Tag Archives: Bruce Schneier

Schneier on Security: National Cybersecurity Awareness Month

For National Cybersecurity Awareness Month, Bruce Schneier asked his readers for more exciting tips than what DHS has posted.  Some commenters went all out:

National Cybersecurity Awareness Month activity-a-day calendar

Day 1. google your own name

Day 2. google all your email addresses

Day 3. google all your telephone numbers

Day 4. google map your residence. Also check streetview. When did they take those pictures?

Day 5. Make a list of all your on-line accounts

Day 6. List the passwords for your accounts. How many accounts share the same password?

Day 7. Find your browser cache. Take a look. See what is there.

Day 8. Find out how to clear your browser history/cache/cookies

Day 9. Find all the cookies on your web browser. How many of the domain names do you recognize?

Day 10. Clear all the cookies on your web browser. Check back every day. How long does it take for them to return?

Day 11. Set your browser to refuse all cookies. Try to browse the web.

Day 12. Find the license or terms of use for your favorite program/service. Read them.

Day 13. Pick an account or service that you no longer use/need. Try to close/delete/eradicate it.

Day 14. Lower your attack profile. Pick a high-profile app (IE/Outlook/Acrobat/etc..) and switch to a lower-profile equivalent (FF/Thunderbird/Foxit/etc…)

Day 15. Find the number of people killed each year by computers. Compare with the number killed by automobiles.

Day 16. Locate all the executable programs on your computer.

Day 17. List all the vendors that those programs came from.

Day 18. List all the countries that those programs came from.

Day 19. Find a work that isn’t under copyright. Copy it.

Day 20. Enter a bill into wheresgeorge.com. Release it into the wild and track it on-line.

Day 21. Create an email address somewhere. Never use it. See how much SPAM it accumulates.

Day 22. Do a tracepath to your favorite site or service. How many machines get their hands on your data between here and there?

Day 23. Connect a machine with a common OS to the internet. Measure mean time to compromise.

Day 24. Run crack against all your encrypted passwords

Day 25. Run a port scan on your own IP address

Day 26. Do a security audit of your own computer

Day 27. Walk a tablet/netbook/PDA around your wireless access point and map its range

Day 28. Go wardriving with a friend. How many wireless access points can you find? How many are unsecured?

Day 29. Scavenge some drives from the $5 bin at your local computer surplus store. Plug them in. See what is on them.

Day 30. Read Ken Thompson–Reflections on Trusting Trust. Do you understand the attack? Do you care?

Day 31. (Halloween) Create an on-line identity that isn’t publicly tied to your real name. Masquerade on-line in that persona.

via Schneier on Security: National Cybersecurity Awareness Month.

Schneier on Security: The Era of “Steal Everything”

From the Protect Your Personal Information Department:

“We’re moving into an era of ‘steal everything’,” said David Emm, a senior security researcher for Kaspersky Labs.

He believes that cyber criminals are now no longer just targeting banks or retailers in the search for financial details, but instead going after social and other networks which encourage the sharing of vast amounts of personal information.

As both data storage and data processing becomes cheaper, more and more data is collected and stored. An unanticipated effect of this is that more and more data can be stolen and used. As the article says, data minimization is the most effective security tool against this sort of thing. But — of course — it’s not in the database owner’s interest to limit the data it collects; it’s in the interests of those whom the data is about.

via Schneier on Security: The Era of “Steal Everything”.