Robert Siciliano

Loading...
    • Media Contact:
      Robert Siciliano
    • Member Type(s): Expert
    • Title:Identity Theft Expert
    • Organization:IDTheftSecurity.com
    • Area of Expertise:
    •  
    • Member:ProfNet

    To become a ProfNet premium member and receive requests from reporters looking for expert sources, click here.

    What Was Scary About Blackhat 2017?

    Wednesday, August 2, 2017, 11:24 AM [General]
    0 (0 Ratings)

    As you might know, at the end of July, all types of hackers came to Las Vegas to attend Blackhat 2017. During the conference, some pretty scary hacks were exposed, and we can all take this as a lesson on what we are up against in this technology-heavy world. Here are some of the scariest hacks we learned about during Blackhat 2017:

    Carwash Hijacking

    Nothing is safe from technology, and these days, carwashes are an unexpected target for hackers. It is perfectly possible that a car wash could be hacked, controlled remotely, and used to destroy vehicles. Scary.

    Hacking Cars

    Speaking of vehicles, it was also revealed how easy it is for a pro to hack automobiles. Just last year, Chinese hackers were successful in hacking a Tesla S. The hackers disabled the brakes, so Tesla updated security in its cars. However, recently, the car company was hacked again, showing that hackers always find a way.

    Oculus Headsets and Hoverboards

    Another scary hack participants learned about was that hackers can access hoverboards and the Oculus Rift headsets. These hacks could cause the devices to shake uncontrollably, bringing harm to those who are using them.

    Printer Hacking

    Michael Howard Chief Security Advisor of HP and painfully demonstrated that only 18% of IT security managers are concerned about printer security where as 90% are concerned about PC’s. That stat is one reason why ?92% of Forbes Global 2000 companies experienced a breach in 2016 which in part resulted in 4 billion records breached worldwide. According to the Ponemon Institute, 60% of data breaches reported by companies involve printers. Very scary.

    The Motivation of Adversaries

    We also learned that hackers wanting money, data, or intelligence aren’t their only motivation. More and more, they are motivated by the ability to manipulate people, to undermine democracy, and to wreak havoc for journalists and activists.

    Wind Hacking

    Wait, what? Participants at Blackhat 2017 also learned about how the bad guys are hacking the wind. Well, not actually the wind, but the systems that create wind energy. The main motivation here is money. Just one hacked turbine can cost anywhere from $10,000 to $30,000 per hour. That’s a lot of leverage for hackers who only need to hack a single turbine to demand ransom to set the turbine free.

    Hacker Masquerade

    Hackers are also using a savvy technique to hack phones. Chinese hackers are switching from targeting high tech LTE networks to slow 2G technology. This means, when our phone switch to a slower network, which happens if the signal isn’t strong, even if you have great security, your phone can still be hacked.

    Facebook Bounties

    These are some of the scariest hacks we saw at Blackhat 2017, but never fear, white hat hackers are on it. In fact, companies like Facebook are offering cash, up to $1 million, for developers who create software to keep users safe. OK, not scary. But good.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

    Black Hat 2017 was an Amazing Event

    Saturday, July 29, 2017, 11:44 AM [General]
    0 (0 Ratings)

    In July, more than 15,000 security pros, hackers, hobbyists, and researchers met in Las Vegas for the Black Hat Conference 2017 at Mandalay Bay in Las Vegas. This was the 20th year that the security conference was held, and both black and white hat hackers joined together to discuss security.

    For two decades, Black Hat has gained a reputation for demonstrations of some of the most cutting-edge research in information security as well as development and industry trends. The event has also had its share of controversy – sometimes enough to cause last-minute cancelations.

    Launched in 1997 as a single conference in Las Vegas, Black Hat has gone international with annual events in the U.S., Europe and Asia.

    Black Hat 2017 was almost a full week of everything having to do with IT security. There were hands-on training sessions, a full business hall where vendors gathered with swag and products, and of course, parties. I hit 5 parties in 3 nights. I’m totally spent.

    This is a conference that attracted some of the brightest people in the world of security, and has a reputation for bringing together all types of professionals and amateurs interested in hacking, security, or the latest in encryption.

    What’s interesting about Black Hat 2017 is that there is something for everyone. From hackers trying to hack hackers to remaining “off the grid,” you never know what you might find. In fact, most people who attended this conference decided to stay away from electronic communication all together. Let’s just say leaving devices in airplane mode, shutting off Wi-Fi, using VPNs, and always utilizing two-factor authentication for critical accounts is the norm during the conference for veteran attendees.

    One of the most popular parts of Black Hat 2017 was the briefing on business protection. It’s important to note that many companies have employees that simply don’t comply with security policies. Additionally, these policies aren’t governed enough, and it is costing millions. In her presentation Governance, Compliance and Security: Three Keys to Protecting Your Business, the speaker from HP, Sr Security Advisor, Dr. Kimberlee Brannock, during her 16-year tenure at HP, Dr. Kimberlee Brannock has used her extensive education and experience in compliance and governance to shape HP’s security standards. shared why it’s not always enough to secure business networks and why governance and compliance really matters. With 25 billion connect devices by 2020, maintaining proper network and data security compliance is an important concern for any business, as noncompliance costs businesses an average $9.5 million annually through fines, lost business and lawsuits.

    Another very popular briefing at Black Hat 2017 was Staying One Step Ahead of Evolving Threats demonstrated on average, an organization has more than 600 security alerts each week, and over 27,000 endpoints leading to 71% of data breaches starting from the endpoint.

    Most put in thousands of hours, and dollars, for that matter, on securing servers, laptops, and data centers, but many companies are ignoring other areas of security vulnerability. One of the best things about this briefing was that the leader, Michael Howard from HP, Chief Security Advisor, as Worldwide Security Practice Lead, Mr Howard is responsible for evolving the strategy for security solutions and services in Managed Services. He gave a lot of information on printer security, something that most businesses fail to address. He used real-world examples of how some of the most secure organizations are still lagging in their print security and share how he uses a proven framework to secure the print infrastructure.

    Overall, Black Hat 2017 was an eye-opening experience, and with the world of network security changing all of the time, all in attendance surely learned something new. I met a ton of very cool characters, partied hard, drank too much, ate too much, slept none and to keep my data secure, I’m considering moving off grid to a cave in the Outback of Australia.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

    Blackhat Hackers Love Office Printers

    Friday, July 28, 2017, 10:50 AM [General]
    0 (0 Ratings)

    The term, or in this case the word “blackhat” in tech generally refers to a criminal hacker. The opposite of black is white and a “whitehat” is a security professional. These terms originate from the “spaghetti western” movies when the bad guy cowboy wore a black hat and the law wore white hats. Fun huh?! Blackhat is also the name of the largest conference on the planet for information security. The conference itself is 20 years old and as Alex Stamos who is the CSO for Facebook and also Blackhat 2017’s keynote speaker said “Blackhat isn’t even old enough to drink” That statement reflects just how far we’ve come in information security and also how much more there is to do.

    One of the presentations at Blackhat discussed printer security called “Staying One Step Ahead of Evolving Threats” by Michael Howard Chief Security Advisor of HP and painfully demonstrated just how much more there is to do.

    Do you ever feel as if your office printer is dangerous? Most of us don’t. In fact, more than half of businesses don’t even bother adding printers to their security strategies. Mr Howard stated only 18% of IT security managers are concerned about printer security where as 90% are concerned about PC’s. That stat is one reason why ?92% of Forbes Global 2000 companies experienced a breach in 2016 which in part resulted in 4 billion records breached worldwide.

    Hackers know this, so office printers are the perfect target for them. Remember, printers are connected to the network, and if unprotected, they are easily hacked. According to the Ponemon Institute, 60% of data breaches reported by companies involve printers. So, why do hackers love printers? Here are a bunch of reasons:

    Networks are Vulnerable

    Even if you have a firewall, there are several devices that might be on a network that are access points to that network. When you don’t add your printer to your security plan, it becomes a welcome access point to hackers. Once they get in, the consequences could be terrible for a business.

    Hackers Can Get Useful Data

    The data that hackers can get from printers that are not protected is unencrypted. If one of your staff members sends sensitive information to the printer, yet it is unencrypted, the hackers can read it. Mr Howard shared how one universitys unsecured printers led to students hacking tests days before they were taken, giving the students a significant advantage. Do you really want your company’s data to be open like that? All hackers have to do is take it if the printer isn’t protected.

    They Know They Can Access Other Devices

    Hackers also love office printers because they know that once they are in, they can access other unprotected endpoints on the network. Mobile devices are an excellent example of this. It is quite challenging to secure access to all of these devices. The more devices that are connected to the network, the easier it is to access it.

    Information Leaks

    How many times have you printed something at the office and let it sit in the tray for a while? This happens often. Hackers know this, too, and they can essentially print anything once they have access to the printer and retrieve it at any time. This easily opens up the business to compliance issues.

    Finally, hackers love office printers because they get inside access. ?Once the printer is compromised, so is the rest of the network.

    • Change the printers default passwords.
    • All computing devices including printers need encryption.
    • Printer hard drives have lots of data. Destroy hard drives prior to recycling or reselling.
    • Printer firmware and software needs to be regularly patched and updated.
    • Use “fleet management” tools to ensure all of the companies devices are protected.

    When businesses implement security policies and procedures that directly address endpoints, including printers, they significantly reduce risk and maintain proper network and data security compliance.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

    ISPs invading Subscriber's Privacy

    Wednesday, July 26, 2017, 10:52 AM [General]
    0 (0 Ratings)

    It’s hard to keep track of the news of politics these days, and even if you can, how do you know it’s even real? The political landscape has greatly changed since January, and there have been a lot of laws passed that will affect us all, including the repeal of a law that protected your privacy on the internet. Basically, with this repeal, your internet service provider, or ISP, can sell your browsing history to anyone.

    If you use the internet, you will be affected by this law. Not only will this change allow your ISP sell your browsing history to the highest bidder, it could also make it easier than ever before to access information about your family, your finances, and your health. Your ISP can now sell this information to companies, and they don’t need your permission to do so.

    So, what does this mean for you? After all, you might not think it really matters that much. In simple terms, it means that your ISP can collect data about your browsing habits, create a record of this, and then sell it to advertisers. Think about your browsing history yesterday. If you want, open it up right now from your browser. One minute, you might have been buying dog food on Amazon, and then next, reading the latest news from the Kardashians. Regardless of if you want advertisers to know that you are a Kardashian fan, or not, to them, your data is a gold mine.

    Now, think about your browsing history over the past few weeks or months, and then consider that your ISP knows each and everything you have searched for. It knows about that weird smell coming from your laundry room that you checked out online, and it knows that you have listened to that catchy new pop song a few times. It also knows your deepest worries, your sexual preferences, your political leanings, and what you are feeding your family. This information is invaluable to advertisers, but do you really want it getting out?

    Luckily, you have options, one of which is called a VPN, or Virtual Private Network, which will encrypt data. Some of these, such as Hotspot Shield VPN, a client, is a good option. Also, start paying attention to those cookies and delete them.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

    Protect Your Mobile from Hackers

    Wednesday, July 19, 2017, 11:24 AM [General]
    0 (0 Ratings)

    If you are like most of us, you probably have a password, antivirus program, and a firewall for your home computer to protect it from hackers. Are you doing the same thing for your phone?

    From 2015 to 2016 malware infections on smartphones swelled by 96%, and about 71% of the smartphones out there do not have any software at all to protect them. What does that mean for you? It means the odds are against you when it comes to getting your phone hacked. Luckily, there are some things you can do to protect your mobile phone from hackers:

    • Update Your Operating System – Many people skip updates for some reason. Don’t put it off. Most of these updates contain security fixes that your old operating system didn’t have.
    • Put a Lock On It – If your phone doesn’t have a passcode on it, it’s like leaving the front door of your home open for burglars. Hackers will get in; it’s just a matter of time. If you can, use a biometric method, like a swipe or finger tap. In addition, set up a good passcode. Make sure it’s totally unique and nothing a hacker can guess, like your address or birthday.
    • Use Caution with Public Wi-Fi – Public Wi-Fi is great, in theory, but it can also be dangerous, as it is very easy for hackers to access your info. It’s usually pretty safe to use a public Wi-Fi connection for things like catching up on the news or watching a movie, but don’t put any personal information into your device such as your banking password or credit card number.
    • Check Up On Your Apps – Hackers often use phone apps to access data. So, to make sure you are really safe, make sure to delete any apps that you aren’t using regularly. An outdated app can be dangerous, too, so make sure to always update when one is available. Also, only download apps from reputable sources like Google Play and iTunes.
    • Use a VPN – Finally, use a VPN, or virtual private network. This will encrypt your information when you use it over a public network. They are free or cheap, usually $5 to $30, and that small investment is definitely worth it for your safety.

    Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.


    Page 1 of 44  •  1 2 3 4 5 6 ... 44 Next