Out of the office for a while

I’m out of the office for a while so there won’t be many updates to this blog in January, 2013. See you when I return! If you’re wondering where I am, here’s a clue: Yes, experts all say that you shouldn’t tell others you’re gone when you’re gone. Well, I have virtually nothing of value…

0

Teaching consumers security habits

I thought I’d round out the year with a summary of Randy Abrams’ talk from Virus Bulletin entitled Teaching Consumers Security Habits from this past year’s 2012 Virus Bulletin Conference in Dallas, TX. I wanted to write about it long ago but I wanted to post my series Practical Cybersecurity first. The two topics naturally…

0

Practical Cybersecurity, Part 6 – Bringing it all together

How young to start? Where should we teach cyber security? Should it be something that people learn on their own time? Or is it something that should be included into formal education? Paypal recently (when I first wrote this paper) released a whitepaper on combating cybercime. In it, the authors assert that today’s educational efforts…

0

Practical Cybersecurity, Part 5 – What should we teach?

What concepts should we teach? What topics are the most important ones for users to learn? There are so many possibilities that it is hard to narrow down to only a handful. If we only got to pick three, here are the three I would choose: The Internet is fun but only deal with trustworthy…

0

Practical Cybersecurity, part 4 – Metacognition

Metacognition A third technique that supports transfer is teaching methods that incorporate metacognition. Metacognition is “thinking about thinking” – understanding the reason behind a concept. For example, we all know that the North Pole is cold. Why is it cold? Because it receives less direct sunlight than the equator. Is the South Pole warm or…

0

Practical Cybersecurity, part 3 – Experience

Whenever people learn new information, they do it in a way that fits in to their current experiences of how they view the world. There is a children’s book called Fish is Fish. The book is about a fish who lives in the ocean and wants to see the rest of the world, so he…

0

Practical Cybersecurity, Part 2 – Expertise

Expertise If we want to teach people to be cyber aware, they need expertise. But how much is enough? Do we want people to become security experts? Or just good enough to resist most types of scams? In other fields, experts are able to process information differently than novices. In fact, they have a whole…

1

Practical Cybersecurity, Part 1 – The problem of Education

I thought I’d close out the year by presenting my 2011 Virus Bulletin presentation. It builds upon my 2010 presentation about why we fall for scams which I blogged about earlier this year in my series The Psychology of Spamming: Part 1 – How our brains work Part 2 – The Limbic system, cognition and…

1

IT Gangnam Style parody from F5 networks

I found this Gangnam Style parody from F5 networks yesterday entitled “IT Style.” I found it entertaining, hope you do, too, techies.  

0

Another day, another phish campaign

Today we are seeing another high volume spam campaign. It is very similar to the one I wrote about yesterday: The IPs are all compromised (i.e., the spam is coming directly from botnets). The URLs point mostly to compromised web hosts, that is, the URLs are legitimate but have been broken into and are either…

0

Why people keep proposing a Final Ultimate Solution to the Spam Problem (FUSSP)

In the antispam world, from time to time somebody new likes to come in and propose a solution that will wipe out spam: Email authentication! Statistical classifiers! Blacklists! User education! These terms are derisively referred to as the Final Ultimate Solution to the Spam Problem. It’s a term that industry veterans give to ideas that…

0

Large scale spoofing campaign

Over the past week or so we have seen a lot of spoofing going on with campaigns that look like the following: These campaigns have the following characteristics: They are high-volume zero-day campaigns. The IPs typically end up on IP blocklists but they are successful at emitting huge blasts of spam before they are caught….

0

Google, Apple, Microsoft… why is there such fanboy-ism in tech?

I’m going to depart from my typical security related topics to discuss another issue: fanboy-ism. You all reading this know what I mean – it’s when people have such a devotion to a certain product that they will defend, to the death, their preferred device or product and attack, to the death, their non-preferred anti-product….

1

A whole slew of security reports

If you’re looking for something to read, say, the latest trends on Internet threats, I have a whole bunch of them here for your online perusal. I’ve gone through them and I have a highlight from each of them: Microsoft’s Security Intelligence Report, Volume 13 (3 MB) Microsoft’s semi-annual security report, it reports on threats…

1