Advertisment

Be a 'Spiderman' to fight the cyber burglar!

author-image
CIOL Bureau
New Update

PUNE, INDIA: He has evolved. From burglary, to mugging, gun-point robbery, train-pick pocketing, bank frauds, Phishing, Internet crimes to Vishing and a lot more, you can see that the criminal has changed from a Gun-Man to a Conman.

Advertisment

But one thing has not changed. His heist has always used one power - loopholes. Be it gaps in the fences around your house or the vulnerability of your software or the blanks awareness spaces that let him play on your ignorance.

There's only one way to outsmart these bandits. Fill in the blanks. How? Here are some tips for your day-to-day business and personal life.

-Phishers can now swindle you with lookalike bank site links, cross-site scripting and more. No matter how convincing a link looks, if you click on it, it may transport you to a legitimate site but the cookies hidden will do their job of theft in the few seconds it takes you to hit the site. Type the URL yourself all the time.

Advertisment

- Similarly, if someone calls as a bank representative trying to confirm some information on phone, do not reveal anything on that call. Instead dial the bank number yourself and confirm. Most banks have now standard policies for confirming passwords or user details. Never give them over email or phone.

-A lot of malicious code is now traveling via forwarded emails too that steals your cookie when the script is run. Avoid unknown mails. And be careful with unknown attachments too. Because you can run a particular piece of code by just opening it. Don't click on special offer bank links.

-Do not part with your primary Email IDs. Use separate IDs for social networks etc.

Advertisment

-Read the user-manuals. At the same time, in countries like India that are on initial stages of the curve, the vendors have a major role to play. For example, companies selling Wi-fi should educate the users to change the default configurations.

-Do you know that most of us run our Wi-fi barefaced, that is your network is open, or has a weak encryption (WEP)? Because we never bother to change the default passwords and configuration, while there are options of changing that as well for encryption enabling in the router?

What's the cost? Well, if you don't do so, anyone can just park his car outside your house and comfortably use your Wi-Fi account for criminal purposes. Change the defaults. Make sure your network is strongly encrypted with WPA or its variants.

Advertisment

-Also, people believe in a myth that if they hide their SSID (wireless name which get broadcast), it will secure their network, whereas the fact is for corporate users disabling SSID broadcast will make other sophisticated wireless attacks easy.

Most of the default SSIDs were found in residential areas. In a recent Wardriving effort on Wireless security in Pune, Club Hack with the support of city Cyber Crime cell, observed that many wireless networks were working on the default SSID that was configured on the access point by the manufacturer.

Some of these default SSIDs indicated that the wireless router was supplied by the ISP and whoever configured it (which in most of the cases are the network engineers from ISP) have not configured the devices properly.

Advertisment

Wi-fi trap

- What more, even in hotspots like hotels, cafes, airports where you freely access your Wi-fi without security checks, a malicious user can sniff the data of logged in users and get their data, passwords, credit card information etc. Educated users would refrain from using such networks.

-What applies for Wi-fi, holds true for your phone security too. Take care of your Bluetooth luxury in the same way. If people are getting free coupons on their phones when they are shopping in a mall, it shows that their Bluetooth feature is open enough. Take care of the discoverability functionality, preference set-ups, ask-for-permission features etc.

Advertisment

Avoid the Apple

Do not be tempted by pop-ups or mails promising free goodies or with pirated websites. You are jeopardizing your system by doing so.

Heard of Botnets, the army of Internet computers hijacked without the owners ever realizing it? You might never get a whiff of it and if your computer has been zombied in such a Botnet, it would start serving the wishes of some master spam or virus originator.

Advertisment

The part to be wary about is that most computers compromised in this way are home-based. In fact, according to reports from Russian-based Kaspersky Labs, and Symantec, Botnets pose the biggest threat to the Internet. So you better be careful. Beware of the honey pots, downloading free MP3 is not only illegal but could be dangerous too.

- Some obvious advices we still tend to forget. Have a good Anti-virus, have a desktop-level firewall, at least use the free AV updates.

-Make sure you have strong passwords, be it your bank PINs or email accounts. It should be not only something hard to guess but at the same time easy for you to remember so that you don't have to scribble it somewhere and publicize it. No birthdays or anniversary dates please!

Your password should be a combination of all fonts - some characters, some alphabets, some upper case, some lower case, some numbers etc. A six to eight character mix password is usually a safe bet. And remember, passwords are like tooth brushes. Change every six months.

- For the Code-Jockeys. A software is as good or weak as the number of bugs it has. Security is everyone's responsibility, and at every stage. Coding is always taught to be fast and efficient but what's more important in today's times is that coding should be less, clearer and more secure. When it comes to testing, do it relentlessly and look for the weakest link, thinking like a criminal. Challenge access controls, try fuzzing, pen-testing and vulnerability tests.

In a nutshell, don't expect to fight the villains as a mortal man.

You can't fight them as a man. You can't fight them as Superman either. Try being the Spiderman, who uses the web set against him, as the very prop to climb skyscrapers. If you win your ignorance, you win against the criminals. All the best!

Acknowledgements to experts for this article:

Bala Girisaballa, VP and head of Product and Marketing, iViz Security; Shantanu Ghosh, vice president, India Product Operations, Symantec; Security expert Ajitkumar Dhanraj Hatti; Jonathan Brossard, security research engineer, iViz Techno Solutions Pvt Ltd; Vincent Weafer, vice president, Symantec Security Response; Pradeep Akkunnor - director, Indiaforensic Consultancy services and Rohit Srivastwa - founder ClubHack.

tech-news