Best Microsoft MCTS Training, Microsoft MCITP Training at certkingdom.com
"Hackers use press releases to find out the technologies [used in corporate smart grids] and go back to the infrastructure and find vulnerabilities. So, for example, if Wal-Mart announces a smart grid using Siemens technology, a hacker suddenly has many of the answers they need to find that controller and break in," Morehouse says.
The most effective preventive measure, says Morehouse, is rigid isolation -- a smart grid should not touch any other network, ever. He says there is an urgent need for penetration testing and making sure the firewall in a closed network is secure because of the possible dangers of gaining access to the power grid. He advises using tools such as Core Impact and Metasploit.
The "rigid isolation" rule applies to home users as well. "Consumers should never bridge smart grid networks with their home networks," says Morehouse. He also advises home users to become familiar with their smart meters so they can recognize whether they have been tampered with, and to ask their utility providers what security measures are in place to protect the meters and network.
3. Social network account spoofing
Many of us use Facebook, LinkedIn and other social networks to connect with friends, family and colleagues -- which leaves us vulnerable to a new technique called social network account spoofing. The idea is that a scammer poses as either someone you know or a friend of a friend to get close to you and fool you into revealing personal information. He then uses that information to gain access to your other accounts and eventually steal your identity.
In a typical exploit, says Joffe, someone contacts you on a service like Facebook or LinkedIn, posing as a friend of a friend or a co-worker of someone you trust. Then, the new "friend" contacts you directly, usually through text message or email. It might seem surprising to have this "friend" contact you outside the social network, but he seems legitimate because you believe he has a connection with someone you trust.
In another scenario, a scammer might impersonate someone you already know -- claiming to be an old friend from high school, for instance. Spoofers can find out your connections by following your public feeds or looking up the names of co-workers on sites like LinkedIn where you have posted your work info.
Once the scammer has established a connection with you, he uses devious means to steal personal data, such as chatting to find out the names of family members, favorite bands, hobbies and other seemingly innocuous information -- then trying those as passwords or answers to security questions at banking sites, webmail accounts or other sites.
As Joffe points out, the idea behind social network account spoofing is "thousands of years old." Conning you out of your personal information is an age-old trick. Today's social networks just provide a new avenue for con artists and criminals to get close to you. The trick works because there is often no way to know whether someone you've come to trust online is actually who he says he is.
No comments:
Post a Comment