Protecting Personal Information

Posted on January 6, 2015 by Carmelo
  • Secure your accounts: Ask for protection beyond passwords. Many account providers now offer additional ways for you verify who you are before you conduct business on that site.
  • Make passwords long and strong: Combine capital and lowercase letters with numbers and symbols to create a more secure password.
  • Unique account, unique password: Keep separate passwords for every account.
  • Write it down and keep it safe: Everyone can forget a password. Keep a list that’s stored in a safe, secure place away from your computer.
  • Own your online presence: When available, set the privacy and security settings on websites (like Facebook) to your comfort level for information sharing. It’s OK to limit how and with whom you share information.

Discussing passwords is sometimes boring, but here are some posts that can lighten your day!

Here is my post on Arnold about Passwords, it’s funny!
Try Passweird out!
Some good clean comedy about passwords and websites with comedian Don Frieson.

Posted in Security Blog | Tagged , , , , | Comments Off on Protecting Personal Information

How I Feel About Going to Work Tomorrow

Posted on January 4, 2015 by Carmelo

The bottom text of the above graphic is from; “The Spartans used to ask about the enemy, it was not important how many there are, but where the enemy was” Plutarch (46-125 bc), Apophthegmata Laconica, Agis of Anaxandridas, 3 Agesilaos (Eurypontid King, 400-360)

A Statue of King Leonidas

Make 2015 awesome and face all challenges like a Spartan leader!

Posted in Security Blog | Tagged , , , | Comments Off on How I Feel About Going to Work Tomorrow

5 Security Quotes

Posted on January 4, 2015 by Carmelo

Companies spend millions of dollars on firewalls, encryption, and secure access devices, and it’s money wasted, because none of these measures address the weakest link in the security chain.”

– Kevin Mitnick

 

If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.”

– Bruce Schneier

 

Hoaxes use weaknesses in human behavior to ensure they are replicated and distributed. In other words, hoaxes prey on the Human Operating System.”

– Stewart Kirkpatrick

 

Security is not a product, it’s a continuous process.

– unknown

 

Good security begins at home.”

– unknown

Posted in Security Blog | Tagged , , , , | Comments Off on 5 Security Quotes

Harvesting Birthdays

Posted on January 3, 2015 by Carmelo

When participating in social media, there are all sorts of fun things to be part of, like “Who would be in your Zombie Apocalypse team?”.
Though it’s fun, it’s also easy to give up your personal information. Why the heck would a game choose to use your birthday? Probably to harvest more details about you if you locked your profile down and don’t have your birthday showing.

birthdayharvesting

Just Another Social Engineering Tactic

 

Just knowing someone’s birthday isn’t too crazy, but some people are about privacy; also, someone harvesting has most likely more fun games for you too fill out based on your name, year you were born, where you live, how much you make, etc… That data gets kept and correlated with other information that they have on you.

It can be EXTREMELY likely that a database with your debit/credit has been compromised and now they are correlating that data with new information to sell. According to this post (20 Bucks Buys You 1,000 Node Bot Army), they get potentially 6 times the amount of money if they include FULLZ (your full information).

Why do I say it is EXTREMELY likely that a database with your debit/credit numbers has been compromised? The Wall Street Journal reports 45% of all households have received a breach notification. That is 9 in every 20 people it might as well be 50%. If you are in a room with another person most likely, one of you two has received a breach notification letter.

Do you know people who actively participate in a bunch of these games? Share this with them! Let’s make the Internet more secure!

Posted in Security Blog | Tagged , , , , , , | Comments Off on Harvesting Birthdays

Stealing Biometrics & Bypassing Authentication

Posted on January 2, 2015 by Carmelo

Using today’s common high resolution smart phones, it’s possible to remotely enable a camera, and pull someone’s PIN in the reflection of their screen off the user’s eye!

This is one of the reasons we shouldn’t install apps, like the ‘flashlight’ app, that asks for permission to enable the camera.

Jan Krissler, a member of the Chaos Computer Club demonstrates how to bypass many biometric authentication systems. He demonstrates the following proof of concepts:

  • Remote hijacking your camera and pulling the video of you entering your PIN to unlock your phone, through the reflection of your eye!
  • Using promotional high resolution photos of people to bypass eye scanners
  • Using photos to bypass facial recognition
  • Pulling fingerprints off pictures of hands.
  • Bypassing the iPhone touchID
  • and more!

This is a German video dubbed in English.

I think the lesson to be learned is, be weary of the permissions your applications are trying to get you to allow on install. If an application requires camera access and it is not a messaging application, then don’t allow it.

Another lesson: I don’t think the world will be secure if we rely solely on biometrics. It’s a nice enhancer for two-factor, but can NOT replace “something you know”, like the password.

Remember to share this article to warn your family and friends!

Posted in Security Blog | Tagged , , , , , , , , , , , , | Comments Off on Stealing Biometrics & Bypassing Authentication

Basic Computer Security

Posted on January 2, 2015 by Carmelo

There’s a lot you can do to protect yourself and your computer from scammers, hackers, and identity thieves. Start by keeping your computer software up-to-date.

1. Install security software:

There is a lot of security software available and most well known computer makers sell computers with trial versions. It is a must nowadays.

There are options in all the above to have the software auto-update itself. Set it up, and forget about it. Make sure you run a scheduled full scan during times when you won’t be using your computer.

2. Treat your financial information like cash

  • When asked for your financial information, such as social security number, bank card numbers, even date of birth! Ask how the information is going to be used and how it will be protected. It should all be justified.

3. Great deals online!

  • Shop at reputable online stores. They can’t always guarantee safety, but they have a reputation to uphold and will usually work with you to make things right. They have higher regulatory controls, are under usual audit scrutiny, have a team dedicated to keeping their computers and servers secured. They will notify you and pay for credit monitoring if a situation occurs that puts your information in jeopardy.
  • Some online stores may have great deals, but be on the lookout for false promises and low security.

4. Don’t provide your personal or financial information unless the website you’re on is secure

https://

If the URL doesn’t start with https, don’t enter your financial information. That S stands for secure. It means the information you’re sending is encrypted…

5. Make your passwords count.

  • They should be at least 10 characters—and a mix of numbers, letters and special characters.
  • Don’t use your name, pet’s names, anyone’s names, birth date or common words.
  • Don’t use the same password for several accounts, as tempting as that may be. If it’s stolen, hackers can use it to access your other accounts.
  • Keep your passwords in a secure place, and don’t share them with anyone.

6. Back up your computer files

Before installing any new software on PCs, learn to create a system restore point, here is a video on how to do it.

 

Did you find this useful? Do you think someone in your family or a friend would find this useful? Please share it with them! Let’s make the Internet more secure starting with them!

Posted in Security Blog | Tagged , , , , , | Comments Off on Basic Computer Security

Publicizing to Facebook

Posted on January 1, 2015 by Carmelo

I believe that in order to make the Internet a safer place, we should spread security awareness.

For some time now, I have blogged about CyberSecurity and Security Awareness. Throughout 2014, I have devoted a lot of time to it and have put together a lot of content. In 2015, I hope to spread the awareness even further through the largest social network in the world, that social network of course, is Facebook, with it’s 1.30 billion users and growing.

Aside from my normal postings of the new hacks and data breaches, I’m going to develop a collection of material that is meant to thoroughly cover basics. I believe that the basics are what most people get complacent about with which will help everybody:

  • Keep a clean machine
  • Protect personal information
  • Educate parents
  • Secure mobile/wearables

I’m very excited about this and hope you can join me and send me some ‘likes’.

Posted in Security Blog | Tagged , , | Comments Off on Publicizing to Facebook

Happy New Year!

Posted on December 31, 2014 by Carmelo

As 2014 sunsets for the final time tonight, and 2015 rises tomorrow, let’s make a joint resolution, resolve to:

  • Educate your employees, customers, friends, and family
  • Create a response plan and practice it.
    • what to do if your Identity is stolen, cards being fraudulently used, systems crash, etc…
  • Improve your passwords
  • Invest in the right technology
  • Keep cybersecurity in your budget
  • Check your vendor vulnerabilities (subscribe to their update newsletters)
  • Secure your mobile apps (remember the Snappening?)
  • Test the security of your system

Become a cyber-security champion and evangelist!
Have a happy new year!!!

champion

Posted in Security Blog | Tagged , , , | Comments Off on Happy New Year!

Carmelo’s Year in Review: 2014

Posted on December 31, 2014 by Carmelo

keep-calm-and-brag-about-it-257x300

I had an amazing year. 2014 was totally great!

Jaime and I were both dressed as “The Punisher” at the Amazing Arizona Comic-con in January

The Punishers

We all went to the Renaissance Festival! I got a sweet top hat!

20140208_130356

I got a sweet new vaporizer ePipe, (to match my top hat!)

I got my CISSP! Achievement Unlocked!

Carmelo, CISSP

I got a sweet Quadcopter as a reward!

20140214_112756

Started a security blog which became a source for work’s Security Awareness

We got to go to the Scottsdale Insurance Company Family Fun Fair

Mmmm cotton candy!

Damien got a part time job at the Stadium

Damien working

I got four teeth removed and my gums cut open and lasered, but now they are super healthy!
(Floss your teeth kids!)

20140411_12411610571495_10152113663846486_1290627732_o

Had a blast in Las Vegas for Pat’s 30th birthday!

20140329_211625

Got my wife some super awesome shoes that gave her an entourage at work.

Jaime's Shoes

Had an amazing (little man/mustache themed) baby shower for Pat/Courtney/Beau!

Pat and Courtney

Took over my work’s Security Awareness Team

CSAAsecawarelogo1

Went to Lake Pleasant with Darla!

Carmelo, Darla, and Jaime

Received a sweet bonus!

Bought a new home computer, it’s a monster tablet!

Steampunk Superman and Steampunk Batwoman at Phoenix Comic-con

Steampunk Batwoman and Steampunk Superman

Steampunk Batwoman and Steampunk Superman

I had become a lead on my team

Treated my mom and family; spent two awesome weeks in Hawaii!

IMG_3062

We met with Nestor, Sunshine, Andrew and Family, and Kevin

Represented my team for RiskyBusiness

We met Rebecca in person!

Carmelo, Rebecca, and Pat

Beau was born!

Beau Edward Walsh

My son, Damien, got his driver’s license

Damien Driving to School

We went to the Arizona State Fair

Damien and Jaime at the State Fair

Sublime with Rome concert! This was Damien’s first concert!

Jaime and I won first place as a couple costume contest for Halloween

20141024_222010

We participated in Zombie Walk 6!

Untitled

I flew to San Francisco just for lunch!

Took over the Information Security Intranet at work

Aiden was born!

Aiden Joseph Thadeus Gumulka

Went to have dinner with Pat/Courtney/Beau, took a wrong turn, ended up with my niece and her family!

Carmelo and Family

Built a Raspberry Pi home server

Raspi-PGB001

Met with Efren, my Marine brother I haven’t seen in 22 years

Carmelo Walsh and Efren Ray

Took my family to ZooLights for Jaime’s Birthday!

IMG_0048

Earned my PCI ISA Certification! Achievement Unlocked!

IMG_0072

Paid for my PCI Professional Certification… Achievement Paid for…

Secured bonuses for my security awareness team!

Got a pricey gift card

Got another bonus (made from 3 combined bonuses)!

We had a HUGE Family Christmas Party

Family photo

And I became a God Parent

lets-make-2015-better-than-2014-whos-with-me-carmelo-726c9

Posted in life | Comments Off on Carmelo’s Year in Review: 2014

Data Breach Cost on the Rise

Posted on December 31, 2014 by Carmelo

Cost_of_a_Data_Breach_on_the_Rise

Posted in Security Blog | Tagged , , , | Comments Off on Data Breach Cost on the Rise