Cyber Security Fact Check

Hello readers,

While I consider it bad form to attack the helpless – there are too many myths floating around out there to ignore regarding safe or even useful practices and it seemed time to say a few things about it.

Today Just 5 I think.

  1. Antivirus Software Is A Critical Component Of System Security

Well actually: At one time I believed that it was but as time has gone by information has come to light regarding how heuristics rely on file types that frankly aren’t as likely to be used to attack your system as they once were. Not that they serve no purpose of course, but generally even the viruses they “find” should be checked for authenticity. Some would argue that antivirus software actually leaves a system in an easier to compromise condition while others would swear that, “In spite of using valuable system resources and costing plenty – it is probably still an important safeguard against old viruses.”

Points to consider: The file types you won’t ever get a virus from outweigh the types you would or could by a significant margin, if you knew for sure which kinds were always safe you could get by just knowing what kinds to never use. If you only use – .jpg, .png, .gif, .txt, .odt, .zip, .rar, .avi, .mpg, mp3, .flac, .ogg, .xls, .ods, .csv, and never really .pdfs etc. – You’re probably in the clear aside from browser exploits or fake updates – of course you tend to ignore your antivirus warning and install updates. – So really, you are the weakest link. (I do it too – so we are the weakest links.)

Not to say it serves literally no purpose to have antivirus software. – The browser based exploits are far too plentiful to have nothing there but to call it critical is absurd.

     2. Blacklisting Those IP Addresses

Well technically: Even a low risk website with very few visitors has probably experienced the lulls between IP changes before the next wave of the same spam – The same is true for hackers, many of whom actually have shortcuts for changing identities on the fly. Spoofing their IP, MacAddress, OS Type, and more are easier today than they were 10 years ago. (Not that it was difficult then either.)

Points to consider: IPV4 estimated they would run out of addresses for websites eventually and implemented the IPV6 protocols. This seems unrelated but the math isn’t about the relationship between IPV4 and IP addresses. – Instead it’s about what would happen if every IP address was “blacklisted everywhere eventually“. After all if someone gets an address blacklisted it goes out of use for a while doesn’t it? So eventually we’ll need a very different way to identify machines. – Maybe something more like bitcoin where it changes at every stop along the way.

    3. Encryption Based Passwords

Well no that’s a step backwards: A password is generally a part of an encryption system – your password isn’t really your password as far as most machines are concerned. In reality behind the scene your password is used to generate a key that fits the profile of the system used for authentication. So a password like password actually looks like :

RSA-100 = 15226050279225333605356183781326374297180681149613 80688657908494580122963258952897654000350692006139

Points to consider: Not all websites use encryption and they certainly don’t all use the exact same encryption. That means that using the same password on three different websites that use different kinds of encryption is actually neither more nor less safe. It also means that if it’s a standard word and number combination with symbols but encrypted.  It’s still just part of the same two factor authentication but means nothing at all if your browser cookies are lost by clicking on those shortened links on social media.

Some link shorteners are legit, some are blackhole exploits that dump your browser data into a program that runs a clone browser to sign someone else into your accounts as though they were you.

    4. Remote Desktop Sharing Isn’t On

Well that’s not much of a factor: Certainly somewhere a hacker noob wants to access your fancy new computer by it’s desktop and wobble your mouse while you play a Facebook game. – But that isn’t the guy to worry about. Truthfully to access your machine remotely an attacker could initiate a reverse shell. – Then either by common ssh tools or even telnet tools they can ask your computer to let them have remote access to a shell.

A shell like command prompt or a bash terminal that will happily comply under the right circumstances <passwords vs keys> and rather than wobbling your mouse they can copy out your entire file system and look for bank account info.

Points to consider: Certainly it can be hard to guess someone’s computer password – but there are programs that can keep guessing until they get it right. Usually you aren’t going to experience such things unless you are running a server upon which someone suspects something of value is being kept. Fun Fact there are dozens of other ways to get into your files. Even as simply as using a usb stick with an operating system or just an easy to download and use program. Don’t bother mentioning that your bios password can prevent that. Pop out that bios battery and pop it back in and that password stops existing.

    5. Identity Theft Only Happens To People With Money

Actually: Well it’s a lot more likely to be of value if you are rich up front. But the crime wouldn’t exist if it relied on wealthy targets. High interest credit cards are offered to people who have just filed for bankruptcy, loans are taken out remotely, visas for travelling under assumed names, the list goes on forever.

Points to consider: Your social security number could be passed along through a network of hundreds of illegal immigrants to get free healthcare at certain unscrupulous businesses. It sounds crazy but it happens constantly at very large hospitals.

We’ll do plenty more of these soon and thanks for dropping by!

Spread the love

23 thoughts on “Cyber Security Fact Check”

  1. Very great post. I simply stumbled upon your blog and wished to say that I have really loved browsing your blog posts. After all I’ll be subscribing in your rss feed and I’m hoping you write once more soon!

  2. Excellent beat ! I would like to apprentice while you amend your web site, how could i subscribe for a blog web site? The account aided me a acceptable deal. I had been tiny bit acquainted of this your broadcast provided bright clear idea

  3. Sweet blog! I found it while browsing on Yahoo News. Do you have any suggestions on how to get listed in Yahoo News? I’ve been trying for a while but I never seem to get there! Cheers

  4. This is a excellent blog, would you be involved in doing an interview about just how you designed it? If so e-mail me!

  5. Thank you for every other wonderful post. The place else could anyone get that kind of info in such an ideal way of writing? I have a presentation next week, and I’m at the look for such information.

  6. I’m not sure why but this blog is loading incredibly slow for me. Is anyone else having this problem or is it a problem on my end? I’ll check back later on and see if the problem still exists.

  7. Thank you for another wonderful post. Where else could anyone get that kind of information in such an ideal way of writing? I have a presentation next week, and I’m on the look for such information.

  8. Just wish to say your article is as surprising. The clearness to your publish is just spectacular and that i can suppose you are a professional in this subject. Fine together with your permission allow me to snatch your feed to stay updated with impending post. Thanks one million and please carry on the gratifying work.

  9. Nice post. I was checking constantly this blog and I’m impressed! Extremely useful info specially the last part :) I care for such info a lot. I was seeking this certain information for a long time. Thank you and best of luck.

  10. There is noticeably a bundle to learn about this. I assume you made sure good points in options also.

  11. Hi, Neat post. There’s a problem with your web site in internet explorer, would check this… IE still is the market leader and a large portion of people will miss your fantastic writing due to this problem.

  12. Perfect Post I really enjoyed your unique approach

  13. Awesomely done blog post . I definitely like this site . Thanks!

  14. Very nice article piece. I absolutely appreciate your site. Keep writing!

  15. I thank you so much for your precious time in writing this post.

  16. Very nice write-up. I certainly love this website. Stick with it!

  17. I appreciate greatly for your effort in writing this blogpost.

  18. Thank you greatly for your great effort in writing this post.

Leave a Reply

Your email address will not be published. Required fields are marked *