Common Scams within Cybersecurity

Many of us have fallen into a cyber scam for one reason or another. Its either that pop up that came up to tell you your computer was infected or that website you thought was real. It was all a scam no matter how you look at it. Although cyber security can protect a company from people from the outside it cannot protect the naive on the inside. Any person is susceptible to these kind of scams. Lets give a "WOO" to phishing scams. Phishing scams work on the basis that a person is too lazy to check if the URL of a website if the actual websites URL or the dummy websites URL. It tricks you into thinking thats your on the real website and when you input your information, say "bye bye". To your information it is now compromised and everything you have is now public knowledge. Another type of scams that some people may use is the pop up scam where a pop up from the INTERNET tell you  that you have a virus, the pop up tricks you into buying or installing an quote on quote "Anti Virus". But when its installed in your computer your computer will malfunction your information will be compromised and at some point the virus might even try to take over your computer when your doing important stuff. This is a flaw in cybersecurity in general because it allows people with domain names almost like your to trick people into putting the trust into them while it is the persons fault for not being able to notice the small change in the URL. These are just 2 of the most common scams that happen on the internet. Some of them may be known but are rare because not many people fall for them or people haven't
noticed them as scams.

Image Source: http://www.maricopa.gov/technology/security/citizen.aspx

Careers In Cybersecurity

Within the realm of cyber security there are many jobs one can specialize in. Cybersecurity allows computer science students to look into branches of security. There are many jobs offered by many companies because when an organization grows the information it needs to keep safe needs to be protected and thats when people specializing in cybersecurity come in. These are just a few of the popular careers one may go in to in wanting to go into cyber security. You can become a : Computer Crime Investigator, Cryptanalyst, Cryptographer, Security Analyst, Security Architect, and web penetration tester;. There are many more jobs within cyber security but they aren't as exclusive as these popular ones. A computer crime investigator is a person who has knowledge in tracing specific things on the internet or on a computer, they are the people who do tracking for the FBI, they find the culprits who launch cyber attacks against governments usually. A cryptographer creates new and innovative ways of encrypting information, while a cryptanalyst tries to decrypt the kind of encrypting a person has used. A security analyst is a person who keeps watch over the organizations internal websites and servers to make sure there is no intrusion, and they have the skills and abilities to find solutions to security problems. Lastly a web penetration tester, uses a stressor, which is a program used to find loopholes in websites, they use this stresser to find problems and indicate to the organization/government that they might have a problem on there hands. All of these jobs require that the person be available and flexible at anytime a cyber attack occurs.

For more information about careers in cybersecurity goto http://niccs.us-cert.gov

Whistle...Whistle...Whistleblower ~Edward Snowden!

 A picture of Edward Snowden, Internet Activist and American
Hero

Edward Snowden, is an internet right activist. He currently resides in Russia where he has gotten political asylum. Edward Snowden used to work for the National Security Agency (NSA), which was owned by the USA. Edward Snowden was praised for revealing the fact that the NSA had been collecting data on all American systems. Once the public found it the government was ridiculed, and asked why they had done such a thing. This basically violated the patriot act which suggests that the NSA must get a warrant to subpoena all the data it had collected. Many people had made cases against the government. but no one has been successful at suing the government in violation of the patriot act. One of the reasons that Edward Snowden would refuse to come to the USA for a fair trial was because the government would not listen to his plea. The moment the documents were leaked, Snowden was labeled a traitor and a worldwide hunt was organized for his return to american soil. Edward Snowden was just a pawn in the dangerous game that the government was playing against their own citizens. In my own eyes and in many other peoples Edward Snowden is to be given praise for what he has told his own people. Government was there to help the people, but in the end the government went against the rules that made it possible to exist today. Although labelled a traitor, Edward Snowden is a modern American hero.

Cybersecurity Compromised due to the SSH Heartbleed Bug

Previously I talked about how HTTPS was always secure and how it would never be compromised ever. The SSH heartbleed bug allows people who are attacking a server to get permission and access to all files without leaving any trace behind. This practice basically allows people to extract important information from peoples emails, websites, and networks. The Heartbleed bug is an internal bug of the system, it is a basic programming error which enables leakage of memory. This bug allowed 1000's of private keys of different websites being leaked therefore giving people access to how there data is sent and what the data is without them really hacking anything. They are given permission to intercept and decrypt because they have the sender's private key. This bug infected a large amount of small businesses that used openSSL to secure their information and emails. A survey showed that openSSL was used by over 60% of the businesses to encrypt their corporate data.Although the bug was fixed and a new version of openSSL was released, this was one of the biggest unintentional data leaks in the world. Thanks to modern programming the bug was fixed before the bug became a large scale data leak.  For more technical information please goto: http://heartbleed.com/

HTTPS: A secure communications protocol

HTTPS stands for Hyper Text Transfer protocol Secure. 

How HTTPS works is really easy to understand above is a graphic with the most simple representation of what happens when a browser uses HTTPS. When data (packets) are being sent to a server your browser encrypts the data being sent. HTTPS helps ensure that the information being sent on the internet is safe and not corruptible in transit.

When sending information over the web a HTTPS takes the information and starts encoding it so that it can be safely sent to a destination IP/server. The information is sent in a certificate format once the certificate is sent it has a need for a public key which the sending computer has, once the server obtains the certificate the browser send a temporary or a short term public key which the server can use to encrypt and decrpt data that is being sent and received between the server and browser.

There is really only one pro for this method of information exchange, the encryption prevents the editing of information, and it prevents people from looking at what data is being sent across the networks. There aren't any cons of HTTPS, because it provides encrption, and it makes sure that no one has your private key which is used to decrypt data. Public is for other people while private is for your own leisure.

Canada's Cyber Security Strategy Plan 2010-2015

For more Information please goto
publicsafety.gc.ca

Canada is one of many leaders in innovation and has become a target for cyber attacks, at any moment Canada is itself as an entity is communicating with networks all around the world. In 2010 the canadian government invented an action plan which allowed new infrastructure to be build and for new security techniques to be incorporated in all canadian internet activity. Canada has launched many IT, communications data centers all across Canada. Canadian government has made many strides in ensuring there privacy and increasing security. Recently the government created a response center dedicated to the prevention/mitigation of security incidents, the centres name  is called the Canadian Cyber Incident Response Centre. Canada has also signed many legislation and acts that have to do to cyber attacks across the border, the plans name is "cyber Security Action Plan". This plan allows Canada to prosecute cyber criminals across borders (in America). Canada has also made efforts to ensure the protection and safety of its owns main infrastructure systems.The governments strides helped ensure the safety of online communications of its citizens.

Popular Cyber Attacks: DDOS

DDOS stands for a direct denial of service, this is a cyber attack that lets the attacker take control of ghost computers that send information over the internet to a specific website/network.The network becomes overwhelmed with packets and becomes unable to transmit informations, so a arequest cannot be sent, but the network can still receive information. This is the most common type of cyber attack because it stops all services from being used on that network. Companies like sony and paypal have been the recipients of these attacks due to there involvement in politics or technological limitations. Groups such as anonymous have been the perpetrators of these attacks because they feel that corporate greed has gone too far, and they are too "cozy" with the government and the amount of data collection. Many people agree with anonymous's stance, but it stops many people from accessing a service that they require in their daily life. Some people may say that the government does not partake in cyber attacks, but the government has been accused recently for bringing the north korean internet down. Unlike other cyber attacks, a DDOS attack is unable to be stopped because the amount of information sent over the network is traceable but it is not legally able to be used since many people do not know if there computers are ghost computers. A group of ghost computers are called a collective bot net that id good for only sending information across the internet.

Picture of attacks currently happening!

To see real time DDOS Attacks, Goto http://map.ipviking.com/

What is Cybersecurity?

Cyber Security has many specific sects of information within itself. This could range from having to protect your computer from virtual attacks or having to patch loopholes or holes within a companies security architecture. One of the most useful uses for cyber security is the amount of protection a specialist could provide anyone after going to school and pursuing a career in the network security field. Cybersecurity professions have  there own designations and specific schooling one must take. It is trully a new and growing field within computer science.

For starters there is actually a governing body which allows companies and organizations to protect themselves. This is all within reasonable accord so that a company cannot directly attack another organizations techniques. This governing body provide guidelines that all organizations must follow in order to protect themselves from cyber attacks. Although many companies have dumped millions of dollars trying to protect themselves from attacks it is was not possible for them to protect themselves from all contingencies. Cyber attacks are hard to trace because most instigators use virtual private networks or proxy servers. You might be asking yourself "what the hell is that!", theses terms are just fancy terms for saying your masking yourself from being traced, they are basically changing there locations/IP addresses so that if they are traced it will not show their real location, but  a dummy location.

From DataBreachInsurance.com

For more information about the
Cybersecuirty Standards please click here!

Virtual Private Networks make you untraceable!

Graphic Illustration of how a
VPN works. 

A VPN or virtual private network provides a corporation a safe haven to safe and communicate with its employees. Many organizations today face the problem that they don't want to air their dirty laundry or their personal information, so they make their own networks which require passwords and usernames to get in. Although a VPN is used by organizations majorly it is also provided to internet users as a service. Many countries do not allow their people to see specific videos and information, connecting through a VPN solves this major problem. The computer first connects to the VPN basically making the VPN its gateway than the VPN conveys what information the computer should get while making the internet thing it is located at a different location. This helps personal users bypass the information barriers that its country has made. A VPN also helps people who wish to stay anonymous no matter what the situation is, this is the age of the internet, a person can find out where you live, your name, and your information just by knowing your IP address and your email account. The need to remain secure, and know that no one can find you over the internet is a big need. Cyber attacks happen everyday and when you are protected with a VPN it really helps to have that extra layer of protection or knowing that people can't find you.

Image Source: http://en.flossmanuals.net/bypassing-censorship/ch025_what-is-vpn/

Who I am & the purpose of the blog!

Hello ladies and gentlemen, my name is Shahzeb Ishfaq I am currently a student at the University of Windsor. I am currently enrolled in the Bachelor of Business Administration  program, I am planning to major in Accounting while minoring in Finance. I chose to come to the university of Windsor because I was given an option to go into the co op option with my program, without second guessing myself I took the option and enrolled in uWindsor!

Image from: http://www.nationalcybersecurityinstitute.org/

You guys might be asking "what is your blog topic?" if you haven't noticed by now, my topic for this whole web-blog will be Cyber Security. The purpose of this blog is too educate and inform the common household person about what the term cyber security means, and how it helps us on the internet stay safe. Cyber Security is afield in itself in the information technology industries. The topic of cyber security is very broad in the sense that any company that has any kind of online presence will be in need of it. As technological innovations increase the need to keep that information safe will be one of the biggest problems for any company, organization or government. Cyber Security is the protection of networks, data,  and computers from cyber attacks, unauthorized access.