CyberheistNews Vol 2, #40
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]
[/caption]
Software That Lies (so you don't have to)
I have been a fan of Mike Elgan for years. He's often able to put his
finger on the sore spot and boy this spot hurts for some people! He
lists a new class of software that tells fibs on your behalf, and
there is more of that stuff than you'd believe. He started with the
example of the 'Fake Follower Check' site, which shows how many
twitter followers aren't real people.
He said: "I've been looking into this phenomenon, and I've been shocked
by what I've found. There is, apparently, a massive lies-for-sale
industry made up of services that either offer tools to help people
lie, or tell lies directly on behalf of their customers." It's what
social engineering is made of.
You can buy Twitter followers by the millions, install iOS and Android
apps that simulate calls to your phone, spoof caller IDs, fake
text messages, change your voice, fake your GPS location and more.
Here is Mike's article, with links to all these sites. One more
reminder to not immediately believe what you see on the screen,
and STOP - LOOK - THINK before you click:
http://www.computerworld.com/s/article/9230803/Software_that_lies_so_you_don_t_have_to_
PS: I decided to buy 1,000 Twitter followers from one of these sites, here is the blog post of how that panned out, and if it was worth it:
http://blog.knowbe4.com/how-i-bought-1000-twitter-followers/
2012 Norton Cybercrime Report Loses $US 278B
Symantec's 2012 report on cybercrime is out: "The yearly Norton Cybercrime
report", a document that analyzes the evolution of cyber criminal
activities and their impact on the society. The report covers different
technologies including social networking and mobile, reporting the impact on
final customers in economic terms. The report involved 13018
participants across 24 countries aged 18-64 and a pool of expert
collaborators.
So much for the PR fluff. Remember that it's in the interest of security
companies in general to make it look as bad as possible, so that they
can scare people into buying their products. But the 'total damage' numbers
seem to be pie in the sky. This year's report said total damages were
US $110 Billion, but in last year's 2011 report they were supposedly
US$ 388 Billion, so suddenly $278B in damages disappeared in 12 months.
Read this report with more than a bit of skepticism, and take the numbers
with a grain of salt (or two). Despite all that, it shows that the bad
guys are not sitting still. Here is the 2012 Symantec slide show as a PDF:
cybercrimeReport/2012_Norton_Cybercrime_Report_Master_FINAL_050912.pdf">http://now-static.norton.com/now/en/pu/images/Promotions/2012/
cybercrimeReport/2012_Norton_Cybercrime_Report_Master_FINAL_050912.pdf
Please Forward This Newsletter To Your Friends
There are 40,000 people getting CyberheistNews every week, but
we need to get the word out to many more, to protect everyone's
network. Please forward this newsletter to people you know, that can
benefit. Here is the link to subscribe:
http://www.knowbe4.com/cyberheist-news/
Quotes of the Week
"I'm not upset that you lied to me, I'm upset that from now on I can't
believe you." - Friedrich Nietzsche
"A lie that is half-truth is the darkest of all lies." - Alfred Tennyson
"Half the lies they tell about me aren't true." - Yogi Berra
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/about-us/cyberheist-news/
NEW: Full Free Preview of the Kevin Mitnick Security Awareness Training!
You May Qualify For A Full Free Preview. You know that your employees
are the weakest link in your organization’s IT security. You are looking
for a high-quality approach that will be effective in protecting your
network against phishing attacks. This free preview gives you access to
the full 30-40 minute training. The preview is free, and after you decide
to sign up, your yearly subscription allows you to both train all employees,
and to schedule simulated phishing attacks to all employees, with tracking
of ‘who clicks when’. Sign Up For Your Free Preview Now:
http://www.knowbe4.com/free-preview-kevin-mitnick-security-awareness-training/
Background RSA Hack: Anatomy Of An Attack.
We unearthed an interesting blog post by RSA's Uri Rivner where they
went into detail on how they were hacked, and what errors were made.
This is actually a very interesting read, that I'd recommend when you
have 10 or 15 minutes. He also added an interesting chart of the steps
these attacks go through. Link here:
http://blogs.rsa.com/rivner/anatomy-of-an-attack/
This is the chart:
http://blogs.rsa.com/wp-content/uploads/APT-chart1.jpg
Black Hat Webcast - Workshop: Attack Tools
"The right tool for the right job." That is the reason Black Hat
created the Arsenal to the USA event, an area in which Free and
OpenSource tool authors could show off their wares. This webcast
features three of the most popular tools and their authors. There
is good stuff here, recommended! Date: Thursday, September 20, 2012
Time: 1:00 pm ET/10:00 am PT • FREE. Duration: 60 min. including Q&A.;
https://www2.gotomeeting.com/register/559096618
Kevin Mitnick Security Awareness Training: End-User Feedback
"Lars, V2 training is going great, our users really like the updated
module. Please find the signed renewal agreement attached. Thank you,"
- Ryon
"I got a lot of good information from the training this morning. I know a
lot of folks who could benefit from this training that are not employees
(wife, kids, church secretary, friends, etc., etc.). So my question, is
it possible to buy viewings of this for non-employees somehow?
Thanks so much!”
“This was a real eye opener. Can I have my wife take this training as well?”
“I need a total scrub down after watching that video – can you say “paranoid”!!”
“Best training we’ve had yet. Hopefully it will make us smarter.”
“I went through this training and it was incredibly helpful to me. Thanks
for taking the time to do this. Is there a way I can provide this to my
children?“
See it for yourself. You may qualify for the full free preview. Sign Up
For Your Free Preview Now:
http://www.knowbe4.com/free-preview-kevin-mitnick-security-awareness-training/
10 Tips For Implementing BYOD Securely
NetworkWorld wrote: "With the Bring Your Own Device (BYOD) movement
quickly becoming an accepted norm, IT needs to better understand how
it impacts all aspects of the corporate network security strategy.
BYOD is another technology trend that moves a company from a position of
risk avoidance to risk management. Where many IT organizations get it
wrong is they focus on only one piece of the puzzle - like the device.
If organizations want to minimize the risks of BYOD, they need to assess
the impact on the network security ecosystem and understand the big and
small weaknesses it creates.
Here are 10 tips for implementing BYOD securely and effectively within
the enterprise, while fostering secure, remote access to business
critical information:
http://www.networkworld.com/article/2159659/tech-primers/10-tips-for-implementing-byod-securely.html
NEW: Full Free Preview of the Kevin Mitnick Security Awareness Training!
You May Qualify For A Full Free Preview. You know that your employees
are the weakest link in your organization’s IT security. You are looking
for a high-quality approach that will be effective in protecting your
network against phishing attacks. This free preview gives you access to
the full 30-40 minute training. The preview is free, and after you decide
to sign up, your yearly subscription allows you to both train all employees,
and to schedule simulated phishing attacks to all employees, with tracking
of ‘who clicks when’. Sign Up For Your Free Preview Now:
http://www.knowbe4.com/free-preview-kevin-mitnick-security-awareness-training/
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
This week's 5 minute vacation: San Diego! America's finest city in Kevin
Falk's time-lapse of San Diego:
http://www.flixxy.com/americas-finest-timelapse.htm
The most amazing sleight of hand by Cyril Takayama. Imagine the years
of practice that go into this...
http://www.flixxy.com/the-most-amazing-sleight-of-hand.htm
New trailer: The Best Hacker Film You Haven't Seen (YET) 'Code 2600':
http://secureworldexpo.com/event/index.php/2012-code-2600-landing-page
DARPA's Cheetah Bolts Past the Competition. This robot does 28 mph!
http://www.youtube.com/watch?v=YqpO58x7vuE
Have you ever thought of how the Earth would look like without the oceans?
http://www.flixxy.com/how-the-earth-would-look-like-without-oceans.htm
Why email was invented. A compilation of pets getting very excited
about the arrival of snail mail:
http://www.flixxy.com/why-e-mail-was-invented.htm
Scottish trials cyclist Danny MacAskill is always pushing the envelope.
This time he takes his bike for a ride on the streets of San Francisco:
http://www.flixxy.com/danny-macaskill-vs-san-francisco-hd.htm
Yellow-billed ducklings in Southern Africa are very fortunate, because
their mother is a very clever actress:
http://www.flixxy.com/mother-duck-vs-hyena.htm
Wang Jian from Jiangsu province, China, had a dream to own a Lamborghini
Reventon. So he built one out of iron and parts from an old van:
http://www.flixxy.com/chinese-man-creates-own-lamborghini.htm
Advanced sailing boat breaks speed record In San Francisco Bay:
http://www.flixxy.com/advanced-sailing-boat-breaks-speed-record-in-san-francisco-bay.htm
