Home Security - Cybersecurity Awareness Month

 

Securing Your Home

What is Home Network Security? 

Home network security is the defense of a home network, which links devices like routers, PCs, smartphones, and Wi-Fi-enabled baby monitors and webcams to one another and to the Internet.

 

There are two widespread misconceptions among residential users regarding the security of their networks.

• Their household network is not big enough to be vulnerable to a cyberattack.
• Out of the box, their products are "secure enough."

 

The majority of attacks are not of a personal nature and can happen on any kind of network—large or small, residential or commercial. A network is naturally more open to outside threats if it is connected to the internet.

 

What are the risks? 

DNS hijacking is one of the biggest threats to any wireless network. This occurs when malware infiltrates your unsecured router and craftily redirects you away from a well-known site, such the website of your bank, and toward a phony site that closely resembles the genuine thing. Cybercriminals steal your login information when you log in to the fake website and use it to access the legitimate website.  

 

How to improve the security of Home Network? 

You can drastically lower the attack surface of your home network and make it more complex for a malicious cyber actor to launch a successful attack by using some of the basic but effective mitigation strategies listed below in  no particular order:

• Update your router, home computer and handheld device software regularly.
• Read current security events to learn how to protect your home from the latest vulnerabilities.
• Remove unnecessary services and software from home computers.
• Change default log-in passwords and usernames.
• Use strong and unique passwords with important services such as spending, and email.
• Install network firewall on network devices.
• Regularly back up your data to network attached storage (NAS) or external hard drive.
• Turn off “remote management”, WPS and Universal Plug and Play (UPnP) features.
• After your router has been set up, change default administrator password and logout.

 

Email, Password, Phone Security - Cybersecurity Awareness Month

 
Email, Password and Phone Security

What is Email Security? 

The methods and tools used to safeguard email accounts as well as communications fall under the category of email security. Phishing attacks' main target is email, which is also a way of distributing malware and is the largest attack surface for an organization. 

 

What is Password Security? 

Password security is the integration of policies, procedures, and technologies that improve the security of passwords and authentication mechanisms. It all comes down to knowing how to protect passwords. A password is indeed a type of secret authenticator that must be memorized. 

 

What is Phone Security? 

Phone Security refers to the defenses put in place to protect sensitive data stored on and transmitted by laptops, smartphones, tablets, wearables, and other portable devices. At the root of mobile device security is the goal of keeping unauthorized users from accessing the enterprise network. 

 

What are the risks? 

 

1.      Email Security: Email security is one of the most important infrastructure security measures for an organization. It is also the biggest attack surface for an organization. Some of the security risks for email are as follows:

• Spoofing and Phishing
• Vulnerabilities in E-mail Security
• Domain Squatting
• Malware via email attachments
• Spear Phishing attacks and Business E-mail Compromise (BEC)
• File Format Exploits
• Configuration Errors

 

2.      Password Security: Weak passwords are always a major component in any hack. For user convenience, some applications do not enforce password complexity, and as a result, users use simple passwords such as password, password123, Password@123, 12345, god, own mobile number, and so on. Weak passwords are not only short in length and character count; they are also easily guessable. Below mentioned are some of the risks that passwords face.

• Brute Force or Dictionary attacks on weak passwords
• Cracking of Hashes
• Reuse of Passwords
• Educated Guesswork for Brute Force attacks
• Default Passwords
• Password embedded in code

3.      Phone Security: Potential risks to Phone Security involves malicious mobile apps, phishing scams, data leakage, Spyware and unsecure Wi-Fi networks. There are 4 major types of Phone Security Threats: 

• Mobile Application Security Threats
• Web-Based Mobile Security Threats
• Mobile Network Security Threats
• Mobile Device Security Threats

Identity Theft Protection - Cybersecurity Awareness Month

 

Identity Theft

What is identity theft?

Identity theft is the term used to refer to the types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, typically for economic gain. Anyone can fall victim to identity theft. These acts can damage your credit status and cost you time and money to restore your good name.

How can my identity be stolen?

The following includes some of the ways a threat actor may try to steal your identity:

• Steal wallets or purses in order to obtain identification, credit and bank cards
• Dig through mail and trash to retrieve applications for "pre-approved" credit cards, bank statements, tax documents, etc., that were discarded without being shredded
• Phish” for electronic information with phony emails, text messages, phone calls and websites that are solely designed to steal sensitive information
• Steal data or personal records through a data breach, or purchase stolen data from a malicious third party

What can someone do with your identity?

With enough information about someone, a threat actor can take over that individual's identity to conduct a wide range of fraudulent activities, such as:

• File applications for loans and credit cards,
• Make withdrawals from bank accounts,
• Access online accounts

Types of Identity Theft:

There are many types of identity theft that can occur. Some of the common ones include:

• Tax ID Theft
• Medical ID Theft
• Child ID Theft
• Account Takeover Fraud

What do I do if my identity gets stolen?

Call the companies where you know the fraud occurred.

• Place a fraud alert and get your credit reports.
• Report identity theft to the FTC.
• You may choose to file a report with your local police department.

How do I protect my identity?

Experts believe that identity theft cases occur so often that there is a new victim every 22 seconds. Please check out this comprehensive guide and accompanying infographic to help you take proactive steps to protect your identity.

If you receive a suspicious email, please report it to reportphish@gap.com 

Additional resources:

United States Department of Justice Identity Theft Awareness

Equifax: How Does Theft Happen?

USA.gov Identity Theft Awareness

Experian: Many Different Forms of Identity Theft 

Public Wi-Fi Usage - Cybersecurity Awareness Month

Cybersecurity awareness month is was created in October 2004 by the government with support from the non-governmental security community to help Americans become better at protecting themselves from attacks over the Internet. You can find more information on Wikipedia.

As a parent or young adult reading this article, we at Hak4Kidz want you to know that we are going to do our best to make a meaningful contribution to this month's awareness cycle. Feel free to join in with comments below. This article will go into public Wi-Fi usage.

What is Public Wi-Fi?

Airports, coffee shops, malls, restaurants, and hotels all have free public Wi-Fi that one may use to access the web. People regularly connect to these "hotspots" without giving it any thought because they are so ubiquitous and common.

What are the risks?

The issue with public Wi-Fi is that there are a lot of risks associated with using these networks. Although business owners may think they're giving their consumers a helpful service, it's likely that the security on these networks is insufficient or nonexistent. Below mentioned are some of the risks involved with using public unsecure Wi-Fi:

• Man-in-the-Middle Attacks
• Malware Distribution – Targeting a specific vulnerability in a system by injecting code onto your device.
• Wi-Fi Snooping and Sniffing – Eavesdropping on WiFi signals to access everything that one does when online. From viewing websites visited to collecting login credentials.

How to identify rogue Wi-Fi Networks?

While many hackers like using public Wi-Fi networks, some may go above and beyond by setting up a hotspot specifically for malicious purposes, such rogue networks can be identified as follows:

• Network/Wi-Fi name matches a trusted network.
• “HTTPS” sites are rendered as “HTTP”
• Names of the Wi-Fi networks are generic – such as “Free Wi-Fi”

Things to avoid if connected to Public Wi-Fi:

There are things you shouldn’t do while connected to an unknown network. Some of the ones include:

• Online banking
• Paying Bills or Doing transactions.
• Shopping on Online Sites
• Filing Taxes

How to Safely use Public Wi-Fi if there is an absolute need?

• Use a VPN.
• Stick to “HTTPS” websites.
• Avoid accessing sensitive information.
• Turn off file sharing on public networks.
• Use two-factor authentication for logins.
• Keep your operating system up to date with the latest software and OS updates.
• Remember to log out of sessions.
• Use antivirus software

Thank you Admin dr0pbears for your contributions to this article.

Hak4Kidz 2022 Chicago Event Will Be In-person!

 

We are thrilled to announce that Hak4Kidz Chicago events are returning to meeting in-person!

Scheduled on Saturday, September 17, 2022 in the Old Post Office located at 433 W. Van Buren St.

Even though we had fun teaching Tyros virtual over Webex with Cisco's Cyber Defense Clinic platform, based upon CDC guidance on gatherings, many locations have changed their in-person gathering policies enabling events to proceed.

We are also excited to announce this year's youth keynote presenter is a high school freshmen, while in middle school, Kendrick Lee earned the CompTIA A+ certification! Kendrick will share his adventure of earning a certification that launches many adult's careers into IT. Very inspiring!

When asked about his experience studying for the exam, Kendrick responded, "The CompTIA A+ is brutal, for anyone. But with the right motivation and passion, you’ll prevail."

This year's badge is a Do-It-Yourself soldering badge project that's designed to get us restarting our passion to build.

Activities this year will include:

• The ultimate Hak4Kidz themed hacker escape room!
• The wildly popular lock picking roadshow... Fox Pick!! 
• Hardware Hacking Station
• Crash-bots
• Vintage Computing
• jrCTF - Bring a laptop.
• Snap Circuits
• SpyMath
• STEHM
• Technology Destruction Village

For more detailed descriptions and to stay up to date with activity changes, visit our Activities page.

Workshops this year will include:

• Byte Size HackerBox 0003 Walk-through
• Intermediate Soldering ( 2 sessions )
• Building the Game of Life with Python
• Cyber Defense Clinic

We are trying something new this year, workshops are add-ons in Eventbrite. Please remember to select a couple workshops with registration.

Share this event flyer with friends, family, frienemies, and total strangers over email and social media using this year's flyer.

Hak4Kidz is planning to return to our traditional early June schedule in 2023.

Register today for our 7th annual event!

Stay safe everyone! Question truth, and be better.

Byte Size Box 0001 Walk-through Video Available

 

This month's HackerBox Byte Size is about USB data protection and privacy.

Whether you are a fan of the Incognito sticker to hide your activity online, or the HB shield sticker to protect your laptop with a glider and Open Source hardware logo, or the CAUTION CYBER HAZARD key chain, these contents provide edutainment as a reminder to stay vigilant in the cyberz.

Difficult to avoid a virtual meeting these days. So let's add a webcam cover! Keep your privacy safe from accidental viewers while you are preparing to join the meeting.

Printed Circuit Boards (PCBs) are typically green and used in most electronics. Here HackerBoxes is showing how PCBs can be artistic as well. The black 6" PCB ruler has the HackerBoxes copper logo on one side, and 19 SMD footprints along with trace widths on the other side. Super handy to have around and satisfying to look at.

Next up is the USB Data Blocker! Great to prevent someone taking data off or putting unwanted files onto your USB charging devices. Watch Heal's walk-through video to show you how it works.

Last, and far from least, the Lily GO USB keyboard impersonating stick. Lily GO can be used as a GoodUSB or a BadUSB (for pen-testing only Tyros!). Heal shows you how to flash the micro-controller on the Lily GO to send friendly messages, or play harmless pranks on those who love you. Or at a minimum is patient with your shenanigans. Such as Heal rick-rolling his kid. He's working on an Advanced video to step through how the Arduino sketches work so you can make your own.

Be sure to pick up your Byte Size Box 0001 to join the fun or subscribe monthly so not to miss any boxes while saving some cash.

Pulling in the same direction with HackerBoxes

For some time now, I've been talking to like-minded information security folks about how we have the same objectives when it comes to security awareness training and youth education. The unfortunate truth is we haven't made much progress collaborating. People talk, they get excited, and then something else happens resulting in no follow up. Yeah, there might be some exceptions out there, but very few?

HackerBoxes and Hak4Kidz have entered into a mutual agreement to use each other's strengths and pull together in the same direction. HackerBoxes has figured out designing, curating, and distributing fun and challenging kits. Hak4Kidz is excels at educating kids on IT and Information Security.

The benefits of the partnership is for kids ages 10-110 to submerge themselves into an edutaining hands-on experience of the joy of receiving a monthly mystery HackerBox Byte Size and a walk-through video provided by Hak4Kidz. President of Hak4Kidz, David Schwartzberg, stated, "We are thrilled at the opportunity to expand our services to an underserved demographic over the Internet. The combined forces of HackerBoxes and Hak4Kidz will surely elevate the skills of youths and adults in electronics, cybersecurity, and ethical hacking."

The CEO of HackerBoxes commented, "After shipping our advanced monthly HackerBoxes to adult hobbyists for over six years, we are super excited to also offer Byte Size as a more focused, straight-forward monthly box for beginners of all ages."

While subscriptions for Byte Size are available today, May 15th is the anticipated first ship date of Byte Size with the walk-through video to be released a couple days later. Hak4Kidz is also offering a monthly or annual subscription of Advanced Hacks with the Byte Size box.

Educationally exciting times are ahead!

A Difficult Decision

   As the title of this article states, the Board of Hak4Kidz NFP had to make a difficult decision today. With so much opening up in the Chicagoland area, people are still not getting out of the house as much as we were expecting by this time. How do we know? Our Milwaukee event registration is lower than expected, but a Wisconsin middle school purchased 30 tickets, so we will carry on.

   In our professional lives, one of us planned 3 different professional events on the same day and the turnout was less than desired. That was a big tell. Having a Hak4Kidz event on June 4th is reasonably close to those events mentioned above. So whether the concern is being in large crowds (understandably) or people don't want to put on outside clothes thus leaving the comfort of their home (understandably) , or both, the decision had to be made quickly.

   We are working on selecting a date in late summer or early fall for the next event. But, we want to hear from you first. Please complete this very simple Doodle poll before May 1st to let us know what works best for you. We will communicate the new schedule once the logistics of reserving the venue are finalized.

   Anyone who purchased a ticket will have the option of deferring their ticket for the new date, or a full refund. Once the new date is determined we will notify via social media and an article. We will honor the decision up to two weeks prior to the new date.

   Thank you very much for your community support and we are planning to make the next Chicago event bigger and better than ever!

Securely,

Hak4Kidz Team

Hak4Kidz is back in Milwaukee...and more!

Hak4Kidz is excited to be returning to Milwaukee in partnership with our friends at CypherCon and the Midwest Gaming Classic! 

We want folks to enjoy what Hak4Kidz and the Midwest Gaming Classic have to offer on Saturday, so we decided to reduce our hours to give participants more time for both. This year the Milwaukee Tyro badge will be the badge we created for 2019 and was our first Kickstarter. Tyros and 'Pones can each add-on a deeply discounts Saturday afternoon and evening only pass! This is a great opportunity for Hak4Kidz fans to experience some fun gaming time at the MGC.

When: April 30, 2022, 8:30am doors open, Opening Ceremonies begin 9am, day ends at 12pm CDT
Where: Hilton Milwaukee in Wright Ballroom A, 509 W. Wisconsin Ave, Milwaukee, WI
Registration: ** OPEN **
Registration ends: ** April 29th, 2022 **
Activities: ** Hak4Kidz Milwaukee 2022 Activities are available

Thank you CypherCon and Midwest Gaming Classic for the space!

New Year Message from Hak4Kidz

With the holiday season behind us and the new year having begun, some of us may already be reflecting on what to accomplish over the next twelve months. Such as, how to make a difference in a community or what personal outcomes you are striving for. Whatever it may be, you are going to do something amazing!

We hope during the holidays you were able to reconnect with the people you love and are important in your life. Took a break from the electronic devices and did something like playing a board game. My family enjoys playing Settlers of Catan and Star Munchkin.

With 2021 in the rearview mirror, the Hak4Kidz Board of Directors at the end of December to review 2021, plan for 2022, and beyond. Without going into deep detail and long written prose, here are the highlights and exciting news:

• in person events will resume in 2022, as along as it's safe to bring Tyros together.
• in person events will be following the safety guidelines and vaccination policies of both the local government, venue, and partnering organization.
• current date for Hak4Kidz in Milwaukee in partnership with CypherCon is scheduled for Saturday April 30th. Exact location is still be finalized. Ticket sales will open up at the end of January.
• the flagship Chicago event is scheduled for Saturday June 4th. Location is tentatively the new Cisco office on 433 West Van Buren Street in downtown Chicago. Ticket sales will open up at the end of January.
• other in person events need to be confirmed such as at GrrCON, BloomCon, and BSides KC. Stay tuned for more details.
• BSides Toronto has confirmed that they will most likely not be in person for 2022. 
• Heal has been working on some digital projects that will be for sale at Def Con 30 or at partner events. For example, check out the prototype video of this phaser pin and #badgelife badge add-on!
• our new blog site has launched! You already knew that. This blog will be a resource for education and news. We are looking for technical writers so please DM our Twitter account if interested.
• and most exciting of all, Jeffrey Man joined the Hak4Kidz Board to support our initiatives involving diversity, equity, and inclusion.

There is more going on which we are eager to share, so keep checking the Hak4Kidz website and blog for news.

Thanks again for participating at and believing in Hak4Kidz. 2021 was an interesting year for everyone, so we are planning to make 2022 a much better one!

Happy New Year,
The Hak4Kidz Team

Recorded Webinar: Making Cybersecurity Fun For Kids!

 

To view the recording:
Developing Cyber Talent Series 1: Making Cybersecurity Fun for Kids! – Crowdcast

Hak4Kidz's very own Robert Wagner, Board of Directors member since 2014, was a guest speaker on the webinar Making Cybersecurity Fun For Kids! This is a great honor to be on a panel with the esteemed co-panelists John D. Johnson, Ph.D., Somchai Rice, Ph.D. and Kate Kuehn. 

When asked about providing advice to reduce the InfoSec employment gap, Wagner responded "Making InfoSec fun is a great strategy for encouraging the next generation of InfoSec practitioners." Which is great advice for every age. Wagner continued with additional advice, "Hear what security leaders are doing today to make this possible."

From the Docent Institute's website, "This interactive webinar is designed for educators and professionals who want to learn from cybersecurity professionals who have developed engaging STEM events to get kids excited about cybersecurity as a possible career. The panelists will share examples of successful events and activities that they have led with K-12 students for over a decade, many of which you can duplicate in your own community.

Students often have no idea or misconceptions about careers in the cybersecurity field. By engaging with professionals and STEM educators, they learn that the field is broad and inclusive and that regardless of their background, there are opportunities to have a career that is exciting and rewarding. Through activities such as coding, cryptography, electronics, lock picking, and competitions, students have fun and learn that they can be a white hat hacker, using their skills to benefit society.

The panel includes founders and organizers from DEFCON R00tz Asylum, CornCon Kids, and Hak4Kidz.

Panelists:
Dr. John D. Johnson, Founder/President, Docent Institute (CornCon Kids, DEFCON R00tz Asylum)

Dr. Somchai Rice, Co-Founder/CISO, MedBlox (CornCon Kids)

Robert Wagner, Security Executive Advisor, Splunk (Hak4Kidz)

This webinar series is organized by vArmour and hosted by Docent Institute. Docent is a tax-deductible educational non-profit. Donations are used to host educational events, professional development, public outreach and for educational scholarships. Learn more about our mission at www.docentinstitute.org."

Internet Protocols: The Basics of IPv4

We all know that in order to communicate, a unique address is required. We all get mail, either in the post using a street address, or online, with an email address. 

In both cases, a unique set of information is given, and as there is only one email address at JoeShmoe445@hotmail.com, there's only one 42 Wallaby Way, Sydney, sorta. In order for a computer to be able to use the Internet, they need to have a unique address too.

In the year 1980, IPv4, or Internet Protocol version 4 was developed to make communication easier on ARPANET, the precursor to our modern-day internet. It was a set of four octets- four sets of eight bits, 1's and 0's in binary, which can then be converted into the decimal number system we humans use. 

Converting binary to decimal is simple, as each octet can only contain up to 256 bits of information. This means that IP addresses in decimal are between 0.0.0.0 - 256.256.256.256. 

For example, an IP address in binary would look like 11000000.10101000.00001110.01110011, while the same IP in decimal would be 192.168.14.115. If you actually count each possible address, its exactly 4,294,967,296. 

That's a really big number! 

Unfortunately, many of those addresses are reserved for special reasons, like 10.0.0.0, which is used by your own local computer network. But wait, why would you need to use a local network, where there should be plenty of unused addresses for each computer? 

Find out in part two, where we will be delving into subnetting and the five classes of IPv4 addresses!

  

Genesis of Hak4Kidz Blog

Why? 

Hak4Kidz has been thinking about, talking about, attempted to create, and collaborated with others on starting a quality blog site for adults and Hak4Kidz Tyros. Tyro is defined as someone who is learning or a novice. All attempts have been with great intention but failed to launch, until now.

Our goal is to provide InfoSec and CyberSec educational material for various audiences to consume, but with a primary focus on reiterating or expanding upon activities and workshops are run at our events. We have also discussed entertaining hacker stories. Stories which could be fiction based upon reality or pure fiction. There will also be articles explaining some of our creations in detail. The possibilities have no bounds but will always have our Tyros benefit in the forefront.

Please keep in mind that there is no sudden abundance of time or writers. The opposite is true. You can see who our contributors are quite easily on the sidebar to your right, there aren't that many at the time this article was written. Time? All I can say is the timing just feels right.

We hope you enjoy what we are offering or can share the content with someone you believe will. We strive to help our Tyros to learn about tech while having fun.

Stay healthy everyone and be better!