Many of us have fallen into a cyber scam for one reason or another. Its either that pop up that came up to tell you your computer was infected or that website you thought was real. It was all a scam no matter how you look at it. Although cyber security can protect a company from people from the outside it cannot protect the naive on the inside. Any person is susceptible to these kind of scams. Lets give a "WOO" to phishing scams. Phishing scams work on the basis that a person is too lazy to check if the URL of a website if the actual websites URL or the dummy websites URL. It tricks you into thinking thats your on the real website and when you input your information, say "bye bye". To your information it is now compromised and everything you have is now public knowledge. Another type of scams that some people may use is the pop up scam where a pop up from the INTERNET tell you that you have a virus, the pop up tricks you into buying or installing an quote on quote "Anti Virus". But when its installed in your computer your computer will malfunction your information will be compromised and at some point the virus might even try to take over your computer when your doing important stuff. This is a flaw in cybersecurity in general because it allows people with domain names almost like your to trick people into putting the trust into them while it is the persons fault for not being able to notice the small change in the URL. These are just 2 of the most common scams that happen on the internet. Some of them may be known but are rare because not many people fall for them or people haven't
noticed them as scams.
Image Source: http://www.maricopa.gov/technology/security/citizen.aspx
Cyber Security- A means to an End
A blog all about security on the internet.
Monday, March 2, 2015
Thursday, February 26, 2015
Careers In Cybersecurity
Within the realm of cyber security there are many jobs one can specialize in. Cybersecurity allows computer science students to look into branches of security. There are many jobs offered by many companies because when an organization grows the information it needs to keep safe needs to be protected and thats when people specializing in cybersecurity come in. These are just a few of the popular careers one may go in to in wanting to go into cyber security. You can become a : Computer Crime Investigator, Cryptanalyst, Cryptographer, Security Analyst, Security Architect, and web penetration tester;. There are many more jobs within cyber security but they aren't as exclusive as these popular ones. A computer crime investigator is a person who has knowledge in tracing specific things on the internet or on a computer, they are the people who do tracking for the FBI, they find the culprits who launch cyber attacks against governments usually. A cryptographer creates new and innovative ways of encrypting information, while a cryptanalyst tries to decrypt the kind of encrypting a person has used. A security analyst is a person who keeps watch over the organizations internal websites and servers to make sure there is no intrusion, and they have the skills and abilities to find solutions to security problems. Lastly a web penetration tester, uses a stressor, which is a program used to find loopholes in websites, they use this stresser to find problems and indicate to the organization/government that they might have a problem on there hands. All of these jobs require that the person be available and flexible at anytime a cyber attack occurs.
For more information about careers in cybersecurity goto http://niccs.us-cert.gov
Wednesday, February 25, 2015
Whistle...Whistle...Whistleblower ~Edward Snowden!
A picture of Edward Snowden, Internet Activist and American Hero |
Tuesday, February 24, 2015
Cybersecurity Compromised due to the SSH Heartbleed Bug
Previously I talked about how HTTPS was always secure and how it would never be compromised ever. The SSH heartbleed bug allows people who are attacking a server to get permission and access to all files without leaving any trace behind. This practice basically allows people to extract important information from peoples emails, websites, and networks. The Heartbleed bug is an internal bug of the system, it is a basic programming error which enables leakage of memory. This bug allowed 1000's of private keys of different websites being leaked therefore giving people access to how there data is sent and what the data is without them really hacking anything. They are given permission to intercept and decrypt because they have the sender's private key. This bug infected a large amount of small businesses that used openSSL to secure their information and emails. A survey showed that openSSL was used by over 60% of the businesses to encrypt their corporate data.Although the bug was fixed and a new version of openSSL was released, this was one of the biggest unintentional data leaks in the world. Thanks to modern programming the bug was fixed before the bug became a large scale data leak. For more technical information please goto: http://heartbleed.com/
Monday, February 23, 2015
HTTPS: A secure communications protocol
HTTPS stands for Hyper Text Transfer protocol Secure. |
When sending information over the web a HTTPS takes the information and starts encoding it so that it can be safely sent to a destination IP/server. The information is sent in a certificate format once the certificate is sent it has a need for a public key which the sending computer has, once the server obtains the certificate the browser send a temporary or a short term public key which the server can use to encrypt and decrpt data that is being sent and received between the server and browser.
There is really only one pro for this method of information exchange, the encryption prevents the editing of information, and it prevents people from looking at what data is being sent across the networks. There aren't any cons of HTTPS, because it provides encrption, and it makes sure that no one has your private key which is used to decrypt data. Public is for other people while private is for your own leisure.
Sunday, February 22, 2015
Canada's Cyber Security Strategy Plan 2010-2015
For more Information please goto publicsafety.gc.ca |
Friday, February 20, 2015
Popular Cyber Attacks: DDOS
DDOS stands for a direct denial of service, this is a cyber attack that lets the attacker take control of ghost computers that send information over the internet to a specific website/network.The network becomes overwhelmed with packets and becomes unable to transmit informations, so a arequest cannot be sent, but the network can still receive information. This is the most common type of cyber attack because it stops all services from being used on that network. Companies like sony and paypal have been the recipients of these attacks due to there involvement in politics or technological limitations. Groups such as anonymous have been the perpetrators of these attacks because they feel that corporate greed has gone too far, and they are too "cozy" with the government and the amount of data collection. Many people agree with anonymous's stance, but it stops many people from accessing a service that they require in their daily life. Some people may say that the government does not partake in cyber attacks, but the government has been accused recently for bringing the north korean internet down. Unlike other cyber attacks, a DDOS attack is unable to be stopped because the amount of information sent over the network is traceable but it is not legally able to be used since many people do not know if there computers are ghost computers. A group of ghost computers are called a collective bot net that id good for only sending information across the internet.
Picture of attacks currently happening! |
To see real time DDOS Attacks, Goto http://map.ipviking.com/
Thursday, February 19, 2015
What is Cybersecurity?
For starters there is actually a governing body which allows companies and organizations to protect themselves. This is all within reasonable accord so that a company cannot directly attack another organizations techniques. This governing body provide guidelines that all organizations must follow in order to protect themselves from cyber attacks. Although many companies have dumped millions of dollars trying to protect themselves from attacks it is was not possible for them to protect themselves from all contingencies. Cyber attacks are hard to trace because most instigators use virtual private networks or proxy servers. You might be asking yourself "what the hell is that!", theses terms are just fancy terms for saying your masking yourself from being traced, they are basically changing there locations/IP addresses so that if they are traced it will not show their real location, but a dummy location.
From DataBreachInsurance.com |
For more information about the
Cybersecuirty Standards please click here!
Wednesday, February 18, 2015
Virtual Private Networks make you untraceable!
Graphic Illustration of how a VPN works. |
Tuesday, February 17, 2015
Who I am & the purpose of the blog!
Hello ladies and gentlemen, my name is Shahzeb Ishfaq I am currently a student at the University of Windsor. I am currently enrolled in the Bachelor of Business Administration program, I am planning to major in Accounting while minoring in Finance. I chose to come to the university of Windsor because I was given an option to go into the co op option with my program, without second guessing myself I took the option and enrolled in uWindsor!
Image from: http://www.nationalcybersecurityinstitute.org/ |
Subscribe to:
Posts (Atom)