STE WILLIAMS

Britain is building an army to wage war by hurling computer hackers at its enemies.

Defence Secretary Philip Hammond said the country is recruiting “hundreds” of hackers at a cost of up to £500 million ($909 million), The Register reported.

News of the “laptop army” was delivered from an appropriately militaristic setting: the bowels of the Ministry of Defence’s vast Pindar nuclear bunker, or “Current Contingencies Task Room,” situated deep below Whitehall, at the Tory conference on Sunday, the Daily Mail reported.

Future wars will, Hammond told the newspaper, be fought by “IT geeks in rooms like this rather than soldiers marching down the streets, or tanks or fighter aircraft.”

He said:

More and more, modern warfare will be about people sitting in bunkers in front of computer screens, whether remotely piloted aircraft or cyber weapons.

The laptop warriors will work with existing government IT security teams to protect critical infrastructure and data stores were the country to come under electronic attack.

Instead of bombs and bullets, the new cyber regiment will fashion lethal computer worms and viruses to wipe out enemy targets.

The recruitment ad for cyber reservists emphasizes that selection will recognise “the unique attributes and potential contribution of individuals who might otherwise not be attracted or able to serve in the Reserve forces.”

What, exactly, are the Reserve forces willing to overlook in the hacker community?

Physical fitness, for one. The ability to do chin-ups does not, after all, a computer genius make.

Or, as the Daily Mail put it, British hackers who spend more time bathed in monitor glow than they do exposed to the harsh rays of the sun are in good stead to be recruited:

The Army’s tough fitness tests are to be lowered to allow weedy or overweight ‘computer geniuses’ to join the new front line of ‘keyboard commandoes’.

The money for this battalion has to come from somewhere, but where? Soldiers? Tanks? Ships? Fighter planes?

Hammond declined to state where the cuts would come from:

We only have one pot of money and if we going to invest hundreds of millions of pounds in cyber capabilities, we have to stop doing something else.

That is the tough message. As our cyber capability builds, we will look at how the military would be likely to use it and where that allows us to reduce other capabilities.

Where we can tackle a target with cyber weapons, we may need fewer conventional weapons in that area but I can’t say yet where those areas will be. It will be a constant evolution.

The trigger of the gun, bomb or missile will always have a role but as the world becomes more dependent on IT systems, one way of delivering incapacitating blow to the enemy will be by delivering a blow to his IT systems.

Do you think it’s a good idea?

Do you think that an army of hackers is more/less/as needed as conventional, on-the-ground warriors armed with bullets and tanks?

Does the organised hacking might of countries such as China merit a response such as Hammond has described?

Please let us know your thoughts on these and other cyber army issues in the comments section below.

Follow @LisaVaas

Follow @NakedSecurity

Image of camouflage and programmers courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/9Waq6SuNxow/

Ben Ashford, former journalist at Rupert Murdoch’s The Sun newspaper is the first person to be charged under Operation Tuleta, a Metropolitan Police investigation that is being run alongside inquiries into alleged corrupt payments to public officials, computer hacking and other privacy breaches.

Gregor McGill, a senior lawyer at the CPS said,

The CPS has today authorised the Metropolitan Police to charge Ben Ashford with one offence of possession of criminal property and one offence of unauthorised access to computer material.

Mr. Ashford will appear before Westminster Magistrates’ Court on October 15, charged with possessing criminal property between October 11 2009 and October 16 2009, contrary to section 329(1) Proceeds of Crime Act 2002.

The Crown Prosecution Service said that charge relates specifically to

a mobile telephone belonging to Emma Murray knowing or suspecting it to constitute a person’s benefit from criminal conduct.

It has been widely reported that the phone came into his possession in 2009 when a woman phoned The Sun newspaper, saying that she had found it and that it contained some interesting text messages.

Ashford, now a freelance journalist, has also been accused of causing

a computer to perform a function with intent to secure unauthorised access to a program or data held in a computer, knowing that such access was unauthorised.

This, the CPS said, was over the same period of time as the other alleged offence and is contrary to section 1(1) of the Computer Misuse Act 1990.

Operation Tuleta is an inquiry into criminal offences that invade individuals’ privacy for journalistic purposes, not already covered by Operation Weeting, which is looking at phone hacking claims, or Operation Elveden, which is investigating allegations of corrupt payments made to public officials.

The combined operations, which have so far cost around £40m, have seen more than 40 people arrested in connection with various forms of alleged media wrongdoing and corruption. Next to trial will be Rebekah Brooks and her successor as editor of News of the World, Andy Coulson, who are both due to appear in court at the end of October.

Liberty bail campaign

Ben Ashford’s charge coincides with a campaign by the human rights group Liberty who are asking for a six-month time limit for police bail. Some of the suspects arrested under the various hacking inquiries are still being kept under investigation without charge almost two years after they were first detained.

The time limit for bail is ordinarily set at a total of 24 hours, though this can be used over multiple separate sessions of questioning and spread over an unlimited amount of time.

The first person to be detained under Tuleta, a 52-year-old man arrested in Milton Keynes in November 2011, is still waiting to hear if he is to be charged or released without further action.

So far there have been a total of 21 arrests made under Operation Tuleta, with only two of those arrested informed that no further action will be taken.

Follow @Security_FAQs

Follow @NakedSecurity

Image of The Sun logo under Creative Common license.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/UiZ7svAEeWs/

Supercharge your infrastructure

It has not been a good week for Apple on the security front, and there’s no relief in sight after an Israeli researcher found a way to access a locked iPhone’s contacts and messages database using Siri.

In a YouTube video, Dany Lisiansky showed how a locked phone running iOS 7.0.2 can be opened by using Siri’s voice control to make a call to an attacker’s system. This “feature” then allows an attacker to access the target handset’s Phone application, giving access to call history, voicemail, and entire list of contacts by following seven steps:

1. Make a phone call (with Siri / Voice Control).

2. Click the FaceTime button.

3. When the FaceTime App appears, click the Sleep button.

4. Unlock the iPhone.

5. Answer and End the FaceTime call at the other end.

6. Wait a few seconds.

7. Done. You are now in the phone app.

“It’s easy to imagine how this vulnerability could be exploited by a business rival or a jealous romantic partner,” commented security watcher Graham Cluley.

Cupertino has made security a big selling point for its latest mobes, even going as far as recruiting the New York Police Department to hand out leaflets urging Apple users to upgrade to iOS 7. But the handset has also been targeted by researchers and found wanting, not to mention unsettling to the stomach.

It took the Chaos Computer Club only three days to defeat the new iPhone’s fingerprint scanner, using a fingerprint printout and some latex wood glue. Chinese Apple users showed one possible way around this – using their nipples instead – but that’s unlikely to take off for most users.

Shortly afterwards, attackers found a way to bypass the lock screen using Apple’s Control Center, albeit with some nifty fingerwork. That led to Tim Cook’s security engineers spending a few sleepless nights, and they pushed out an update on Thursday – but a day later Lisiansky found a way to crack the update.

With over 200 million Apple users now using iOS 7, with no way to remove the upgrade, it looks like there could be another update in the pipes soon if iPhone users are going to have their privacy protected.

In the meantime, users are advised to turn off Siri’s ability to work while the handset is locked by going launching the Settings app, tapping General Passcode Lock, turning Passcode on if it isn’t already, then toggling Siri off under Allow Access When Locked. ®

5 ways to reduce advertising network latency

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/09/30/sweettalking_siri_opens_stalking_security_hole_in_ios_7/

Supercharge your infrastructure

Britain’s global eavesdropping nerve-centre GCHQ hopes to turn its certificates of IT security competence into an industry standard – by awarding them to bods in the private as well as public sector.

The CESG (Communications-Electronics Security Group) Certified Professional scheme (CCP) was launched in October, and is handed out to suitably skilled tech pros working for the UK government. Only civil servants and those working on UK govt contracts could apply, but this has now been extended beyond the walls of Whitehall.

Candidates can achieve practitioner, senior practitioner and lead practitioner status across six key roles: security and information risk advisor; information architect (IA) accreditor; IA architect; IA auditor; IT security officer; and communications security roles. The CCP scheme will run in parallel with the IISP’s* own professional development and certification programme.

Three independent certification bodies for the CCP scheme, each appointed and audited by CESG, have been established. The three groups are: the APM Group; the IISP, CREST* and Royal Holloway ISG consortium; and BCS, the chartered institute for IT workers.

Nearly 700 security professionals responsible for securing UK government networks have been accredited so far. The CCP scheme is part of Blighty’s wider “Cyber Security Strategy”, which is designed to make Britain more secure against electronic attacks and make it the best place to do e-commerce worldwide. Presumably, infiltrating on a Belgian telco, undermining SSL certificates and VPNs, and assisting the NSA’s global internet dragnet fits in there, too.

The CCP certifications are valid for three years.

Ian Glover, president of CREST, added: “Private-sector organisations are already putting their staff through the security architecture examination, which is part of the CCP scheme. Extending the broader CCP scheme to the private sector is a very logical extension.”

More details on the CCP scheme can be found here. ®

* IISP is the Institute of Information Security Professionals) while CREST is a professional body representing the security testing and cyber incident response industry.

5 ways to reduce advertising network latency

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/01/cesg_ccp_certs/

Supercharge your infrastructure

Stalkers and advertisers will be pleased to know that Facebook is now more searchable than it has ever been, after the social network confirmed that it was in the process of allowing users to dig much deeper into a “friend’s” past posts on the free content ad network.

The Mark Zuckerberg-run company has been chasing larger ad bucks in a move to cheer investors on Wall Street. And in recent months, the strategy has started to pay off.

Facebook unzipped its Graph Search feature at the start of this year. It came with limited functions at the time, but the system was Zuck’s first clear signal to advertisers that he was finally getting serious about search and – by extension – advertising, from which the billionaire derives around 85 per cent of his company’s revenues.

Significantly, while Facebook has a close working relationship with Microsoft, it had enough foresight to recognise that its search feature needed to be completely autonomous within the Menlo Park silo.

MS still powers external search requests for Facebookers. But the juicy stuff locked inside the network is controlled completely by Zuck’s engineers.

Facebook said of Graph Search on Monday:

Now you will be able to search for status updates, photo captions, check-ins and comments to find things shared with you.

But it was keen to add that a user’s privacy would not be violated on the network.

As with other things in Graph Search, you can only see content that has been shared with you, including posts shared publicly by people you are not friends with.

Fears about perverts using Graph Search to prey on teenagers on the network were raised earlier this year. Facebook was forced to say that controls would be in place to protect young people. But the system is flawed, because it relies on kids and adults to be honest about their age when signing up to Facebook – which is not robustly policed by the company.

The new function is slowly being rolled out to a small number of users for now. As Google and Twitter, the latter of which is prepping for its IPO, understand only too well, watching in near real-time which searches are popular on those services is key to satisfying hungry admen. ®

5 ways to reduce advertising network latency

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/01/facebook_graph_search_targets_all_data/

[The following is excerpted from “Anatomy Of A SQL Injection Attack,” a new report posted this week on Dark Reading’s Database Security Tech Center.]

It started with a vulnerability on a password reminder page and ended with a compromise of Nasdaq’s computer network. Such is the life of a SQL injection vulnerability, one of the most prevalent and well-known classes of security flaws affecting organizations today.

A seemingly permanent fixture on the Open Web Application Security Project’s list of top 10 Web application vulnerabilities, SQL injection has a long history as a weapon for the world’s black hats to blast their way into corporate databases. In July, the U.S. Justice Department announced an indictment against five men accused of stealing more than 160 million credit card numbers and causing hundreds of millions of dollars in losses in attacks on more than a dozen organizations, including the one on Nasdaq.

The stakes cannot get much higher. According to Trustwave’s “2013 Global Security Report,” SQL injections accounted for 26% of the infiltration methods used by hackers in the data breaches it analyzed in 2012.

Fighting these attacks means more than just understanding where flaws lie in the code. It also means understanding the cyber kill chain — the life cycle of the attacks targeting the corporate network. Armed with that knowledge, organizations can begin totake a smarter approach to defending their databases and making sure the Web applications that access them don’t serve as unguarded gateways for attackers.

Put simply, SQL injection is a technique in which the attacker uses a vulnerability in the code to send malicious SQL statements to a database. This happens when user input that’s not properly filtered and validated is utilized in SQL queries to databases accessible by vulnerable applications. There are multiple types of SQL injection attacks, with these two types being the most common categories:

In error-based SQL injection, the attacker forces the database to perform an operation that will result in an error, and then examines the error message for information that can be used to build a working exploit with the correct syntax. Organizations often seek to mitigate this by limiting the amount of information contained in error messages.

Blind SQL injection attacks are used when vulnerable applications are configured to show generic error messages. In this approach, the attacker asks the database a true or false question and examines the application’s response. If the response is different, the attacker can determine whether or not the database has been successfully accessed.

Attackers have a number of different exploit methodologies at their disposal. For example, attackers sometimes use a method known as time-based blind SQL injection, which involves getting the database to pause for a specific period of time, and then comparing the response times between normal requests and injected requests to determine if a SQL statement was successfully executed.

To learn more about SQL injection attacks — and how to prevent them — download the free report.

Have a comment on this story? Please click “Add a Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/applications/anatomy-of-a-sql-injection-attack/240162040

San Francisco – Panorama9 , a cloud-based IT management platform, has released an update to its Partner Program to offer MSPs an increased level of support and control with their clients. The combination of sleek new features puts Panorama9 among the most sophisticated web-based MSP offerings available today.

The update provides MSPs with advanced user management tools, templates for a standardized notification system, and a new design. In addition to being able to monitor vulnerabilities, server outages, and compliance issues for multiple clients from a single dashboard, the Panorama9 MSP solution now includes:

– Enhanced collaboration tools that let users assign responsibilities and add notes about client details and procedures

– Greater granularity on admin permission tools: partners can select which users have access to which clients

– Templates for client notifications and weekly/monthly reports

– Advanced Zendesk integration that lets partners track multiple clients through one helpdesk account while keeping a full overview of individual client details like alarms and notifications

– Seamless integration with other helpdesk systems

MSPs can also now give clients secure access to their own dashboards and network status. This new level of transparency makes it easy for MSPs to demonstrate the value they bring to a client organization on a continual basis for managing and supporting their network and all devices.

“The latest additions give both MSPs and their clients the peace of mind that all areas of concern are being properly monitored and addressed,” says Panorama9 CEO, Allan Thorvaldsen, “No matter how many clients an MSP has, they can track all activity and alerts from a single view, then easily drill down and focus on a particular area or client.”

Already known for its sleek, simple design, Panorama9 has further fine-tuned its design. Thorvaldsen continues, “We’re blowing the competition out of the water in terms of ease-of-use. Alternative MSP solutions look quite outdated and clunky in comparison.”

Like the core product, the MSP Interface monitors mixed environments and remote machines, and is currently available for a free trial at . For more information on partnership details and platform features, please email [email protected].

ABOUT PANORAMA9

Panorama9 is a cloud-based IT management platform bundled into a single dashboard to show you everything about your company’s assets, IT availability, security vulnerabilities, and non-compliant systems. Your organization can cut its IT costs through improved up-time without having an infrastructure to deploy or manage. Panorama9 was founded in 2010 and has received a $900,000 seed round and have offices in San Francisco, CA and Copenhagen, Denmark.

Article source: http://www.darkreading.com/management/panorama9-updates-msp-partner-program/240162012

TUCSON, Ariz. – September 30, 2013 – Researchers in the University of Arizona’s Eller College of Management have been awarded two grants from the National Science Foundation, totaling $5.4 million, for projects that will address significant cybersecurity research and education challenges facing the U.S. and the international community.

Hsinchun Chen, Regents’ Professor and Thomas R. Brown Chair in Management and Technology in Eller’s management information systems department, is principal investigator on both projects.

The first project, Cybersecurity Scholarship-for-Service at the UA, or AZSecure, has been funded through 2018 with $4.2 million in total.

“AZSecure will support about 40 undergraduate, graduate, and doctoral students over the next five years,” Chen said. “The students will be immersed in advanced cybersecurity analytics and information assurance education for placement in government agencies and industry.”

AZSecure is one of the largest Scholarship-for-Service grants awarded by the NSF in the nation.

Chen is joined on the project by fellow principal investigators Paulo Goes, head of the UA’s MIS department; Salim Hariri, director of the UA’s Autonomic Computing Laboratory and Mark Patton, director of Eller’s MicroAge Lab.

Eller’s MIS department is a Center of Academic Excellence in Information Assurance Education, a designation of the National Security Agency and the Department of Homeland Security.

The second NSF grant-funded project focuses on understanding cyber attackers and attacks via social media analytics. The project is funded through 2016 in the amount of $1.2 million.

“We have built an interdisciplinary team around the Hacker Web project,” Chen said. “We aim to answer important questions about hacker behaviors, markets, community structure, communication contents, artifacts and cultural differences using big data analytics.”

The proposed integrated computational framework and the resulting analytical algorithms and techniques will allow researchers, policymakers, and industries to better understand the hacker community and its highly complex ecosystem and impacts. Selected students in the AZSecure project will be embedded in the Hacker Web project.

Chen is joined on the Hacker Web project by fellow principal investigators Hariri; Ronald Breiger, UA professor of sociology at the UA; and Thomas Holt, associate professor of criminal justice at Michigan State University.

More details about Chen’s research is available on his Artificial Intelligence Laboratory website.

The Eller College of Management at the University of Arizona is internationally recognized for pioneering research, innovative curriculum, distinguished faculty, excellence in entrepreneurship, and social responsibility. U.S. News World Report ranks the Eller undergraduate program #12 among public business schools and two of its programs are among the top 25 — Entrepreneurship and MIS. U.S. News World Report ranks the Eller MBA full-time program #57 in the U.S. The College leads the nation’s business schools in generating grant funds for research. In addition to a Full-Time MBA program, the Eller College offers an Evening MBA program, an Accelerated MBA program, and the Eller Executive MBA. The Eller College of Management supports more than 6,000 undergraduate and 800 graduate students on the UA campus in beautiful Tucson, Arizona.

Article source: http://www.darkreading.com/54m-in-cybersecurity-grants-awarded-to-u/240162054

If you’re the most tech savvy person in your family the chances are you are regularly cast into the role of unofficial family technical support.

It doesn’t matter how much or how little you know – as long as you are more technically competent than the rest of your family you’ve got a job for life.

You’ll help their laptops find printers, dig out files that have disappeared inexplicably, tell them why the internet doesn’t work (“…it was working yesterday!”), and clean up viruses.

And that, in our modern and interconnected world, makes you part of the cyber security front line.

Today is day one of the USA’s National Cyber Security Awareness Month (NCSAM) – a month dedicated to the idea that everyone has a role to play in creating a safe, secure, and resilient cyber environment.

It’s a good day to go back to basics and review the simple but important things that all of us who act as our family’s unofficial technical support and cyber-defence team can do to make things harder for the bad guys.

1. Check computers for zombies and other malware

Most people seem to be using anti-virus software these days but the software is only as good as its most recent update.

If your family members have subscriptions that have expired, if they haven’t done a baseline check lately, or if they’re Mac, tablet or smartphone users and think they aren’t vulnerable, get them a reputable product, bring it up to date and do a check for zombies and other malware today.

(Sophos offers free anti-virus software for Macs, as well as for Android. No registration is required. We don’t even ask for an email address.)

2. Enable WPA or WPA2 on home WiFi

If anyone in your family is using unsecured home WiFi or has secured their WiFi with WEP encryption, take two minutes to switch them to WPA or WPA2 today.

If you think you have already set up WPA for them, go and check they haven’t done a factory reset or anything that might have undone your work.

But, before that, watch our video Busting Wireless Security Myths so you can see if anyone is engaged in any WiFi security that’s, well, mythical.

3. Set different passwords for every website

Make sure your family members are using different, strong, passwords for each website they log into. Thieves will often try stolen passwords on a range of popular websites because they know that people reuse them.

Help your family choose strong passwords that are at least twelve characters long and made up of a mixture of letters, numbers and special characters. If they have trouble remembering passwords then consider a password manager like LastPass or KeePass.

Of course, security doesn’t end with our three essentials, so let’s finish with a fourth…

4. Follow Naked Security during NCSAM

Stay up to date with latest computer security news, opinion, advice and research during NCSAM by signing up to our daily newsletter, grabbing our RSS feed or following us on Facebook and Twitter.

Follow @NakedSecurity

Follow @MarkStockley

Image of road sign courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/UW1tjYvweEg/

October 2013 marks the tenth anniversary of the USA’s annual Cybersecurity Awareness Month (CSAM).

So we thought we’d have some fun, and come up with ten topics, in vaguely chronological order, that have burst into our collective security concerns at various times in the last decade.

We’ve been eclectic, wandering from the hand-wavingly general to the pointedly specific, but it’s all in a good cause.

We hope the list will encourage you to think more critically about cybersecurity, and to ask yourself, “Why does this matter?” when you come across a new issue.

→ Have no fear. We aim to convince you that cybersecurity matters without falling back on grandstanding terminology like “cyberwar” or “advanced persistent threat.” You’ll hear those words here only, simply to hear that you aren’t going to hear them again.

Here goes.

1. Warhol Worms

Viruses like CodeRed (2001), Slammer (2003) and Blaster (2003) caused havoc. They spread automatically over the internet, breaking into other computers and networks without human intervention.

Some speculated that the internet might simply implode under the ongoing load of these “Warhol Worms”, so called because they’d be limited to 15 minutes of fame, after which everybody in the world would be infected.

Many of us began to make at least some effort at patching, and of removing servers from the internet that didn’t need to be there; Warhol Worms never happened.

The internet survived.

2. Spam

At the start of the 2000s, spam was heading out of control. Some even suggested that it would kill email for ever.

Most of us adopted spam filters, including reputation filtering, a technique that aims to drop connections from spam sending computers before they even begin to deliver any messages.

Email lives on.

3. Phishing

Tricking users into giving away their usernames and passwords through bogus login screens is an ancient pastime, but in 2001, crooks successfully turned the technique against online payment company e-gold.

From then, it was Game On for the cybercriminals.

Fake logins still trap the unwary into giving away online account credentials, but we’re learning to be more careful when we login.

We’re also learning to avoid using (and not to send out) links in emails that lead to sign-in screens.

Returns for the crooks are diminishing.

4. Botnets

Downloading instructions from a central server to your PC for distributed computing tasks was all the rage in the 1990s, as a fun way for the community to solve problems such as cryptographic cracking.

The crooks quickly copied this approach for their own ends, notably to boost their spam volumes by bringing a raft of innocent bystanders on board as email senders.

Bots, or zombies as they’re also known, are still a huge threat – even high-profile US credit bureaux are known to have been infiltrated.

In most cases, a scan-and-clean with an up-to-date anti-virus can work wonders.

Don’t delay. Do it today.

5. Fake anti-virus

In the 1990s, anti-virus companies were routinely accused of writing all the viruses in order to charge for cleaning them up.

It wasn’t true, but the claim gave 21st century cybercrooks an idea: charge people for *not* cleaning up viruses! Just pretend they’re infected, take their cash, and then pretend they’re clean.

Easy counterploy: if the scan is free but the cleanup suddenly costs money, you know it’s a ripoff.

6. Social networking

We’ll be honest. When we say “social networking,” we really mean, “Facebook.”

It’s changed our lives, but has made many people very casual about privacy, since part of the fun is to make “friends” online, and to share things with them that perhaps you ought not to.

If in doubt, don’t give it out.

7. Metasploit

The first open source version appeared in 2003; the product hit the mainstream in 2009 when it was bought by a commercial company.

To be blunt: it’s a toolkit that helps you break into other people’s computers using pre-packaged exploits.

But it’s also a great penetration testing and quality assurance tool, since it makes it easy to validate (assuming you have permission!) that patches and fixes really have worked as intended.

Anyway, like many computer security tools, it’s a double-edged sword that’s here to stay, so you may as well learn to stop worrying and love this sort of software.

8. Bring Your Own Device (BYOD)

You’ve bought a new-fangled smartphone or tablet with your own after-tax earnings. You like it more than the device that work issued to you – much more!

You don’t want to carry two devices everywhere, so you’ll do an hour of extra work each day, for free, if only the company will let you get at your email, or your sales leads, on your iPad or your Android.

Should your IT guys agree?

Make it easy for them: if you expect IT to give up its “thou shalt not pass” attitude and say “Yes,” then be prepared to meet them half way and give them joint control over your personal device.

9. Lulzsec

Perhaps the only hacking group in history dedicated to stealing and revealing your data simply to try to put the fun back into security.

Some in the security industry grudgingly suggested that they’d done us a favour by reminding us how permeable our online database portals were.

But law enforcement didn’t see it that way. Several of the members have been identified, convicted and sent to prison.

10. Surveillance

We’ve spent the past five years or so willingly giving away as much about ourselves as we can via social networking, so our friends can keep track of us online.

And now we’ve been told that, all through that time, intelligence services from the US and its allies have been making a serious effort to keep track of us online.

Many of us seem surprised. (And some of us can’t see the irony, either.)

Where to for CSAM’s 20th anniversary?

Cybersecurity matters because there is a whole underweb of cybercriminals waiting to take money out of our economy if we give them half a chance.

So let’s make an effort to give them less than half a chance.

As we’ve said before, treat Cybersecurity Awareness Month as an incentive to change your digital lifestyle for the better, on a long term basis.

Why not start with our 3 essential security tasks…

Follow @duckblog

Image of road signs courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/pGgO5NkM25g/