Fin

As I signed up for this class, I was not expecting to end up doing blogs for an entire semester. I was not sure whether or not I would actually enjoy a class such as this, since I have never had a blog. So, the idea of having to blog for an English class was a little scary but at the same time exciting. At first when I was writing my first post, I had no idea what exactly a blog post should look like or consist of. It was a relatively new experience having to transition something so traditional to something more modern.

I would try to incorporate how I would normally write in a typical essay into my blog and it seems to work. I suppose it was a little scary at first because it is something that I was never familiar with. For me, the concept of blogging was not hard at all. It was the idea of having to actually produce blog posts that had troubled me.

After a few posts, I started to get the hang of blogging about my topic. I actually started to like the whole blogging process rather than writing essays after essays. It allowed me more freedom to write about whatever that I wanted, given that it was related to my topic. It was refreshing being able to take an English course in a new more fun way. And if given the option to choose between blogs and essays, I would probably choose blogs. 

My Smartphone?

On a daily basis, most of us communicate and do business on a smartphone. Which is basically, a mobile device that generally runs on an operating system, makes use of apps, web access, and the QWERTY keyboard. And "The number of users with mobile devices is expected to climb to 5.2 billion in 2017 from 4.3 billion in 2012 and traffic across high-speed 4G networks will grow 40-fold during that time" (Guglielmo). So, what does that mean?

Well, this means more targets for hackers to choose from. After all, a smartphone is essentially a miniature mobile computer. They both have processors, memory, and internet capabilities. And us smartphone users, never really take the time to think about the possibility of having our phones targeted by a cyber-attack. As "Security experts have warned for years that our smartphones are due for a major cyber-attack. Like PCs back in the early days -- the 1990s -- mobile phones are largely unprotected by antivirus software, and they're a treasure trove of valuable information" (Goldman).

And we as consumers and users, should be more wary of the possible cyberattacks that imposes on smartphones. As smartphones

"contain the same vulnerabilities as laptops and desktops, but they also contain other vulnerabilities such as using airwaves instead of wires to connect to the Internet[.] Denial of services attacks specifically designed for wireless devices and new custom financial applications like digital wallets and pocket ATMs that are particularly attractive to hackers" (Aitoro).

However, that doesn't mean we can't arm ourselves with security measures. Just like an ordinary desktop, smartphones can also have anti-virus software installed. And there's a wide variety to choose from such as Avast and Norton. 

No matter where you are, something as little as you're own phone can pose as a vulnerability to a cyber-attack. 


Works Cited

Aitoro, Jill R. "Nextgov." Cell Phones, Other Wireless Devices next Big Cybersecurity Targets. N.p., 10 June 2009. Web. 20 Mar. 2013.

Cassavoy, Liane. "What Makes a Smartphone Smart?" About.com Cell Phones. N.p., n.d. Web. 20 Mar. 2013.

Guglielmo, Connie. "Cisco Mobile Data Shows Surge in Smartphone Users, 4G Usage." Forbes. Forbes Magazine, 06 Feb. 2013. Web. 20 Mar. 2013.

Goldman, David. "Cyberattack: Your Smartphone Will (eventually) Be Hacked." CNNMoney. Cable News Network, 17 Sept. 2012. Web. 20 Mar. 2013.

"QWERTY Keyboard." What Is Qwerty Keyboard? N.p., 2013. Web. 20 Mar. 2013.

Two Neat Programs

So, what can I do to better secure my personnel information? Well, there's plenty of methods to secure one's data. A free program that I personally use is called KeePass 2. What KeePass is is essentially a secure encrypted database where one can store their passwords. And they can access it by using a master key (or password) or with the use of a key file. What's interesting about KeePass is that it also allows you to generate passwords with characters of all sorts and letting you choose how long your passwords can be. The database itself are encrypted with the most secure algorithms thus far, AES. Given that AES is "effective as a U.S. Federal government standard and is approved by the National Security Agency (NSA) for top secret information." I would say it's quite secure. 

Another free program that I have used is called Axcrypt. This software allows you to encrypt individual files by simply right-clicking on the file and selecting encrypt. One can encrypt things from word documents to individual picutres. And it also makes use of the AES algorithm.  

(Source: http://www.net-security.org/secworld.php?id=5523)
Works Cited
"Axantum Software AB | AxCrypt | File Encryption Software." Axantum Software AB | AxCrypt | File Encryption Software. N.p., n.d. Web. 20 Feb. 2013.
"Features - KeePass." Features - KeePass. N.p., n.d. Web. 20 Feb. 2013.
"KeePass Password Safe." KeePass Password Safe. N.p., n.d. Web. 20 Feb. 2013.

Let's BackTrack

In my previous blog post, I mentioned about one method of being able to crack the encryption on one's WiFi making use of Aircrack. Aircrack is a network software that allows the user to be able to recover those keys once enough packets have been captured. Also, this software is included in an OS (or operating system, much like how we mostly use Windows 7) called BackTrack. BackTrack is a Lunix based OS, designed for penetration testing. Which is essentially what  a white hat does as I mentioned in a past blog. This short video simply highlights what the latest version of BackTrack has in store. What's also interesting is that this operating system is free to the public to download and use. 

(A 2 minute video about Backtrack 5)

(Source:http://www.backtrack-linux.org/)

In this next video, this individual will demonstrate the use of Aircrack and will show you the process of actually cracking the encryption of a WPA encryption and making use of a Dictionary-attack. That is, an attack that goes through all the words in the dictionary as a password. To help clarify a few other things before-hand, the person mentions Airodump. Which in a nutshell, is a packet sniffer which is a software that basically captures packets (little bits of information) being sent and received. The user (in the video) also mentions WPA handshake. That is, the process of how two entities communicate to one another. 

(A 5 minute video demonstrating a dictionary attack)

Works Cited
Darkaudax. "Aircrack-ng." Airodump-ng []. N.p., 05 Aug. 2012. Web. 20 Feb. 2013.
Franklin, Curt, and Dave Coustan. "How Operating Systems Work." HowStuffWorks. N.p., n.d. Web. 20 Feb. 2013. Rouse, Margaret. "Dictionary Attack." What Is ? N.p., Oct. 2005. Web. 20 Feb. 2013. "What Is Linux and Why Is It so Popular?" HowStuffWorks. N.p., n.d. Web. 20 Feb. 2013. "WPAÂ Handshake." WPA Handshake. N.p., n.d. Web. 20 Feb. 2013.

Let's get cracking...

As you may have already noticed, there are many new technologies coming out such as Ipads, macs, laptops and other mobile devices. What's one thing that they all have in common? They make use of WiFi. This allows the devices to connect to Internet with the use of certain radio waves and frequencies. However, we would need to secure ourselves with some kind of password so that other's can't just hop onto our network. And with that, we have encryption. Which is the process of encoding messages (or information) so that hackers or other unwanted people can't read it, but those with the "key" can unlock the messages and read it.

Source: http://www.data-processing.hk/glossaries/encryption/

In general there are two types of encryption for Wifi, WEP and WPA. WEP stands for Wired Equivalent Privacy and for a long time was considered "a good method for encrypting wireless connections. However was proved to have many flaws mainly involving the short key size,which were easy to crack" (Gross). And it was until stronger encryption came about such as the 128-bit and 256-bit encryption. 128-bit means that there are 2¹²⁸ different keys. So, one would have to go through a lot of keys in order to decrypt the message.  

WPA stands for Wi-Fi Protected Access. And is being more widely used as it provides more security than that of WEP. Because it makes use of TKIP or Temporal Key Integrity Protocol. "TKIP is 128-bit, but instead of the key  being static it generates a new key for every packet of information that is sent, meaning  it is a lot more secure" (Gross). Then there is also WPA2, which instead of TKIP, uses CCMP or CipherBlock Chaining Message Authentication Code Protocol.

What I use is WPA2-Personnel or referred to as WPA2-PSK. The PSK stands for "Pre-Shared Key, and is designed for home users and small offices where a server is not required for authenticating messages. It works by having each wireless devices such as laptop or smart phone authenticating directly with the wireless access point using the same key" (Gross). And because WPA2 makes use of AES, it gives home users more security.

Despite all of this encryption, there are still ways to crack the code. A popular method is with the use of a free program called Aircrack.

Works Cited

Brain, Marshall, and Tracey V. Wilson. "How WiFi Works." HowStuffWorks.N.p., n.d. Web. 13 Feb. 2013.

"Ckwop.me.uk :: What does 128-bit  Encryption Really Mean?" Ckwop.me.uk :: What does 128-bit Encryption Really Mean? N.p., n.d. Web. 13 Feb. 2013.

Gross, Melanie. "Types of WiFi Encryption You Can Use." Ghacks Technology News RSS.N.p., 22 Sept. 2011. Web. 13 Feb. 2013.

Rouse, Margaret. "CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol)." SearchMobileComputing.N.p., June 2008. Web. 13 Feb. 2013.

Tyson, Jeff. "How Encryption Works." HowStuffWorks. N.p., .n.d. Web. 13 Feb. 2013.

Cyber War

What's interesting is that in this particular article I read is that given that we were to be imminent of a cyber attack, Barrack Obama could order a preemptive strike given that there is enough evidence. He would be able to authorize a cyber attack himself in order to defend the United States against the threat. 

Given that the pentagon has plans to increase our cyber security force by five fold over the next several years, it tells us that there could be an upcoming cyber attack and that we make sure we don't fall behind in this virtual war. After all, the cyber attacks that had occurred on "a Saudi Arabian oil company that scrubbed data from more than 30,000 computers, and a series of DDoS attacks carried out on U.S. banks" (Vranicar) should indicate that cyber warfare is not to be taken so lightly and that it can affect us as well. 

It's like what my professor would always tell us, who happens to be a cyber security professional, is that "you don't need bombs and bullets to kill, you just need one's and zero's."

Work's Cited

Vranicar, David. "TECH TREKPentagon to Beef Up Cyber Security Aresenal." Technology News: Tech Blog: Pentagon to Beef Up Cyber Security Arsenal. N.p., 28 Jan 2013. Web. 06 Feb. 2013.

Adhikari, Richard. "Secret Review Gives Obama License to CyberKill." Technology News: Cybersecurity:. N.p., 05 Feb. 2013. Web. 06 Feb 2013.

What day was it?

As I was browsing the Internet, I actually stumbled upon a rather interesting article about Java. For some who aren't sure what Java is, it's essentially a programming language that programmers would use to create programs. And it's used in many things such as "online credit card processing, online banking, online auctions, games, messaging programs" (What is)  and many more. In this article, it talked about how as many as over 100 million computers may be vulnerable due to a zero day flaw in the Java programming language.

A zero day is an attack that exploiters use to take advantage of vulnerabilities that don't have a solution. In a sense it's an attack that the creators of the Java (in this case) and it's users are unaware of. 

The vulnerability that this flaw had imposed "was considered so serious that the U.S. Department of Homeland Security urged computer users to turn off Java on their machines" (Mello). And because of this flaw, it poses a major risk of identity theft and bank fraud along with many other threats it poses.

Also, since the next patch for Java isn't until the 15th of February, that leaves many of those who uses Java still at risk.  

Is it really worth the risk despite the many capabilities that Java allows for us to have?  

Works Cited

Bram Thursday, and Lucy Oppenheimer. "What Is a Zero Day Attack?" WiseGeek. Conjecture, 22 Oct. 2012. Web. 06 Feb. 2013.

Mello, John P., Jr. "SPOTLIGHT ON SECURITY100 Million Systems Vulnerable to Java Flaw." Technology News: Security: 100 Million Systems Vulnerable to Java Flaw. N.p., 14 Jan. 2013. Web 06 Feb 2013.

"What is Java? A Java Definition." What is Java and What is JavaScript Used For? A Java Definition. N.p., n.d. Web. 06 Feb. 2013.

Nice Hat!

Whenever we hear the word Cyber Security, we typically associate it with the idea of a hacker. Which in most cases today, is often referred to as "someone who tries to break into computer systems." However, not all hackers break into computers with malicious intentions, but to spot security weakness. Those who have the intention to do harm is often referred to as a black hat, and those with good intentions are called white hats. 

Black hats is what people would often think about when they hear the term hacker. They can inflict massive amount of damage with the wide variety of techniques at their disposal. One form of an attack that a black hat could use is called DDos or distributed-denial-of-service attack. Which is basically where a hacker would take control of a computer by exploiting its weaknesses and making it the head command point. From there, the hacker would then begin to exploit many other computers which would then be referred to as a zombie. All the intruder has to do is send the command, and all of the compromised systems will send flood attacks to the targeted computer. The flood attacks would overwhelm the target with packets or little bits of information, denying the user of any access. This is just one of the many tricks a black hat has under their sleeves. 

On the other hand, white hats or ethical hackers, have the intention to exploit but in order to improve flaws and weakness. A technique that a white hat can use is DNS poisoning. In this attack, the victim is redirected to a different site that looks exactly the same as the intended website. For example, Bob wants to access his bank account and decides to do it online. Little did Bob know, he was re-directed to the hacker's version of bob's bank account. And as he typed in his information, he was simply sending it to the hacker. In order to achieve this attack, the hacker would have had to have changed the IP address or the address that leads to bob's bank account. 

One thing that should be kept in mind is that either of these techniques can be implemented for both good and bad intentions. One can only hope that it is an actual white hat and not a black hat in disguise. 

Works Cited

"365 Computer Security Training." 365 Computer Security Training RSS. Computer-network-security-training,22 Aug. 2010. Web. 30 Jan. 2013.

Rouse, Margaret."White Hat". What Is ? SearchSecurity,June 2007. Web. 30 Jan 2013.

Rouse, Margaret."Black Hat". What Is ? SearchSecurity,June 2007. Web. 30 Jan 2013.

Rouse, Margaret."Distributed Denial-Of-Service Attack(DDos)". What Is ? SearchSecurity,Nov 2010. Web. 30 Jan 2013.

"What Is a Packet? HowStuffWorks.HowStuffWorks,nd. Web.30 Jan 2013

Why Bother?

Well, one might ask, what exactly is Cyber Security and why should I care? As there are many elements and components that make up the field, in an overall view they all basically have the same purpose. And that is to employ safe techniques in order to minimize cyber-attacks.

Nowadays, as technology continues to grow, we become more dependent on cyberspace. In doing so, we face new risks. We face the possibility of identity theft, bankruptcy, loss of data, and so forth through the use of malware. Malware is essentially the computer's version of the flu. But how exactly can we combat against these threats?

There are many techniques and programs that can help combat this. Something as simple as actually turning off one's computer from the start menu, rather than leaving it on sleep or hibernate is good technique to minimize risks. Also allowing for windows to update can improve one's security. Another technique that can be employed is with the installation of an Anti-Virus program.

As there are many approaches on how one can improve their security, there is no guarantee that one can be completely safe. However, we can still execute safe techniques in order to minimize cyber-attacks.

Introduction

For this semester, I will be blogging about Cyber Security and how it can affect us individually. Since I'm going to be blogging about this particular subject, I will go along with the importance of Cyber Security and be under the alias Jonny.

As the weeks go on, I hope to be able to point out things that we do on a daily basis in relationship to the threats it may pose to us. Not only that, but to also bring out more of an awareness to those who have not heard of such threats as a possibility. 

As there are many ways for one with sinister intentions to be able to harm an unsuspecting individual. I hope that not only will we be more knowledgeable, but also more cautious when using the internet even if we are just simply blogging.