Internet Threats for Internet or online (home) Users

Discussion in 'Computer Security' started by a_monk, Mar 6, 2006.

  1. a_monk

    a_monk Guest

    Hi List;

    I am asked to give a talk to a group of home computer users on Internet
    or online security in the community. I am planning to focus on 5
    major/critical threats/risks to them, the list is below. Would have I
    missed some big ones for the home users? Your
    suggestions/comments/input are appreciated.


    SCAM
    Phishing - Identify Theft
    Malicious Code - Spyware, Virus, Worms, etc.
    P2P file sharing / download services
    Social Engineering
    Privacy?

    Many thanks in advance.

    A Monk
    a_monk, Mar 6, 2006
    #1
    1. Advertising

  2. a_monk wrote:

    > SCAM
    > Phishing - Identify Theft
    > Malicious Code - Spyware, Virus, Worms, etc.
    > P2P file sharing / download services
    > Social Engineering
    > Privacy?


    Phishing is Social Engineering.
    Sebastian Gottschalk, Mar 6, 2006
    #2
    1. Advertising

  3. a_monk

    Also None Guest

    On 6 Mar 2006 09:36:39 -0800, "a_monk" <> wrote:

    >Hi List;
    >
    >I am asked to give a talk to a group of home computer users on Internet
    >or online security in the community. I am planning to focus on 5
    >major/critical threats/risks to them, the list is below. Would have I
    >missed some big ones for the home users? Your
    >suggestions/comments/input are appreciated.
    >
    >
    >SCAM
    >Phishing - Identify Theft
    >Malicious Code - Spyware, Virus, Worms, etc.
    >P2P file sharing / download services
    >Social Engineering
    >Privacy?
    >
    >Many thanks in advance.
    >
    >A Monk

    I conduct neighborhood watch sessions in which computer security is a
    topic.

    Last night I conducted a survey with my laptop. I took 2 streets in a
    small town in Ohio. I parked mid block for 6 blocks on each of 2
    streets. I had at least 2 accessable signals on each stop. Twenty
    five percent of those signals were without security and I accessed the
    internet from them. Of those accessed, I sailed into their shared c:
    drives.
    On one corner I had 8 signals including 1 church office. I sailed
    right in and accessed their records and payroll records without any
    "special programs". Needless to say, I will visit the pastor today to
    share this.

    Hope this helps.
    George
    Also None, Mar 7, 2006
    #3
  4. Also None wrote:

    > I conduct neighborhood watch sessions in which computer security is a
    > topic.
    >
    > Last night I conducted a survey with my laptop. I took 2 streets in a
    > small town in Ohio. I parked mid block for 6 blocks on each of 2
    > streets. I had at least 2 accessable signals on each stop. Twenty
    > five percent of those signals were without security and I accessed the
    > internet from them. Of those accessed, I sailed into their shared c:
    > drives.
    > On one corner I had 8 signals including 1 church office. I sailed
    > right in and accessed their records and payroll records without any
    > "special programs". Needless to say, I will visit the pastor today to
    > share this.


    I can conduct about 50% are unprotected, 40% are only protected with WEP
    (whcih is about the same as unprotected) and only 10% involve either
    WPA, IPSec or VPN.
    Sebastian Gottschalk, Mar 7, 2006
    #4
  5. There are programs available on the internet that would let a hacker
    with only basic level knowledge get through a WEP encrypted signal in
    about 25 minutes. Using an encrypted connection over and above and
    along with WEP is the best way to protect your internet communications.
    A simple program like Max Crypt can encrypt files and folders on a
    hard drive at no cost for added security. Regards


    * www.privacyoffshore.net (No Logs Internet Surfing)
    * Anonymous Secure Offshore SSH-2 Surfing Tunnels
    * Anonymous Mail & News through SSH-2 Tunnels
    * Free Resources and Privacy Software
    (admins) privacyoffshore, Mar 8, 2006
    #5
  6. a_monk

    optikl Guest

    Also None wrote:

    >
    > Last night I conducted a survey with my laptop. I took 2 streets in a
    > small town in Ohio. I parked mid block for 6 blocks on each of 2
    > streets. I had at least 2 accessable signals on each stop. Twenty
    > five percent of those signals were without security and I accessed the
    > internet from them. Of those accessed, I sailed into their shared c:
    > drives.
    > On one corner I had 8 signals including 1 church office. I sailed
    > right in and accessed their records and payroll records without any
    > "special programs". Needless to say, I will visit the pastor today to
    > share this.
    >


    This is the kind of mentoring that helps the uneducated understand
    security. Unfortunately, too many think that random acts of malicious
    mischief will "teach them a better lesson".
    optikl, Mar 8, 2006
    #6
  7. a_monk

    Moe Trin Guest

    On Wed, 08 Mar 2006, in the Usenet newsgroup alt.computer.security, in article
    <>, optikl wrote:

    >Also None wrote:
    >
    >> Last night I conducted a survey with my laptop. I took 2 streets in a
    >> small town in Ohio. I parked mid block for 6 blocks on each of 2
    >> streets. I had at least 2 accessable signals on each stop. Twenty
    >> five percent of those signals were without security and I accessed the
    >> internet from them.


    Aside - I'm highly surprised that only 25% were without security. I would
    have expected 25% with, and 75% without.

    >> On one corner I had 8 signals including 1 church office. I sailed
    >> right in and accessed their records and payroll records without any
    >> "special programs". Needless to say, I will visit the pastor today to
    >> share this.


    Hopefully the pastor will be understanding.

    >This is the kind of mentoring that helps the uneducated understand
    >security. Unfortunately, too many think that random acts of malicious
    >mischief will "teach them a better lesson".


    Worse, most operators of unsecured systems will accuse you of hacking
    into their systems, threatening criminal complaints, etc. The real
    problem is getting the word to these people that _anyone_ can gain
    access to their systems, including the seventy year old grandfather
    across the street, the six year old next door, or that dachshund in
    the house behind you who's searching the internet for pictures of
    Saint Bernards in crotchless panties and fishnet stockings.

    Old guy
    Moe Trin, Mar 8, 2006
    #7
  8. a_monk

    Jim Watt Guest

    On Wed, 08 Mar 2006 14:07:00 -0600,
    (Moe Trin) wrote:

    >>> On one corner I had 8 signals including 1 church office. I sailed
    >>> right in and accessed their records and payroll records without any
    >>> "special programs". Needless to say, I will visit the pastor today to
    >>> share this.

    >
    >Hopefully the pastor will be understanding.


    and forgiving, unless he is fiddling with the profits.

    However, depending on the jurisdiction you might actually be
    committing an offence.
    --
    Jim Watt
    http://www.gibnet.com
    Jim Watt, Mar 8, 2006
    #8
  9. a_monk

    Also None Guest

    On Thu, 09 Mar 2006 00:01:14 +0100, Jim Watt <_way>
    wrote:

    >On Wed, 08 Mar 2006 14:07:00 -0600,
    >(Moe Trin) wrote:
    >
    >>>> On one corner I had 8 signals including 1 church office. I sailed
    >>>> right in and accessed their records and payroll records without any
    >>>> "special programs". Needless to say, I will visit the pastor today to
    >>>> share this.

    >>
    >>Hopefully the pastor will be understanding.

    >
    >and forgiving, unless he is fiddling with the profits.
    >
    >However, depending on the jurisdiction you might actually be
    >committing an offence.

    The pastor said they have been talking about it for some time. I
    suggested they contact their puter repair service to rectify it.
    Guess what - they have a couple of guys in the church that know all
    about computers. By the way, I did this along with the second in
    command from the Sheriff's office. He was amazed at what he saw.
    This will be an even hotter topic than the burglary rate in town. In
    Columbus, 85% of residential burglaries are the result of unlocked
    doors and windows. I see no difference with the wireless security.
    I offered to meet with them with my laptop and show them their needs.
    I'll bet they don't even call me.

    George
    Also None, Mar 9, 2006
    #9
  10. (admins) privacyoffshore wrote:
    > There are programs available on the internet that would let a hacker
    > with only basic level knowledge get through a WEP encrypted signal in
    > about 25 minutes.


    Aircrack and WinAirsnort are available as Windows binaries. Expect their
    job to be done within 10 minutes.

    > Using an encrypted connection over and above and
    > along with WEP is the best way to protect your internet communications.


    Then WEP is a useless overhead.

    > A simple program like Max Crypt can encrypt files and folders on a
    > hard drive at no cost for added security.


    Woah, all my files are stored encrypted, but I have no worries uploading
    them by unencrypted HTTP? :)
    Sebastian Gottschalk, Mar 9, 2006
    #10
  11. Sebastian Gottschalk wrote:

    > (admins) privacyoffshore wrote:
    >> There are programs available on the internet that would let a hacker
    >> with only basic level knowledge get through a WEP encrypted signal in
    >> about 25 minutes.

    >
    > Aircrack and WinAirsnort are available as Windows binaries. Expect their
    > job to be done within 10 minutes.
    >
    >> Using an encrypted connection over and above and along with WEP is the
    >> best way to protect your internet communications.

    >
    > Then WEP is a useless overhead.
    >
    >> A simple program like Max Crypt can encrypt files and folders on a hard
    >> drive at no cost for added security.

    >
    > Woah, all my files are stored encrypted, but I have no worries uploading
    > them by unencrypted HTTP? :)


    I think the poster was suggesting that having critical data encrypted
    locally would be a prudent second (third, fourth, etc.) line of defense
    against someone who might crack WEP or some other "boundrary" encryption
    or device.
    Borked Pseudo Mailed, Mar 9, 2006
    #11
  12. a_monk

    Moe Trin Guest

    On Wed, 08 Mar 2006, in the Usenet newsgroup alt.computer.security, in article
    <>, Also None wrote:

    >Jim Watt <_way> wrote:


    >>However, depending on the jurisdiction you might actually be
    >>committing an offence.


    >The pastor said they have been talking about it for some time. I
    >suggested they contact their puter repair service to rectify it.
    >Guess what - they have a couple of guys in the church that know all
    >about computers.


    Any one want to take odds that the situation will be unchanged a year
    from now?

    >By the way, I did this along with the second in command from the
    >Sheriff's office. He was amazed at what he saw.


    So all you've done is to show a creditable witness for the prosecution ;-)
    Jim is correct about accessing systems being an offense in some jurisdictions.
    I imagine a few minutes on google might turn up some applicable laws.

    Web Results 1 - 10 of about 726,000 for state+law wireless access
    unauthorized. (0.29 seconds)

    Hmmm, New York and New Hampshire laws right on the first screen of results.
    Changing the search term to 'Ohio+law wireless access' brings up a state
    senate bill (Amended Substitute Senate Bill Number 146) - rather extensive,
    but no quickly obvious date. It seems to reference other sections of existing
    law which may or may not have impact.

    >This will be an even hotter topic than the burglary rate in town. In
    >Columbus, 85% of residential burglaries are the result of unlocked
    >doors and windows.


    I imagine that is true in a lot of places. I don't have figures for the
    Phoenix (AZ) metro area, but 85% doesn't sound unreasonable.

    >I see no difference with the wireless security.


    The homeowner who undresses with the lights on, in front of the window
    with the shades drawn can be prosecuted for specific charges. The same
    homeowner leaving their wireless network wide open with those explicit
    photographs offering a better view can't be prosecuted.

    >I offered to meet with them with my laptop and show them their needs.


    Ya-all be careful, ya hear? ;-)

    Old guy
    Moe Trin, Mar 9, 2006
    #12
  13. a_monk

    neil davis Guest

    On Mon, 06 Mar 2006 18:42:56 +0100, Sebastian Gottschalk wrote:

    > a_monk wrote:
    >
    >> SCAM
    >> Phishing - Identify Theft
    >> Malicious Code - Spyware, Virus, Worms, etc.
    >> P2P file sharing / download services
    >> Social Engineering
    >> Privacy?

    >
    > Phishing is Social Engineering.

    /signed
    Roll phishing into social engineering, then add a category for home
    network security. Cover firewall basics and wireless security basics,
    passwords, etc. Recommend a separate firewall box, like a D-Link or
    linksys box, which are easily configurable and inexpensive these days.

    -Neil
    neil davis, Jun 27, 2006
    #13
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. jersie0
    Replies:
    10
    Views:
    2,210
  2. Soapy

    Re: Passive Outting Attempts/Threats

    Soapy, Jul 20, 2004, in forum: Digital Photography
    Replies:
    10
    Views:
    497
    Soapy
    Jul 30, 2004
  3. Soapy

    Re: Passive Outting Attempts/Threats

    Soapy, Jul 20, 2004, in forum: Digital Photography
    Replies:
    6
    Views:
    431
    =?iso-8859-1?Q?=B1?=
    Jul 24, 2004
  4. Au79

    INTERNET threats spreading like wildfire

    Au79, Feb 25, 2006, in forum: Computer Support
    Replies:
    0
    Views:
    359
  5. Giuen
    Replies:
    0
    Views:
    838
    Giuen
    Sep 12, 2008
Loading...

Share This Page