cybersecurity – Crazy Adventures in Cyber Security

Halloween Special: The Perils of Living in a Wireless World

c3a9858fea258f9a5eb36db82c94a45d--halloween-painting-halloween-art

Everyone loves wireless. It’s a liberating technology that’s allowed us to do anything pretty much anywhere. But data flying through the air comes with additional vulnerabilities.

Considering how ubiquitous Wi-Fi is, it surprising how little most of us know about it. Here are a few random factoids to get us started. And some of them are decidedly spooky.

Spooky Fact 1 – folks talk about wireless speed in terms of bits per second – so how many zeros and ones can fly through the air. This is known as maximum data capacity & you typically see it so written as 54 Megabits per second etc. That’s cool right?

But, like a mysterious ghost story – just over half of this speed vanishes into the misty night when using Wi-Fi. What you’re left with is zombie-like throughput. That’s a scary factoid – even before any nasties attack your wireless network, you only get around half of the speed you think. The causes of this are, in no order, ghosts hiding in your router, all the bits of information added to your data to help it find its way & the fact this devilish ‘overhead’ increases the further you away from the safely of your router….well, two of these are true anyway….

Spooky Fact 2 – by adding monster names to the follow list – you can see 3 terrifying areas of danger – not just on wireless but being on wireless is the equivalent of adding scary music & this making it even scarier.

Devilish Physical Hardware – Dracula could easily hypnotise you then steal your device. Got a password – an easy to remember one, probably take the Prince of Darkness a few hours to crack it. (So, think the obvious physical security, keeping your devices safe plus a kick-ass password.)
Ghastly Software – Frankenstein isn’t as stupid as he looks. He could use loopholes in programs to do bad stuff. (This monster doesn’t like patches & updates. Get anti-virus software, keep everything updated & you can loosen this monster’s bolts.)
Deadly Data – Zombies could easily nick your data in transit, feasting on it as it flies through the air. (Mmm…trickier – just how do you protect data in the air? Fly spray? Read on for details….)

Spooky Fact 3 – Holy Water (WPA2) – You might recognise WPA2 from when you’ve been fiddling with your wireless router. It is a stallion of an encryption protocol with few known weaknesses at the moment. Most routers are now set default to WPA2 but it’s wise to check. Having WPA2 encryption is like having Van Diesel turning up to your wireless horror movie – fully ‘tooled up’. And he’s going help you kick a lot of ass. Does that mix enough metaphors for you?

d849484ece47ad16ca1f16881507ae08--halloween-clipart-free-halloween-bats

Right, sick of Halloween-type banter?

OK – here are 3 processes to set up. Get this right, along with all the other advice around patching, passwords & crucifixes & you’re be as secure as you can be.

Set the right security protocol – remember WPA2 on your router – probably already set – it’s like holy water…
Securing access – do some research & find out how to control access to your wireless access point. Might be something I look at in a future blog but check it out – you’ll come across something called MAC addresses (not your ancestral home in Scotland.)
Default passwords – routers come with those tricky passwords – something like E83HHG3g21 – remember typing that is for access. For public area free Wi-Fi, you get stuff like ‘cafepassword’. This can be changed & you should do it. Again, do a bit of research. I’ll try to cover it in future blogs.

Finally, remember, just like any decent horror movie. When that nice calm bit comes at the end, you’re never 100% sure it’s over. Could the axe murderer still be alive? Could he burst through the window at any time? The truth is no medium (not the crystal ball kind) wired or wireless is 100% safe.

And, wireless still has greater risks. For example, I went into a Costa Coffee the other day & logged onto their ‘free Wi-Fi’. The password was on the front desk – anyone can use that. Blimey I’m scaring myself now so I’m going to check my stuff….stay safe out there in wireless monster land….

Free-halloween-halloween-clip-art-black-and-white-free-clipart

7 Odd things in cyber security

Here are some of my early observations as a noob on the wacky world of cyber security.

(1) It’s complex. Lordy is it complex. No one really seems to understand it. We don’t even really grasp the scope of the risks. That explains why even our hospitals are vulnerable to relatively simple cyber-attacks. That should worry us shouldn’t it? If all the PhD’s in the industry don’t get it, what chance do we have? To paraphrase Whoopi Goldberg in Ghost :-

tumblr_mkwuxusXbm1qbshgko4_250

(2) We’re told North Korea is a backward nation, cut off from the world & isolated from everyone. Yeah – even if they are, they still managed to (digitally) pull the pants down on businesses & organisation across the world. What does this teach us? Well, we are told that cyber-crime is a relatively easy game. That’s not good. Also, it gives an amazing new avenue for any Bond villains redundant since the Cold War.

(3) I went to a cyber security event last week. I came away with a stack of brochures. And some branded socks. For some reason, everyone was giving away branded socks. One of the big messages was that there’s a skill shortage. The industry goes on & on about this one. Metaphorically, they’re hammering pieces of wood over the windows and locking the doors, they’re so short of qualified people. And yet, as a noob, there are multiple qualification & accreditation paths & little in the way of a structured route into the professional for career changers. Basically, it stinks of professionals that have a vested interested in keeping the pool of qualified talent limited. The only real growth is in people to write more articles about how short the industry is of qualified professionals.

DSCF6221 — Training Materials from the 1980s. Step 1 – Call the Ministry

(4) A snotty but smart teenager who spends a lot of time in his bedroom can bring the FBI & the US Army to its knees. Seriously, if these guys can’t defend their digital baggage then why bother renewing that McAfee subscription. (Seriously though, do keep your virus protection updated. It does do something, apparently.)

(5) No one cares about data until it goes where it shouldn’t. Edward Snowdon taught us this. Of course, a few people worry about it. But, most of us need a saline drip just to stay alive in any data protection training. It’s just below going to the dentist on everyone’s ‘what I don’t want to be doing’ list.

(6) There are lots of different aspects to cyber security. I learnt this from a brochure. There’s the network stuff – that’s all I really knew about. There’s the software angle. Even the people angle. Who would have thought it? I met the National Cyber Security crew from MI5 at the conference. Their ethos is ‘a pratt with a USB stick is just as dangerous as a Russian hacker with a bit coin account.

(7) Finally, block chain is nothing to do with plumbing. I read an article on it but still do not understand entirely what it is. I know it’s good to drop into conversation if you work in tech circles. You should also try Gamification. That’s another good one. Block chain is a buzzword. We should really find out what it is.

If in doubt – What the F*&* is Blockchain?

An adventure begins…

This isn’t my first blog. I’ve got a trail of graveyard blogs behind me. From zombies to deserts. Now a new blog – cyber security.

This blog is going to be a weird look into the world of cyber security. Weird because I’m no expert. I’m learning on the job. Just like the rest of the world.

There are lots of very clever people in the cyber security industry. Some of whom I’ve met and will hopefully appear on the blog from time to time. Like 007 in binary form – the heroes and heroines of a secret war.

Weird because I hope that it will have a broader appeal that just a review of the latest technical jargon. Cyber security should be in the public domain. My first prediction is that they’ll soon start calling is something different. Like Cyber Welfare or Digital Health or something no one has thought up yet.

I hope, in time, we’ll have some technical experts on to help us understand what in the hell’s going on in cyberspace.

So that’s it. A new blog on cyber security. A subject guaranteed to turn folks off. Let’s try and make it a bit more…spicy….