Title: Scary Security Stories be aware, beware Who Are You
1Scary Security Stories be aware, bewareWho Are
You ?
Jay Ferron ADMT, CISM, CISSP, MCDBA, MCSE, MCT,
NSA-IAM
2Questions
- Use the Internet?
- Use on-line banking, pay bills on-line?
- Have kids using the internet?
- Know anyone who has been a target?
- Think you have already been a target?
- Does your computer seem possessed?
3Agenda
- What Information are the bad guys after
- What bad things can happen to you
- How they get your information
- How to prevent becoming a victim
- How to recognize if your information has been
stolen - What to do if you are a victim
4What are they looking for?
- Social Security Number
- Mothers maiden name
- Birth date
- Billing Addresses
- Email Addresses
- Account Numbers
- Passwords
5How is your information abused
- Physical (offline) theft used for
- New Account Fraud
- Check Forgery
- Information stolen on-line used for
- Unauthorized checking account transfers
- Stolen credit card purchases
- Illegal credit card advances
- Acquiring other services in your name
- Cyberstalking and Cyberharassment
6How they get Your Information
- Stealing your mail and dumpster diving
- Phishing
- Internet scams
- Spyware
- Public Computers and Networks
- Inadequate computer security
- You actually give it them
7Stealing your mail and Dumpster Diving
- Get a shredder
- Use a post office box
- Pay attention to missing mail
- DUMPSTER.MOV
8Oracle chief defends Microsoft snooping
- By Wylie Wong
- Staff Writer, CNET News.com
- June 28, 2000, 310 PM PT
- Oracle chief executive Larry Ellison today
defended his company's decision to hire
detectives to investigate two research groups
that supported Microsoft during the antitrust
trial. - Oracle hired Investigative Group International to
probe two research organizations, the
Independence Institute and the National Taxpayers
Union. The company sought to verify links between
Microsoft and the organizations during its
antitrust trial--and even tried to buy trash from
another research group with close ties to
Microsoft. - Oracle told Bloomberg News today it discovered
that the two organizations were misrepresenting
themselves as independent advocacy groups when
they were in fact funded by Microsoft. Oracle
said the company hired the detective agency
because the organizations were releasing studies
supporting Microsoft during the antitrust trial.
The financial ties between the organizations were
reported by The Wall Street Journal and The
Washington Post.
9Phishing
- Rapidly spreading
- Victims are more prone to fraud
10- Phishing
- Sample E-mail Below is a sample of a fraudulent
e-mail that's been sent to Citibank customers. It
purports to be from Citibank, but it is not. Its
intent is to get you to enter sensitive
information about your account and to then use
this information to commit fraud.
11Internet scams
12Spyware and Adware
- Gets in through kids down loading games, music
off the Web. - Keyboard loggers
13Public Computers Networks
- Kiosks
- Wireless Hot spots
14Inadequate Computer Security
- Worms and viruses
- Does your computer seem possessed?
15Fizzer Worm Is on the Move
- The Fizzer worm continued to spread rapidly late
Monday afternoon as anti-virus experts raced to
analyze the code of what they called one of the
more complex worms in recent memory. - The worm is 200kB of code spaghetti, containing
backdoors, code droppers, attack agents, key
loggers and even a small Web server. Fizzer
includes an IRC bot that attempts to connect to a
number of different IRC servers and, once it
establishes a connection, listens passively for
further instructions. - The keystroke logger records every typed letter
and saves the log in an encrypted file on the
infected machine. If the infected PC has the
Kazaa file-sharing program installed, Fizzer also
has the ability to find the default download
location for Kazaa files and copy itself to that
folder.
16Social Engineering
- EULAs
- Dont disclose any personal information
- Passwords
- Your mothers maiden name
17How to Know if youre in Trouble
- Review your statements within the your accounts
dispute period. - Periodically check your credit report through a
Credit Bureaus such as Equifax, Experian,
TransUnion - You get a call from a collection agent
18What to do if You Are a Victim
- Contact all of your banking, credit card,
mortgage, etc. - Contact the police
- Report it to the Federal Trade Commission
- Prepare an ID Theft Affidavit and Fraudulent
Account Statement
19How to Protect Yourself
- Two additional Brown Bag Sessions
- Securing Your Home Computer
- Configuring Your Home Network
- Wipe out the hard drive when disposing of
computers - Active KillDisk (Free)
- WipeDisk
- BCwipe
20Questions