After two years of studying lunches and weekend/evening schoolwork I have completed my Masters degree program in Cybersecurity.
I thought I would take this time to reflect on what the college did correct and what they did incorrect as far as presentation. Being in the security field, I wasn't interested in a typical MIS or MBA. I wanted something relevant to my field, instructed by people who worked in the industry. One of the difficult aspects of computer and network security, a profession in its infancy, is the lack of precise standards. In other professions you know your role, i.e. in accounting you have to balance, in engineering you develop and simplify. mathematicians formulate and solve complex problems. Security is akin to MacGyver defeating terrorists with a shoe lace, gum, lye, and an oscillating fan.
I was pretty surprised to find degrees focused on security. There's a simple reason for this, technology is constantly changing. New vulnerabilities are discovered hourly, and often times it wouldn't make much sense to base curriculum off of the ever-changing world of security. If that were completely the case, however, all IT degrees would be worthless. We would have to prove our industry knowledge in certifications only, and reserve degrees for historians or other static professions.
I attempted to see what Sac State and Chico had to offer in the way of security degrees. The only programs I found at the time were generalized. My next step was to check for distance education. Holding a degree from University of Phoenix, I'm not a stranger to distance-based education, nor the stigma of being a distance education degree holder. I've always been into the current and developing methods of technological delivery including social networks. (My original ICQ number was in the thousands). I attended one of the first on-line courses that Phoenix had to offer, and determined two things that made me successful with this type of education.
1. You get out of the degree what you put into it. Yes, I found ways that I could be a completely lazy student and still manage to pass. However, this is no different than when I went to Jr. College. I immediately could tell the different between students that were interested in learning to succeed in life, and those doing the bare minimum just to pass. On one hand, I was frustrated to know that people carrying the same degree as I, hadn't put in the type of effort it should take to carry the degree. On the other hand, I reported the shortcomings to the program directors, and often times they would respond immediately with their thanks and change the systems. I've tried this in the past with brick and mortar, best I could get was to talk to a secretary who put my ideas on a post-it and conveniently filed it in the trash can as soon as I was out the door.
2. I paralleled my education with work experience. The biggest benefit that I received from distance education was the ability to work full-time in career positions while attending school. I was able to apply what I learned in class to my job, and it further solidified my education. I was living what most people only learned about in classrooms, and had a more OTJ engineering experience than years that most engineers spent in college.
So what did University of Virginia do right? Study materials were included with tuition. Often times it is a nightmare to figure out the real expense of college. All of my materials and outside reference was an incurred expense above and beyond tuition. It makes it extremely hard to budget. Back when I attended law school, I paid a huge tuition and then even more money for books. VCO provided all books and on-line services paid with tuition.
A few gem classes, a few gem instructors. One thing that caught my eye about VCO is that the instructors had real-world experience and weren't just career professors. I had hoped that there would be more people from government agencies, because unfortunately it appeared that most of the instructors were just experienced with private entities.
Pretty consistent curriculum. The curriculum paralleled with the CBK aka 10 domains of the CISSP Certification Exam. There were some interesting courses thrown in such as Criminal Law and profiling, so it wasn't completely technical. I enjoyed these out of bounds courses, and it helped give me a broad view of many aspects of professional security.
What VCO did wrong:
For roughly 75% of the courses, I had the same instructor. This concerned me because I know in security you cannot possibly be an expert in everything. It was apparent that in a few of these classes that the instructor knew quite a bit for one class, but was merely a facilitator for others. Having different and experienced instructor for each course would have made me feel better about the quality of learning that I received. The experience wasn't as negative as it seems, whenever I had a complex answer the Internet was at my fingertips. One of the things about a Master's program is that by now people should be educated enough to do their own research and come to their own conclusions. Back to rule 1 above, you get what you put in.
Interactive training was reserved for my last class. There were no network simulators, we weren't exposed to vulnerability assessment tools, and no labs. For classes like forensics, this type of hands-on approach is the difference between someone with real experience and book smarts. Thankfully I was already a security specialist and could apply what I learned at work. But for others, this might be a big con for you.
The community within VCO was pretty bland. You would expect people leaning towards a Master's degree would be fairly animated about their courses. For every one person who would participate in discussions, there were seven people who had horrendous spelling, one-liners, or add to the discussion with suggestions that were completely impractical and against best practices. I labeled these people as those who just don't get "IT". I am glad that I put effort into my discussions and work, even though it seemed like much of it went over people's heads or unacknowledged.
I am glad that I went through the course, and will hang my degree proudly on my wall. It was a good experience for the most part, and I'm better for having gone through it. So I pat myself on the back, and look forward to keeping networks secure for our future.
7/17/09
4/30/09
Scam Alert - Swine Flu
Leave it to scammers to pick up on the latest disaster to incite fear amongst people. As a courtesy to Bad Astronomy I will upload the image here that he has on their site. Please send word to everyone, there is no homeopathic cure for swine flu!
3/23/09
Fake text messages
I've you've begun to start understanding the world of the smartphone, some of its features may often times go overlooked depending on what type of a phone user you are. These days phones come equipped with SMS, which stands for Short Message Service. Otherwise known as "texting" or often times talked about as text messages. Since I personally own an iPhone, it's not often I'll find myself using SMS. It's just one of those features I'm not that in to, since I can usually communicate with my friends via Instant Messaging. So I was surprised that I received a cryptic message from AT&T about account information.
I found out later that the text was a scam to try and get people to respond and provide personal information. Whenever you get something out of the ordinary, never go with your first impulse just to respond and provide more info. Instead contact your cell phone carrier directly and question them on it. It is important that you use a number off of your billing statements, and not any contact information provided in the message itself. There is just no telling whether the information is accurate.
I found out later that the text was a scam to try and get people to respond and provide personal information. Whenever you get something out of the ordinary, never go with your first impulse just to respond and provide more info. Instead contact your cell phone carrier directly and question them on it. It is important that you use a number off of your billing statements, and not any contact information provided in the message itself. There is just no telling whether the information is accurate.
3/11/09
Falling behind in cyber warfare
I came across an interesting article today: The Battle Over Cybersecurity
It talks about the arguments that NSA and Department of Homeland defense have about taking on Cybersecurity. The term cybersecurity is an interesting term, and as discussed in the article really deals with protecting against cyber-terrorism. There are currently organized crime rings in China and Russia dedicated to taking down America's financial sense of well-being by attacking various points of interest that we've come to rely on now that our monetary system is virtually paperless. Sadly these two countries are leaps and bounds ahead of us when it comes to experience and methods of intrusion.
The major problem we currently have is a resource problem. Investigations are being processed by local agencies, state agencies, and federal agencies. The problem with local agencies is that often these crime are committed by people overseas utilizing compromised systems as hosts. Everyone out there who has malware installed on their computers had directly contributed to terrorism. On a Federal level, the agencies continue to fight for jurisdiction and each may hold a piece of the puzzle without communicating with other levels. This is a huge weakness within the system. The less people communicate, the easier it is for criminal computer hackers to get away with their activities. The crime rings are organized and often with the backing of the government that protects them, in order to succeed in security we too must be organized and cooperative with all agencies. From the local police who may not have technology resources to conduct proper forensics, all the way up to the level of FBI/NSA/DoHD/DoD.
If we know it: Government Needs to Get Its Cybersecurity In gear
The criminals definitely know it.
It talks about the arguments that NSA and Department of Homeland defense have about taking on Cybersecurity. The term cybersecurity is an interesting term, and as discussed in the article really deals with protecting against cyber-terrorism. There are currently organized crime rings in China and Russia dedicated to taking down America's financial sense of well-being by attacking various points of interest that we've come to rely on now that our monetary system is virtually paperless. Sadly these two countries are leaps and bounds ahead of us when it comes to experience and methods of intrusion.
The major problem we currently have is a resource problem. Investigations are being processed by local agencies, state agencies, and federal agencies. The problem with local agencies is that often these crime are committed by people overseas utilizing compromised systems as hosts. Everyone out there who has malware installed on their computers had directly contributed to terrorism. On a Federal level, the agencies continue to fight for jurisdiction and each may hold a piece of the puzzle without communicating with other levels. This is a huge weakness within the system. The less people communicate, the easier it is for criminal computer hackers to get away with their activities. The crime rings are organized and often with the backing of the government that protects them, in order to succeed in security we too must be organized and cooperative with all agencies. From the local police who may not have technology resources to conduct proper forensics, all the way up to the level of FBI/NSA/DoHD/DoD.
If we know it: Government Needs to Get Its Cybersecurity In gear
The criminals definitely know it.
1/27/09
How not to lose your shirt on craigslist (Unless you're selling it)
With these hard economic times it makes sense that more people are looking to sell items on Craig's list or other online yard-sale or auction sites. For the most part you are safe so long as you observe a few of the following safety tips.
A person may try to contact you with the following scam: "Hey I noticed you are selling yyyy item, the crazy thing is that I have a cashier's check but it's $100 more than what you're asking for. If you're willing to cash the check, and give me the remaining amount I would be glad to buy your item."
The cashier's check is counterfeit, and by the time the bank figures this out you are out the $100 deposit, the item you were selling, and the amount that you paid to the scammer.
Tip: When selling from Craig's List or other classified advertisement, deal in cash only unless it is absolutely someone you trust. Cashier's checks cost about $2 - $5 there's no reason why a person could not cut a check for the exact amount. Even then, you should arrange for the check to clear (Up to three weeks) before giving your item over to the buyer. Cash is always better.
Ebay: a few days before your auction ends you receive an email "I will be willing to pay you double what you are asking if you close the auction and use a different pay site to purchase your auction. This can also work in reverse where you bid on an item and the person offers to end the auction early if you use a different pay site. Paypal insures your purchases against fraud, if you use a different payment site you could very well be out of your item and your money.
Tip: Always pay or collect payment via trusted and guaranteed methods. Check your credit card terms to see how much they restore if you are the target of fraud. The major credit card companies give 100% back with a few conditions. If you pay with a regular debit card, you may lose out. If you fear you are the target of a fraudulent purchase, don't hesitate to contact your credit card company. The sooner you catch it, the faster the process goes. I've personally been through the process three times.
A person may try to contact you with the following scam: "Hey I noticed you are selling yyyy item, the crazy thing is that I have a cashier's check but it's $100 more than what you're asking for. If you're willing to cash the check, and give me the remaining amount I would be glad to buy your item."
The cashier's check is counterfeit, and by the time the bank figures this out you are out the $100 deposit, the item you were selling, and the amount that you paid to the scammer.
Tip: When selling from Craig's List or other classified advertisement, deal in cash only unless it is absolutely someone you trust. Cashier's checks cost about $2 - $5 there's no reason why a person could not cut a check for the exact amount. Even then, you should arrange for the check to clear (Up to three weeks) before giving your item over to the buyer. Cash is always better.
Ebay: a few days before your auction ends you receive an email "I will be willing to pay you double what you are asking if you close the auction and use a different pay site to purchase your auction. This can also work in reverse where you bid on an item and the person offers to end the auction early if you use a different pay site. Paypal insures your purchases against fraud, if you use a different payment site you could very well be out of your item and your money.
Tip: Always pay or collect payment via trusted and guaranteed methods. Check your credit card terms to see how much they restore if you are the target of fraud. The major credit card companies give 100% back with a few conditions. If you pay with a regular debit card, you may lose out. If you fear you are the target of a fraudulent purchase, don't hesitate to contact your credit card company. The sooner you catch it, the faster the process goes. I've personally been through the process three times.
Yet another Phishing alert
NCUA brings us news that there are scammers out there trying to take advantage of Instability concerns of the Federal Reserve(PDF). Ignore any NCUA / FED official looking letters, they apparently contain links that will attempt to install malware on your system. Remember to share this information with your friends.
1/26/09
Social engineering attacks in full-force 2009
2009 may very well become known as the year of fraud. Within only the last month we've watched as big name twitter accounts were compromised, recent worm attack, and any number of phishing attempts.
I say this not to scare you, just to recommend that everyone keep their SINRR tuned up and ready.
How do you prevent these recent attacks?
Knowledge is power. Make sure that your systems have the latest updates to protect from worm vulnerabilities. I know this isn't a catch-all, but you'd be surprised at how much damage control this helps with when a new worm springs up.
Keep an ear to various news sites. I personally go to about three or four consumer related security sites on a weekly basis. I was alerted to the NCUA scam by a co-worker, and from time to time I pass important information to colleagues just to keep them in the know.
If you click a link and it asks for you to log in, double-check the link at the top of your browser. Phishing starts with the redirection of your personal information to a place you don't want it to go. Always double-check your urls to make sure you aren't somewhere than where you expect to be. Especially if you've already logged in, and are once again being asked for a password.
When in doubt, don't give your information out. Ask yourself whether or not convenience is worth the time and expense it takes to recover your identity.
I say this not to scare you, just to recommend that everyone keep their SINRR tuned up and ready.
How do you prevent these recent attacks?
Knowledge is power. Make sure that your systems have the latest updates to protect from worm vulnerabilities. I know this isn't a catch-all, but you'd be surprised at how much damage control this helps with when a new worm springs up.
Keep an ear to various news sites. I personally go to about three or four consumer related security sites on a weekly basis. I was alerted to the NCUA scam by a co-worker, and from time to time I pass important information to colleagues just to keep them in the know.
If you click a link and it asks for you to log in, double-check the link at the top of your browser. Phishing starts with the redirection of your personal information to a place you don't want it to go. Always double-check your urls to make sure you aren't somewhere than where you expect to be. Especially if you've already logged in, and are once again being asked for a password.
When in doubt, don't give your information out. Ask yourself whether or not convenience is worth the time and expense it takes to recover your identity.
1/21/09
Large scale credit card attack exposed
As many of you may have heard by now, Heartland Payment Systems has released news that it ha been the target of an attack in 2008. What does this really mean to a regular person? A payment processor is a company that works as a middle-man between credit card transactions and financial institutions. When you swipe your card at a restaurant it likely goes through a third party validation process before Visa or the debit card companies collect the money from your account for the transaction. It is basically the person who says "Hi there, this person wants to give money for this item/service, let's make a deal!" what that also means is that a large volume of credit card information gets sent to Heartland's servers for processing.
Software targeted specifically to lift magnetic stripe data made its way into their transaction servers and began to send this data to a third party. Because proper reporting mechanisms weren't in place, the company had no idea this information was being beamed to another location. As such, it is estimated that 100 million transactions have been lifted. This is quite a bit more than the estimated 94 million accounts compromised by TJX.
Should you be worried? Luckily track data on credit cards doesn't give out much information. Really the only thing that is on your magnetic stripe is the account number and some other bits of information processors need to create a transaction. Essentially they can duplicate your credit card. What they don't have is your PIN, the verification code on the back of the card, or any personal information more than your name and possibly address.
Your course of action? Watch your purchase statements closely on any of your credit/debit cards. If you see transactions you didn't authorize call your bank/credit card company and have them freeze your account immediately. If a transaction from your card number was logged, Heartland is likely notifying your issuer and you may see a new card created in the near future.
Often times these card numbers are sold, and it could be months before someone even attempts to pull money from the account. A new card issued to you, will remedy the situation.
Software targeted specifically to lift magnetic stripe data made its way into their transaction servers and began to send this data to a third party. Because proper reporting mechanisms weren't in place, the company had no idea this information was being beamed to another location. As such, it is estimated that 100 million transactions have been lifted. This is quite a bit more than the estimated 94 million accounts compromised by TJX.
Should you be worried? Luckily track data on credit cards doesn't give out much information. Really the only thing that is on your magnetic stripe is the account number and some other bits of information processors need to create a transaction. Essentially they can duplicate your credit card. What they don't have is your PIN, the verification code on the back of the card, or any personal information more than your name and possibly address.
Your course of action? Watch your purchase statements closely on any of your credit/debit cards. If you see transactions you didn't authorize call your bank/credit card company and have them freeze your account immediately. If a transaction from your card number was logged, Heartland is likely notifying your issuer and you may see a new card created in the near future.
Often times these card numbers are sold, and it could be months before someone even attempts to pull money from the account. A new card issued to you, will remedy the situation.
1/6/09
30 Minute Security -- Phishing
Phishing has been around for quite some time now. I don't have a lead on the early history of phishing, but academically I'm sure I'll learn where it originated just to have an anecdote to talk about in class. Phishing is the use of social engineering paired with technology in its simplest form.
The Con:
It's 7:30am and you log on to your email for the first time in the morning. Your head is fuzzy from all the partying you did the night before and the screen comes to you in a blur. You see a new e-mail from your bank marked urgent and all caps IMPORTANT NOTICE ABOUT YOUR ACCOUNT! This very authentic email notifies you that your bank has closed your account due to a security incident. You are shocked and immediately click the link on the web site or call the number. You are so distraught about your account (I have to go grocery shopping, I need the co-pay for my medical today, I have bills to pay!) that you don't notice that the redirected web page takes you to an unrelated site, or the shady foreign accent you hear over the phone (most call centers are outsourced anyway right?). In order to "authenticate" you, they ask for your SSN, Address, Mother's Maiden name, credit card number, pin, ID number from the back of your card.
"Thank you sir, your account has been reactivated." is all you hear, or when you click submit to the page, perhaps you get a 404 not found error. You've just had your identity stolen.
How it works:
This type of social engineering attempt plays on your fears of change and hectic lifestyle. There is nothing more inconvenient than all your finances screeching to a halt, and not having access to your money. This is exactly the atmosphere the fraudster wants to create. You bypass some level of logic when you are in panic mode, and don't stop to verify the telephone number or web site address before entering your information in order to get your money back.
How to fight this con:
When you see an E-mail message that disturbs you to this extent, sit back from your computer and first take a deep breath. The important part of determining if an email is legitimate is taking a few steps before acting on instinct.
Step 1: Is it even a bank account you have? Phishers send out a massive email to a list of people that they've culled online. Many of these e-mails tend to target public entities because email addresses are posted on the public web site. If your address exists somewhere on the WWW, it's safe to say it will be farmed and you will be targeted by emails like these until the end of time. If it's not even a bank you have an account under, that's the first clue that the email is a scam.
Step 2: If it is your bank, ask yourself why an e-mail was their first communication to you. Something as serious as an account closure will usually warrant a phone call, a letter via postal service, and possibly not even a notification until you use your card, find it expired, and you are forced to contact the bank on your own. You should never call or click links provided in emails that ask for personal information. Instead use the 1-800 number on the back of the card, or use the contact information provided by the bank when you open your account.
Step 3: Don't give out all your information unless you are positive you are talking to the correct people. All companies will have to verify that you are who you say you are, but usually they won't ask you for super sensitive information. Perhaps last four of your social, or secret questions you set up when you created your account. One good verification question, is how much you paid on your last monthly statement. A legitimate place should never ask you for your full information.
The big thing in this situation is not to act on impulse. Step back from the situation and ask yourself how you can shape it to what feels comfortable to you.
The Con:
It's 7:30am and you log on to your email for the first time in the morning. Your head is fuzzy from all the partying you did the night before and the screen comes to you in a blur. You see a new e-mail from your bank marked urgent and all caps IMPORTANT NOTICE ABOUT YOUR ACCOUNT! This very authentic email notifies you that your bank has closed your account due to a security incident. You are shocked and immediately click the link on the web site or call the number. You are so distraught about your account (I have to go grocery shopping, I need the co-pay for my medical today, I have bills to pay!) that you don't notice that the redirected web page takes you to an unrelated site, or the shady foreign accent you hear over the phone (most call centers are outsourced anyway right?). In order to "authenticate" you, they ask for your SSN, Address, Mother's Maiden name, credit card number, pin, ID number from the back of your card.
"Thank you sir, your account has been reactivated." is all you hear, or when you click submit to the page, perhaps you get a 404 not found error. You've just had your identity stolen.
How it works:
This type of social engineering attempt plays on your fears of change and hectic lifestyle. There is nothing more inconvenient than all your finances screeching to a halt, and not having access to your money. This is exactly the atmosphere the fraudster wants to create. You bypass some level of logic when you are in panic mode, and don't stop to verify the telephone number or web site address before entering your information in order to get your money back.
How to fight this con:
When you see an E-mail message that disturbs you to this extent, sit back from your computer and first take a deep breath. The important part of determining if an email is legitimate is taking a few steps before acting on instinct.
Step 1: Is it even a bank account you have? Phishers send out a massive email to a list of people that they've culled online. Many of these e-mails tend to target public entities because email addresses are posted on the public web site. If your address exists somewhere on the WWW, it's safe to say it will be farmed and you will be targeted by emails like these until the end of time. If it's not even a bank you have an account under, that's the first clue that the email is a scam.
Step 2: If it is your bank, ask yourself why an e-mail was their first communication to you. Something as serious as an account closure will usually warrant a phone call, a letter via postal service, and possibly not even a notification until you use your card, find it expired, and you are forced to contact the bank on your own. You should never call or click links provided in emails that ask for personal information. Instead use the 1-800 number on the back of the card, or use the contact information provided by the bank when you open your account.
Step 3: Don't give out all your information unless you are positive you are talking to the correct people. All companies will have to verify that you are who you say you are, but usually they won't ask you for super sensitive information. Perhaps last four of your social, or secret questions you set up when you created your account. One good verification question, is how much you paid on your last monthly statement. A legitimate place should never ask you for your full information.
The big thing in this situation is not to act on impulse. Step back from the situation and ask yourself how you can shape it to what feels comfortable to you.
1/1/09
Good guys vs. Bad guys
I came across a really good read this morning as I browsed through my Wired magazine. The article itself is pretty long, and filled with the kind of stuff that keeps a security guy awake at night. I read the article and proceeded to take my first "strive to lose some weight for New Years" walk, with the story fresh in my mind and I began to mix pieces of the article around to determine what was eating at me, and what I wanted to get out of reading the story. Ultimately I thought about how the guy in the article, Max Butler started out making $100/hr helping companies secure their networks.
I've always viewed computer security along the same lines as a serial killer profiler. In order to be a hacker, you ultimately have to think like a hacker. This includes using the same tools and methodologies of hacking. Now I'm not saying that FBI profilers go around killing people, but you really have to climb into the mind of a criminal to understand how and why they do what they do.
Ever since I stumbled on fraud prevention I knew that helping protect people is what I wanted to do. So I am drawn to these articles that make you toss and turn at night wondering if your finances are safe. Here we have an example of a person who found computer security interesting, but moved over to the dark side. The article dives a bit into the psychology of the guy, so maybe something about the environment that he was raised in caused him to bridge the gap between security and felony.
While walking I visualized my path along side Max Butler's path. I could see two parallel roads that we both walk. Making sure things are safe and secure. As I approach the white picket fence of completion, there's no urge to jump over the roadblock and break into the house at the end of the road. The good guys and bad guys follow the same path, but the major difference is that the good guys are content with the destination and results. Whereas with the bad guys there's always more to push, further to go.
Does jail time really work as a deterrent from fraud? It's hard to say. I've had many bad days at work where I've thought that the total lack of responsibilities in jail would seem like a vacation. Granted it's not the best environment, I'd stick out like a sore thumb, and I'm sure the food is terrible. But for us people who are constantly on alert and questioning other people's motives and actions, breaking away for a chunk of years would feel like a vacation. Once again to use the serial killer metaphor again, deep down inside there's a need to be caught and punished for their actions.
I enjoyed the article and it was fun to work it around in my mind a bit to help me understand the bad guy vs. good guy scene. Interestingly enough, the more I learn the better I can help others protect themselves. It's a crazy world we live in.
Have a happy and fraud-free New Year, with the economy the way it is cyber crime is going to reach record highs. It's all about making sure you aren't a low hanging fruit.
I've always viewed computer security along the same lines as a serial killer profiler. In order to be a hacker, you ultimately have to think like a hacker. This includes using the same tools and methodologies of hacking. Now I'm not saying that FBI profilers go around killing people, but you really have to climb into the mind of a criminal to understand how and why they do what they do.
Ever since I stumbled on fraud prevention I knew that helping protect people is what I wanted to do. So I am drawn to these articles that make you toss and turn at night wondering if your finances are safe. Here we have an example of a person who found computer security interesting, but moved over to the dark side. The article dives a bit into the psychology of the guy, so maybe something about the environment that he was raised in caused him to bridge the gap between security and felony.
While walking I visualized my path along side Max Butler's path. I could see two parallel roads that we both walk. Making sure things are safe and secure. As I approach the white picket fence of completion, there's no urge to jump over the roadblock and break into the house at the end of the road. The good guys and bad guys follow the same path, but the major difference is that the good guys are content with the destination and results. Whereas with the bad guys there's always more to push, further to go.
Does jail time really work as a deterrent from fraud? It's hard to say. I've had many bad days at work where I've thought that the total lack of responsibilities in jail would seem like a vacation. Granted it's not the best environment, I'd stick out like a sore thumb, and I'm sure the food is terrible. But for us people who are constantly on alert and questioning other people's motives and actions, breaking away for a chunk of years would feel like a vacation. Once again to use the serial killer metaphor again, deep down inside there's a need to be caught and punished for their actions.
I enjoyed the article and it was fun to work it around in my mind a bit to help me understand the bad guy vs. good guy scene. Interestingly enough, the more I learn the better I can help others protect themselves. It's a crazy world we live in.
Have a happy and fraud-free New Year, with the economy the way it is cyber crime is going to reach record highs. It's all about making sure you aren't a low hanging fruit.
Subscribe to:
Posts (Atom)