Cyber Safety Part III – Ashtad Rustomji

More information on threats to our computers, these are things we are hearing a lot more of these days as the criminals move ahead of the game.

Hacking

 Hacking is a term used to describe actions taken by someone to gain unauthorized access to a computer. The availability of information online on the tools, techniques, and malware makes it easier for even non-technical people to undertake malicious activities.

  • They find weaknesses (or pre-existing bugs) in our security settings and exploit them in order to access our information.
  • Install a Trojan horse, providing a back door for hackers to enter and search for our information.

Malware

Malicious software that infects our computer, such as computer viruses, worms, Trojan horses, spyware, and adware.

  • Intimidate with ‘scareware‘, which is usually a pop-up message that tells us our computer has a security problem or other false information.
  • Reformat the hard drive of our computer causing us to lose all our information.
  • Alter or delete files on hard drive.
  • Steal private information.
  • Send emails on our behalf.
  • Take control of our computer and the softwares running on it.

Pharming

A means to point us to a malicious and illegitimate website by redirecting the legitimate URL. Even if the URL is entered correctly, it can still be redirected to a fake website. Copies the original site down to it’s smallest details to get us to enter our personal details.

Phishing

Fake emails, text messages and websites created to look like they’re from authentic companies. They’re sent by criminals to steal personal and financial information from us. This is also known as “spoofing”.

  • Trick us into giving them information by asking us to update, validate or confirm our account. It is often presented in a manner than seems official and intimidating, to encourage us to take action.
  • Provides cyber criminals with our usernames and passwords so that they can access our online bank account, shopping accounts, etc. and steal our credit card information.

Ransomware

Ransomware is a type of malware that restricts access to our computer or our files and displays a message that demands payment in order for the restriction to be removed. The two most common means of infection are via phishing emails that contain malicious attachments and website pop-up advertisements.

Two types of ransomware;

  • Lockscreen: displays an image that prevents us from accessing our computer.
  • Encryption ransomware: encrypts files on our system’s hard drive and sometimes on shared network drives, USB drives, external hard drives, and even some cloud storage drives, preventing us from opening them

Sometimes the notification states that authorities have detected illegal activity on our computer, and that the payment is a fine to avoid prosecution.

Paying doesn’t help.

Regularly back-up data with a removable external storage drive.

Spam

Mass distribution of unsolicited messages, advertising or pornography to addresses which can be easily found on the Internet through things like social networking sites, company websites and personal blogs.

Phish for your information by tricking you into following links or entering details with too-good-to-be-true offers and promotions.

Provide a vehicle for malware, scams, fraud and threats to your privacy.

 

Cyber Safety Part II – Ashtad Rustomji

Safety on Facebook

There are many things you can do to keep yourself safe from potential threats and cyber criminals on Facebook.

1- The most important thing to do is to never make any personal photos public, especially of your kids wearing any swimming clothes. Your photos be used by predators to sell them to certain kinds of websites and are also sold to highest bidders. They can also use these photos to estimate and track your location, if you don‘t already have it mentioned on the profile.

2- Don’t make your day-to-day activities public and avoid posting updates about when and where you are traveling. If you do want to post them, make it private or for friends only, but that may not work, as if you add someone, they can now view your activities and jobs, etc. getting all they wanted from your profile.

3- Which brings me to my third point, never accept friend requests from individuals who you don’t know or haven’t spoken to. Especially avoid individuals with no profile pics or only a handful of friends when they’ve been members for years. Some of the fake profiles usually just spam search. It’s done by typing in the most common names, when the results show up, they send friend requests to all. Then when their request gets accepted by target, they get to their friends list as well and most accept requests due to them being mutual friends with someone they know and trust. Plus, there’s also a possibility of a sex offender or a PI creating a fake profile to see your ‘friends only’ posts.

4- Never post personal likes and dislikes as this can be used against you. Once an individual knows what you like and don’t like, whether it’s food or a movie or anything, they can use that data to either direct you to a phishing website if they’re a cyber predator or if they’re a predator who searches their victims online, they can strike up a conversation with you basing it on common grounds.

5- Don’t use the same password you did for you email and other accounts, for your face book account. In fact, never have the same password for all accounts as a general rule.

6- If you access Facebook on your phone, log out of the Facebook app you use, after each visit.

7- Post nothing on Facebook that you wouldn’t want anyone to know about. Nothing, once it gets on the internet, is safe or private, especially on a social networking site like Facebook.

8- Be sure to have a good anti-virus installed. There is a possibility of a virus infecting your email list, the virus then sends friend requests to everyone in your email contacts, infecting them with the same virus as well. IIRC, this is done to gain access to not only your personal email, but other email addresses as well, it also leads you to a fake site to get your personal information that you may enter in the form.

9- Report suspicious profiles.

10- Be careful of external and third-party applications and websites asking permission to access your Facebook account information. Once you have given the permission to access your Facebook account, the website or application now has access to all of your personal information, including email, number, posts, address, job and location. Never accept it, unless you are absolutely 100% sure that you trust the application and it is reputed as safe to use.

11- Visit the help center for more information on Facebook safety.

12-  Some good tips are mentioned here in this info graphic; http://www.bedfordshire.police.uk/pdf/facebook_safety_tips.pdf

Safety on Twitter

The following are some simple tips to stay safe on twitter.

1- Whenever you tweet, never add your location to it. Turn off the ‘add location to tweet’ option from the settings. You can also remove all location information by clicking ‘delete all location information’.

2- Strip geo-tag information from your photos before tweeting them. When a photo is tweeted, the location information that many camera phones add to the metadata of the photo file would be provided to anyone viewing the photo, any EXIF viewer software/application that can read the location information embedded in the photo would be able to determine the location of the picture. There are apps available that strip the geo-tag from the pictures; deGeo, metapho and pixelgarde are some of them.

3- Enable security and privacy options. The ‘HTTPS Only’ option ‘Settings’ menu will allow you to use Twitter over an encrypted connection which will help protect your login information from being hijacked by hackers using packet sniffers and hacking tools.

4- Twitter is actually more public than facebook, which means that you have to keep your personal information very minimal to virtually none. I.e. No phone numbers, no emails and no address in the location section.

5- Avoid using any third party apps on twitter. If you have any unrecognized app or an app you don’t remember installing, remove it by revoking its access to your account information from the app tab in your ‘settings’ menu.

6- Turn on the ‘protect my tweets’ option. This is a helpful tool when it comes to preventing unwanted individuals from following you on twitter. Once turned on, it will only show the tweets to people that are approved by you. This will not stop the current followers, it’s only for the future ones.

7- Remove unwanted or unknown followers. Delete the follower from your Followers list by blocking their account. The user is not notified when you block them, but your tweets no longer show up in their searches or timeline.

Here are some good sites with much more information about safety on twitter.

  • http://www.makeuseof.com/tag/10-twitter-safety-tips-to-protect-your-account-identity/
  • https://support.twitter.com/articles/76036#
  • https://support.twitter.com/articles/18368#

 

 

Cyber Safety Part I – Ashtad Rustomji

Being Safe From Identity and Personal Data Theft

1- The most important thing and the most common sense thing to do is to not put up any private info, including your full name, date of birth, or even address on any public forum.

2- Never give any of your bank information or credit card/debit card information to anyone who claims to be calling from the bank or from the credit card company. This can also happen if you get a call from one of your currently subscribed magazines, etc. If you want to renew the subscription, do it from the website itself, by typing the address in the address bar, never do it over the phone.

3- Never post any of your private pictures or family photos, photos of your home online or in a cloud storage, they can and have been easily hacked. (Example is the leaked celebrity pics scandal). Store them offline and off computer.

4- If you have any passwords written down, always store that file offline and off computer, store it in a usb drive and connect the usb only when you’re offline and encrypt the usb storage with  strong password. There are softwares available that help you create strong passwords.

5- Never give out your primary email. Always use a secondary email with not much information in it (like your name, address, location, etc, while signing up), to sign up to websites, etc. It’s called a dummy account. This can also help with avoiding spam emails in your main email inbox.

6- Always make sure to check the validity of the secure encryption certificate on websites, while making any transactions online. Usually if you have an anti-virus installed, it warns you of fake pages.

7- Always password protect your data with a strong password that contains letters, numbers and symbols.

8- Install a strong anti-virus that gives you protection from the latest threats and protects your offline data as well.

9- Never check your emails in a cyber café.

10- If you use Wi-Fi, make sure the connection is secure and password protected.

These are some simple tips to protect your data and online identity.

Safety tips to secure your wireless connection.

Without going into too much technical details, I’ll make this category simple and direct to the point as if I did go into details, you‘ll have to spend a whole day on the internet googling the terms. So to begin;

1- Turn on WPA2 Encryption on Your Wireless Router. If you have an older router, it will have an older encryption which is easily hackable. You’ll need to upgrade your firmware to WPA2.

2- Use the most unique and uncommon name for your network. If it’s one of the common names, you will be on the list with the most common names and will be more susceptible to your password being cracked. According to some sources, even WPA2 may be vulnerable to this kind of hacking.

3- This connects to the above point. Use a long and unusual password for your wireless network. The longer the password, the harder it is to crack using the rainbow tables. The max password limit is 64 characters, so go crazy. Wi-fi devices usually store the password as cache, you will have to do this only once, when you connect a new device.

4- Turn off the admin via wireless option. What this will do is restrict the hacker’s access to your wireless router’s administrative settings.

5- Enable firewall (If your router has it built-in, most do).

6- If you are in a smaller house, but the range of the wireless connection is high, reduce it. Decrease the signal range or hide it in a box or in any enclosure that could restrict the signal direction.

7- Be careful of something called piggybacking.

https://en.wikipedia.org/wiki/Piggybacking_(Internet_access)

 

Managing Online Conflict – Kathy Jackson

“Never read the comments.” This has become such a truism that it’s almost ridiculous to say anything about it. However, there are still online spaces where it is safe, and even enjoyable, to talk freely about difficult issues with people on the other side of the screen. How does that happen?

First, let me flourish some credentials on the subject. In one form or another, I have been moderating online discussions since at least 1998. That was the year that I joined an email list for the first time. On that first list, we had around seventy members, sometimes as many as a hundred. Group members sent about a hundred long messages to the list every day, so it was quite busy for the era. The topic was Christian theology, a contentious subject if ever there was one. And yet group members managed to maintain decorum on the list for the most part – at least, they did so as long as we moderators did our jobs well.

Fast forward a few years and I found myself hanging out in IRC channels. For those who never participated or don’t remember, IRC was (and for all I know still is) a way to chat with other people in real time. As a regular participant in a handful of channels I soon found myself working in the role of moderator. Moderating real-time discussions among anonymous strangers turned out to be quite different from trying to keep long form email conversations among known group members from running off the rails. There were a few commonalities, however. We found that intelligent and thoughtful people would stick around in a well-run forum, but would quickly vanish at the first sign of trolls. Trolls, however, didn’t mind and in fact enjoyed sharing the channel with those same thoughtful and intelligent people – at least until they ran the good people off. When we failed to enforce our mutually agreed-upon rules, it would not be long until there was nobody left to talk to in the channel except jerks and idiots. This did not create a pleasant online experience for any of us. On the other hand, when we did set boundaries and enforce them ruthlessly, that generally led to good people sticking around and not-so-good people behaving better than their unregulated natures would otherwise have done. We were able to have genuine, enjoyable interactions with a wide spectrum of real people in real time. That’s a win.

Since 2000 or thereabouts, I have participated in many different firearms discussion bulletin boards, first as a member and then later as a moderator. I worked as a moderator on The High Road, a relatively busy forum, for roughly seven years before I walked away from it. I’m still a moderator on The Firing Line where I have been a member since 2000 and a moderator since 2007. As before, I found that when the technology changed, so did the techniques a moderator needed to use in order to keep the good people engaged and the less-helpful members quiescent. But as before, I found that the core principles remained the same regardless of how the technology changed.

In 2011, I started my own blog for the first time. Felt a little silly to be so late starting a blog when I’d been relatively early with most other forms of online interaction, but there we have it. Until that time, my Cornered Cat pages were relatively static and offered no user interactions. Moderating the blog comments wasn’t a big shift from moderating forum comments, though I noticed that the core principles became even more noticeable in “my” space than they were in more-public spaces such as bulletin boards that belonged to everyone and to no one.

Like almost everyone else in 2015, I have a personal Facebook account, which provides lots of opportunities to hone my skills at managing online conflict. As a small business owner, I also run several public and private pages linked with my firearms education and training business. Facebook is an odd chimera, almost a return to the days in the wilds of IRC real-time chat, but with elements similar to bulletin boards as well. The format encourages brevity to the point of thoughtlessness, and it’s difficult to return to an older conversation to add new information to it. For this reason, it’s easy to chatter in quick and simple ways, but difficult to engage in meaningful discussion – and risky to bring up tough subjects. Unlike earlier technologies there’s very little transparency to what you might be doing as the moderator. You can hide bits of the public conversation from yourself, but there’s always a question as to whether you’re successfully hiding it from the audience at large. This makes it even more important to manage the conversation proactively rather than simply using technological tools to sweep conflicts out of sight.

Still, the core techniques that help keep conversations running smoothly along, that allow good people to connect with each other while keeping less helpful voices muted, remain about the same on Facebook as they were on earlier technologies. I suppose that tomorrow or the next day, there will be some new way to interact, and we will all abandon Facebook in favor of that form of interaction. When we do, the same principles and concepts that make interaction pleasant now can help us meet those new challenges as well.

Here’s what I’ve learned over the years.

Own your space. Regardless of the form or the forum, when you’re partly or entirely responsible to keep the conversations pleasant, the first step is simply to own that space and be up front that you own it. Be courageous enough to meet your responsibility boldly, and don’t expect anyone else to sweep up the mess when there is one.

What about shared spaces? If moderating a space is a responsibility you share with others, you will usually want to talk to those others behind the scenes to be sure you’re all on the same page before you act. This isn’t always an option, however. Realize that sometimes you will need to act boldly and immediately, without taking time to consult with others. Be prepared to do that, and be prepared to publicly support them when they do likewise, even if the specific action they take isn’t one you yourself would have taken. As much as is humanly possible, work out your differences with other moderators behind the scenes and present a united face in public.

Set clear expectations. This can be done explicitly and up-front, when members first join your group, as is generally done on bulletin boards and email lists. Or it can be done implicitly and in line with the group conversation, as generally happens on Facebook. In either case, most people appreciate knowing what’s expected of them in online spaces, and appreciate knowing what they can expect from others.

Frame expectations positively. People don’t always appreciate being told what to do, but they don’t mind it nearly as much as they mind being told what not to do. Especially after they’ve already done it.

Reinforce expectations when needed. “Quick reminder: please treat others gently in this space. If you have a personal problem with someone else, contact them privately to work it out. Thanks.”

Be part of the conversation. As moderator, it sometimes feels awkward to join in the general conversation. The temptation is to stay out of it, and only step in if there’s a problem. Counterintuitively, this is a much more difficult way to manage online spaces. The easier way to do things is to happily join in the conversation so you can steer it where you believe it can most fruitfully go, and so that you can quietly redirect small conflicts before they become messy problems.

Gently intervene early. Start potentially-contentious conversations only when you have time to babysit the resulting discussion, at least for the first little while. No matter what the venue, the rule is that light interventions early on usually prevent needing to take drastic measures later. The first few responses really set the tone for everything that follows, so watch the first responses carefully and make gentle course corrections as early as possible if the conversation looks likely to take an ugly turn. This becomes easier as you become more familiar with your audience and their particular hot buttons.

Assume goodwill. When the conversation really gets going, it’s easy to begin assigning motives to the other participants. Maybe the person on the other side of the screen is actually stupid and evil. Maybe they’re drunk. Maybe they’re trolling and trying to get a rise out of you. Maybe this, maybe that. Instead of playing that game, try assuming that questions are simply questions (answer them), that arguments are genuine attempts to reach the truth (join them in looking for it), that disagreements are nothing more than evidence of separate minds approaching problems in different ways (enjoy figuring out how other people’s thought processes work). When you do spot a specific behavior that needs to be corrected, focus on the behavior itself as much as possible. After all, it’s not your job to solve their psychological problems or get them into an AA meeting; it’s simply to keep your online space a pleasant place for people to interact.  

Praise good behavior. Call people out when they say something well or when they keep the peace through a potentially-upsetting conversation. Praise the good stuff both generally and specifically: “I love it when people have such thoughtful conversations in my forum!” and “John, you did a great job with Sue’s question. Thanks for sharing your expertise on that one.”

Use private channels appropriately. Some conversations shouldn’t be for public consumption. My rule of thumb is that I prefer to contact people in private whenever the conversation becomes more about monkey-brain issues than about purely logical ones. We can proactively make human connections and build bridges in both public and private conversations, but if we need to repair a broken bridge, that’s almost always more easily done in private. Along the same lines, if someone does or says something praiseworthy, tell them so in public! But if someone needs to be corrected or reprimanded in some way, that’s best done in private.

Remember that’s a human. It’s easy to get caught up in proving some logical point, in winning an argument, in being right and making sure everyone knows it. It’s easy to forget that there’s a living, breathing, feeling human being on the other side of the impersonal computer screen. Before posting your comments, especially when you’re playing the role of moderator and know that your words will have special weight, always look them over for potential hurt feelings and other monkey-brain issues. Can you sweeten your words while still making your point?

Make human connections. Especially on Facebook and other social media, it’s surprisingly easy to forget that people we know in real life are watching our interactions. One simple way to redirect a conversation that’s getting too heated: introduce your friends to each other. (“Steve, this is Mary. I’ve known her since we were in college together. She’s the one who introduced me to my husband. Mary, this is Steve. He’s a friend I met on my last job. I’m glad you’re finally having the chance to meet online and I hope you’ll be kind to each other on my page.”) A quiet reminder that both of them are important to you and that you do expect people to play nicely in your space never hurts.

Provide an out. Sometimes, the conversation makes it apparent that one person is objectively right and the other, objectively wrong. When you’re the one in the right or the one moderating the space, actively work to provide a gracious way for the person in the wrong to back down. You’ll appreciate it when they do likewise for you when it’s your turn to be wrong.

Admit it when you’re wrong. When it’s your turn to be wrong, admit it. Your monkey brain will tell you that admitting your mistakes will make you look weak. But you know that is not true. You lose respect when you behave unreasonably, but you gain respect when you gracefully make room for someone else to be right. You gain respect when you back away from an untenable position. You gain respect by being more committed to finding the truth than you are to playing monkey games.

Apologize gracefully. When you’ve been a jerk, say so. Your monkey brain will tell you that an apology will make you look weak. But you know that is not true. You lose respect when you treat others disrespectfully, but you gain that respect back, and more, when you own up to your mistake and strive to do better in future. Cultivate the art of apologizing gracefully. (Script: “I’m sorry for <specific act>. This is wrong because <specific reason>. In the future, I will <specific, positive replacement behavior>. Will you forgive me?”) When you make a mistake, own it. Own your entire mistake, not just part of it. Own only the mistake you actually made; don’t apologize for stuff you didn’t actually do. And never ruin an apology with an excuse.

Emphasize common ground. Especially on contentious topics, it’s a good idea to consciously seek out and emphasize the things you have in common with other participants. For example, one of my personal hot button topics is gun control. I’m against it, in all its forms. When I engage in conversation with someone who wants some new law or restriction on legal firearms, we can have a fruitful and pleasant interaction if we start by agreeing on what we do have in common: we both want our families and our communities to be safe. We both want to feel at ease in our daily interactions with others, and we both want a world where violence does not spiral out of control. Whenever the conversation becomes heated, we can always return to those touchstones to cool ourselves down and remember our shared goals.

Redirect toward common goals. As moderator, I can help other people find – and later, remember – their common ground and shared goals. Stepping in to remind people what they have in common can often redirect the conversation back into fruitful territory, and avoid having to use more active measures to control later misbehavior.

Focus on the human problem. Every hot-button topic contains both a human element and a monkey element. The human element is the specific issue that needs to be analyzed and perhaps solved. The monkey element is the way people feel about that issue, and all the tribal concerns that go with that. When people get into their monkey brains, they often end up flinging poo all over each other and all over the shared space, and there’s not a lot of fruitful discussion that accompanies that. So good moderators first acknowledge monkey feelings, then redirect conversations toward the human problem.   

Manage your own emotions. We readily notice when other people have gotten heated, but it’s sometimes more difficult to keep track of our own emotional temperature. Make a habit of noticing your respiration and heart rate before you post. If they’re elevated while you’re sitting at the computer, it probably wasn’t because you were doing jumping jacks while you were reading. That’s emotional excitement at work. Take a few minutes to calm down before you type anything. Better still? Sleep on it. The conversation will probably still be there in the morning.

Follow through. The specific way that you as moderator can follow through to enforce your rules and expectations will depend upon the technology, but nearly every platform has the equivalent of a ‘ban’ button. Don’t be afraid to use it. When you use that button, you are honoring the thoughtful and pleasant people who want a good online experience. Remember that trolls will gleefully interact with thoughtful people, but respectful and thoughtful people will almost always shut up and go elsewhere when trolls invade. What kind of people do you want in your space? What type of behavior do you want to reward and what type do you want to discourage? Be willing to make the hard calls.