Tuesday, October 27, 2015

Ten years after the accident

Ten years after the accident

There are points in time, where the rest of life can be defined as "before" and "after." October 27, 2005 was such a date in the life of my family. It is the date on which I was reminded we have no guarantee of tomorrow. I share this story each October to remind readers how precious each day is.

Saturday, October 24, 2015

Free Disney World Tickets? Nah, it's another Facebook scam

For more examples, as well as a walk-through of a particular scam, and some investigation into possible motivations for the scammers, see this follow-up story.

Looking for information about the April 2016 "Disneyland 61st Birthday" offer? Sadly, it too is a scam. Scroll to the bottom for details.


Yesterday, someone created a fake "Walt Disney World Epcot." Facebook community. Yes, complete with the period at the end of the name. In 24 hours, it has gained some 900 likes and innumerable shares. That might have something to do with a fraudulent offer and a deadline of tomorrow:

Sharing this post --won't-- win you tickets to Disney World.

Thursday, October 8, 2015

DNS: a simple way to stop malicious web traffic

DNS-based web filtering is an easy and highly-effective component of network security. Since most web browsing - including the malicious sort - relies on DNS to translate human-readable domain names into Internet addresses, DNS is a natural choke point.

This post was first published in September, 2014. It has been updated for October, 2015's Cyber Security Awareness Month. DNS-based web filtering is an easy and highly-effective component of network security. Since most web browsing - including the malicious sort - relies on DNS to translate human-readable domain names into Internet addresses, DNS is a natural choke point.

If you are reading this, chances are you made use of a Domain Name System, or DNS. Don't panic!

Putting aside for a moment the possibility that you are reading a printout, you are more than likely reading this on a digital device. Perhaps you clicked a link in search results, or on another web site, or in an email from a friend. You might have clicked a post in Facebook, Twitter, Pinterest or Instagram (I'm not sure any of my pictures are worthy of the latter two, but I suppose it's possible). Maybe this blog is syndicated to your RSS feed. Or maybe you typed the URL into your web browser directly or used a bookmark.

Regardless of the source, your browser did not just yell out on the Internet, "show me the Security for Real People blog." Instead, it referred to a DNS, a network phone book of sorts, to translate the human-readable web site name or URL into an address it could travel to.

Tuesday, October 6, 2015

Grog and Narg teach two-factor authentication

Multifactor authentication is combining a password with something else - often a smartphone or a keycard. If an attacker steals the password, it does them no good unless they also have the cellphone, or keycard, or whatever the second factor is.

This post was first published in March, 2014. It has been updated for October, 2015's "Two Factor Authentication Tuesday." While passwords are often the first line of defense for online accounts, they can also often be discovered. Multifactor authentication is combining a password with something else - often a smartphone or a keycard. If an attacker steals the password, it does them no good unless they also have the cellphone, or keycard, or whatever the second factor is. This makes it exponentially harder for someone with malicious intent to access your account.

10,000 years ago, Grog and Mag formed a secret club. To ensure new members of the club would be accepted, they came up with a secret phrase. Thus was born the first password. One day Narg overheard two members greeting one another and learned the secret phrase. Thus occurred the first password breach.

Thursday, October 1, 2015

Cyber tips for digital citizens

What better time than National Cyber Security Awareness Month for a refresher on cyber safety? Start the new school year off with some healthy habits.

Every October, the National Cyber Security Alliance and the Department of Homeland Safety lead a National Cyber Security Awareness Month, a month of cooperative efforts involving government, private businesses, and individuals working together to promote online safety and digital privacy. This year's campaign kicks off with the theme "best practices for all digital citizens."

The news is full of stories about extraordinary threats: the NSA spying on everyone. Car, airplane, and medical device hacks. Baby monitors used by kidnappers to plan their entry. Elite hackers exist, and they do elite things - but they are generally not the greatest threat to most people. Consumers are undone by far more pedestrian problems. Passwords. Outdated software. Phishing. Improperly configured networks. Routine malware. Malicious advertising. Unwittingly trading privacy for "free" services.


Autumn brings a return to the school-year routine for millions of students young and old, as well as their respective families. What better time for a refresher on cyber safety? Start Cyber Security Awareness Month with some healthy habits.

Whois David?

My photo

I have spent the better part of two decades in information technology and security, with roots in application developer support, system administration, and network security. My specialty is cyber threat intelligence - software vulnerabilities and patching, malware, social networking risks, etc. In particular, I strive to write about complex cyber topics in a way that can be understood by those outside the infosec industry.

Why do I do this? A common comment I get from friends and family is that complex security topics give them headaches. They want to know in simple terms how to stay safe in a connected world. Folks like me and my peers have chosen to make a profession out of hacking and defending. I've been doing this for the better part of two decades, and so have a high degree of knowledge in the field. Others have chosen different paths - paths where I would be lost. This is my effort to share my knowledge with those that are experts in something else.

When not in front of a digital screen, I spend my time raising five rambunctious teens and pre-teens - including two sets of twins. Our family enjoys archery, raising show and meat rabbits, and simply enjoying life in the Texas hill country.

For a decade I served as either Commander or a division leader for the Awana Club in Dripping Springs, Texas; while I have retired from that role I continue to have a passion for children's ministry. At the moment I teach 1st through 3rd grade Sunday School. Follow FBC Dripping Springs Kids to see what is going on in our children's ministries.