Not down wid OPP

My professional life involves constant deep dives into Other Peoples’ Problems (OPP)….taking on the same ethos in my private life is truly a different matter.

Today, getting intimate with peoples’ digital life is way too risky and a very Thankless endeavour.  Taking on any private system admin task means exposing yourself as a technician to unwarranted criticism and abuse; get it a wrong and you’re a snooping idiot IT guy, get it right and nothing is said.

Not my Problem

It’s a constant catch 22 scenario especially when you can see friends and family making familiar tactical and operation errors i.e. never ever backing up their data, never encrypting their data and never changing their passwords.

Here are 10 things that people don’t change often.

Change bank account or card
Change email address
Change passwords
Change phone device
Erase or reset phone device
Change phone number
Change social media accounts
Change inner friend circles
Change ISP or Geolocations
Change public IP address

Tactical Reconnaissance: Basics for profiling, tracking or snooping.

So you think you’ve been hacked

As an individual, where do you turn if you think you’ve been breached and your antivirus software tells you nothing?

Your Internet Service providers? Your bank?
Your email provider?
The techie friend of a friend who can find a job in the industry?
Your insurance company?
Your IT department at work?

…or your friendly neighbourhood CISSP®Certified Information Systems Security Professional.

Generally, though, it’s down to you and Google to figure it out.

Take your life offline if you get hacked.

In the meantime, you stumble around telling friends you’ve been hacked or that your tech is crap.

Naturally, social media is a massive help to find out if someone else has the same problem.  In my experience, the emotional pressure is one of the biggest issues.  Feelings of WTF and “why are they doing this to me” cloud your judgement and objectivity.

Don’t be a victim, be a warrior. Hellblade: Senua’s Sacrifice

InfoSec skills – Computer Emergency Response Team (CERT)

As a Small Business or individual, If you were going to hire a Private IT Security Professional here’s what you should be looking for.

Trust me I’m a Professional – Until Dawn™

Loving this 2016 IT Security Job Description

Experience as part of an incident response team (either in-house or as a consultant).

An ability to provide technical analysis and direction for investigations.

An understanding of networking protocols and infrastructure designs; including, firewall functionality, routing, encryption, host and network intrusion detection systems, load balancing, and other network protocols.

An understanding of the current vulnerabilities, response, and mitigation strategies used in cyber security.

Willing to work out of hours and public holidays as part of a shift Rota and when on call as needed.

Inherent passion for information security and service excellence.

An ability to analyse and reverse engineer various file types including providing dynamic and static analysis of malware artefacts and binaries as well as other malicious attack files.

Be able to complete post-mortem analysis of network logs, traffic flows and other activities to identify malicious activity on a network.


Keep it Clean

I cannot be bothered to delete Exchangeable Image File (EXIF) data recently so if you dig deep enough you’ll know when and where I took this image and on what device.

Cyber Crime, Cyber Bullies, Cyber Idiots…….and now Cyber Clean.

I saw this on a friend’s shelf and was sniggering for ages, marketing people enjoying the Cyber-hype.

Stick the word “Cyber” on everything

The product itself is pretty cool and basically a keyboard and device cleaner that works.

We are safe and clean

….….for now.

Available from JOKER in Hong Hong…honest I’m not making this stuff up.

No, No, No Way

Outside the InfoSec community and Paranoid conspiracy addicts, I seldom come across individuals who routinely check themselves to see how open they are to attacks.

Handy Hacker toolkits always include

Ransomware
Phishing Vulnerability
“New to YouTube" Vulnerability
Bot Infection
Browser Attack
Anonymizer Usage (hide yourself tools)
Data leakage 
(on purpose or by sheer end-user stupidity)

In the meantime, while everyone is debating the impact of leaving Europe, the Investigatory Powers Act 2016 is filtering down to individuals as it’s now a  tool for lawful interception of data.

So now you gotta look out for the bad guys, the marketing people AND Big Brother.

Solution: Encrypt EVERYTHING

Things just got Real…gonna go take my some Diphenhydramine so I can catch at least 6 hours deep sleep tonight.