JB Information Security

 

Information Security through: employee education and awareness, security policy implementation and enforcement, offensive security measures and countermeasures

News and Updates

| 22 Jun 2016 |

2-Factor Authentication

An easy and fast way to prevent getting hacked. If you're not doing it already you need to start. Google, Microsoft, and Yahoo each have 2 factor authentication in the form of sending a code which users must input during the login allowing access to accounts. Facebook does not offer 2 factor authentication but will send notifications to an email and/or cell phone if the service is turned on. My recomendation is to enable 2 factor authentication on every online service that offers it. For more information check out this Hacker News article

| 24 Jun 2016 |

NSA Lawsuit

The Electronic Frontier Foundation is trying to spark some life into their eight year ongoing case against the NSA for spying on Americans. Read about it at the EFF website.This is an interesting website that has an abundance of info that linked into the deep web. A friendly piece of advice... if you are going to explore the dark web use a vpn at minimum... the TAILS OS is the safest way to surf the darkweb or deep web safely

| 26 Jun 2016 |

If you are coming into the US on a VISA, be prepared to divulge your on line presence to US officials so they can better vet you as you enter the country. The Department of Homeland Security and Border Patrol have requested to ammend the forms filled out during entry into the country. Here is the text of the Federal Register propsing the change. Will it enhance security? The proposal reads, "Collecting social media data will enhance the existing investigative process and provide DHS greater clarity and visibility to possible nefarious activity and connections by providing an additional tool set which analysts and investigators may use to better analyse and investigate the case".

| 29 Jun 2016 |

STOP!!! ANOTHER FACEBOOK HOAX repeated again... DO NOT POST IT!!

Facebook HOAX

This will prevent further propagation. Recently, there has been a post circulating on facebook declaring ownership and privacy of information you post. There is no need to waste your time, energy, or resources posting this thinking it will do anything to protect you, your information, or your privacy. Facebook has issued a statement in response to this which states: "You may have seen a post telling you to copy and paste a notice to retain control over things you share on Facebook. Don't believe it. Our terms say clearly: You own all of the content and information you post on Facebook, and you can control how it's shared through your privacy and application settings. That's how it works, and this hasn't changed."

| 30 Jun 2016 |

Attention!!! ZERO DAY WARNING!!!

Are you a Microsoft Office 365 user?? Read on... The built in tools of Microsoft Office 365 do not protect you from cyber attacks. Variants of Cerber Ransomware are now targeting MS Office 365 email users with a massive zero-day attack that has the ability to bypass Office 365's built-in security tools.

According to a report published by cloud security provider Avanan, the massive zero-day Cerber ransomware attack targeted Microsoft Office 365 users with spam or phishing emails carrying malicious file attachments.

The Hacker News has published a great step-by-step guide to help you secure your machine.

Remember, in order to protect yourself from Cerber, or any ransomware attack:

| 01 July 2016 |

Apple Patents Technology To Prevent Devices From Taking Pictures and Video

Apple was awarded a patent for technology that would, among several things, disable and iPhone or iPad camera from snapping pictures and/or shooting videos at places or events, like concerts or museums, where it might be prohibited or inappropriate.

Is this a double edge sword? Yes, it absolutely is. For example, disabling cameras could protect live performers from having their material pirated. On the other side of the coin, an oppresive regime, like North Korea could use it to blackout social media during a protest or police to prevent or limit camera use in their encounters with the public.

The way it works is pretty straightforward, an "i" device would receive coded infrared signals beamed from emitters in public places, which would temporarily disable the device camera functionality, preventing any photography or recording for as long as the signal is on. The patent reads, "An infrared emitter can be located in areas where picture or video capture is prohibited"..."An electronic device can then receive the infrared signals, decode the data and temporarily disable the device’s recording function based on the command."

Additionally, the technology could be used to beam information about an object or place to a group of devices simultaneously to provide a tour guide at a museum exhibit, or to offer coupons in a retail environment.

Ultimately, this is just a patent which has not been commercialized... YET!!!

My take is that we will see this technology deployed to both protect, and market to us. Will it be limiting? Yes, most likely so. Will the benefits outweigh the restrictions imposed? We will see. On a final note, to be effective it will have to be developed for all mobile platforms.

| 21 July 2016 |

Near Field Communication (NFC)

NFC Transmitter

Near Field Communication (NFC) operates between two devices in a short communication range via a touching paradigm. It requires NFC-touching of two NFC-compatible devices together over a distance of a few centimetres. NFC communication occurs between an NFC mobile device on one side and an NFC tag (a passive RFID tag), an NFC reader, or an NFC mobile device on the other side RFID is capable of accepting and transmitting beyond a few meters and has a wide range of uses. However, NFC is restricted for use in close proximity (up to a few centimetres) and also designed for secure data transfer. Fast and convenient, NFC technology is popular in parts of Europe and Asia, and is quickly spreading throughout the United States.

No matter which device you have, it's highly probable that your local supermarket, gas station, convenience store, train station, taxi or coffee shop supports contactless payments via your phone's NFC chip. For example, if you have Samsung Pay set up on your Galaxy device go try it out! Simply hold it close to a contactless payment terminal and instantly, like swiping a credit card, the payment will complete. It's that easy!

Oh, if you still carry cards you definately want to invest in an NFC blocking wallet. They are widely available in minimalistic, modern and traditional styles. An NFC blocking wallet will protect your card data as well as hold your cash.

Looking toward the future, it's possible that NFC chips could be used to replace many cards we cary around today. The unique info on your frequent shopper card, customer loyalty card, library card, business card, voter id card, the list goes on and on, can be readily contained and transmitted simply via NFC.

If you would like to read more about NFC visit the Near Field Communication web site. Here's a web site that makes NFC enabled business cards for a price.

| 03 August 2016 |

US-Cert Cybersecurity for Electronic Devices

US-Cert Banner

As each day passes, new cyber vulnerabilities are exposed, and the associated risk continues to grow.

The velocity of connecting new devices continues to race toward the stratosphere, making it imperative that we do everything possible to protect ourselves, and the small or large companies we work for. Complacency and ignorance are not valid reasons or excuses for security breaches. Keep security in mind as we continue to devlop our cybersecurity dialogues.

Keep theses key points in mind as you use devices at work and home: physical security, keeping software up to date, the use of strong passwords, disabling remote connectivity, file encryption, and avoidance of unsecure public WiFi.

In addition, social engineering can lurk in an email that sounds like an "opportunity" to good to be true or the "relationship" you've been searching for your entire life.... either, just a mouse click or screen-tap away.

On a final note, malware and randsomware wait... like a lion ready to devour it's prey... are like social engineering in that they are just a click or tap away . Develop and grow a cybersecurity mentality so you can make informed cyber choices.

US-Cert is a great website containing up-to-date, useful information about cybersecurity.

| 06 August 2016 |

World Wide Web Celebrates 25 Years

WWW 25th Anniversary

Happy 25th anniversay to the WORLD WIDE WEB! On August 6th 1991 the first internet site went live from a lab in the Swiss Alps. Happy silver anniversay to the internet! As each day passes, new cyber vulnerabilities are exposed, and the associated risk continues to grow.

Visit the first public web site to see how far the internet has come in 25 short years.

| 23 September 2016 |

Dropbox and Yahoo HACKED!!!

Dropbox and Yahoo Hacked

In case you are not aware yet... Dropbox and Facebook both had major security breaches. THEY WERE HACKED!!!

This begs the question... Has my account information been compromised and possibly pawned???

Before you seek the answer to that burning question... because you in most cases will not be notified... I suggest that you change your passwords

Here are some tips

Ok... I hope you have read to here... Check Your Account Here This is an online tool where you enter your email address including the domain and then run the check. The results will show if your account has been compromised and which breach it is related to.