Hi List;

I am asked to give a talk to a group of home computer users on Internet
or online security in the community. I am planning to focus on 5
major/critical threats/risks to them, the list is below. Would have I
missed some big ones for the home users? Your
suggestions/comments/input are appreciated.


SCAM
Phishing - Identify Theft
Malicious Code - Spyware, Virus, Worms, etc.
P2P file sharing / download services
Social Engineering
Privacy?

Many thanks in advance.

A Monk

a_monk wrote:

Phishing is Social Engineering.

On 6 Mar 2006 09:36:39 -0800, "a_monk" <dfox138@hotmail.com> wrote:

topic.

Last night I conducted a survey with my laptop. I took 2 streets in a
small town in Ohio. I parked mid block for 6 blocks on each of 2
streets. I had at least 2 accessable signals on each stop. Twenty
five percent of those signals were without security and I accessed the
internet from them. Of those accessed, I sailed into their shared c:
drives.
On one corner I had 8 signals including 1 church office. I sailed
right in and accessed their records and payroll records without any
"special programs". Needless to say, I will visit the pastor today to
share this.

Hope this helps.
George

Also None wrote:

I can conduct about 50% are unprotected, 40% are only protected with WEP
(whcih is about the same as unprotected) and only 10% involve either
WPA, IPSec or VPN.

There are programs available on the internet that would let a hacker
with only basic level knowledge get through a WEP encrypted signal in
about 25 minutes. Using an encrypted connection over and above and
along with WEP is the best way to protect your internet communications.
A simple program like Max Crypt can encrypt files and folders on a
hard drive at no cost for added security. Regards


* www.privacyoffshore.net (No Logs Internet Surfing)
* Anonymous Secure Offshore SSH-2 Surfing Tunnels
* Anonymous Mail & News through SSH-2 Tunnels
* Free Resources and Privacy Software

Also None wrote:

This is the kind of mentoring that helps the uneducated understand
security. Unfortunately, too many think that random acts of malicious
mischief will "teach them a better lesson".

On Wed, 08 Mar 2006, in the Usenet newsgroup alt.computer.security, in article
<EKSdnXMFn_ZOS5PZRVn-rg@comcast.com>, optikl wrote:

Aside - I'm highly surprised that only 25% were without security. I would
have expected 25% with, and 75% without.

Hopefully the pastor will be understanding.

Worse, most operators of unsecured systems will accuse you of hacking
into their systems, threatening criminal complaints, etc. The real
problem is getting the word to these people that _anyone_ can gain
access to their systems, including the seventy year old grandfather
across the street, the six year old next door, or that dachshund in
the house behind you who's searching the internet for pictures of
Saint Bernards in crotchless panties and fishnet stockings.

Old guy

On Thu, 09 Mar 2006 00:01:14 +0100, Jim Watt <jimwatt@aol.no_way>
wrote:

suggested they contact their puter repair service to rectify it.
Guess what - they have a couple of guys in the church that know all
about computers. By the way, I did this along with the second in
command from the Sheriff's office. He was amazed at what he saw.
This will be an even hotter topic than the burglary rate in town. In
Columbus, 85% of residential burglaries are the result of unlocked
doors and windows. I see no difference with the wireless security.
I offered to meet with them with my laptop and show them their needs.
I'll bet they don't even call me.

George

(admins) privacyoffshore wrote:
Aircrack and WinAirsnort are available as Windows binaries. Expect their
job to be done within 10 minutes.

Then WEP is a useless overhead.

Woah, all my files are stored encrypted, but I have no worries uploading
them by unencrypted HTTP? :-)

Sebastian Gottschalk wrote:

I think the poster was suggesting that having critical data encrypted
locally would be a prudent second (third, fourth, etc.) line of defense
against someone who might crack WEP or some other "boundrary" encryption
or device.

On Wed, 08 Mar 2006, in the Usenet newsgroup alt.computer.security, in article
<vj5v02lbigtn6uo41k1e7tn9vt66krfiin@4ax.com>, Also None wrote:

Any one want to take odds that the situation will be unchanged a year
from now?

So all you've done is to show a creditable witness for the prosecution ;-)
Jim is correct about accessing systems being an offense in some jurisdictions.
I imagine a few minutes on google might turn up some applicable laws.

Web Results 1 - 10 of about 726,000 for state+law wireless access
unauthorized. (0.29 seconds)

Hmmm, New York and New Hampshire laws right on the first screen of results.
Changing the search term to 'Ohio+law wireless access' brings up a state
senate bill (Amended Substitute Senate Bill Number 146) - rather extensive,
but no quickly obvious date. It seems to reference other sections of existing
law which may or may not have impact.

I imagine that is true in a lot of places. I don't have figures for the
Phoenix (AZ) metro area, but 85% doesn't sound unreasonable.

The homeowner who undresses with the lights on, in front of the window
with the shades drawn can be prosecuted for specific charges. The same
homeowner leaving their wireless network wide open with those explicit
photographs offering a better view can't be prosecuted.

Ya-all be careful, ya hear? ;-)

Old guy

On Mon, 06 Mar 2006 18:42:56 +0100, Sebastian Gottschalk wrote:

Roll phishing into social engineering, then add a category for home
network security. Cover firewall basics and wireless security basics,
passwords, etc. Recommend a separate firewall box, like a D-Link or
linksys box, which are easily configurable and inexpensive these days.

-Neil