So many columnists have written about security breaches this year and last; the cat and mouse game seems to have favored the cat more than the mouse recently.
With major attacks against Google and the distributed denial of service (DDoS) attacks against Amazon and PayPal last year, plus major attacks against security vendors and now the most prominent organizations in the open source community - kernel.org, linux.com, and linuxfoundation.org. These most recent attacks were apparently not as targeted at stealing certain information. Because of this, and the sloppiness of the attackers, the breaches were discovered and fixed.
This is indicative to us general users that we need to understand how many layers of components are involved in our daily computing tasks. Every layer is susceptible to various kinds of attacks, and we need to understand how each layer is related to the others in order to knowledgeably protect ourselves. It often comes down to the password being irrelevant, due to weaknesses present in various system software that can gain access without it, so we need to keep a close watch on the vendors of the various software we run, securely obtain updates to the software, and ensure that they are always working as expected. We can also be easily misled by carefully-constructed social engineering attacks that, while not targeted at individual persons, do expose individual persons' information, in various forms, to parties with eventual malicious intent.
Social engineering is a method of using existing social relationships and perceptions to glean information that would not simply be given out otherwise. An email claiming to be from your bank or other service provider asking for your credentials in order to repair your account is an obvious breach of your trust; you should instead use your own means to contact your bank and verify the integrity of your account. Links provided in emails that allegedly take you directly to certain information within your account (but which will require you to log in) should immediately be suspect. Instead, visit the homepage of the site, access your account (preferably logging in via https), and then locate the information mentioned in the email notification. The US-CERT (US Computer Emergency Readiness Team) publishes frequently on safe behavior in cyberspace, and it is important that not only IT professionals and those responsible for big businesses or critical infrastructure, but also individual consumers observe these safe practices.
Be safe!
Registered Linux User #370740 (http://linuxcounter.net)
1 comment:
Nice post about Blogger: Penguins 'R' Us - Post a Comment. I am very impressed with the time and effort you have put into writing this story. I will give you a link on my social media blog. All the best!
Post a Comment