The Central Texas IT Guy

Web Development Austin, SEO Austin, Austin Search Engine Marketing, Internet Marketing Austin, Web Design Austin, Roundrock Web Design, IT Support Central Texas, Social Media Central Texas

App Access: Threat To Privacy

By

On August 26, 2019

In Security

PDF Version:  App-Access-Threat-To-Privacy

What Is An Evil Twin Attack

By

On August 19, 2019

In Security

With the advancement of technology, there has been a rise in the use of wireless connectivity solutions. It has found applications in restaurants, coffee shops, offices and shopping malls. However, wireless connectivity in the form of Wi-Fi is inherently less secure. It is largely unprotected from threats that can result in theft of credentials and sensitive information. The unprotected access points expose your connection and personal data to cyber-attacks such as ‘Evil Twin Attack’.

Understanding An Evil Twin

An evil twin is a rogue wireless access point that appears as a genuine hotspot offered by a legitimate provider. It typically clones the MAC address, name and service set identifier (SSID) of the network. This makes it hard for the users to differentiate between original and fake access point.

An attacker can conveniently create an “evil twin” within the smart phone or other internet-capable device using some easily available software. He discovers the radio frequency of a legitimate access point and uses the same to send out his own radio signals with the same name as original access point. This enables the attacker to eavesdrop on the network traffic, capture traffic or plant malware on the system.

Implications To Cybersecurity

Once the fake access point is set up, it poses as a local hotspot. The attacker positions himself near the end-user so that his signal is strongest within the range. The strong signals tempt users to connect manually to the evil twin for internet access. Also, it can be a case where the end-user’s computer automatically chooses that connection. This allows the hacker to intercept user’s sensitive data that is being shared between user and the host. Thus, he can obtain sensitive information or login credentials resulting in identity theft or financial loss of the end-user. Attackers are also using social engineering to clone a login page through which credentials can be stolen.

Ways To Prevent Evil Twin Attack

To avoid evil twin network connections, following tips should be considered by end-users:

  • Refrain from using public hot spots for online shopping or banking.
  • Users should disable auto connect feature on all wireless devices.
  • Connect via a virtual private network (VPN) to compress all traffic while using a public access point.
  • Before connecting, ask the owner of the area for official name of the hotspot and security key, if any. Type the incorrect key intentionally; evil twin hotspots will grant access irrespective of the key.

Companies should also incorporate measures to protect corporate data from evil twin attack:

  • Instruct employees to use Wi-Fi Intrusion Prevention Systems (WIPS) to prevent their systems from connecting to unauthorized duplicate access points.
  • Protect company’s wireless connections with Personal Security Key (PSK) and provide its details to employees and customers.

For more information on IT security solutions for your business, call Centex Technologies at (254) 213 – 4740.

Safe Internet Access For Kids

By

On July 30, 2019

In Security

Giving your child access to using internet may be required for educational purposes but it is equally important to ensure how safely the internet is being used by them. Children can often come across dangerous online content which gives rise to the need for equipping yourself with necessary knowledge about online threats for your kids. They can browse through a lot of stuff either accidently or on purpose.

Following internet safety tips can help your child to manage online risks and enjoy safe use of internet:

  1. Achieving Internet Safety For Kids: Children, these days, are spending longer hours using online media for entertainment and education. Kids are more curious to explore further and trust whatever they see. This makes them susceptible to a lot of sensitive content. These unique set of problems require careful monitoring to help your kids achieve internet safety.
  2. Monitor Your Child’s Online Activity: Mostly children are not able to spot various scams and fall for unnecessary schemes. They are at an age which makes them unable to understand the difference between an ad, a spam or any other malicious attack. It is important to be aware of the sites that your child is visiting and tracking their online behavior. Also, there are various parental control apps to help parents monitor their kid’s internet usage in a better way. The apps keep a track of the online sites visited by your child. They also keep a control on internet connection time, block malicious websites and report any unusual online activity.
  3. Communicate With Your Child: Talk to your kids about the scams that they might be facing on internet and help them to understand the basics of cyber security. Emerging online threats and safe browsing on internet are other important topics that you should discuss with your kids. It is important to help them know about the implications of a virus to assist them in developing a better understanding on safe online browsing. Also, spending time online with your child can teach your kids appropriate online behavior.
  4. Make Sure Your Child Is Anonymous Online: It is important for kids to understand that they should not reveal any personal information such as address, phone number, or school name or location on social platforms. Exercising restraint is beneficial for their internet safety. Strictly instruct them not to post or trade any personal pictures. Inform them to use a screen name instead of real name. Make sure to let your kids know that they should never share passwords with anyone. Children should not agree to meet in person with anyone they met online without parent’s supervision and they should never respond to any threatening email or message.

For more information on keeping your child internet safe, call Centex Technologies at (254) 213-4740.

Protecting Your Home IoT Devices

By

On July 27, 2019

In Security

View Full Image

What Is Doxing?

By

On July 22, 2019

In Security

Doxing is referred to as the dark side of OSINT or Open Source intelligence. OSINT is an overt method of data collection and involves the practice of gathering information from publically available resources such as public media, internet, public government data, professional or academic publications, corporate databases, financial assessments and grey data (unpublished papers, business documents & patent reports).
The term Doxing is an abbreviation for ‘dropping documents’ which means compilation and release of a dossier of personal information on someone. The information included in the dossier is gathered via public resources and thus, the act falls under the category of OSINT.

Sources Of Information
The perpetrator gathers information from public and open sources. Some common sources of information are:

  • Social media
  • Blogs
  • Personal websites
  • Online forums & web discussions
  • Online gaming profiles

Targeted Information
Typically a dossier contains following information about an individual.

  • Contact information
  • Social Security Number
  • Personal photographs
  • Social media profiles
  • Credit card details
  • Credit report
  • Banking information

Why Is Doxing Called Dark Side Of OSINT?
Although the information is gathered using overt methods; the online publication of personal information usually results in illegal implications. The tactic is rarely in public interest and is often targeted at breaching the victim’s personal information and publishing it to attract unwanted harassment. It can pose following threats:

  • Threat To Personal Safety: Public release of contact information, personal photos, address, etc. can be used by cyberbullies for harassing the victim. Also, it may lead to some hacking acts such as fake memberships or serious crimes such as stalking, swatting, etc.
  • Threats To Cybersecurity: The information collected by Doxing may be used by hackers or cyber criminals to pressurize either an individual or an organization for financial gains.

Ways To Protect Yourself
Here are some simple tricks to protect yourself from Doxing attacks:

  • It is important to understand the basics of social engineering. Social engineers scan the online profiles and data for useful information that can be used to victimize the target. Thus, it is important to scrutinize the information you share on your social media profiles and avoid oversharing your personal information.
  • Check the privacy settings of your social media profile and edit them to ensure that your personal information is shared with your friends only. Also, be critical of people you add to your list of social media friends.
  • Hide your IP address by using a trusted proxy or VPN service for anonymity while using internet.
  • When purchasing a domain, invest in WHOIS protection to prevent unwanted access to the information you share on your website.
  • Avoid using a single email address for all online accounts. It is advisable to use different emails, passwords & usernames for different profiles, gaming and bills. Also, deploy multi-factor authentication for your accounts.

For more information on Doxing and its outcomes, call Centex Technologies at (254) 213-4740.

© Copyright 2022 The Centex IT Guy. Developed by Centex Technologies
Entries (RSS) and Comments (RSS)