As a college student currently studying computer science, one of the many areas of the discipline that intrigue me the most is Cyber Security. Breaking into a computer or preventing a break in is like solving a puzzle. I love puzzles.
The media exploded when the hackers announced themselves and began taking personal information and assaulting websites. I read a lot of CNN articles that went over the threat of hacking and what the two groups were doing. I laughed at a few articles that seemed to overestimate the groups.
One of the main "hacks" that got a lot of people up-in-arms was the "hacking" of the CIA website. I didn't see this as a hack, as the quotes suggest. XKCD said this the best in one of his recent comics.
EDIT: Sorry, the picture is a bit messed up. I'll fix it after work. Here is the actual link: xkcd: CIA
The basically sums up what I read when reading those articles. The few articles that actually got to me where the ones about the Sony hacks and any of the other hacks that rewarded information about the company. Information is invaluable in cyber security. Some hackers and social engineers (professional term for some) are so good at their job that all they need to do is become facebook friends with you. From that point on, your computer and your accounts can become compromised. Now, I'm not saying that Facebook is a backdoor into your computer. I'm saying Facebook is a backdoor into your head. Everyone keeps a tons of information about themselves on Facebook, which one can derive passwords and usernames from. Especially if you leave an email address.
Most people use the same password and username for everything. All someone needs to do is setup some forum for some topic that you might be interested in (Information most likely found on your facebook). Then create some fake users. Populate some posts. Make it look convincing. Then link it to you ("Hey, check this shit out. You like this, right?"), and have you sign up. Once you do, you're done. They have one username and one password you probably use for everything. They also have an email address if they ask for it, which they can then log into because most people use the password they gave to this fake forum on their email account aswell.
Long-winded story short: Don't use the same password over and over again.
... Where was I?
Anyway, these hacker groups received a lot of attention. Needed attention. Not for themselves. They needed the attention to show people that there are ways of getting your personal information if you're not careful. Just becasue a service says it is secure doesn't mean it actually is. Just because there is a lock on your front door, doesn't mean it's safe.
Now, for something good. How to make your browsing safer. If you use Chrome or Firefox (If you use IE... Don't), there are a lot of extensions out there that can help make you more secure. A few I can think of include:
- NoScript
- Ghostery
- HTTPS Everywhere
These are great. NoScript basically stops scripts from running on your computer. It'll let you know it has, then you can choose to allow them or not. Ghostery also blocks scripts as well as other hidden web bugs, prevents malware, ads, etc. I linked to Ghostery's homepage. They explain it better. HTTPS Everywhere is exactly what its title suggests. It forces your browser to use HTTPS, which is HTTP but secure. It doesn't ALWAYS force it, but where it can it does (Such as with Wikipedia, Google, and other popular sites).
If you notice in the address bar when you browse some sites will read "http://blahblah.." while sites like gmail will read "https://mail.google.com/". This shows a secure connection to gmail, so it's way more secure when sending a username or password to it. Try not to use sites that require a username/password but only use "http." There a some sites that don't do this and should, but you have to use it and it can't be avoided. Oh well. Just be careful.
Another thing you can do, and this is if you are pretty good at computers already and have an understanding of Linux and SSH. You also need a Linux home server, a router (you should have this), and some form of dynamic DNS (Like no-ip.org).
SSH Everything
This lets you route all of your internet traffic through your home server via SSH tunneling. Even if you're at some hotel in the middle of nowhere. This is more secure in that it allows your server to see your traffic, and allows for encryption along the tunnels. I don't fully understand this yet, and won't until sometime in the fall. So if you have questions about it, save them for September.
So for those who want to know why I've posted this: Be afraid. You may think all this hacker stuff is blown out of proportion. It isn't. Everyone should be aware of this kind of thing, and everyone should have some knowledge of what to look out for. Learn to pick a lock. Teach people how to. This will show how easily a lock can be broken into and that just having a lock on your front door doesn't make it safe. The same can be said for just about anything in computers.
That's it for now. Maybe I'll post again by the end of the month. I may also revise this. I'm at work and can't do a lot of research on the topic. I may add or remove some stuff. We'll see.
~Rob
Posts
No comments:
Post a Comment