Tag: computer security

Guest Post – Cybersecurity PSA

Credit Ben FrantzDale – CC-BY-SA

Guest Post

From time to time I will be publishing posts from guest authors whose writings I think will interest people. Of course, all opinions and assertions in these posts belong solely to the authors and do not necessarily agree with mine. Please direct your praise and criticism to the author. — rjb

Today’s guest author is Graham Salwell

Before I begin I would like to remind you to check out the free novels and audiobooks while you’re on the Green Comet website.

In the past year alone, 23% of Americans either fell victim to identity theft, phishing scams, and credit card fraud or personally know someone who has. According to the University of Maryland, every 39 seconds, a hacker attacks an unsuspecting victim. That is an excessive amount of people targeted, and the statistics look equally grim for virtually every area in the world.

Image by ItNeverEnds from Pixabay

What can we do about this? We can protect ourselves against these attacks by exercising smart cybersecurity etiquette. Here are some good tips for you to apply moving forward:

• Use protective software for all of your devices

First thing’s first – invest in some good anti-virus software. That goes for your phone and your tablet, as well, not just your computer. Every device that is connected to the internet can be a target, so you don’t want to mess around with this. Thankfully, if you’re cheap, broke, or simply can’t be bothered, there are lots of free trials for anti-virus software, so you can just use those for now. Some of these trials allow you to set up multiple devices, so you may just be able to cover your phone, as well.

• Don’t connect to unsecured Wi-Fi networks

We all love a bit of free Wi-Fi, right? But that sweet, sweet Wi-Fi can be your downfall, if you’re not careful. The great thing about unsecured networks is that anyone can connect without a password. The awful thing about unsecured networks is that anyone can connect without a password. That includes people who are out to steal data from unsuspecting users who don’t know that any sensitive information they send across via this network can be intercepted by third parties. It’s always best to go ahead and ask for a password from a business or institution or travel with your own data, to avoid issues.

• Do not open emails from addresses you don’t recognize

Did you know that a lot of these scams are perpetuated via email? That’s right, the infamous Nigerian prince scam is still kicking. Amazing, isn’t it? To be fair, most of these sketchy emails end up in your Spam folder, where they are easier to avoid. But every once in a while, they make their way through the spam filter and into your inbox. If you see a weird email in there, hover over the sender to see the email address. Does it sound familiar? Do they have a reasonable way they could have gotten your email address? Is the subject something that concerns you directly? If not, you can safely ignore or send it to Spam purgatory.

• Learn how to recognize phishing scams

The reason why these attacks make so many victims is that phishing scams are getting cleverer. They are often disguised as emails from friends, from your bank, or from other institutions that may reasonably contact you. They will usually ask you for sensitive information, such as your bank details, or passwords. They may even require you to click through and sign in again on a fake website that looks exactly like the legitimate one. Remember that legitimate businesses and institutions never ask you for this kind of information over email, especially your bank.

• Look for the signs that a website is legitimate

And speaking of sketchy websites that look legitimate, if you’re ever in doubt, there are ways to verify whether the website you’re on is real or not, and if it’s safe.
First of all, make sure to double-check the URL – is it correct? Is it spelled right? Sometimes, fake sites will have a very similar, but different URL to the legitimate one. Does the site have an active SSL certificate? You can verify that by checking if there’s a lock next to the URL. That indicates that it’s been verified and encrypted. It’s very important that if you have any doubts about the legitimacy of the website, that you don’t use it. Don’t input your details, don’t click on anything. Just click away.

• Set strong passwords

Passwords are still super important for security in 2020. With the sheer amount of cyberattacks taking place every day, there are hackers trying to break into your accounts everywhere. A weak password only makes it easier for them.

Image by TheDigitalWay from Pixabay

A solid, strong password must be at least 7 characters long, and feature a mix of lowercase and uppercase characters, as well as special symbols. That will make it harder to guess or brute force-hack. We have so many online accounts, each with their own password that it’s often tempting to just use incredibly simple passwords that are easy to remember, like birthdays or names. But that’s like offering your information on a platter for hackers to take. At least make them work for it.

• Keep your sensitive information in cloud storage

Proper data storage is a hot topic right now, as data breaches are happening more and more often; and to big companies, too. It obvious we are not doing a good job of storing our data securely, so what’s the best way to do it, in order to make sure that you’re keeping your sensitive info as safe as possible? The best way to do it is to put it up in cloud storage. Yes, there are still some security concerns – mainly related to entrusting a third party to protect your data – but it’s safer than just keeping this information on your computer. Having the info on your device means it can become corrupted if the device breaks down, if it’s stolen, used by someone else, if someone manages to connect to it without your knowledge, or if it becomes infected by malware, spyware, or ransomware.

What’s the bottom line? All in all, cybersecurity is an important – and relevant – topic for all of us. Unless we actively take measures to protect ourselves, we’re all sitting ducks for the hackers who infect our computers and steal our data. Whether it’s setting a better password or becoming more aware of spam emails and fake sites, we can all do a better job of protecting our data.

Graham Salwell

Security Certificate Restored

credit Alvesgaspar – CC-BY-SA


Good news! The missing security certificate has been applied and you need no longer fear visiting the Green Comet website. I scolded them for their lapse and they promised that it would renew automatically next time. No harm done, I hope.

rjb

Connection is not Secure


You might be wondering why Green Comet is reported as an insecure website even though it has gone SSL and has that reassuring “https” up there in the address. (Note the yellow triangle superimposed over the image of the lock.) There is no conflict in those two facts. Green Comet is secure and if you were to use a password to log in it would be encrypted. Your precious data would be hidden from that sneaky man-in-the-middle who apparently goes skulking about the internet stealing that information.


While the Green Comet website is secure, though, some of the links on it might not be. If an image links to an original on an unsecured website, for example. Or if any of the links on the page start with “http” instead of “https.”


Here’s what it looks like when there are no insecure links on the webpage. (Note: these pictures are taken using the Firefox web browser. Other browsers have other ways of indicating whether or not a web page is secure.)

So, do not fear. Your secrets are safe on Green Comet.

rjb

Electronic Election Fraud

Public Domain

Public Domain

In 2004 I published this article in my local newspaper. At that time, not very many people were thinking about the problems that would come with electronic voting. Now the stories are popping up all over the place. Some people are saying that it has already resulted in election fraud, while others are predicting that it will happen in the future. Whatever the truth is, I think that the points I raised then — flaws in the software, security vulnerabilities, lack of independent auditing, fraud — are still important today.

Electronic Voting

In the futile campaign to save paperwork, many political jurisdictions have experimented with electronic voting systems. The attempt to use computers to create a paperless bureaucracy has proven to be futile because computers just make it easier to produce more printed documents than ever. However, voting is one place where it might work. Just think of all the paper boxes full of paper ballots that won’t have to be manufactured for every election.

Unfortunately there are security and accuracy concerns, which are especially important in democratic voting. That will probably mean that the electronic voting machine will be printing paper ballots to confirm voters’ electronic choices. Paper-based confirmation for a paper-free system. What will they think of next?

Public Domain

Public Domain

Wikipedia, the free internet encyclopedia, defines electronic voting as, “. . . any of several means of determining people’s collective intent electronically.” Okay, it means collecting votes through electronic devices such as kiosks, telephones or the internet. Its use in political elections started with lever-operated punch card systems in the 1960s. Those ancient systems are due to be replaced by more modern devices, and none too soon. Experiments have shown up to a 25% failure rate with punch card technology. But not everyone is comfortable with the new systems either.

The new voting machines have the big advantage of making it easier for more people to vote. People with disabilities, for example. But they are also open to malfunctions and fraud. Analyses have shown that these computer systems have many of the same glitches found in other computers. They have flaws in their software that can lead to inaccurate results. Worse, their security vulnerabilities leave them open to corruption.

One common concern is that the makers of the machines refuse to say how they work. They won’t open up the software for independent review. That means voters just have to put their faith in the skill and honesty of the vendors. How confident can they be that their vote will be properly counted while remaining secret?

There are solutions to the problems. Paper ballots can be verified by the voter and then stored in a locked box. The software can be opened up to ensure transparency and confidentiality in the voting procedure. The problems aren’t too big to handle.

Done right, electronic voting will be an improvement despite the potential pitfalls. And even with the backup paper ballots, it should end up saving paper.

Perhaps the most important thing in a democracy is the vote. That is where we get to make our wishes known, and where whatever power we have is exercised. It needs to be free and fair and immune to coercion and corruption. Electronic voting has the potential to help ensure that, but it also has the potential to destroy it. As always, unblinking vigilance is required.

rjb

%d bloggers like this: