Binary Code

Computers and other electronic devices store information as Binary Code (which is a series of 1s and 0s that might look like this: 10101001 01101100 11001010).
Network Topology Map

A Network Topology Map is a diagram of a computer network's components, including network access points and connections between its various parts.
Fake Anti-Virus Software

Fake Anti-Virus Software - also known as 'scareware' - is designed to trick you into buying worthless anti-virus protection that you do not need.
Domain Name System

The Domain Name System (DNS) is like the ‘telephone book’ of the Web – it translates a website's name into its corresponding numerical IP address on the Internet.
Social Engineering

A Phishing e-mail is an attempt to trick the recipient into giving up information, such as account, credit card or password information.
Data Encryption

Data Encryption is the intentional scrambling of information into unreadable form - until it is later converted back into its original form by the intended recipient.
Botnet, or Compromised Computers

A Botnet is a collection of computers compromised by a malware attack that can be controlled remotely (via the Internet) to attack websites, send out spam emails, etc.
Distributed Denial of Service Attack

A Distributed Denial of Service (DDoS) Attack can use a botnet to force a website, network or other resource to shut down by overloading it with requests for data.
USB Flash Drive

A USB Flash Drive, aka a 'stick drive' or 'thumb drive' is a portable data storage device which connects to a computer's USB port to send and receive data.
Electronic vs. Static Media

Static Media is something like a book, magazine or printed photo, while Electronic or Digital Media (websites, digital photos, etc.) requires power to be viewed.
Administrative Access

A user with Administrative Rights has unrestricted power to create, modify or delete files, folders, settings and programs on a particular computer.

“Sanitize” Your Computer Before Disposal

Posted on October 30, 2015 by Scott Aurnou

Image: Stephen Swintek/Stone

When the time comes to throw away, give away, sell or otherwise dispose of a computer, you should be sure to permanently erase the data on it. Otherwise, the new owner – or someone who has fished it out of the trash (yes, this actually happens) – will be able to read any financial, business, personal, or other sensitive data that was on the hard drive when you stopped using it. Often this will also include data that you may have thought was deleted but is actually still on the hard drive. Pressing “delete” doesn’t actually erase a file or program permanently and even a moderately skilled hacker will be able to retrieve it. This begs the question: how do you permanently delete the data that you don’t want lingering on the computer once you are ready to dispose of it?

The National Institute of Standards and Technology publication related to data disposal is SP 800-88 rev. 1. It details three levels of “media sanitization” – clear, purge and destroy. Data is considered cleared when it’s not readily accessible on the computer or device in question, though someone with digital forensic tools (like that moderately skilled hacker noted above) can still get at it. Purging involves removal of the data to the extent that it is “infeasible to recover” using state of the art forensic lab methods and destroying is pretty much what it sounds like. NIST SP 800-88 references a number of destructive methods relating to computer data. Here are a few common ones:
Read more ›

Tagged with: Clear Purge Destroy, Computer Disposal, Computer Security, Data Destruction, Degausser, Degaussing, Demagnetization, Hard Drive, Hard Drive Disposal, Media Sanitization, NIST SP 800-88, Overwriting, Scott Arnou, Scott Aurnou, The Security Advocate
Posted in Laptops & Desktops, Network Security, Privacy Issues

How Do Vulnerability Assessments & Pentesting Protect Your Computer Network?

Posted on July 26, 2015 by Scott Aurnou

“How Do Vulnerability Assessments & Pentesting Protect Your Computer Network?” is an excerpt from Introduction to Information Security LiveLessons (Video Training).

Introduction to Information Security LiveLessons provides technical professionals with a relatively brief, high-level overview of information security concepts, including the fundamental steps needed to secure a system, the types of threats and vulnerabilities they may encounter, and what steps can and should be taken to mitigate those threats and vulnerabilities.

Description

Information security directly impacts virtually every type of business. While related issues appear in the media more and more, it’s typically in a fragmented fashion that really doesn’t help give the people tasked with protecting organizational data and other assets a “big picture” view of what the real threats and vulnerabilities are, or what steps should be taken to mitigate them. In this video training, Scott offers a relatively brief, coherent high-level overview of the various types of threats and what steps can and should be taken in response.
Read more ›

Tagged with: Addison-Wesley, Attack and Penetration, Data Breach, Information Security, Infosec, LiveLessons, Network Security, Pearson, Pentest, The Security Advocate, Vulnerability Assessment
Posted in Network Security

Phone Spoofing – Yes, It Can Happen to You

Posted on February 28, 2015 by Scott Aurnou

A screenshot of an early spoofing app (they’ve gotten better)

By Scott Aurnou

Not so long ago, a senior executive at Insurance Thought Leadership received a phone call on his smartphone in which the caller said that they were calling him back. He politely let the caller know that he hadn’t called them and then came another… and another. Each one said that they had received a call from his mobile number and that the caller hadn’t left them a message. All told he received about a call a day for about a week. Naturally, he called his mobile provider to find out what was going on. They said it sounded like phone spoofing

How It Works

Spoofing is effectively falsifying a piece of identifying information, like a bogus return email address. “Phone spoofing” relates to the number that shows up on caller ID. It’s used to trick people into picking up calls they otherwise wouldn’t (and get around the National Do Not Call Registry). For a shady caller from outside the area – and often the country – a local number is less likely to raise suspicion.
Read more ›

Tagged with: Caller ID, Caller ID Act, Caller ID Fraud, Caller ID Scam, Phone Scam, Phone Spoofing, Scam, Smartphone, Smartphone Fraud, Spoofing, The Security Advocate
Posted in Fraud & Scams, Smartphones & Tablets

What is Trojan Horse Malware?

Posted on January 14, 2015 by Scott Aurnou

Computer Security Tip of the Week

Scott Aurnou – A Trojan horse (or Trojan, for short) is the security world’s version of a wolf in sheep’s clothing. Learn more about them – and what you can do to protect yourself – here.

Helpful websites referenced in this video include:
Secunia
FileHippo
AppFresh for Mac

If you enjoyed this video, you can see more on TheSecurityAdvocate YouTube channel.

Tagged with: Computer Security, Computer Virus, Cyber Security, Cybersecurity, Malware, The Security Advocate, Trojan, Trojan Horse
Posted in Fraud & Scams, Laptops & Desktops, Network Security, Security Tip of the Week

What Happens to Stolen Credit Card Data?

Posted on December 10, 2014 by Scott Aurnou

By Scott Aurnou

Reports of high profile data breaches have been hard to miss over the past year. Most recently, it was a breach involving 56 million customers’ personal and credit card information at Home Depot over a five-month period.

This is just the latest volley in a wave of sophisticated high profile electronic thefts including Target, Neiman Marcus, Michaels, P.F. Chang’s and Supervalu. Much like the other attacks, the suspected culprit in the Home Depot data breach is a type of malware called a RAM scraper that effectively steals card data while it’s briefly unencrypted at the point of sale (POS) in order to authorize a given transaction. Reports of this type of attack have become increasingly common in the months since the Target breach.

Whether it’s a RAM scraper or an “older” threat like a physical skimmer placed directly on a POS machine used to swipe a credit or debit card, phishing attack or simply storing customers’ card information insecurely, the result is the same: credit card data for millions of people winds up in the hands of criminals eager to sell it for profit. How does that process unfold? And how can you – or people you know – get sucked into it?

The Basic Process: The journey from initial credit card data theft to fraudulent use of that data to steal goods from other retailers involves multiple layers of transactions. The actual thief taking the card numbers from the victim business’ POS or database doesn’t use it him or herself.
Read more ›

Tagged with: Credit Card Fraud, Credit Card Scam, Home Depot, Mystery Shopper, Mystery Shopper Scam, Romance Scam, Target, The Security Advocate, Work From Home, Work From Home Scam
Posted in Fraud & Scams, Privacy Issues

RT @JimBlasingame: How the government cyber-security forces guard the U.S. election. @saurnou joins Jim to report on how the #government #c… 01:44:47 AM December 06, 2020 from Twitter Web App Reply Retweet Favorite
RT @AndreiCherny: A family of Muslim immigrants from Turkey newly arrived in Germany. The boy in the yellow t-shirt went on to lead the te… 01:43:10 AM December 06, 2020 from Twitter Web App Reply Retweet Favorite
RT @_marcba: Developers can be cruel sometimes https://t.co/kpYvO9aZsu 03:46:39 PM June 29, 2020 from Twitter Web App Reply Retweet Favorite

@saurnou