Forum Cyber Security News-n-Stuff - Page 3 - Honda CRZ Forum: Honda CR-Z Hybrid Car Forums
Reply
 
LinkBack Thread Tools Display Modes
post #21 of 43 (permalink) Old 09-08-2013, 03:29 PM Thread Starter
Capt'n Jack
 
Scotty001's Avatar
 
Join Date: Sep 2010
Location: Pacific North West (Puget Sound)
Posts: 9,417
Garage
I've see a couple of post associated with publicly posting phone numbers here on the forum without any kind of obfuscation.

In today's IT and Security environment to include releasing Personally Identifiable Information aka PII into the public domain, this is not a good idea. Please remember there may be only a 50-100 members actively posting at any given time, there are over 2000 people viewing and searching the forum. As of a few tics ago, the count was 2026 viewers and I have seen it go as high as 5-10K on week days..

The best way is just to have other members PM for information on your PII. If anyone feels the need to publicly post "PERSONAL" contact information such as a phone number, then I recommend to do it something like this "Nine 3 Zero 555- five 5 five 5" etc.. One of those 2k or so "live" viewers will still be able to take it if they want, but any bots or associated auto search/collect programs that continuously log public provided information will not so easily be able to identify it.

I or the moderators will not be deleting anything someone puts up that has their PII. Up to each member to assess their own risk. The forum has no liability in this matter..


Click on the Capt'n Jack's Place signature link for a video. WARNING .. Rated PG-NSFW..
CVT Fully Loaded EX//NAVI//Eibach Pro Springs//H&R
20mm Rear Spacers//
Honda 17" OEM//
P2R
Down Pipe//K&N Typhoon SRI//32 Diamond Quartz Tint//Clazzio Black-Red Insert & Stitching//
iJDMToy interal&External LEDs//T1R Side Mirrors//Remus USDM Catback Center Exhaust//
Scotty001 is offline  
Sponsored Links
Advertisement
 
post #22 of 43 (permalink) Old 09-08-2013, 10:52 PM Thread Starter
Capt'n Jack
 
Scotty001's Avatar
 
Join Date: Sep 2010
Location: Pacific North West (Puget Sound)
Posts: 9,417
Garage
Quote:
Originally Posted by OneFitZ View Post
Easy with all that about the young people . I'm the youngest in my office and I get stuck with cleaning up the computers of the people 10+ years older than me.

But yeah, it's amazing how badly some people can screw up a computer. Last one I did was covered in grease and managed to have 2 root kits, the FBI ransomware, and a handful of trojans/general malware.. Only took about 4 days to get it cleaned up. Needless to say the user of that machine is no longer with us even though it's not for reasons related to her computer..
Yea, for those working in the IT arena.. A few things one can do if corporate will pay for it..

1) SNORT (or other commercially available) IDS/IPS sitting off the outer router which hopefully also has a IP block list and one has a qualified individual who can create SNORT or other IDS/IPS signatures on the fly based on current threats. To include internal computers phoning home so to speak.. This is also presuming one has a DMZ which is between the firewall and Outer Router.. (where the external DNS, Web and other publicly accessible information is)
2) DNS Black Hole list..
3) An IP block list
5) Then a full application layer (deep packet inspection) Firewall with someone who can monitor and decipher anomalies..
6) And then a inner router (with another SNORT or other IDS)..
7) And then other IDS tactically located at core switches/routers the provide services to different buildings or locations..

This is a short list.. And just the basics.. But kinda get the jest..

The most important thing is to ensure someone is not only able to spend the time to research vulnerabilities but also to create definitions and is able to monitor..

Also, important to utilize public provided System Technical Implementation Guides provided at STIGs Master List (A to Z) Note: not all are publicly accessible but most are and for those in the business can use those to help secure their networks.

And to use a product like this to ensure all systems are patched and provide a certain amout of continuous monitoring..

ACAS

Or Vulnerability Management - Assessment - Endpoint Protection - IT Security Software | eEye Digital Security

This information is open source and there are are other options out there.. Bottom line, with a properly tuned IDS/IPS, vulnerability/patch management program, and a full time human(s) watching it.. (although not perfect), does a pretty good job of mitigation..

But, to be truthful in Computer Network Defense (CND), the other guys or if you wish the bad guys keep on attacking and only have to get it right once whereas the CND peeps have to be accurate 100% of the time.. That is not happening.. No one gets it right 100% of the time.. They (the other guys and state sponsored actors) are out there and Stealing your and mine, personal, corporate, government, and military proprietary information..

Phishing and other attack vectors - another story.. LOL..

Not to be paranoid or anything, but situational awareness can be your friend to include just personal use of the net..



Click on the Capt'n Jack's Place signature link for a video. WARNING .. Rated PG-NSFW..
CVT Fully Loaded EX//NAVI//Eibach Pro Springs//H&R
20mm Rear Spacers//
Honda 17" OEM//
P2R
Down Pipe//K&N Typhoon SRI//32 Diamond Quartz Tint//Clazzio Black-Red Insert & Stitching//
iJDMToy interal&External LEDs//T1R Side Mirrors//Remus USDM Catback Center Exhaust//
Scotty001 is offline  
post #23 of 43 (permalink) Old 02-24-2014, 08:33 AM
Super Duper Member
 
Ludercrz's Avatar
 
Join Date: Dec 2010
Location: Ottawa, Ont. Canada
Posts: 2,554
Garage
Pretty big Vulnerability for Apple Devices using Wifi.

A "Hacker" could potentially identify itself through wifi connection as being the website Facebook or Google and the Device would say "OK" and give them a bunch of personal information from the Device to identify itself (name, passwords, etc...)

Major Apple security flaw: Patch issued, users open to MITM attacks | ZDNet


Solution: Upgrade to iOS 7.0.6 OR Disable Wifi on your Apple Device if you don't use it.

Ludercrz is offline  
 
post #24 of 43 (permalink) Old 02-24-2014, 12:58 PM
CR-Z Forum Librarian
 
CR-Z Canadian's Avatar
 
Join Date: Mar 2011
Posts: 6,864
Quote:
Originally Posted by Ludercrz View Post
Pretty big Vulnerability for Apple Devices using Wifi.

A "Hacker" could potentially identify itself through wifi connection as being the website Facebook or Google and the Device would say "OK" and give them a bunch of personal information from the Device to identify itself (name, passwords, etc...)

Major Apple security flaw: Patch issued, users open to MITM attacks | ZDNet


Solution: Upgrade to iOS 7.0.6 OR Disable Wifi on your Apple Device if you don't use it.
Excellent info, Luder!
Without Apple bashing, which I am doing in my own mind right now, I can add one bit of info. Anyone not on 7.0.5 now, if you update AND have a computer on your desktop running OS-X latest version, you will no longer be able to plug your mobile device into the desktop and sync contacts, music, email, etc. That now has to be done via the cloud. So, you still trust Apple to handle that, after this vulnerability is exposed???
If the desktop is not updated, you can still sync with iOS7.0.5 (presumably .0.6 as well), but once they have the update available for OS-X, you're gonna want to install that as well!

Eco Stig
SOME SAY, that when he gets into his car, he plugs the IMA cable into his left ear but no one can tell who is charging whom!
CR-Z Canadian is online now  
post #25 of 43 (permalink) Old 02-24-2014, 07:21 PM
Elite Member
 
WendyH's Avatar
 
Join Date: Aug 2013
Location: Twin Cities, Minnesota, USA
Posts: 857
I updated yesterday when I heard about this. At least there was a patch available right away. I do have to say that anyone using unsecured public wifi ever is asking for trouble. My phone is allowed to use our home system or the secure one at my university. Otherwise it doesn't even look.

I've been Apple's bitch since 1985, but I'll agree their proprietary paranoia gets old. No flash? C,mon! And the new system made it impossible to play avi or mkv files until I downloaded a different player. Our desktop machine is still on snow leopard until they fix every weirdness with mavericks.

Wendy
2013 CVT EX in NSBP. Silver decals on sides and hood, blue LEDs, Clazzio seat covers in black with blue inserts, custom blue door fabric.
WendyH is offline  
post #26 of 43 (permalink) Old 03-01-2014, 09:49 PM
Super Duper Member
 
Ludercrz's Avatar
 
Join Date: Dec 2010
Location: Ottawa, Ont. Canada
Posts: 2,554
Garage
^ ya alot of people have their wifi on constantly so it always looks for connections. you could be connected to a public wifi and not even know it.

what i like about my samsung galaxy S3 is that it uses LTE when the phone is idle and only after I unlock the phone it tries to connect to a wifi. and it disconnects any wifi when lock it.

Ludercrz is offline  
post #27 of 43 (permalink) Old 04-09-2014, 04:27 PM
Super Duper Member
 
Ludercrz's Avatar
 
Join Date: Dec 2010
Location: Ottawa, Ont. Canada
Posts: 2,554
Garage
Scotty, Have you guys been running around like crazy with this new SSL HeartBleed vulnerability?

seems like it's all that's being talked about today at my job.

http://www.theepochtimes.com/n3/6091...cards-at-risk/

Ludercrz is offline  
post #28 of 43 (permalink) Old 04-09-2014, 07:29 PM Thread Starter
Capt'n Jack
 
Scotty001's Avatar
 
Join Date: Sep 2010
Location: Pacific North West (Puget Sound)
Posts: 9,417
Garage
Quote:
Originally Posted by Ludercrz View Post
Scotty, Have you guys been running around like crazy with this new SSL HeartBleed vulnerability?

seems like it's all that's being talked about today at my job.

'Heart Bleed' Bug Imperils Web Encryption; Passwords, Credit Card Numbers at Risk
Yep - major issue - Updated all 6 SNORT boxes and 3 Intrushield boxes.. Set up alerts etc etc.. and got someone dedicated to watching alerts and traffic..


Click on the Capt'n Jack's Place signature link for a video. WARNING .. Rated PG-NSFW..
CVT Fully Loaded EX//NAVI//Eibach Pro Springs//H&R
20mm Rear Spacers//
Honda 17" OEM//
P2R
Down Pipe//K&N Typhoon SRI//32 Diamond Quartz Tint//Clazzio Black-Red Insert & Stitching//
iJDMToy interal&External LEDs//T1R Side Mirrors//Remus USDM Catback Center Exhaust//
Scotty001 is offline  
post #29 of 43 (permalink) Old 04-10-2014, 09:59 AM
Super Duper Member
 
Ludercrz's Avatar
 
Join Date: Dec 2010
Location: Ottawa, Ont. Canada
Posts: 2,554
Garage
ya we're using multiple different IDS/IPS technologies so updating them all was fun >_>

Ludercrz is offline  
post #30 of 43 (permalink) Old 05-21-2014, 05:48 PM
CR-Z Forum Librarian
 
CR-Z Canadian's Avatar
 
Join Date: Mar 2011
Posts: 6,864
So, from the problems of IT managers, back to the real world ...
I hear that ebay was hacked a couple of months ago, and they admit to a significant number of accounts having been involved in the data breach.
Since we've all bought mods there, LOL, do we need to worry?
Besides the usual " change your password" advice (and, oh yes, be sure your PayPal password isn't the same as for ebay!), and thoughts?
(or has anyone already found out they bought something they neither bid on, nor received?)

EDIT: apparently, hackers got in by compromising the access credentials of a small number of ebay employees.

Eco Stig
SOME SAY, that when he gets into his car, he plugs the IMA cable into his left ear but no one can tell who is charging whom!
CR-Z Canadian is online now  
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the Honda CRZ Forum: Honda CR-Z Hybrid Car Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in









Human Verification

In order to verify that you are a human and not a spam bot, please enter the answer into the following box below based on the instructions contained in the graphic.



Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome