O SlideShare utiliza cookies para otimizar a funcionalidade e o desempenho do site, assim como para apresentar publicidade mais relevante aos nossos usuários. Se você continuar a navegar o site, você aceita o uso de cookies. Leia nosso Contrato do Usuário e nossa Política de Privacidade.
O SlideShare utiliza cookies para otimizar a funcionalidade e o desempenho do site, assim como para apresentar publicidade mais relevante aos nossos usuários. Se você continuar a utilizar o site, você aceita o uso de cookies. Leia nossa Política de Privacidade e nosso Contrato do Usuário para obter mais detalhes.
"At the end of the day, everything is hackable. What I am surprised about is that people sometimes forget that it's so easy to hack into these devices,”
It’s the year of the healthcare hack. Updated Friday, Oct. 2 A massive data breach at the credit rating bureau Experian has exposed the personal information of about 15 million people who applied for T-Mobile service between 2013 and 2015. It’s just another data breach in what has been a constant drumbeat of new hacks. It seems no one is safe–or at least, no one who has health insurance, a job, or shops at large retail stores. Here’s a breakdown of the largest groups of vulnerable people in the past two years: Healthcare customers: Security experts warned in February that 2015 would be the year of the healthcare hack, and those forecasts have proven right. At the end of January, as many as 11 million Premera Blue Cross customers were affected by a hack. Anthem announced the following month that almost 80 million current and former customers’ personal information had been breached. In May, CareFirst BlueCross BlueShield, serving Maryland, Washington and Virginia, announced 1.1 million of its customers’ personal information had been compromised. UCLA Health System announced a data breach in July affecting 4.5 million people. In September, Excellus BlueCross BlueShield, based in upstate New York, said as many as 10 million people’s personal records had been exposed.
Ashley Madison users: Hackers stole and, in August, posted online the information for around 32 million users of the dating site, which is designed for married people looking for affairs. Government employees: The hack, announced in June, impacted 21.5 million people who had a government background check, including government employees and some of their family members. More than 5 million fingerprints were also exposed–a security risk for spies abroad. The hack was so extensive that the United States reportedly pulled spies from China on Tuesday, since their identities may have been discovered. Sony employees: Huge troves of company data were stolen and posted online, including sensitive executive emails, employees’ personal information, and copies of upcoming films. The hack led to the resignation of Amy Pascal, Sony’s co-chairman. Home Depot shoppers: Last September, Home Depot announced it had been hacked, and 56 million payment cards were compromised, as well as 53 million email addresses. JP Morgan customers: The information for 83 million customers and small businesses was compromised in a hack revealed in August 2014. EBay users: In a hack reported in May of 2014, personal information for more than 145 million active users–including login credentials and physical addresses–was compromised. Target shoppers: In December 2013, 110 million customers’ personal and financial information was
Phishing messages often contain clickable images that look legitimate; by reading messages in plain text, you can see the URLs that any images point to. Additionally, when you allow your mail client to read HTML or other non-text-only formatting, attackers can take advantage of your mail client's ability to execute code, which leaves your computer vulnerable to viruses, worms, and Trojans.
If nothing else, just the fact that an ISP would install a device with the default password, tells you everything you need to know about their interest in your security.
HTTPS Everywhere is an add-on for Chrome, Firefox and Opera that ensures that whenever you visit a site that offers data encryption, you're using it. You can check whether a site offers encryption by looking at the address in your browser and seeing whether it begins with "https", as opposed to "http" or "www" (the "S" stands for "secure").
Avoid the Hack
AVOID THE HACK
Cyber Security Measures for Your
Customers and Yourself
Jason M. Jakus
Hacking is the act of illegally
accessing the computer system
or Network of an individual,
group or business enterprise
without the consent of approval
of the owner of the system.
Cracking is a higher form of
hacking in which the
unauthorized access culminates
with the process of defeating
the security system for the
purpose or acquiring money or
information and/or free services.
LAUNCHING OF HARMFUL COMPUTER VIRUSES
A computer virus is a program that can
copy itself and infect a computer without
permission or knowledge of the user. The
original may modify the copies or the
copies may modify themselves.
A virus can only spread from the one
computer to another when the host is
taken to the uninfected computer, for
instance by a user sending it over a
network or carrying it on a removable
medium such as a USB drive.
DISTRIBUTED DENIAL OF SERVICEATTACKS
DDOS attacks can be committed
by employment multiple computers
controlled by a single master
computer server to target a
particular server by bombarding it
with thousands of packets of data
in an attempt to overwhelm the
server and cause it to crash.
• WEBSITE DEFACEMENT IS THE UNAUTHORIXED
MODIFICATION OF A WEBSITE.
ACQUIRING CREDIT CARD INFORMATION FROMA
WEBSITE THAT OFFERS E-SERVICES
Hackers prefer VISA, American
Express and MasterCard when
filtering credit card information. It is
because VISA and MasterCard are
widely accepted by almost all
internet shopping sites.
Phishing scams are typically fraudulent email messages
appearing to come from legitimate enterprises (e.g., your
university, your Internet service provider, your bank).
These messages usually direct you to a spoofed website
or otherwise get you to divulge private information (e.g.,
passphrase, credit card, or other account updates). The
perpetrators then use this private information to commit
One type of phishing attempt is an email message stating
that you are receiving it due to fraudulent activity on your
account, and asking you to "click here" to verify your
Avoiding Phishing Scams
• Be suspicious of any email message that asks you to
enter or verify personal information, through a
website or by replying to the message itself
• The safest practice is to read your email as plain text
• If you choose to read your email in HTML format:
Hover your mouse over the links in each email
message to display the actual URL. Check whether
the hover-text link matches what's in the text, and
whether the link looks like a site with which you would
normally do business.
• If possible, make your password at least 12-15
characters in length
• Use at least 2 upper-case letters, 2 lower-case
letters, 2 numbers, and 2 special characters
(except the common ones such as "!@#$")
• Never use whole words. Make the password as
random as possible
• Avoid using personal information as part of your
Securing Your Router
• Change the password used to access the router.
Anything but the default is OK.
• Turn off WPS
• Wi-Fi security should be WPA2 with AES (do not
• The Wi-Fi passwords need to be long enough to
stall brute force attacks. Opinions on the
minimum length differ, my best guess is that 14
characters should be sufficient. A totally random
password is not necessary, "999yellowtulips" is
both long enough and easy to remember.
Securing Your Router
• Turn off Remote Administration (its probably off
• If any of your Wi-Fi networks (a router can create
more than one) use the default name (a.k.a.
SSID) then change it. Also, if they use a name
that makes it obvious that the network belongs to
you, then change it.
• Use a Guest Network whenever possible. Any
computer running Windows 10 should never be
allowed on the main network, always restrict them
to a Guest Network.
Picking Out A Router
• The devices shipped by ISPs suffer from a general level
of incompetence both in their initial configuration and
• Spying: We have seen that ISPs, at times, co-operate with
spy agencies and governments. Even without outside
influence, an ISP may well put a backdoor in the devices
they give to their customers, if for no other reason than to
make their life easier in some way.
• Don't be a prime target. Any router provided by an ISP to
millions of customers is a prime target for bad guys and
spies. More bang for the hacking buck. You are safer
using a less popular device.
Testing Your Router
Open Wi-Fi Networks
• Public Wi-Fi networks—like those in coffee shops
or hotels—are not nearly as safe as you think.
Even if they have a password, you're sharing a
network with tons of other people, which means
your data is at risk.
Probable Ways to Get Phone Hacked
• Wi-Fi in public places, such as cafes and airports
could be unsecure, letting malicious actors view
everything you do while connected.
• Applications add functionality to smartphone, but also
increase the risk of a data breach, especially if they
are downloaded from websites or messages, instead
of an app store.
• Despite the best intentions of smartphone
manufacturers, vulnerabilities are found which could
let attackers in.
Passwords Best Practices
• Don't re-use passwords. One ultra-secure one won't be any
good if someone finds it
• While combining upper and lower case passwords with
numbers to alter a memorable word - M4raD0na - is often
advised, these are more easily cracked than you might think
• Good advice is to make a memorable, unusal sentence: "I am a
7-foot tall metal giant" is better than "My name is John", and
use the first letter of each word with punctuation: "Iaa7-ftmg”
• Alternatively, you can use a password manager such as
1Password, which can generate secure passwords and store
• The best way to protect yourself is to use two-factor
authentication, which will send a text with a code or use an app
to verify your log-in
• Don’t use the same password for every system
• Change Passwords frequently
• Update your Anti-Virus Software
• Protect Yourself in open wi-fi environments
• Install the HTTPS Everywhere browser extension.
• @JasonJakus on Twitter