posts by author

How to Deal with Ransomed Files (WannaCry)

Posted on May 16, 2017 in Uncategorized - 0 comments - 0

That sinking stomach feeling when you see your computer has been hacked and your files (precious memories – first baby pictures, unpublished novels, or simply an entire day’s work) are “lost” unless you pay a ransom. While we layout many preventative activities, there are but a few courses of action after the fact. Here are some options to consider:

  • nomoreransom.org, a site backed by security firms and cybersecurity organizations in 22 countries
  • Pay the man, unfortunately in the end … you may just need to spend $300-$600 per computer to unlock the files
    • prior to paying, be sure others who have paid received the unlock codes. Also as some of these ransomware events happen security professionals can take it over, and then issue a free unlock.

This specifically deals with the WanaCrypt ransomware strain that infected tens of thousands of Windows computers (unpatched and out of date Microsoft systems, in May of 2017) is a type of malicious software that infects a computer and blocks access to data until a ransom is paid, displaying a message demanding payment to unlock it at the risk of losing all files.

Read more

When should you change the password on your iWatch, FitBit, Nest, new Cable modem?

Posted on January 22, 2017 in Uncategorized - 0 comments - 0

Change the password to a password YOU MAKE UP.

Adding a new internet-connected device (i.e., phone, digital streaming TV/radio, health-fitness tracker) is a perfect time to set up your accounts securely and manage settings on your new device.

To learn more .. you can check out the book, How Not To Be Hacked available on Amazon.

This is, in fact, covered on page 13, it is that important and goes into detail on why, but the simple answer is never.

Read more

How Not to Be Hacked—Take the Advantage Q&A at World’s Largest Security Conference

Posted on February 26, 2016 in Uncategorized - 0 comments - 0

Screen Shot 2016-02-26 at 8.57.37 AMThe author of How Not To Be Hacked was accepted to speak among 1,000s of researchers at the largest information security conference in San Francisco. In the Atlanta area, James, has shared insights at conferences and chapter meetings including InfraGuard, ISACA, the Technology Association of Georgia, and Fulton County schools. Over the last two years I have been building the content and sharing the insights from the book, and now I am excited to gain fresh tips for all of our community. I’ll be sharing them as I receive them via the newsletter.

Curious about the session … here are some great Q&A about my upcoming session.  If able, please join me at the session or grab me for coffee during the event in San Fran!

1. How Not to Be Hacked—Take the Advantage (P2P2-R08)

Who are the attendees who will most benefit from—and contribute to—this Peer2Peer session? Do you have a specific role or job title in mind? Or even the kind of skills and mindset you are looking for?

  • Seeking Attendees who are: Trendsetters, change agents, visionaries, and passionates seeking to make a difference one life at a time
  • Proper titles of those who will contribute to the session: Product Security Leaders, Parents, and Directors of Security

Why do you believe that your topic is important for the information security industry—and your attendees—to be thinking about?

  • Important to industry: Today 3.1 billion people are online and not empowered or informed making it impossible to secure every App and Device.
  • Important to you: Empowering people to protect themselves prevents human trafficking, enhances quality of life, and limits digital negative events

Challenge: Are YOUR family members, parents, children, and friends safe and secure online today because of your profession?

Can you describe one or two things you would like the attendees to think about prior to the session, as a way to prepare themselves for the discussion? 

  • What do you do habitually when navigating to a new website? What do you check? Do you type in URL? Do you Google it?
  • How do you protect your children on social media sites? Do you use manual reviews, monitoring software, account management, denial?

What kind of outcome are you hoping for at the end of the session? What will attendees walk away with afterwards?

Desired outcome: A fresh look and optimism on how to transfer habits of highly knowledgeable security professionals to regular people.

Takeaways:  Specific simple and highly potent techniques and tips to make the digital world safer and happier for our friends, family, and colleagues.

See the book on Amazon here (best anti-hacking investment you’ll ever make for your parents): How Not To Be Hacked

Source, RSA Conference Official Site: Make Sure You Don’t Miss These Peer2Peer Sessions at RSAC 2016 | RSA Conference

Read more

2 startlingly simple tips to prevent and recover from poisonous software (malware) on your phones and such!

Posted on November 23, 2015 in hntbh - 0 comments - 0
malwareIn a galaxy far far away …
Android and Apple devices (yes that precious iPad too) can be victims to poisonous software (“malware”) that can invade our personal lives. Malware can…
  • Take pictures and videos at will and post them on the internet (but it is ok, because you are never are with your phone in the bathroom or in a compromising position 😉
  • Read and use text messages, Facebook posts, contact details, and listen to your phone calls
As technology has increasingly become embedded in our lives (cars, phones, pacemakers, computers), the speed of poisonous software also continues to keep pace. There are principles you can adopt now that apply to ALL your connected devices. In this piece, I highlight one of these below:
Tip #1 (safety):
  •   Never click on a link
Malware is installed in most cases because we humans receive a message (text message, email, instagram message) and click on a link. The link has disguised itself as a legitimate link, but the click allows malware to be installed on your device. From there bad things happen.
Tip #2 (sanity!!):
  •  Backup your data OFF the device
There are many methods, but simply be sure what you care about is saved on another device. This way when malware happens (or loss, theft, or dropping phone into a lake), you can restore the default software and replace your backup onto the device. The only recommended way to recover from a malware event.
If this was helpful to you or your family, please check out the other principles and 63 additional tips by freely exploring How Not To Be Hacked online using Amazon’s ‘peak inside’ feature. Feel free to message me online anytime with questions. Together we can protect our community and enjoy technology safely and securely.
Read more

Fraudsters stole $16B from consumers last year – Identity-Theft Victims Pay Lifetime Price

Posted on July 30, 2015 in Uncategorized - 0 comments - 0

your-datas-black-market-valueThe impact of identity theft is a serious event, not from the simple letter in the mail in the first months. The impact is a lifetime of monitoring, reaction, prevention, and caution. The use of the stolen data will only evolve and so must consumers.

Interesting detail on the theft, and article below:

According to a recent study from Javelin Strategy & Research, fraudsters stole $16 billion from 12.7 million U.S. consumers in 2014, with a new identity fraud victim popping up about every two seconds.

via Identity-Theft Victims Pay High Price When Their Data Get Stolen | Bankrate.com.

Don’t forget the tips in chapter 13 in How Not To Be Hacked that address the key lifetime habits to address these criminal events.

James

Read more

Is your Chrysler hackable? See below if you are part of recall.. How Not To Be Hacked: Car Edition

Posted on July 27, 2015 in Uncategorized - 0 comments - 0

Jeep_sign

 

 

Over the past week news of security researchers remotely taking over a Chrysler Jeep hit the news. This was written up and demonstrated nicely in the Wired Magazine article. I received many emails about how to prevent yourself from being harmed, and there is good news!

Fiat Chrysler has issued a voluntary safety recall affecting 1.4M vehicles in the US – call your dealership if you are on one of the listed models of cars below.

 

See if your vehicle needs a safety update:

  • 2013-2015 MY Dodge Viper specialty vehicles
  • 2013-2015 Ram 1500, 2500 and 3500 pickups
  • 2013-2015 Ram 3500, 4500, 5500 Chassis Cabs
  • 2014-2015 Jeep Grand Cherokee and Cherokee SUVs
  • 2014-2015 Dodge Durango SUVs
  • 2015 MY Chrysler 200, Chrysler 300 and Dodge Charger sedans
  • 2015 Dodge Challenger sports coupes

– Source: BBC

More details to follow as other manufacturers and models will certainly need attention as ‘connected’ motorized vehicles catch up to network security research scrutiny.

Title is a play on the research for How Not To Be Hacked. A giveaway for books is also underway at Amazon – free to everyone!

James DeLuccia

Photo credit: ANDY GREENBERG/WIRED

Read more

How Criminals stole $50M in tax returns, and how this will happen again

Posted on June 1, 2015 in hntbh - 0 comments - 0

This week there was a lot of media attention on how Criminals accessed over a 100,000 U.S. Citizen tax returns, and then used this in a successful attack to file requests for tax refunds totaling over $50,000,000. If you were a victim of this, please immediately begin working with the iRS to secure your tax returns (you can activate a two-factor type authentication to prevent these attacks in the future).

It is important to know – the IRS WAS NOT HACKED. The criminals used data gathered from other data breaches and public information to trick the IRS system into thinking they were you. This is a principle raised in the book, once your data is breached it is ALWAYS breached. So, 12 months of monitoring or short term protection won’t suffice.

If you have the book (release is first weeks of June!!!), please visit the last two chapters that cover recovery. These will give you great protections and assurances.

Here is how the IRS was attacked, and no it is not complicated. In fact, we will see these types of “attacks” against many institutions relying on such information for authentication:

process_flow_irs_attack

Ask questions on www.facebook.com/hntbh

Best,

James

*Credits to Van Gogh for the image, and Privacy Rights for the stats on last year’s data breaches.

 

Read more

Mind those bank statements, they effect your liability for ATM & Debit accounts

Posted on May 1, 2015 in hntbh - 0 comments - 0

One of the first pieces of advice shared is to stop using your Debit Card. Most banks allow you to have an ATM card issued that is perfect for grabbing cash on the go. The reasons are many, but the most important centers of you liability for funds in these accounts.

Quite simply, if money is transferred out of your bank accounts (ATM / Debit Card #s) that money is gone, forever. There is a window of time though for you, and this is based on your bank statements. In the days of electronic statements this can become slippery (meaning when you receive a paper statement you may flip through quickly and see if anything jumps at you, but electronic statements I believe are far less reviewed).

Above is a simple table from the FTC showing the time elapsed from the release of a bank statement/notification and how much you owe. Note, at 60 days you are liable for “All the money taken from your ATM/debit card account, and possibly more…” yikes!

Update on the book – YES, it is nearly completed. The reviews have been very encouraging and I am humbled by all the time folks have helped make it great. May is the month! Stay tuned and visit www.Facebook.com/hntbh for more community news.

Best,

James

Some additional readings from Huffington Post on Debit Card Fraud, and even Time Magazine getting the news out!

Read more

Bored w/ Security warnings? You are not alone – MRIs show our brains shutting down when we see security prompts

Posted on March 30, 2015 in hntbh - 0 comments - 0

Anderson, et al imageEver find yourself just click click clicking through every message box that pops up? Most people click through a warning (which in the land of Web Browsers usually means STOP DON’T GO THERE!!) in less than 2 seconds. The facts seem to be due to be from habituation – basically, you are used to clicking, and now we have the brain scans to prove it!

What does this mean for you? Well specifically you won’t be able to re-wire your brain, but perhaps you can turn up the settings on your web browser to not allow you to connect to a site that has the issues your web browser is warning against. Simple – let the browser deal with it and take away one nuisance.

From the study:

The MRI images show a “precipitous drop” in visual processing after even one repeated exposure to a standard security warning and a “large overall drop” after 13 of them. Previously, such warning fatigue has been observed only indirectly, such as one study finding that only 14 percent of participants recognized content changes to confirmation dialog boxes or another that recorded users clicking through one-half of all SSL warnings in less than two seconds.

via MRIs show our brains shutting down when we see security prompts | Ars Technica. (photo credit Anderson, et al)

Don’t forget to check out – www.facebook.com/hntbh if you are looking for quick reminders. The book is coming along and chapter releases are (finally) coming in April!

Read more
1 / 2 / 3