Cyber Self Defense

Security researchers are warning that Web-based applications are increasing the risk of identity theft or losing personal data more than ever before.

The best defense against data theft, malware and viruses in the cloud is self defense, researchers at the Hack In The Box (HITB) security conference said. But getting people to change how they use the Internet, such as what personal data they make public, won't be easy.

People put a lot of personal information on the Web, and that can be used for an attacker's financial gain. From social-networking sites such as MySpace and Facebook to the mini-blogging service Twitter and other blog sites like Wordpress, people are putting photos, resumes, personal diaries and other information in the cloud. Some people don't even bother to read the fine print in agreements that allow them onto a site, even though some agreements clearly state that anything posted becomes the property of the site itself.

The loss of personal data by Sidekick smartphone users over the weekend, including contacts, calendar entries, photographs and other personal information, serves as another example of the potential pitfalls of trusting the Cloud. Danger, the Microsoft subsidiary that stores Sidekick data, said a service disruption almost certainly means user data has been lost for good.

Access to personal data on the cloud from just about anywhere on a variety of devices, from smartphones and laptops to home PCs, shows another major vulnerability because other people may be able to find that data, too.

"As an attacker, you should be licking your lips," said Haroon Meer, a researcher at Sensepost, a South African security company that has focused on Web applications for the past six years. "If all data is accessible from anywhere, then the perimeter disappears. It makes hacking like hacking in the movies."

A person who wants to steal personal information is usually looking for financial gain, Meer said, and every bit of data they can find leads them one step closer to your online bank, credit card or brokerage accounts.

First, they might find your name. Next, they discover your job and a small profile of you online that offers further background information such as what school you graduated from and where you were born. They keep digging until they have a detailed account of you, complete with your date of birth and mother's maiden name for those pesky security questions, and perhaps some family photos for good measure. With enough data they could make false identification cards and take out loans under your name.

Identity theft could also be an inside job. Employees at big companies that host e-mail services have physical access to e-mail accounts. "How do you know nobody's reading it? Do you keep confirmation e-mails and passwords there? You shouldn't," said Meer. "In the cloud, people are trusting their information to systems they have no control over."

Browser makers can play a role in making the cloud safer for people, but their effectiveness is limited by user habits. A browser, for example, may scan a download for viruses, but it still gives the user the choice of whether or not to download. Most security functions on a browser are a choice.

Lucas Adamski, security underlord (that's really what his business card says) at Mozilla, maker of the popular Firefox browser, offered several bits of cyber self defense advice for users, starting with the admonition that people rely on firewalls and anti-virus programs too much.

"You can't buy security in a box," he said. "The way to be as secure as possible is about user behavior."

There is a lot of good built-in security already installed in browsers, he said. If you get a warning not to go to a site, don't go to it. When you do visit a site, make sure it's the right one. Are the images and logos right? Is the URL correct? Check before you proceed with filling in your username and password, he counseled.

Software updates are vital. "Make sure you have the most up-to-date version of whatever software you use," he said. Updates almost always patch security holes. Key software programs such as Adobe Systems' Flash Player and Reader are particularly important to keep updated because they're used on so many computers and are prime targets for hackers.

He also suggested creating a virtual machine on your computer using VMWare as a security measure.

"It's really hard to get people to change their browsing habits," he said. People want to surf the Web fast, visit their favorite sites and download whatever they want without thinking too much about security. "Educate them, move them along, but don't expect them to become security experts."

Internet browser makers take great care in building as much security as possible into their products and putting them through rigorous testing.

The security team for Google's Chrome browser, for example, will take the first crack at any major update to the software, hacking away to find vulnerabilities or ways to improve security, said Chris Evans, an information security engineer at Google.

After the Chrome security team takes a whack at the software and it is reworked to fix the holes they found, other security teams at Google will have a go at the product to see what trouble they can cause. Finally, the software is released in beta form, and private security researchers and others can hack away. Any problems are fixed before the final release goes out and then the Chrome team stands ready to make new patches for any other security issues that crop up.

Despite all the testing, browser makers are only one part of the security solution because they have no control over Web software or user browsing behavior.

The cloud is the Wild West: hackers and malware makers abound, phishers seek passwords and users do whatever they want to, recklessly surfing and downloading potentially dangerous content as judged by security researchers.

Companies developing Cloud applications and services will need to do more for Web security. Amazon.com with its Web Services and Google as it moves forward with initiatives, such as Google Docs, that attempt to draw people to Web applications and away from computer applications will need to work more closely with security researchers, Meer said.

And Google's work on the security in the Chrome browser highlights the reason why: Computer applications such as Chrome face intense scrutiny by security researchers throughout the Web, while Web applications do not.

"Reverse engineering keeps [big software companies] honest," said Meer. "If they hide something in the software code, sooner or later someone finds it. With Cloud services, you just don't know because we simply cannot verify it."

Cloud applications are built by one company, and nobody is looking at the code or how safe it is, said Meer. Applications for computers are different. They can be ripped apart by security experts then put back together stronger so there are no security holes, he said.

"Trust but verify," said Meer. "Just because a guy does no evil today, we cannot trust that they will do no evil tomorrow because we simply cannot verify it."

http://www.pcworld.com/businesscenter/article/173467/researchers_advise_cyber_self_defense_in_the_cloud.html

Protecting Your Children

The idea of a child being abducted is every parent's nightmare. WHIZ's Katie Jeffries spent time with the Muskingum County Sheriff today to get tips on moves your children can use to stay safe.

It is physically impossible for a child to over power an adult, but with the right techniques, every child has a chance to get away from a possible abduction safely.

Muskingum County Sheriff Matt Lutz says with children, there is safety in numbers.

"I always think it is best if they are in numbers. Anytime there is one individual child somewhere the risk is going to go up, So I think if you know where your child is at, know who they are with, kind of control the environment they are in, that has a lot of do with it," says Sheriff Lutz.

Deputy Sheriff Dave Neal walked me through what a child should do if he or she is grabbed by an adult.

"Scratching...yelling 'stranger, stranger', stomping, kicking, biting, yelling all the time.. also grabbing here (abductor's arm) holding on to create dead weight. Also coming down here (abductor's leg) sitting on the foot and holding onto the leg as dead weight and the whole time screaming, yelling... never giving up on the screaming," explains Deputy Sheriff Neal.

The same techniques apply if a child is grabbed from behind.

"If I go dead weight your arms are going to come up a little bit, so you can bite and you can stomp and hair pull and yell.. yell as loud as possible," tells Deputy Sheriff Neal.

Children who are not strong enough to fight should use the dead weight technique .

"If a child is not very strong, to sit on the foot and grab the attacker's leg and just be dead weight. Hold on for dear life and make it as difficult for that person to take the child as possible," says Deputy Sheriff Neal.

Sheriff Lutz says taking kids through these scenarios will better their chances of a safe getaway.

"You can't be too prepared for those kinds of things and any kind of scenario that you go through with them, they will be more prepared in the future," explains Sheriff Lutz.

If children can get away from an abductor teach them to run toward a crowd and never toward a secluded area. Also, parents need to keep a close eye on their children when out in public, because most abductors are not strangers, but people they or their children already know.

Sheriff Lutz says if parents notice anything or anyone out of place in their neighborhood always call the police or sheriff's office right away.

http://tinyurl.com/yg7aztn

Best Self Defense Classes

If you are looking for a Self Defense class and not necessarily just a martial arts class you should inquire if the program teaches and emphasizes awareness, avoidance and physical self defense with the tools you possess all time; ie hands, feet, elbows, knees, head, etc.. Many, but not all, Martial Arts classes will teach you these techniques but not until the higher belts. Do your research before you sign any contract---make sure you are getting what you want and need. Many schools will allow you to take aprox 2 weeks free and let you sit in the room that their teaching--take advantage of this.

If you would like some input with your decision drop me a note.

Self-Defense Instructors Say to Stay Aware

Rochester, N.Y. -- Self-defense instructor Ryan Fredericks says there's no set way to handle an attack, but with proper training you can be prepared.

“You definitely have to have a mind set and a skill set to back what you're going to do on the street as far as protecting yourself,” says Fredericks, who runs Close Quarters Combat in Rochester.

He says the first thing everyone can do is pay attention to what's going on around you.

“Don't fumble on your cell phone text messaging or calling anybody,” Fredericks says. “Have your keys ready to get into your vehicle, look around look under your vehicle... Make sure no one is following you.”

He says if someone does approach you with a weapon, give them what they want, but don't let them take you to the next location.

“You basically want to do everything that they say in the hopes that giving them your money, your wallet, your purse, is going to be enough,” says Fredericks. “If they're looking to take you somewhere, do not go and put up a fight.”

Fredericks says only with proper self defense training should you try to disarm someone, but if you do find yourself fighting back, he says going for the groin doesn't always work and that there are better spots you can target.

“You might be grabbing the sides of someone’s skin, their love handles, gripping onto their neck, pulling an ear…. Go to the face. Don't worry about the groin because it's not necessarily going to do that much damage until you're in a position of dominance.”

Reported by: Edward Moody
Email: emoody@13wham.com
Last Update: 10/08 7:46 pm
http://tinyurl.com/yfyt3p6

Victim of a sexual assault

If you are the victim of a sexual assault:

• Seek medical treatment immediately, even if you don’t feel you have any physical injuries; you may have internal injuries, which require treatment. You can also receive medication to reduce risk of sexually transmitted diseases and, if you choose, medication to prevent pregnancy.
• Do not wash, change clothes, comb your hair, or wipe yourself after urinating. Even if you do not wish to pursue legal action against the perpetrator, by collecting evidence, you give yourself the option of pressing charges in the future.
• Seek counseling or support from someone you trust or a mental health professional. After a sexual assault, many women are in shock and may feel fine and able to “cope,” but there can be a delayed reaction to the assault.

National Center for Victims of Crime: 1-800-FYI-CALL (1-800-394-2255)
http://www.ncvc.org/ncvc/Main.aspx


Information came from the following link
http://bgh.kaleidahealth.org/services/services_display.asp?SID=350&CID=3