Circles of Trust - Social Engineering


“Social engineering” is a broad term used to describe many types of confidence fraud on the Internet. There are many social engineering techniques, including phishing and impersonating persons or websites. Learning about social engineering will help you stay alert for threats to your security.

Phishing is using email, instant messaging or other electronic communications in an attempt to trick you into divulging information the scammer can use to further their attack. Never divulge a password, PIN, credit card or Social Security number in an email. Your bank will never ask you to. Most reputable companies follow the best practice for recovering a forgotten password. They will provide you a link to a page on their site that will allow you to reset your password. You should make sure the link connects you to their website by verifying the URL and the website’s security certificate.

Another con involves calling people at work and  claiming to be from IT support or their company’s help desk, to ask you for your password. Don’t give anyone your password over the phone. If they are really from your company’s IT staff they don’t need it, or they can reset it themselves. Some IT departments will call and ask employees for their passwords just to see how may employees fall for this common social engineering con, as part of a security audit, or so that they can determine if they need to do additional security training.

Websites can be impersonated too. A web page can easily be made to look like your bank’s login page. My previous article about website security certificates explains how to verify a sites authenticity and why encryption and certificates are important for transmitting credit card and other sensitive information.

We are all busy nowadays but, it is important to pay attention to what we are doing and not let our impatience rush us into bad decisions. I don’t know how many times I wish that I would have slowed down a little before I hit “send” or “submit!”  Take time to investigate the company, person, webpage, email address or link you are being asked to trust.

Finally, use common sense and continue to stay informed about the risks and best practices for protecting yourself on the Internet. As new security technology and safety measures are being developed, so are new viruses, cons and other threats. One good source of information is your antivirus software company’s website. If you would like to dive a little deeper, there are many blogs dedicated to the subject of security. Veracode Blog’s list of 20 top security blogs is a good place to start.  I am also beginning a new section of The Practical Computer, dedicated to security, but written more for (you guessed it!) the average everyday computer user.  Look for it within the next week or so.





~#~


Sign up with email to get updates from The Practical Computer
and subscriber-only tips and giveaways.


For more on Internet Security:

From The USA Educational Foundation: Internet Safety For Adults


From Family Online Safety Institute:
Top Internet Safety Tips for Parents (PDF)


From US-CERT:
Advice about common security issues for
non-technical computer users

     

Circles of Trust - Website Security Certificates


We have warmed up to the ideas of banking and shopping online because we understand the technology a little better and we tend to trust big institutions. But mostly, more and more of us are trusting websites with our financial data because more and more brave pioneers began using this new technology without being eaten or suffering other terrible consequences.

We can feel even better about trusting online banking and shopping if we understand the Internet’s definition of trust. On the Internet, trust is established by an organization’s reputation but, more importantly by their web site’s security certificate.

Do you remember Ralphie’s Ovaltine secret decoder ring? He really, really, really had to have it so he could understand the secret radio message! Of course, Internet encryption is vastly more complex but the basic idea is the same.

HTTPS AND SSL

HTTP is the default protocol that your browser uses to communicate with web servers. You have probably seen a web address or URL (uniform resource locater) look like this: http://www.southsidetech.com.

You don't have to type the http:// part in your browser's address bar, because it is assumed. Your browser fills this part in for you automatically.

SSL stands for Secure Socket Layer, it does two things:
  1. Encrypts your data, which means no one can see what the website sends to your browser or what your browser sends to the website.
  2. It authenticates the web site. In other words it certifies that the web site is actually owned by the entity that claims to own it.
HTTPS is HTTP plus SSL. It means the web page at that address uses SSL to encrypt data and authenticate the website. Usually the link you use to get to a secured site is programmed with the https:// prefix. Otherwise, you would need to type this part of the address yourself because it is not the browsers default protocol.

When you see the little lock next to a web site’s address in your browser’s address bar, or you see “https” at the beginning of the address, this means that you are using encrypted communications.

Certificates

A Certificate is a document that a website shows a browser to authenticate its identity. It “certifies” that the website is who it says it is. They are issued by a “Certificate Authority” (CA), a company who will verify for the browser that a particular website’s certificate can be trusted. All web browsers (IE, Chrome, Firefox, etc.) come pre-loaded with security files for CAs whose opinion they will trust.

The website owner must generate a Certificate Signing Request and send it to a trusted CA. The CA then verifies the website’s ownership and “signs” the security certificate. Once issued the web site owner installs the certificate on their web server. It includes owner information like organization name, address, etc. and public and private encryption keys.

Public and Private Keys

A private key is a secret password that is known by only the website and the CA. This is how the CA can vouch for the website. When a web browser requests an encrypted page from the website, it can be certain the website belongs to who it says it belongs to. Otherwise an unscrupulous entity could pose as the site and fool you into revealing your logon credentials to the real site.

Included in the Certificate is a public key. It uses a different password for encryption. The private and public keys are unique to that Certificate. Data encrypted with the private key can only be decrypted with the public key, and vice versa. Only the private key can encrypt data for a particular public key.  That is how you know the website is who it claims to be.

You can view information about a website’s certificate by either clicking on the little lock in your browser’s address bar, or clicking on the CA’s “seal” emblem usually located on the secured web page. Common CA seals will be from companies like Verisign, Thawte and GoDaddy. You can also see what Certificate Authorities your browser trusts by going to your browser’s settings, options or tools menu.

Circles of  Trust

Website security certificates are only one of the Circles of Trust. If we understand each circle a little better, we will feel better about exploring and learning.




~#~


Sign up with email to get updates from The Practical Computer
and subscriber-only tips and giveaways.


For more on Internet Security:

From The USA Educational Foundation: Internet Safety For Adults


From Family Online Safety Institute:
Top Internet Safety Tips for Parents (PDF)


From US-CERT:
Advice about common security issues for
non-technical computer users

     

The American Dream


I read an article recently about a study concluding the United States is no longer the leader in upward social mobility. In other words, citizens of a few other countries have better odds of moving from the social and economic class of their parents’ generation into a higher one. Many people were very disappointed to hear this, including myself.

We have seen our jobs leave for cheaper labor overseas. Low wage jobs are no longer the only ones “off shored”. More and more, higher skilled jobs are being moved to other countries as well. Everyone knows our economy is suffering and many Americans are struggling to provide for their families.

Some have proclaimed the American Dream is either dead or on life support. Maybe so, if you believe the American Dream is about driving a Mercedes when your father only drove an Oldsmobile. 

We have seen hundreds of thousands die from AIDS in Africa. Genocide still exists. Despotic rulers and tyrants still exist. Famine is real and found all over the world today. 

Who does the world look to, even plead with, to step up and lead in the good fight? 

Where do parents from all over the world want to send their children to attend college?

How many people around the world have better lives because the United States of America stood up and stepped up?

Generations of Americans have sacrificed to fight tyranny. The American people always believed that, to whom much is given, much is expected. Yes, we need to stand up for each other now, but we also need to do what we have always done - work hard, and reach out to others. Let's not begrudge the success of others around the world. We have given the lives of our sons, daughters, brothers, sisters, mothers and fathers, so that others can have it. Their success IS our success! 

If there is a chance that my son will live to see less hunger and agony in this world and, America had anything to do with it, the real American Dream is alive! I am more proud to be an American today than I have ever been. God Bless America!








~#~



Social Networking for Business – 9 Tips for Managing Your Brand and Reputation

Many businesses are recognizing the potential of social networks to market their products and services. They can be an effective way to reach new customers and keep existing customers engaged. Small businesses especially, can engage their local markets very effectively.

A successful social networking campaign can increase the exposure of your brand exponentially through the social multiplier effect.

Each Facebook fan has  "friends" that will see their "likes" and their "friends" have "friends", and so on.

But just as social networking has the awesome ability to increase awareness for your products, it can also  multiply your missteps in the same way. Businesses must be thoughtful, careful and deliberate in their use of social media if they want to avoid mistakes and manage their reputations well.

Following these guidelines will help your business establish and maintain a good reputation while using social networking:

1.)  Post new messages from your a business account, not from your personal account. A separate account for your business will allow you to be yourself with your friends and help you to be more professional with your potential customers.

2.)  If you want to sell products and services to people regardless of their political views, don’t express yours.

3.)  Do not be crude or rude!  Why risk alienating anyone?  Be very careful with attempts at humor. Words on a page, or in an email, cannot convey inflection, body language or facial expressions.

4.)  Do not post to Facebook or Twitter several times a day. You can post to Twitter a little more often than Facebook but, be considerate or your posts will only be annoying.

5.)  If you do not have a blog, start one. A blog article's longer form will give you better ability to define the value of your offerings. A blog can help establish you as an authority in your area of business. A blog will also give you more opportunities to connect with customers on other social networks.

6.)  Keep posts professional and on subject. Your customers will appreciate getting the information they expect from you.

7.)  Do use multiple channels of social networking but, be careful and do not cross business and personal lines between channels. Start and maintain each channel professionally.

Facebook, Twitter, LinkedIn, Pinterest and blogging each have unique individual strengths but, when used together in a well planned social media marketing campaign, they can become a powerful advertising strategy. If your professionalism slips on any of them, it may be noticed by your customers that use the others.

8.)  Study how successful businesses similar to yours use social media. If they are using it effectively, they are most likely using several channels in a well orchestrated strategy.

9.)  Engage with your customers. Answer comments and questions. Be social!  After all, that is what your customers expect on a social website. Many business experts believe the opportunity to engage with customers is the real power of social media.

Many of your potential customers may have more experience with social networking than you. They will immediately compare your marketing methods and messages with those of other businesses and judge yours accordingly.

Be professional. 
Well designed and executed social media marketing campaigns will improve your website’s search rankings and bring you more customers.










~#~