim to one of the scams.

Important Information Regarding Your Online Contact
We have updated your Wells Fargo contact information:
Personal Information
Phone Number
Your account has been locked out for the security . To unlock your account,
or view the updates, or make additional updates, sign on to update your contact information.
Thank you for helping us to protect you.
Security Advisor
Wellsfargo Security Helpdesk

While you should always regard any unsolicited email appearing to come from a bank with suspicion, this one is a fairly well-designed phishing attack. It includes an accurate-looking bank logo and is relatively well-written. It’s still fake, though. The threat of a locked account is a fairly typical one used by scammers and is intended to scare you into immediate action. Invariably, you can ‘reauthorize your account’ if you just give the sender your personal and/or log in information. Never do this. The threat is fake. The message does not come from Wells Fargo, your account is not locked and ‘reauthorizing’ it is simply giving your information to cyber criminals. If you are at all concerned when you receive a message like this, contact the bank directly, using the telephone number on the back of your bank card or one of your bank statements. You can also go directly to the bank’s website to check. Just don’t try to go through anything in the email.
Read more ›

Tagged with: Email, Laptops & Desktops, Malware, Phishing, Scam, Smartphones & Tablets, Smishing, SMS, Social Engineering, Spear Phishing, Spoofing, Texting, The Security Advocate
Posted in Fraud & Scams, Laptops & Desktops, Network Security, Smartphones & Tablets

Careful What You Click On – Drive By Downloads Attack Your Computer Instantly

Posted on February 2, 2013 by Scott Aurnou

Computer Security Tip of the Week

Scott Aurnou – A ‘drive by download’ is malware hidden on a website that will attack your computer as soon as you go to the site (often unbeknownst to the website’s owner). What can you do to protect yourself from them?

Helpful websites referenced in this video include:
Secunia: http://secunia.com/
AppFresh for Mac: http://metaquark.de/appfresh/mac

If you enjoyed this video, you can see more on TheSecurityAdvocate YouTube channel (and subscribe if you like).

Tagged with: Android, Drive By Download, Infected Website, iPhone, Jailbroken, Malware, Rooted, Smartphones & Tablets, Software Update, The Security Advocate, Web Browsing, Website
Posted in Fraud & Scams, Laptops & Desktops, Security Tip of the Week, Smartphones & Tablets

What is a Botnet?

Posted on February 1, 2013 by Scott Aurnou

By Scott Aurnou

A ‘botnet’ is a group of computers that have been successfully attacked by malicious software (aka malware) that allows them to be remotely controlled through the Internet. These compromised computers can be used for a number of purposes, including sending spam and disabling targeted websites.

What are the parts of a botnet? The individual computers that comprise a botnet are sometimes referred to as ‘zombies’ or ‘drones’ due to their essentially mindless pursuit of whatever commands they are given by the ‘botherder’ (or ‘botmaster’) controlling them. As you might imagine, the owners of these zombie computers generally have no idea that their machines have been captured and co-opted into a botnet.

There are millions of botnets with hundreds of millions of compromised computers worldwide. A botnet can have a few hundred or a few hundred thousand drone computers and they are often available to be rented online to assist in a number of criminal ventures. Speaking of which…
Read more ›

Tagged with: Botherder, Botmaster, Botnet, Click Fraud, DDoS, Distributed Denial of Service, Drone, Laptops & Desktops, Malware, Spam, The Security Advocate, Zombie
Posted in Laptops & Desktops

What Would You Lose If Your Phone Was Lost Or Stolen? Back Up Your Mobile Device

Posted on January 26, 2013 by Scott Aurnou

Computer Security Tip of the Week

Scott Aurnou – Backing up the data on your smartphone or tablet is fairly easy to do and critically important. It’s no secret that mobile devices are highly susceptible to loss and theft. If your data has been backed up, you can be back up and running almost immediately. If not, your messages, pictures, videos clips, etc. will be gone forever.

Websites referenced in this video include:
iCloud: https://www.icloud.com/
Google Play: https://play.google.com/store
Photobucket Mobile: http://photobucket.com/mobile

If you enjoyed this video, you can see more on TheSecurityAdvocate YouTube channel (and subscribe if you like).

Tagged with: Android, Back Up, BlackBerry, BYOD, iCloud, iPhone, Mobile Devices, Mobile Phones, Remote Wipe, Smartphone, Smartphones & Tablets, Sync, Syncing, Tablet, The Security Advocate
Posted in Security Tip of the Week, Smartphones & Tablets

Four Ways to Get Organized for Better Security

Posted on January 23, 2013 by The Security Advocate

By Josh Ablett

Peter Drucker famously said “what gets measured gets done.” The same is true for security. If you don’t track and measure your security activity, you may find yourself with a security breach because “someone forgot.”

To illustrate this, I’ll show you some of the lists that we use at Adelia Risk to keep everything organized. Here are some screenshots from a system that we use to centralize it all, but there’s no reason you can’t do the same using tools you already own.

1) Single Document Storage Location
Security and compliance activities generate a TON of documents. Designate a single place to store all of these documents, but make sure you can lock it down so only appropriate people can access it.
Read more ›

Tagged with: Adelia Risk, Audit, Cloud Service, Josh Ablett, Network Security, Security, Security as a Service
Posted in Guest Posts, Network Security

RT @JimBlasingame: How the government cyber-security forces guard the U.S. election. @saurnou joins Jim to report on how the #government #c… 01:44:47 AM December 06, 2020 from Twitter Web App Reply Retweet Favorite
RT @AndreiCherny: A family of Muslim immigrants from Turkey newly arrived in Germany. The boy in the yellow t-shirt went on to lead the te… 01:43:10 AM December 06, 2020 from Twitter Web App Reply Retweet Favorite
RT @_marcba: Developers can be cruel sometimes https://t.co/kpYvO9aZsu 03:46:39 PM June 29, 2020 from Twitter Web App Reply Retweet Favorite

@saurnou