Eric Rzeszut - 10 Donts on Your Digital Devices: The Non-Techies Survival Guide to Cyber Security and Privacy
Here you can read online Eric Rzeszut - 10 Donts on Your Digital Devices: The Non-Techies Survival Guide to Cyber Security and Privacy full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2014, publisher: Apress, genre: Politics. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:
Romance novel
Science fiction
Adventure
Detective
Science
History
Home and family
Prose
Art
Politics
Computer
Non-fiction
Religion
Business
Children
Humor
Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.
- Book:10 Donts on Your Digital Devices: The Non-Techies Survival Guide to Cyber Security and Privacy
- Author:
- Publisher:Apress
- Genre:
- Year:2014
- Rating:3 / 5
- Favourites:Add to favourites
- Your mark:
10 Donts on Your Digital Devices: The Non-Techies Survival Guide to Cyber Security and Privacy: summary, description and annotation
We offer to read an annotation, description, summary or preface (depends on what the author of the book "10 Donts on Your Digital Devices: The Non-Techies Survival Guide to Cyber Security and Privacy" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.
In nontechnical language and engaging style, 10 Donts on Your Digital Devices explains to non-techie users of PCs and handheld devices exactly what to do and what not to do to protect their digital data from security and privacy threats at home, at work, and on the road. These include chronic threats such as malware and phishing attacks and emerging threats that exploit cloudbased storage and mobile apps. Its a wonderful thing to be able to use any of your cloud-synced assortment of desktop, portable, mobile, and wearable computing devices to work from home, shop at work, pay in a store, do your banking from a coffee shop, submit your tax returns from the airport, or post your selfies from the Oscars. But with this new world of connectivity and convenience comes a host of new perils for the lazy, the greedy, the unwary, and the ignorant. The 10 Donts cant do much for the lazy and the greedy, but they can save the unwary and the ignorant a world of trouble. 10 Donts employs personal anecdotes and major news stories to illustrate what canand all too often doeshappen when users are careless with their devices and data. Each chapter describes a common type of blunder (one of the 10 Donts), reveals how it opens a particular port of entry to predatory incursions and privacy invasions, and details all the unpleasant consequences that may come from doing a Dont. The chapter then shows you how to diagnose and fix the resulting problems, how to undo or mitigate their costs, and how to protect against repetitions with specific software defenses and behavioral changes. Through ten vignettes told in accessible language and illustrated with helpful screenshots, 10 Donts teaches non-technical readers ten key lessons for protecting your digital security and privacy with the same care you reflexively give to your physical security and privacy, so that you dont get phished, give up your password, get lost in the cloud, look for a free lunch, do secure things from insecure places, let the snoops in, be careless when going mobile, use dinosaurs, or forget the physicalin short, so that you dont trust anyone overanything. Non-techie readers are not unsophisticated readers. They spend much of their waking lives on their devices and are bombarded with and alarmed by news stories of unimaginably huge data breaches, unimaginably sophisticated advanced persistent threat activities by criminal organizations and hostile nation-states, and unimaginably intrusive clandestine mass electronic surveillance and data mining sweeps by corporations, data brokers, and the various intelligence and law enforcement arms of our own governments. The authors lift the veil on these shadowy realms, show how the little guy is affected, and what individuals can do to shield themselves from big predators and snoops.
Eric Rzeszut: author's other books
Who wrote 10 Donts on Your Digital Devices: The Non-Techies Survival Guide to Cyber Security and Privacy? Find out the surname, the name of the author of the book and a list of all author's works by series.
Jim Doherty
Spafford Gene Garfinkel Simson
Joel Scambray
Rich Campagna
10 Donts on Your Digital Devices: The Non-Techies Survival Guide to Cyber Security and Privacy — read online for free the complete book (whole text) full work
Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "10 Donts on Your Digital Devices: The Non-Techies Survival Guide to Cyber Security and Privacy" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.
Light
Font size:
↓
↑
Reset
Interval:
↓
↑
Bookmark:
Make
Daniel G. Bachrach 2014
Daniel G. Bachrach and Eric J. Rzeszut 10 Donts on Your Digital Devices 10.1007/978-1-4842-0367-5_11. Dont Get Phished
Stay Out of the Net
Daniel G. Bachrach 1 and Eric J. Rzeszut 1
(1)
AL, United States
Joe is a midlevel procurement manager with 14 years of experience at the multinational company Worldwide, Inc. His section is a large one, and much of the procedural updating that regularly comes through official channels is disseminated virtuallyby text, the corporate instant messaging application, or e-mail. Joe rarely sees his immediate supervisor during the course of an average day and is accustomed to gettingand followingelectronically delivered policy and housekeeping directives. Joes communications with administrators from other sections in his division also typically come through company e-mail. From time to time updates to the companys IT systems require him to change his existing passwords or create new ones, so he is not uneasy when he receives a routine e-mail from his companys IT group directing him to update his system password (see Figure ). 
Figure 1-1.
Sample e-mail asking for password confirmation and featuring two hyperlinks: the company logo and the Update your account info line
The e-mail is fairly well-written and looks kosher. It employs quasi-proper English grammar, incorporates the company logo in the usual way, and is signed with the correct phone extension for the IT help desk. The message contains a hyperlink to the companys web site and another for Joe to confirm his existing password and set a new one.
Joe nearly clicks the second link but hesitates when he remembers that upcoming system password changes are announced at the weekly section meeting and that he cant recall such an announcement having been made at the last one. He hovers his cursor over the hyperlink and is alarmed to see that it would take him not to his companys domain (Figure ) . 
Figure 1-2.
Joe hovers his cursor over the account update hyperlink, expecting it to give his companys domain name, as shown
Figure 1-3.
Joe instead sees that the hyperlink would take him to a malicious domain
A Closer Look at Phishing
Phishing is a virtual attack that uses a more or less compelling or attractive lure to acquire confidential or proprietary information through the use of fraudulent electronic communication. Victims of phishing attacks get caught when they take the bait offered by a phisher, such as an apparently legitimate request by their IT department to change a password or by their credit card company to protect an account with an additional personal information gate. E-mail is the most commonly used approach to launch a phishing attack, but such attacks can also be launched through web sites, text messages, IM (instant messaging), and mobile apps. Phishing techniques began to be deployed in the late 1980s, some years before the term itself was coined. The term derives from fishing for gullible users login credentials and personal details, orthographically tweaked by substituting f with ph by analogy with phreaking (the practice of cracking phone network security to make free long-distance calls). The phish most commonly seen by IT departments is the one that almost snared Joe in the opening scenario. An electronic communication is sent to a target with a link embedded in a message that looks official but in reality originates from a fraudulent party seeking to steal personal information in order to gain malicious access or to resell to a criminal cyber organization.
Phishing techniques are increasingly sophisticated and well-crafted. No longer are incongruous language, improbable scenarios, or misaligned layouts used that give off the stink of phish that is immediately obvious to any employee. Today, the word choice, spelling, and grammar deployed in the most dangerous class of phishing messages are correct or, even better, are calibrated to be just slightly illiterate, in the same way that genuine corporate communications tend to be (as in Figure ). Such phishes blend company logos, colors, design schemes, and other attributes of official communications in mimicry of legitimate messages that employees and customers routinely receive. Their sending e-mail addresses and hyperlink URLs are typically spoofed to resemble those of legitimate senders.
Sophisticated phishing operations are adept at securing and exploiting information about companies internal changeover periods. If a company is in the process of undergoing IT system changes of any kind, its users are more likely to expect rather than suspect password change requests and other change-associated e-mails. Phishers prefer to time their attacks to correspond with periods of transition when users psychological defenses are temporarily relaxed.
The majority of phishing attacks are long-line or . These attempts dont have a specific target. Their goal is to snare as many victims as possible following a volume or economies-of-scale approach and leveraging a broad, randomized targeting scheme. Contrasted with this kind of broadcast phishing is spearphishing , which is carefully and lethally aimed at a specific individual, company, school, or other organization. These kinds of attacks are much more dangerous than conventional untargeted phishing scams.
Target-ed Phishing
A targeted spearphishing attack may be deployed to go after someone specific, such as Joe, because the attackers are aware that he has a system account with access to sensitive company information. A general, untargeted phishing attack may go out to literally tens or hundreds of thousands of mailboxes or phones. If even a few of the targets click on the malicious link, the attack is a success. Spearphishing attacks, on the other hand, target a defined group of users or even only one high-value user within an organization.
One of the troubling characteristics of contemporary phishing is the range and versatility of tactics attackers use to lure or lull victims into providing valuable information. For example, in phone-keypad phishing, users are told to dial a number that a caller says belongs to the end users bank or credit-card company but that is in reality owned by phishers. End users enter their account number, social security number, PIN code, or other private information via the telephone keypad, which is then captured and sold or used by the phishers.
Phishers use cross-site (CSS or XSS) to compromise legitimate sites with pop-up windows or browser tabs that redirect users to fraudulent web sites. CSS attacks are more prevalent on computers and systems with unpatched and/or outdated operating systems (for more, see ).
Neutralizing phishing is not a trivial issue. Whats at stake? Money. Most phishers are in it purely for financial gain. EMCs 2013 annual report estimated that $5.9 billion was lost worldwide to nearly 450,000 phishing attacks. This same report identified a hacking tool called Jigsaw that allows malicious actors to gain specific and detailed employee information for use in spearfishing attacks. With access to your bank account information and password, phishers can easily transfer funds away from your accounts or divert a paycheck or other direct deposit away from your account to accounts that they control.
Light
Font size:
↓
↑
Reset
Interval:
↓
↑
Bookmark:
Make
Similar books «10 Donts on Your Digital Devices: The Non-Techies Survival Guide to Cyber Security and Privacy»
Look at similar books to 10 Donts on Your Digital Devices: The Non-Techies Survival Guide to Cyber Security and Privacy. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.
Jim Doherty
Spafford Gene Garfinkel Simson
Joel Scambray
Rich Campagna
Reviews about «10 Donts on Your Digital Devices: The Non-Techies Survival Guide to Cyber Security and Privacy»
Discussion, reviews of the book 10 Donts on Your Digital Devices: The Non-Techies Survival Guide to Cyber Security and Privacy and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.