Yesterday was the
, an annual worldwide awareness campaign that promotes online security. It's a laudable effort, with NetSafe coordinating the New Zealand effort:
There are plenty of good tips and advice to look at on the NetSafe SID 2016 site, so please visit and have a read.
One of the questions NetSafe sought to answer was if 2015 was better or worse year for internet security than 2014; the organisation noted that there's not enough accurate information to answer that accurately - which is fair enough; having covered IT security extensively for the past few years, my answer would unfortunately be "it depends".
Some things are better: your personal computer should be relatively safe this year.
Provided you keep the software on it up to date that is, avoid installing too many things and especially stay clear of launching files emailed to you or from websites you don't know.
The same goes for smartphones and tablets: don't stray outside the official app store, unless you really, really know what you're doing and can afford to be hacked.
Also, be careful whose Wifi you connect to, especially public hotspots. You have no idea who is on the same network as you, and if they're listening in on what's being sent - or changing the data. If you have to use someone else's Wifi, make sure your data connections are fully encrypted which can be difficult to achieve.
That doesn't guarantee your computer won't be broken into, but it'd take enough time and effort not to be worthwhile compared to myriads of vulnerable systems nearby.
Be careful whose Wifi you connect to, especially public hotspots. You have no idea who is on the same network as you, and if they're listening in on what's being sent - or changing the data.
SHARE THIS QUOTE:
You will still be at risk from backdoored routers (the internet provider systems that forward your data) and there are some really determined malware writers out there, looking to phish you if you're a high value target.
The larger picture doesn't look so good though.
That's because the internet continues to store increasing amounts of information; the information is not valuable to anyone unless it can be accessed; the more people that access the information, and do something with it, the greater the value.
Therein lies the rub: how do you keep sensitive data out of bad people's hands? Criminals have a commercial imperative just like Google and Facebook to use and abuse your data and there's more coming online everyday, inexorably.
Then there's the context of the information itself: when you're in a strange place, it's great to have your phone tell that map, shopping or food finder app exactly where it is. Ditto when the phone's stolen so you can reset it remotely.
However, if the app vendor decides on-sell that location data, or if criminals or spies from a hostile country intercept it, you could be in for a world of pain.
One fix is not to give out so much true information about yourself - and conversely, if you stop using a service, make sure the account data is deleted as well. If the provider in question allows it, that is. Government agencies are unlikely to delete anything, for instance.
That strategy only takes you so far before you become handicapped in day to day dealings. Try sending and receiving letters for a while instead of email (that's stored on servers) to see what I mean.
One thing's for sure, the "Internet of Things" will be a security disaster this and coming years.
SHARE THIS QUOTE:
Networked toys, lights, fridges, toasters, baby monitors, you name them: these are made on the cheap, with little or no consideration for security and they won't ever get updated. They will leak information and wreak havoc, so stay away from IoT devices until they come with security guarantees.
Other IoT networked products such as cars are harder to avoid with worrying consequences. Across the Tasman, the boys in blue are keen on using tech to avoid high-speed pursuits. Now that's a great idea on paper, using some sort of sticky GPS tags shot onto fleeing cars, just like in the movies, and switching off car fuel supplies and controlling their brakes remotely.
Wait, what? Remotely disabling the cars? Victoria police officers specifically mentioned the General Motors OnStar system as having that ability. That's the same OnStar system that security searchers Charlie Miller and Chris Valasek showed be used to put a Jeep in the ditch, remotely, and with the driver being unable to do anything about it.
I'm not sure if it was Miller and Valasek's work that inspired police officers who are very keen on a remote kill switch for cars, but it's worth noting that GM took five years to fix that OnStar "feature" with a recall of 1.4 million vehicles.
Paranoid drivers had better check out Trade Me's classic car section in other words.