Internet Threats for Internet or online (home) Users

Hi List;

I am asked to give a talk to a group of home computer users on Internet
or online security in the community. I am planning to focus on 5
major/critical threats/risks to them, the list is below. Would have I
missed some big ones for the home users? Your
suggestions/comments/input are appreciated.


SCAM
Phishing - Identify Theft
Malicious Code - Spyware, Virus, Worms, etc.
P2P file sharing / download services
Social Engineering
Privacy?

Many thanks in advance.

A Monk

a_monk

a_monk wrote:

> SCAM
> Phishing - Identify Theft
> Malicious Code - Spyware, Virus, Worms, etc.
> P2P file sharing / download services
> Social Engineering
> Privacy?

Phishing is Social Engineering.

Sebastian Gottschalk

On 6 Mar 2006 09:36:39 -0800, "a_monk" <> wrote:

>Hi List;
>
>I am asked to give a talk to a group of home computer users on Internet
>or online security in the community. I am planning to focus on 5
>major/critical threats/risks to them, the list is below. Would have I
>missed some big ones for the home users? Your
>suggestions/comments/input are appreciated.
>
>
>SCAM
>Phishing - Identify Theft
>Malicious Code - Spyware, Virus, Worms, etc.
>P2P file sharing / download services
>Social Engineering
>Privacy?
>
>Many thanks in advance.
>
>A Monk
I conduct neighborhood watch sessions in which computer security is a
topic.

Last night I conducted a survey with my laptop. I took 2 streets in a
small town in Ohio. I parked mid block for 6 blocks on each of 2
streets. I had at least 2 accessable signals on each stop. Twenty
five percent of those signals were without security and I accessed the
internet from them. Of those accessed, I sailed into their shared c:
drives.
On one corner I had 8 signals including 1 church office. I sailed
right in and accessed their records and payroll records without any
"special programs". Needless to say, I will visit the pastor today to
share this.

Hope this helps.
George

Also None

Also None wrote:

> I conduct neighborhood watch sessions in which computer security is a
> topic.
>
> Last night I conducted a survey with my laptop. I took 2 streets in a
> small town in Ohio. I parked mid block for 6 blocks on each of 2
> streets. I had at least 2 accessable signals on each stop. Twenty
> five percent of those signals were without security and I accessed the
> internet from them. Of those accessed, I sailed into their shared c:
> drives.
> On one corner I had 8 signals including 1 church office. I sailed
> right in and accessed their records and payroll records without any
> "special programs". Needless to say, I will visit the pastor today to
> share this.

I can conduct about 50% are unprotected, 40% are only protected with WEP
(whcih is about the same as unprotected) and only 10% involve either
WPA, IPSec or VPN.

Sebastian Gottschalk

There are programs available on the internet that would let a hacker
with only basic level knowledge get through a WEP encrypted signal in
about 25 minutes. Using an encrypted connection over and above and
along with WEP is the best way to protect your internet communications.
A simple program like Max Crypt can encrypt files and folders on a
hard drive at no cost for added security. Regards


* www.privacyoffshore.net (No Logs Internet Surfing)
* Anonymous Secure Offshore SSH-2 Surfing Tunnels
* Anonymous Mail & News through SSH-2 Tunnels
* Free Resources and Privacy Software

(admins) privacyoffshore

Also None wrote:

>
> Last night I conducted a survey with my laptop. I took 2 streets in a
> small town in Ohio. I parked mid block for 6 blocks on each of 2
> streets. I had at least 2 accessable signals on each stop. Twenty
> five percent of those signals were without security and I accessed the
> internet from them. Of those accessed, I sailed into their shared c:
> drives.
> On one corner I had 8 signals including 1 church office. I sailed
> right in and accessed their records and payroll records without any
> "special programs". Needless to say, I will visit the pastor today to
> share this.
>

This is the kind of mentoring that helps the uneducated understand
security. Unfortunately, too many think that random acts of malicious
mischief will "teach them a better lesson".

optikl

On Wed, 08 Mar 2006, in the Usenet newsgroup alt.computer.security, in article
<EKSdnXMFn_ZOS5PZRVn->, optikl wrote:

>Also None wrote:
>
>> Last night I conducted a survey with my laptop. I took 2 streets in a
>> small town in Ohio. I parked mid block for 6 blocks on each of 2
>> streets. I had at least 2 accessable signals on each stop. Twenty
>> five percent of those signals were without security and I accessed the
>> internet from them.

Aside - I'm highly surprised that only 25% were without security. I would
have expected 25% with, and 75% without.

>> On one corner I had 8 signals including 1 church office. I sailed
>> right in and accessed their records and payroll records without any
>> "special programs". Needless to say, I will visit the pastor today to
>> share this.

Hopefully the pastor will be understanding.

>This is the kind of mentoring that helps the uneducated understand
>security. Unfortunately, too many think that random acts of malicious
>mischief will "teach them a better lesson".

Worse, most operators of unsecured systems will accuse you of hacking
into their systems, threatening criminal complaints, etc. The real
problem is getting the word to these people that _anyone_ can gain
access to their systems, including the seventy year old grandfather
across the street, the six year old next door, or that dachshund in
the house behind you who's searching the internet for pictures of
Saint Bernards in crotchless panties and fishnet stockings.

Old guy

Moe Trin

On Wed, 08 Mar 2006 14:07:00 -0600,
(Moe Trin) wrote:

>>> On one corner I had 8 signals including 1 church office. I sailed
>>> right in and accessed their records and payroll records without any
>>> "special programs". Needless to say, I will visit the pastor today to
>>> share this.
>
>Hopefully the pastor will be understanding.

and forgiving, unless he is fiddling with the profits.

However, depending on the jurisdiction you might actually be
committing an offence.
--
Jim Watt
http://www.gibnet.com

Jim Watt

On Thu, 09 Mar 2006 00:01:14 +0100, Jim Watt <_way>
wrote:

>On Wed, 08 Mar 2006 14:07:00 -0600,
>(Moe Trin) wrote:
>
>>>> On one corner I had 8 signals including 1 church office. I sailed
>>>> right in and accessed their records and payroll records without any
>>>> "special programs". Needless to say, I will visit the pastor today to
>>>> share this.
>>
>>Hopefully the pastor will be understanding.
>
>and forgiving, unless he is fiddling with the profits.
>
>However, depending on the jurisdiction you might actually be
>committing an offence.
The pastor said they have been talking about it for some time. I
suggested they contact their puter repair service to rectify it.
Guess what - they have a couple of guys in the church that know all
about computers. By the way, I did this along with the second in
command from the Sheriff's office. He was amazed at what he saw.
This will be an even hotter topic than the burglary rate in town. In
Columbus, 85% of residential burglaries are the result of unlocked
doors and windows. I see no difference with the wireless security.
I offered to meet with them with my laptop and show them their needs.
I'll bet they don't even call me.

George

Also None

(admins) privacyoffshore wrote:
> There are programs available on the internet that would let a hacker
> with only basic level knowledge get through a WEP encrypted signal in
> about 25 minutes.

Aircrack and WinAirsnort are available as Windows binaries. Expect their
job to be done within 10 minutes.

> Using an encrypted connection over and above and
> along with WEP is the best way to protect your internet communications.

Then WEP is a useless overhead.

> A simple program like Max Crypt can encrypt files and folders on a
> hard drive at no cost for added security.

Woah, all my files are stored encrypted, but I have no worries uploading
them by unencrypted HTTP?

Sebastian Gottschalk