The Fresh Round of Twitter Hacks and Attacks

Whenever I talk about security, it is important that I remind you that I write solely my own opinions and not official positions of Intel. Hopefully, you find this useful advice, but that's all it is, advice from someone who is interested in safety.

Well, twitter has been "safe" and quiet for some time. People have begun to let their guard down. However, a new set of vectors for exploits is being mined. It started about a week ago with a tweet exploit that became a worm and spread porn and other unsavory stuff. Now, a second version has appeared. It looks like this new version has been nipped in the bud. However, the risk is ever present. There are people out there looking for security holes and when they find them, either playing pranks or spreading something more vicious.

Sadly, it is the nature of software to have such flaws. Thus, it is only wishful thinking to hope it goes away. We can erect better fences, but there will always be someone who finds out how to scale them and uses that ability to their advantage and our disadvantage. As a result a certain level of caution, vigilance, and even paranoia is appropriate. But do so in balance, if you let fears dominate your life, the result is just as bad, because your fears will cause you to miss opportunities.

So, keep the following in mind. There are people out there who are out to trick you and they are very clever and have very little scruples. These people are anxious to imitate anyone you trust as that's a source of leverage for them. Thus, they will pretend to be your bank, the government, some famous company, your friend, a web site that you often visit, a new web site with an interesting game, anything they think that will get you to trust them They will do this by every means possible: by spam emails, by links to sites that download malware, by sending misleading tweets, by hacking into your computer, by hacking into the computers of places that have your info. The more valuable they think your information is or the easier they think it is to get, the more effort they will spend getting it.

However, in most cases, they are not targeting you specifically, they are just looking for the easiest mark that will fall for their trap. Therein lies your advantage. You don't have to outrun the bear, just the other hikers. This is why fish swim in schools. Sure that makes the entire school a large target and the fish along the edge do get eaten, but the ones in the center tend to survive and breed a new generation. Your goal is to be in the safe part of the school.

Thus, when you read safety advice on the internet, remember that it is not fool-proof. Some people who do everything right will still get hacked. However, it is the best advice we have. It will keep you from doing things that are too risky and too likely to get you into trouble. It will increase your odds of using the internet safely.

See the next entry for some safety advice recommendations.

Common Sense For The Fresh Round of Twitter Hacks and Attacks

Whenever I talk about security, it is important that I remind you that I write solely my own opinions and not official positions of Intel. Hopefully, you find this useful advice, but that's all it is, advice from someone who is interested in safety.

Here are some basic safety principles and examples of their use:

1. Don't trust unsolicited information.
   
   1. If you get an unsolicited email or phone call or direct message or @ message or wall posting etc., don't presume the sender is who they claim to be, especially if they ask you to do something you wouldn't normally do (e.g. give out your bank account number or phone number).
   2. If you do believe that you need to something in response to a message (e.g. you are worried your account might be overdrawn), use an alternate channel for taking action. Don't click on a link embedded in the message. Log into your bank in a separate browser window by typing in the address you know (or have written down from a safe and calm time). Better yet, don't do it online--call or visit your bank.
2. Keep your secrets safe.
   
   1. Don't post details about upcoming trips when you will be away from your house for a significant period of time.
   2. Check that public information sites like spokeo aren't giving out information that can be used to impersonate you.
   3. Don't post pictures of your kids nor give out their names and ages.
   4. Don't post details of your life (or pictures of yourself) that you aren't willing for the world to see. Don't even send such pictures to friends.
   5. Use strong passwords. Not a word in a dictionary. Not an easily typed sequence of numbers. Not something about you that can be guessed or looked up online.
   6. Don't reuse the same password for multiple places, especially not important ones. Make certain that even if one of your passwords gets cracked, your other passwords are still not easily guessed.
3. When something bad happens, don't panic.
   1. Calm yourself down first. Realize that it probably isn't as bad as it seems right away.
   2. Plan the steps to limit the damage before doing anything else. That will force you to be more focused.
   3. Make sure you are thorough. For example, if you have an account that is hacked, make sure you take all the steps to make the account secure, check your computer is secure, and then check to be certain your other accounts are safe also. If your the account broken into has a password, change it to a new one as part of the plan.
   4. Don't do other things until you have verified that you have solved the problem. If you have a hacked FaceBook account, don't check your bank until you've fixed that problem first and verified that you don't have a virus or keylogger on your computer. If you skip steps, you make spread the problem to other parts of your life. This is where making a calm plan can come in handy.
4. Stay aware.
   1. Watch for alerts as problems are spreading. There is often specific advice on things not to do as they are found.
   2. Read various sources on the issues. Get a variety of opinions and guidelines so you can make informed choices.
   3. Keep your protections up-to-date. Don't just download a virus tool and think the problem is solved. Get updated definitions regularly. See if there aren't other tools you should use. Also, change your passwords at least from time to time, even if you haven't been hacked that you know of.

Hopefully, the above list doesn't seem too long. There is a lot of good that can come from using the internet. It can make your life easier, richer, and more fulfilling. If you make the above into "good habits", they shouldn't take much time at all. Moreover, these good habits aren't just for using the internet. They are more "common sense" things that you should practice everywhere. While the internet has its own unique risks because it brings the whole world right to us, much of the most dangerous things were already in our life. Most of us have already learned to cope with them.