SYS-CON MEDIA Authors: Pat Romanski, Elizabeth White, Liz McMillan, Zakia Bouachraoui, Yeshim Deniz

Blog Feed Post

Personal Devices Security lessons learned from my mistakes

A broad metal chain made of torus-shaped links
Source: Wikipedia

9 years ago I wrote a post titled: The Chain is as Strong as the Weakest Link in the Chain.
Based on my experience in a Penetration Test, I argued that human beings are the weakest link. 

Many employees Security awareness is insufficient. Few employees are even motivated to breach Security.  

As far as the home computing or the consumers computing is concerned, there is even less Security Awareness than in organizations.

I am a Security and Risk Management expert, therefore I should be aware of Cyber and Security threats and I should refrain from being damage by these threats. 
I am certainly aware of them, however I failed twice by ignoring a potential threat.

This post is about lessons learned from my Security protection failures. 

I love you - I hate you
Many years ago I received an e-mail message from a friend. My friend is an IT expert, who participated in a Security Software product development.

I did not suspect that the link I Love you will install a worm in my PC. I opened the link and the worm changed my Windows Registry file. 

It duplicated itself as part of e-mail messages that was sent to all the people included in my address book.
I was aware of the problem shortly after my careless mistake. 
A young guy whose girlfriend decided to end their relationship coded a worm using Windows Visual Basic Script and spread it.
The worm was named I Love you.

Cleaning my computer from I love you

1. I warned all my e-mail connection not to open the message.

2. I checked that I have an updated backup file.

3. I found and executed a program named "I Hate you" which was documented as a cure for "I Love you". 

4. Few months later I discovered that the worm was not moved from JPEG files. Anytime I tried to open a JPEG file the worm was send by e-mail to all my connections.

5. I found another solution to the problem by searching the Web.
The new solution was not automatic. I had to clean the System and the Registry systematically step by step.


The Facebook Bear is a Worm
Recently I received few Facebook messages from a Facebook friend. 
My Facebook friend is a Computers expert. The messages were part of a discussion on Bridge, however, a link to a video was included.

I pressed the link showing a bear which surely does not play Bridge.
The video was a Facebook Worm. All my Facebook friends received immediately a message from me including the Worm.

Cleaning my computer from The Facebook Bear

1. I warned all my Facebook friends by writing on my timeline that I was infected by a worm and they should not press the hyperlink included in the message sent by the worm and not by me.

2. I closed Facebook and open it again and Facebook notified me that a Trend Micro Security program is automatically checking and cleaning my Facebook application and data. 
The program corrected the Security problem.

3. I deleted the infected message.

Analysis and Conclusions
In both cases I lowered my Security awareness because the sender was an Information Technology expert and because the sender is a friend of mine who sends many messages.

Quick identification of a Security breach was a key in solving the problem.

Lesson Learned

1. Always be alert and ready to identify Security threats.

2. Suspicious hyperlinks are suspicious hyperlinks. It does not matter who the message sender is.

3. In most cases it is possible to solve a Security problem, but quick problem identification is a must.

4. Notify all your connections about possible messages sent from your computer by worms. Tell them to ignore the message and to scratch it without reading it.

5. Do not postpone worms and viruses removal. As soon as you discover the problem stop working and try to fix the problem.

5. Full problem correction is a must.

     

Read the original blog entry...

More Stories By Avi Rosenthal

Ari has over 30 years of experience in IT across a wide variety of technology platforms, including application development, technology selection, application and infrastructure strategies, system design, middleware and transaction management technologies and security.

Positions held include CTO for one of the largest software houses in Israel as well as the CTO position for one of the largest ministries of the Israeli government.

Latest Stories
Founded in 2002 and headquartered in Chicago, Nexum® takes a comprehensive approach to security. Nexum approaches business with one simple statement: “Do what’s right for the customer and success will follow.” Nexum helps you mitigate risks, protect your data, increase business continuity and meet your unique business objectives by: Detecting and preventing network threats, intrusions and disruptions Equipping you with the information, tools, training and resources you need to effectively m...
The vast majority of businesses now use cloud services, yet many still struggle with realizing the full potential of their IT investments. In particular, small and medium-sized businesses (SMBs) lack the internal IT staff and expertise to fully move to and manage workloads in public cloud environments. Speaker Todd Schwartz will help session attendees better navigate the complex cloud market and maximize their technical investments. The SkyKick co-founder and co-CEO will share the biggest challe...
Despite being the market leader, we recognized the need to transform and reinvent our business at Dynatrace, before someone else disrupted the market. Over the course of three years, we changed everything - our technology, our culture and our brand image. In this session we'll discuss how we navigated through our own innovator's dilemma, and share takeaways from our experience that you can apply to your own organization.
All in Mobile is a mobile app agency that helps enterprise companies and next generation startups build the future of digital. We offer mobile development and design for smartphones, tablets and wearables. Our projects cover the latest and most innovative technologies - voice assistants, AI, AR/VR and more. We excel at solutions for sports, fintech and retail industries.
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
Nutanix has been named "Platinum Sponsor" of CloudEXPO | DevOpsSUMMIT | DXWorldEXPO New York, which will take place November 12-13, 2018 in New York City. Nutanix makes infrastructure invisible, elevating IT to focus on the applications and services that power their business. The Nutanix Enterprise Cloud Platform blends web-scale engineering and consumer-grade design to natively converge server, storage, virtualization and networking into a resilient, software-defined solution with rich machine ...
ICC is a computer systems integrator and server manufacturing company focused on developing products and product appliances to meet a wide range of computational needs for many industries. Their solutions provide benefits across many environments, such as datacenter deployment, HPC, workstations, storage networks and standalone server installations. ICC has been in business for over 23 years and their phenomenal range of clients include multinational corporations, universities, and small busines...
"DevOps is set to be one of the most profound disruptions to hit IT in decades," said Andi Mann. "It is a natural extension of cloud computing, and I have seen both firsthand and in independent research the fantastic results DevOps delivers. So I am excited to help the great team at @DevOpsSUMMIT and CloudEXPO tell the world how they can leverage this emerging disruptive trend."
DXWorldEXPO LLC announced today that Nutanix has been named "Platinum Sponsor" of CloudEXPO | DevOpsSUMMIT | DXWorldEXPO New York, which will take place November 12-13, 2018 in New York City. Nutanix makes infrastructure invisible, elevating IT to focus on the applications and services that power their business. The Nutanix Enterprise Cloud Platform blends web-scale engineering and consumer-grade design to natively converge server, storage, virtualization and networking into a resilient, softwar...
Digital transformation is about embracing digital technologies into a company's culture to better connect with its customers, automate processes, create better tools, enter new markets, etc. Such a transformation requires continuous orchestration across teams and an environment based on open collaboration and daily experiments. In his session at 21st Cloud Expo, Alex Casalboni, Technical (Cloud) Evangelist at Cloud Academy, explored and discussed the most urgent unsolved challenges to achieve fu...
Wasabi is the hot cloud storage company delivering low-cost, fast, and reliable cloud storage. Wasabi is 80% cheaper and 6x faster than Amazon S3, with 100% data immutability protection and no data egress fees. Created by Carbonite co-founders and cloud storage pioneers David Friend and Jeff Flowers, Wasabi is on a mission to commoditize the storage industry. Wasabi is a privately held company based in Boston, MA. Follow and connect with Wasabi on Twitter, Facebook, Instagram and the Wasabi blog...
Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism across F5's entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations, in addition to network and systems administration expertise. Prior to joining F5, MacVittie was an award-winning technology editor at Network Computing Magazine where she evaluated and tested application-focused technologies including app secu...
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO Silicon Valley 2019 will cover all of these tools, with the most comprehensive program and with 222 rockstar speakers throughout our industry presenting 22 Keynotes and General Sessions, 250 Breakout Sessions along 10 Tracks, as well as our signature Power Panels. Our Expo Floor will bring together the leading global 200 companies throughout the world of Cloud Computing, DevOps, IoT, Smart Cities, FinTech, Digital Transformation, and all they entail. As ...
Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures. Offering private, hybrid, and public cloud solutions, Atmosera works closely with customers to engineer, deploy, and operate cloud architectures with advanced services that deliver strategic business outcomes. Atmosera's expertise simplifies the process of cloud transformation and our 20+ years of experience managing complex IT environments provides our customers with the confidence and trust tha...
Only Adobe gives everyone - from emerging artists to global brands - everything they need to design and deliver exceptional digital experiences. Adobe Systems Incorporated develops, markets, and supports computer software products and technologies. The Company's products allow users to express and use information across all print and electronic media. The Company's Digital Media segment provides tools and solutions that enable individuals, small and medium businesses and enterprises to cre...