CYBR650 - Dooley- Week 12 Blog

CYBR650 – Week 12 Blog – Dooley

November 15, 2014

          For this week’s bloc, we are asked to make an entry about lessons learned.  What we found to be the most difficult part of the course and if there is anything we would do differently.

          I ended up being sick for a couple weeks this quarter and that really played havoc with everything.  I think the hardest part of the course, and it’s not just this course, but I tend to have difficulty doing the network diagramming.  I find that I can explain it much better than I can diagram it.

          I loved the communication everyone had going.  I think we get/give really good feedback to one another and push each other to think outside of the box.  It seems we are all a nice bunch of people as I never saw any snippy comments.  By this time in the path, I recognized quite a few names and it was nice to see them again.

          Professor Woerner is an excellent instructor.  He leaves feedback and makes us think more and pulls ideas out of us.  He offers extra information and opportunities and I find that is a bonus of having him for an instructor. 

          If this was the end of my schooling, I would say that I would greatly miss BU and the opportunity to learn new things, but this is not the end of the pursuit of education.  I will begin my next Degree path in February, 2015.

          I would like to thank Professor Woerner for being such a great instructor and for providing us with such great information and instruction.

CYBR650 - Dooley - Week 9 Blog

CYBR650 – Week 9 Blog – Dooley

November 15, 2014

          In this week’s homework, people were mentioning the breach at the United States Postal Service.  I hadn’t really watched the news all week and didn’t know anything about what was going on.  So I looked into it a little more.  If you already know what is going on, I apologize for repeating anything.  If you are like me and haven’t caught the news, here’s the scoop.

          The USPS experienced a breach putting the Personal Information of over 800,000 people, including employees, top Directors, retirees and regulator’s PI.  The breach may have compromised their names, addresses and Social Security numbers.  It is also possible that an unknown number of customers may also have been affected, but not to the same degree as the other victims.

          So far there is no evidence of malicious activity of the compromised data but the USPS claims to be taking steps to assist their employees protect themselves against any potential misuse of their data.  The USPS also claims that they have “significantly strengthened its systems to prevent future attacks”.  (Stevens, 2014)

          The Postal Service further reports that their payment systems, both online and at the physical post offices were not compromised, nor were any customer credit and debit card information affected.  However, is possible that any customers that called into the customer-care center of the USPS between January 1, 2014, and August 16, 2014, may have had less serious PI such as their names, address, phone numbers, and e-mail addresses may have been compromised.

          The USPS first became aware of suspicious activity in mid-September and they believe that the hackers breached their systems some time after that.  The USPS reports that at that time, they took immediat action, including having experts investigage and stop the breach.  They report that they are just now reproting this breach to the public because had they revealed it earlier, it could have put the efforts to minimize the breach at stake.

          While the source of the attack is not yet known, it is felt that it is pretty obvious that the breach was done by a sophisticated person or group.  In fact, they report that the attack is very similar to attacks seen at other government agencies annd large corporations.  Investigators feel that are some ties in this breach that are similar to an attack on the White House in late October and that evidence points to China as being behind the breach.  In fact, the Washington Post reported.

          The piece I was reading then went onto to discuss other major breaches that have been reported in the recent past.

          It kind of surprises me that these big corporations continue to experience these breaches.  You think after a couple  of the them experienced huge breaches, they would start to strengthen their networks and provide more protection.  However, I realize it is wrong of me to assume they are not doing this as it is very possible for hackers to be a step ahead of everything, but it is just curious that the same types of attacks keep occuring.

REFERENCES

Stevens, L. a. (2014, November 10). U.S. Postal Service Says It Was Victim of Data Breach - The Wall Street Journal. Retrieved from wsj.com: http://online.wsj.com/articles/u-s-postal-service-says-it-was-victim-of-data-breach-1415632126

CYBR650-Week 8 Blog - Dooley

CYBR650 – Week 8 Blog – Dooley

November 14, 2014

            I was watching Good Morning America yesterday morning while getting ready for work and they had a quick teaser about cybersecurity and protecting yourself and they would be right back with Shark Tank’s Robert Herjavec.  They had my attention.  First, because of the “cybersecurity” mention and secondly because of Robert’s name dropping.  If you don’t watch Shark Tank then you miss the blurb about Robert being the son of Croatian immigrants and his ability to make money in the IT sector and his current company, The Herjavec Group, a leading IT security and infrastructure integration firm.

            So, I sat there taking my time to get ready for work so I could see what they were talking about.  What I saw was frightening.  We are all aware of the iWatch and that you will have the ability to pay for purchases somehow using the watch.

            Well, apparently our beloved credit card companies, I say with a laugh, will be embedding our credit cards in the near future with smart chips.  By the end of next year 70% of all credit cards are expected to have this smart chip.  While our credit card providers are hocking these as an extra layer of security and more convenient because all you have to do is wave your card in front of a payment machine instead of swipe it, there are dangers to these smart chips.

            Mr. Herjavec showed us that hackers already have an app to get your PI from the smart chips.  They did not say what the app is called, but Robert had it and the Interviewer laid her purse down, with a card with a smart chip on it, and Robert simply put his phone by her purse.  In a matter of seconds the app downloaded the interviewer’s credit card number, PIN number, and her previous transactions right onto Robert’s smart phone.

            So, how can we protect ourselves?  These hackers are not after the “big dollars”.  They are making multiple, smaller charges to go unnoticed.  You have to start reading your credit card statement line by line.  The bad guys aren’t going to go spend $5,000 item, they are going to spend $20 or $100 here and there ~ these are called microcharges, which are referred to as microfraud. 

            The Electronics Payment Coalition says the financial services industry says it is committed to investing in a system that protects millions of Americans who use it each day.  However, if you don’t believe that spiel, what else can you do to protect yourself?  There are wallets out there with metal coating that would prevent the want-to-be thieves from absconding with your information.  Robert also suggested putting your credit cards in some type of metal sleeve, or simply wrapping them in aluminum foil, can protect you from hackers getting this information.

            This technology is not going away; in fact, it will probably become more widely used.  As our cards become smarter, they contain more data, which is exactly what the bad guys want.  The more data they can gather, the more information they have and the more they can steal.

            This growing trend of smarter cards is definitely a security issue and something we all need to be aware of.  I’m even wondering if I will be able to call my card issues and ask for a “dummy” card instead of a “smart” card.  Seems like the “smart” cards are going to be far more trouble than they are worth.