SECURITY AWARENESS PROGRAMME FOR MOBILE DEVICES(SMARTPHONE USERS(ESPECIALLY MY COURSE MATES)

Mobile phones(mostly smartphones are so in used that it does practically all PCs does and the advantage is that it is really mobile and portable but little is known by the users of the security threats smartphones could pose not only to the owner but also to the employers as well.

It is necessary to adopt the following dos and dons to reduce our vulnerabilities to the security threats:

1. Keep a clean phone: It is important to note that mobile devices are also computers with software that also requires to be updated like the PCs, laptops and Tablets, so it is necessary to ensure that our your devices have latest protections, this could be achieved by  having the latest mobile security software, web  browser and operating system running on our mobile devices as they have strong defences against  malware and other on-line threats.
2. Protect your personal information: As phones contain valuable information not only of us but of friends and company(employer), it is advisable to guide this information jealously by using strong passwords(better still pass-phrase)  to lock our phones when not used, always reviewing the privacy policy and understand what data an application can access on our phones before we download them, disabling the geotagging feature of our phone to keep low profile of where we are or what do per to´time as commonly done by social networks users.
3. Do not exchange your numbers with strangers, this may lead us to the den of social engineering with serious consequences. It also not good to give another person's number out to a stranger without the consent of the rightful owner.
4. Connect or respond care: just as it is possible to get into security and privacy trouble by downloading attachment from an unknown source, so it is to fraudulent texting, voice niotes, hence, always connect and respond with care using your mobile devices. Personal informations might be requested for, but never respond when in doubt. Also do not connect to networks you are not 100% sure of, Criminals are found of enticing their victims with the phrases such as; Free WiFi, The truth is that there is hardly free launch anywhere.

Guys be mobile wise!

For more details, do visit:

http://www.rbc.com/privacysecurity/ca/alert-security-and-privacy-in-a-mobile-device-world.html

https://www.staysafeonline.org/stay-safe-online/mobile-and-on-the-go/mobile-devices

TECHNOLOGY

Overview of Intrusion Detection System(IDS) using case of University library, high school and retail store.

Intrusion detection system is a software application that monitors network or system activities for malicious activities or policy violations and invariably produces report to a management station e.g administrator for action to be taken.

There are Two types of IDS with the placed at points within the system to monitor to and from all devices on the network called Network  Intrusion Detection System (NIDS) while those that run on only the host or devices on the networks are referred to as Host Intrusion Detection System.

Functionally, it can be passive or reactive in nature, the passive ones only send signal to the administrator console when suspicious activity is detected and the reactive ones prevent the occurrence of the  suspicious activities by reconfiguration of the firewalls to combat the malware.

In a public university library, the likelihood of attack is high considering the intellectual assets under their care and even the curious users, hence, i will recommend NIDS  having both the passive and reactive nature.

Also in case of High school, i will recommend the same looking at the students exploratory nature, i will recommend the same as in the case of the university library above.

For a retail shop,  HIDS would suffice with passive nature so that administrator would be able to respond to detected suspicious activities within the system.

IDS limitations could be dangerous anyway, one of such is the fact that number of false alarm in most cases surpass that of positive alarm and this might deceive administrator to ignore the real threats.

Also Invalid data and IP stacks may cause an NIDS to crash, it also difficult to detect encrypted packets.

The evasion techniques used by attackers varied from fragmentation,avoiding default, coordinated low-bandwidth attacks, address spoofing/proxying  to pattern change evasion.  These evasion techniques need to be considered when thinking of the choice of IDS to use in any case.

In summary, technology in itself is not enough for network security, appropriate security policy covering accessibility, availability, audit even password usage should be in place in all organisation. Also training and education of the users should also follow.

both the technology, policies and training need to be updated from time to time considering the dynamic nature of the networked society we operate in today.

Sources;

https://en.wikipedia.org/wiki/Intrusion_detection_system

https://beta.wikiversity.org/wiki/Security_and_Privacy_in_a_Networked_World/Technology:_A_mighty_knight_with_no_pants_on%3F

THE WORLD OF MALWARE : then and now.

Malware attacks has a history and the truth is that it has come to stay or even more viral and harmful with the technology development and outbreak of internet.

The  414s of the  80s: name derived from the area code of the perpetrators  in US (Milwaukee, Wisconsin) A typical case malware attack back in the 80s was that of the  US high-school  hackers who hacked into the  Digital Eguipment Corporation  with the motive of having fun, categorized as ....... by Kaido, but they broke into Digital Eguipment Corporation VMS operating system causing damage worth 1,500usd with the aid of personal computers  and simple hacking techniques leverage on common /default passwords by deleting the corporation billing records

Need to say that most of the hackers were not persecuted but they only agreed to stop their potentially harmful activities. The Duo prosecuted(Wondra  and co.) were based on harassing calls that followed their hacking. I would say this case was a true picture of the legislation crawling to meet up with technology as the computer crime legislations were passed after the case by the legislators.

Visit http://www.washingtonpost.com/wp-dyn/articles/A50636-2002Jun26_2.html

And https://en.wikipedia.org/wiki/The_414s for details

As opposed to individuality or group of young hackers approach with the primary motive of fun seen in the above case, malware attack has today turned into  political weapon in the hand of the world superpowers, a recent case as revealed by Edwards Snowden  is that of  US and UK using malware as a tool to for power  uphold (politically and business wise.  Hacking which was initially for fun has today been converted for spy and surveillance in the quest for national supremacy. This was done by NSA hacking not only the likes of Facebook, Microsoft and other international conglomerates but also by hacking US rival countries such as Russia and China among others.

Visit www.bbc.com/news/world-us-canada-23123964 for more details

Comments:

Malware attack has evolve from stage of individualistic to national weapon.

From no gain motive to business motive.

But the fact is that it has always been supremacy driven, among individuals, business and nations.

My question is, can malware attack as national tools of destruction be regulated as recorded in the case of 414s?  Or has this come to stay to replace physical(traditional  international war)? May be time will tell.

As  summarised by the following souce, world of malware has evolved as shown below:

• Hackerly exploration (“What's in there?”)
• Clueless experimentation (“What happens if”)
• Expression of frustration (“I'll show you all!”)
• Expression of politics (“Free X or suffer!”)
• Malware as a weapon
• Malware as a business model 

(Source:https://beta.wikiversity.org/wiki/Security_and_Privacy_in_a_Networked_World/The_World_of_Malware)

PUBLISHED CASE OF CYBERWAR

US VERSUS CHINA AN “EXPOSE” BY EDWARD SNOWDEN  , REPORTED as “Tsinghua`s hub role made its target for NSA”  This article appeared in the South China Morning Post print edition

To confirm the whistleblowing act of Edward Snowden on  US hacking Chinese university and servers, Prof Xu Ke, deputy director of Computer Networks at t Tsinghua University explained that data passing  through their network backbones were not encrypted but that the data would have no use for individuals mining or spying it but might be of great use for countries and organisations.

Snowden revealed how US NSA are spying on China and Hong Kong, it was mind blowing to have this coming from a 29 years old ex employee of Central Intelligence Agency, could it be he is frustrated by the system, or he is under an intoxication or probably because he wants fame, or that he truly meant to save the Victims of US cyberwarfare out of good heart? This is a question i don't have an answer to.

I was revealed in this report that US spied not only on the Chinese university being the home of Hong Kong Internet Exchange but also on the Telecommunication players in china to have access to the SMS and other data needed by them .

It was surprising to know that about 63 computers  and servers of the Chinese university were attacked in  a single day in January 2013. Another area that need clarification is the answer to the question on WHY is US doing these? May to keep firm grip of the  world power ego?. May be the real answer lie in what actually NSA is looking for in terms of data. I believe if there is answer to what exactly the data they need are , then, we can answer the why question.

For details visit the links below.

Also what will be the fate of Snowden as he has breached confidentiality?

Sources:

http://www.scmp.com/news/china/article/1266892/exclusive-nsa-targeted-chinas-tsinghua-university-extensive-hacking

http://www.forbes.com/2010/03/03/jeffrey-carr-internet-technology-security10-cyberwar.html

Social Engineering case of Amy Gaf Young and Jabber on FACEBOOK

The case below was a story of how social engineers work on their victims emotions to defraud them.

Amy chatted her cousin up with nice introduction, the normal greeting, but smartly change the tune of the conversation that  that she was stranded in London with her mum as they have been rubbed off their cell phones and  credit cards. In essence, they need help.

But  Amy  the scamer sent a wrong signal to the supposed victim  when the chat reads He instead of SHE.  And also that HE traveled with his WIFE and KIDS, while the real Amy is a girl not married , without kids. Error! Huh?

The situation warrant that Jabber should be emotional and start panicking and immediately swinging into action to save the lives of dear ones. He however was calm and sensitive enough to notice the gender interchange and also that his Mum hardly travel without his knowledge.

Without hesitation, he scattered the conversation by letting the scamer knows that his plot was not well planned that the cousin is a lady without kids not a Male and without kids as contrary to the scamer`s claims.

Source: http://www.jasoncupp.com/2010/03/facebook-chat-scam-asking-for-money-urgent/

Personal Comment.

Lesson from this is that it can save us the pain inflicted by scamers if the supposed victims can be calm and sensitive enough to notice where to fault the claims of the scamers.

Different cases of scamers versus victims (social engineering) always have gaps for careful, non emotional and most times greedy prey  to know  predators plan to strike but majority of the victims are being overruled by emotions and  greed.

Imaging if Jabber  had given in to the plot without careful analysis of the messages from the scamers, he would have at least thousands of Dollars to save families that never exist.

Social engineering is full of deception but most successful cases showed that the victims could have averted it, only if, they could control their emotions and greed

SOCIAL ENGINEERING

Social Engineering involves using non technical skills  or methods to have access to computer users information enough to cause damage, meaning social engineers could be likened to criminals whose major vision is to leverage on human weaknesses to strike. The tool required by social engineer is ASKING ASKING ASKING, No wonder the statement „“Instead of a Motto:“ You only have to ask“.

So in social engineering,  information about people are  gathered without  the use of technology.

As computer users in a networked world, it is important to know the techniques used by the Social Engineers to avoid falling victim because its a world of deception to gain undue advantage.

It is  world of little things counts for me when talking of Security and Privacy in this context, a world  where any action or inaction can be used against you in the future even immediately.

For example out of ignorance, a sticky paper used to  retrieve my lost account details such as password and username  not properly kept or trashed i the bin can sell me out and later be  used to wipe my hard earn money? Scary i thing? But it is true, it is a similar to a social engineering techniques called DUMPSTER DIVING.

May be to some computer users, the DUMPSTER DIVING technique for them is no tricky, but TAILGATING is also a disguise that any corporation can fall for, imagine a well suited fresh guy with fake invitation to a business or town hall meeting of a bank executives to discuss critical issues on the bank.  After having undue access to the information needed without carrying gun, the after effect could be bankruptcy.  Social engineering still all about deceit or robbing without carrying weapon.

SHOULDER STUFFING is another technique used by social engineers, remember that we are in a world of everybody turning into freelance journalist  with our mobile smartphones,  the same way social engineers could get  a snapshot of our abandoned Facebook page or even email box for vital information .  Imaging sleeping when already logged in to check account balance with Pin code card and other account details exposed in a room of social engineer, a glance or peep could be dangerous here.

The question is who is saved from the attack of social engineers? In a word, i will answer NOBODY, but some measures could be used to prevent falling victim

The simple answer or way to prevent being a victim is AWARENESS, computer users in a networked world needs to be aware that safety in this context depends on their actions or in-actions,  act they should know which data if leaked could sell them out and prevent it from leaking. Using Shredders to shred papers is awesome, CCTV in an apartment is cool and may be, covering our PCs with clothes when we need to log on with sensitive passwords and username to our internet bank is the way to go like Edward Snowden.

But the statement below has the most paramount message to prevent us being a victim of social engineers: Using the words of Confucius, "Education breeds confidence, confidence breeds hope and hope breeds peace", for peace or something related to peace in a networked world, security and privacy education  and training is a great tool for computer users.

Sources :

http://www.csoonline.com/article/2124681/security-awareness/social-engineering-the-basics.html

https://beta.wikiversity.org/wiki/Security_and_Privacy_in_a_Networked_World/

PROGRAMMING IN PYTHON

TASK 1


print ("Buyer : What do you offer?")

reply = input("Zoo keeper :")

animalOne = "cow"
animalTwo ="snail"

if reply == animalOne:
    print ("I take it.")
   
elif reply== animalTwo:
    print ("I hate those.")
else:
    print ("Not interested.")