Home Security - Cybersecurity Awareness Month

 

Securing Your Home

What is Home Network Security? 

Home network security is the defense of a home network, which links devices like routers, PCs, smartphones, and Wi-Fi-enabled baby monitors and webcams to one another and to the Internet.

 

There are two widespread misconceptions among residential users regarding the security of their networks.

• Their household network is not big enough to be vulnerable to a cyberattack.
• Out of the box, their products are "secure enough."

 

The majority of attacks are not of a personal nature and can happen on any kind of network—large or small, residential or commercial. A network is naturally more open to outside threats if it is connected to the internet.

 

What are the risks? 

DNS hijacking is one of the biggest threats to any wireless network. This occurs when malware infiltrates your unsecured router and craftily redirects you away from a well-known site, such the website of your bank, and toward a phony site that closely resembles the genuine thing. Cybercriminals steal your login information when you log in to the fake website and use it to access the legitimate website.  

 

How to improve the security of Home Network? 

You can drastically lower the attack surface of your home network and make it more complex for a malicious cyber actor to launch a successful attack by using some of the basic but effective mitigation strategies listed below in  no particular order:

• Update your router, home computer and handheld device software regularly.
• Read current security events to learn how to protect your home from the latest vulnerabilities.
• Remove unnecessary services and software from home computers.
• Change default log-in passwords and usernames.
• Use strong and unique passwords with important services such as spending, and email.
• Install network firewall on network devices.
• Regularly back up your data to network attached storage (NAS) or external hard drive.
• Turn off “remote management”, WPS and Universal Plug and Play (UPnP) features.
• After your router has been set up, change default administrator password and logout.

 

Email, Password, Phone Security - Cybersecurity Awareness Month

 
Email, Password and Phone Security

What is Email Security? 

The methods and tools used to safeguard email accounts as well as communications fall under the category of email security. Phishing attacks' main target is email, which is also a way of distributing malware and is the largest attack surface for an organization. 

 

What is Password Security? 

Password security is the integration of policies, procedures, and technologies that improve the security of passwords and authentication mechanisms. It all comes down to knowing how to protect passwords. A password is indeed a type of secret authenticator that must be memorized. 

 

What is Phone Security? 

Phone Security refers to the defenses put in place to protect sensitive data stored on and transmitted by laptops, smartphones, tablets, wearables, and other portable devices. At the root of mobile device security is the goal of keeping unauthorized users from accessing the enterprise network. 

 

What are the risks? 

 

1.      Email Security: Email security is one of the most important infrastructure security measures for an organization. It is also the biggest attack surface for an organization. Some of the security risks for email are as follows:

• Spoofing and Phishing
• Vulnerabilities in E-mail Security
• Domain Squatting
• Malware via email attachments
• Spear Phishing attacks and Business E-mail Compromise (BEC)
• File Format Exploits
• Configuration Errors

 

2.      Password Security: Weak passwords are always a major component in any hack. For user convenience, some applications do not enforce password complexity, and as a result, users use simple passwords such as password, password123, Password@123, 12345, god, own mobile number, and so on. Weak passwords are not only short in length and character count; they are also easily guessable. Below mentioned are some of the risks that passwords face.

• Brute Force or Dictionary attacks on weak passwords
• Cracking of Hashes
• Reuse of Passwords
• Educated Guesswork for Brute Force attacks
• Default Passwords
• Password embedded in code

3.      Phone Security: Potential risks to Phone Security involves malicious mobile apps, phishing scams, data leakage, Spyware and unsecure Wi-Fi networks. There are 4 major types of Phone Security Threats: 

• Mobile Application Security Threats
• Web-Based Mobile Security Threats
• Mobile Network Security Threats
• Mobile Device Security Threats

Identity Theft Protection - Cybersecurity Awareness Month

 

Identity Theft

What is identity theft?

Identity theft is the term used to refer to the types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, typically for economic gain. Anyone can fall victim to identity theft. These acts can damage your credit status and cost you time and money to restore your good name.

How can my identity be stolen?

The following includes some of the ways a threat actor may try to steal your identity:

• Steal wallets or purses in order to obtain identification, credit and bank cards
• Dig through mail and trash to retrieve applications for "pre-approved" credit cards, bank statements, tax documents, etc., that were discarded without being shredded
• Phish” for electronic information with phony emails, text messages, phone calls and websites that are solely designed to steal sensitive information
• Steal data or personal records through a data breach, or purchase stolen data from a malicious third party

What can someone do with your identity?

With enough information about someone, a threat actor can take over that individual's identity to conduct a wide range of fraudulent activities, such as:

• File applications for loans and credit cards,
• Make withdrawals from bank accounts,
• Access online accounts

Types of Identity Theft:

There are many types of identity theft that can occur. Some of the common ones include:

• Tax ID Theft
• Medical ID Theft
• Child ID Theft
• Account Takeover Fraud

What do I do if my identity gets stolen?

Call the companies where you know the fraud occurred.

• Place a fraud alert and get your credit reports.
• Report identity theft to the FTC.
• You may choose to file a report with your local police department.

How do I protect my identity?

Experts believe that identity theft cases occur so often that there is a new victim every 22 seconds. Please check out this comprehensive guide and accompanying infographic to help you take proactive steps to protect your identity.

If you receive a suspicious email, please report it to reportphish@gap.com 

Additional resources:

United States Department of Justice Identity Theft Awareness

Equifax: How Does Theft Happen?

USA.gov Identity Theft Awareness

Experian: Many Different Forms of Identity Theft 

Public Wi-Fi Usage - Cybersecurity Awareness Month

Cybersecurity awareness month is was created in October 2004 by the government with support from the non-governmental security community to help Americans become better at protecting themselves from attacks over the Internet. You can find more information on Wikipedia.

As a parent or young adult reading this article, we at Hak4Kidz want you to know that we are going to do our best to make a meaningful contribution to this month's awareness cycle. Feel free to join in with comments below. This article will go into public Wi-Fi usage.

What is Public Wi-Fi?

Airports, coffee shops, malls, restaurants, and hotels all have free public Wi-Fi that one may use to access the web. People regularly connect to these "hotspots" without giving it any thought because they are so ubiquitous and common.

What are the risks?

The issue with public Wi-Fi is that there are a lot of risks associated with using these networks. Although business owners may think they're giving their consumers a helpful service, it's likely that the security on these networks is insufficient or nonexistent. Below mentioned are some of the risks involved with using public unsecure Wi-Fi:

• Man-in-the-Middle Attacks
• Malware Distribution – Targeting a specific vulnerability in a system by injecting code onto your device.
• Wi-Fi Snooping and Sniffing – Eavesdropping on WiFi signals to access everything that one does when online. From viewing websites visited to collecting login credentials.

How to identify rogue Wi-Fi Networks?

While many hackers like using public Wi-Fi networks, some may go above and beyond by setting up a hotspot specifically for malicious purposes, such rogue networks can be identified as follows:

• Network/Wi-Fi name matches a trusted network.
• “HTTPS” sites are rendered as “HTTP”
• Names of the Wi-Fi networks are generic – such as “Free Wi-Fi”

Things to avoid if connected to Public Wi-Fi:

There are things you shouldn’t do while connected to an unknown network. Some of the ones include:

• Online banking
• Paying Bills or Doing transactions.
• Shopping on Online Sites
• Filing Taxes

How to Safely use Public Wi-Fi if there is an absolute need?

• Use a VPN.
• Stick to “HTTPS” websites.
• Avoid accessing sensitive information.
• Turn off file sharing on public networks.
• Use two-factor authentication for logins.
• Keep your operating system up to date with the latest software and OS updates.
• Remember to log out of sessions.
• Use antivirus software

Thank you Admin dr0pbears for your contributions to this article.

Hak4Kidz 2022 Chicago Event Will Be In-person!

 

We are thrilled to announce that Hak4Kidz Chicago events are returning to meeting in-person!

Scheduled on Saturday, September 17, 2022 in the Old Post Office located at 433 W. Van Buren St.

Even though we had fun teaching Tyros virtual over Webex with Cisco's Cyber Defense Clinic platform, based upon CDC guidance on gatherings, many locations have changed their in-person gathering policies enabling events to proceed.

We are also excited to announce this year's youth keynote presenter is a high school freshmen, while in middle school, Kendrick Lee earned the CompTIA A+ certification! Kendrick will share his adventure of earning a certification that launches many adult's careers into IT. Very inspiring!

When asked about his experience studying for the exam, Kendrick responded, "The CompTIA A+ is brutal, for anyone. But with the right motivation and passion, you’ll prevail."

This year's badge is a Do-It-Yourself soldering badge project that's designed to get us restarting our passion to build.

Activities this year will include:

• The ultimate Hak4Kidz themed hacker escape room!
• The wildly popular lock picking roadshow... Fox Pick!! 
• Hardware Hacking Station
• Crash-bots
• Vintage Computing
• jrCTF - Bring a laptop.
• Snap Circuits
• SpyMath
• STEHM
• Technology Destruction Village

For more detailed descriptions and to stay up to date with activity changes, visit our Activities page.

Workshops this year will include:

• Byte Size HackerBox 0003 Walk-through
• Intermediate Soldering ( 2 sessions )
• Building the Game of Life with Python
• Cyber Defense Clinic

We are trying something new this year, workshops are add-ons in Eventbrite. Please remember to select a couple workshops with registration.

Share this event flyer with friends, family, frienemies, and total strangers over email and social media using this year's flyer.

Hak4Kidz is planning to return to our traditional early June schedule in 2023.

Register today for our 7th annual event!

Stay safe everyone! Question truth, and be better.

Byte Size Box 0001 Walk-through Video Available

 

This month's HackerBox Byte Size is about USB data protection and privacy.

Whether you are a fan of the Incognito sticker to hide your activity online, or the HB shield sticker to protect your laptop with a glider and Open Source hardware logo, or the CAUTION CYBER HAZARD key chain, these contents provide edutainment as a reminder to stay vigilant in the cyberz.

Difficult to avoid a virtual meeting these days. So let's add a webcam cover! Keep your privacy safe from accidental viewers while you are preparing to join the meeting.

Printed Circuit Boards (PCBs) are typically green and used in most electronics. Here HackerBoxes is showing how PCBs can be artistic as well. The black 6" PCB ruler has the HackerBoxes copper logo on one side, and 19 SMD footprints along with trace widths on the other side. Super handy to have around and satisfying to look at.

Next up is the USB Data Blocker! Great to prevent someone taking data off or putting unwanted files onto your USB charging devices. Watch Heal's walk-through video to show you how it works.

Last, and far from least, the Lily GO USB keyboard impersonating stick. Lily GO can be used as a GoodUSB or a BadUSB (for pen-testing only Tyros!). Heal shows you how to flash the micro-controller on the Lily GO to send friendly messages, or play harmless pranks on those who love you. Or at a minimum is patient with your shenanigans. Such as Heal rick-rolling his kid. He's working on an Advanced video to step through how the Arduino sketches work so you can make your own.

Be sure to pick up your Byte Size Box 0001 to join the fun or subscribe monthly so not to miss any boxes while saving some cash.

Pulling in the same direction with HackerBoxes

For some time now, I've been talking to like-minded information security folks about how we have the same objectives when it comes to security awareness training and youth education. The unfortunate truth is we haven't made much progress collaborating. People talk, they get excited, and then something else happens resulting in no follow up. Yeah, there might be some exceptions out there, but very few?

HackerBoxes and Hak4Kidz have entered into a mutual agreement to use each other's strengths and pull together in the same direction. HackerBoxes has figured out designing, curating, and distributing fun and challenging kits. Hak4Kidz is excels at educating kids on IT and Information Security.

The benefits of the partnership is for kids ages 10-110 to submerge themselves into an edutaining hands-on experience of the joy of receiving a monthly mystery HackerBox Byte Size and a walk-through video provided by Hak4Kidz. President of Hak4Kidz, David Schwartzberg, stated, "We are thrilled at the opportunity to expand our services to an underserved demographic over the Internet. The combined forces of HackerBoxes and Hak4Kidz will surely elevate the skills of youths and adults in electronics, cybersecurity, and ethical hacking."

The CEO of HackerBoxes commented, "After shipping our advanced monthly HackerBoxes to adult hobbyists for over six years, we are super excited to also offer Byte Size as a more focused, straight-forward monthly box for beginners of all ages."

While subscriptions for Byte Size are available today, May 15th is the anticipated first ship date of Byte Size with the walk-through video to be released a couple days later. Hak4Kidz is also offering a monthly or annual subscription of Advanced Hacks with the Byte Size box.

Educationally exciting times are ahead!