Absolute protection is not suschestvuetKazhdy day you hear about security breaches, viruses and malicious hacker gangs, which can leave you without money or, even worse, to bring to handle the whole country. But everything is truth in these reports? Several experts will try to separate the myths from the facts.
1. Availability of reliable password can actually prevent most atakAleks Stamos, chief information security company Yahoo, for most of his career spent, searching for vulnerabilities in various security systems and find out exactly how attackers may try to use the identified deficiencies. He saw everything: the insidious khaki and simple social engineering techniques. And he found that for the vast majority of users, there are two simple solutions to problems of safety: strong passwords and two-factor authentication.
Stamos said that the biggest problem is that the media tell stories just about the most difficult break-ins, causing users to feel that there is nothing that they could take to protect themselves. But, according to Stamos, this is not true:
«I noticed that in the media in the information security industry and society has increased significantly the level of nihilism, after the documents have been published Snowden. It is expressed in the fact that people simply give up, believing that they can do nothing to protect themselves. Yes, the average user can do little in the face of a powerful intelligence organization that is able to rewrite even the firmware on new hard disks, but this should not be the reason why people do what they can to protect against the most likely threats . Protect yourself from these threats, users can, with just two simple steps:
Set a password manager and use it to create a unique password for each network service you are using.
Activate various options for the identification of the second level (most often - via text messages) for your email and for your accounts in social networks.
The last point is particularly important, because attackers love to collect email addresses and social accounts of millions of people, so you will automatically use them for penetration into other accounts or to collect data on what accounts belong really wealthy people ».
blockquote> Adam O'Donnell, chief engineer of the group for the protection against malware from the company Cisco, adds to the advice of Stamos something else:
«My advice for the average user: make good backups and test them. Use the password store. And be sure to use different passwords for each site ».
blockquote> Yes, find yourself a good password is easy. And it's the best thing you can do.
2. The device is not safe just because it novoeKogda you open the box with the new smartphone, tablet or laptop, they smell of fresh plastic, and they work incredibly long battery life. But this does not mean that your device is not infected by malicious software and is not penetrated by a network of security holes.
Eleanor Saitta - Technical Director of the International Institute of Modern Media. For ten years she advises corporations and governments on issues of computer security. Eleanor said that one of the most pernicious myths about security is the idea that the device begin their "life" being completely safe, but over time the level of security is reduced. This opinion is simply not true, especially today when so many devices come preloaded with malicious advertising programs such as Superfish (if you remember, preinstalled software Superfish has been found on many notebooks from Lenovo).
Superfish is why there was such a big problem. In fact, they have created a backdoor, and created it bad, but nevertheless a computer could get outsiders.
«When you are relying on code provided third-party online service or someone else, someone you can not control, it is likely that this code will not work to your advantage, because they are all trying to do something you sell. It is also likely that this code would endanger the property of others. At the moment we simply have no reliable way to deal with this state of affairs, and the code can use all sorts of people »
blockquote> Another issue that the media started talking after the attack FREAK, is that a lot of cars comes with preinstalled backdoors. They were put there at the request of the government, if necessary, to simplify the task of tracking the criminal intelligence services. Unfortunately, the backdoor - is a vulnerability in the security system, which can take advantage of anyone, not just the government.
3. Even the best software has a hole in the bezopasnostiMnogie think that is good enough software and networks can be completely safe. Because of this attitude, many people are angry when their computers or services that they use are vulnerable to attack.
But if we can develop a safe vehicle, then why can not we develop a secure smartphone? Is science can not do it?
Paris Tabriz said that information security can not be viewed at an angle. Paris - the engineer, the head of security service of Google Chrome, and she believes that information security - as medicine:
«I think that information security - is both an art and a science. Maybe it's because people have created both technology and the Internet. We think that everything is fine built, but the complexity of what we have built and now are trying to protect, it seems incredible. To protect all this, it is necessary to give up bugs. And then the economy is clearly not on the side of the defense. That is, the defenders need to be sure that the programs that they use or write, no bug (a program - it is usually millions of lines of code, taking into account the operating system), while the attacker enough to find just one bug. »
blockquote> The software will always be bugs. Some subset of these bugs will have a definite impact on safety. Troubleshooting bugs requires time and huge financial costs, which the manufacturer of the program are not always interested.
Lilian Ablon, a researcher at the computer security of the corporation RAND, argues that such a thing as a "completely secure system," - simply does not exist. And the goal of the defenders is to ensure not to exclude completely the attack on the system, and make them very expensive:
«With sufficient resources, the attacker will always find a way to sneak into the system. You are probably familiar with the phrase "the question is not how the question is when." So the purpose of computer security should be to make the hack is incredibly expensive for intruders (expensive in terms of money, according to the time spent on use of resources for research, and so on. D.) ».
blockquote> 4. Each site and each application must use HTTPSVy probably heard about the protocol https. Protocol https - is slow. It is suitable only for sites that should always be safe. But in reality it is not so. Peter Eckersley, technology from the Electronic Frontier Foundation, for several years engaged in research https. He says that there is a dangerous delusion, consisting in the fact that many sites and applications supposedly not required https:
«Another serious misconception is that site owners ad networks or sites of newspapers think," Because we do not process credit card payments, then on our site do not need a https, and the applications of our he, too, to anything. "
In fact, https must be on all sites on the Internet, because without it, hackers can intercept the data, and all sorts of government programs to monitor can easily see what people are reading on your site. In addition, the captured data can be modified, and the goal of these modifications is not the best ».
blockquote> 5. "Clouds" - are not safe, they simply create new problems bezopasnosti
Cloud technologies everywhere nowadays. You are stored in the cloud your email, photos, history of your chats, medical records, bank records, and even the details of your love life. But this creates new security challenges, which we do not suspect. Safety Engineer Lee Honeywell is working in a large company of cloud computing, and explains how the cloud:
«Entering data in the cloud is like to live in a safe house. Cloud services are correlated with data users. You can not know where your data is stored in the moment, but at the "reception" of your "safe house" there is always someone who keeps logs of visits and closely monitor patterns of behavior of all users. It is something like a herd immunity. When someone tries to attack the cloud, its behavior changes slightly deviating from the established patterns. And when you're trying to protect the cloud system and find the attacker, you have to literally looking for a needle in a haystack, because it will need to handle the huge amount of data. If the hacker skills is high, then he will know how to move safely in the cloud, all without arousing suspicion system ».
blockquote> In other words, some automated attacks in the cloud becomes quite obvious. On the other hand, in the same cloud attacker much easier to hide, that creates a serious problem that has not yet been resolved.
6. Software updates are critical to your zaschityOchen few things in life more annoying than a small pop-up window in the corner of the screen, reminding you that you need updates. To do this, you must connect your device to the network, and often takes a long time update. But the updates - this is often the only thing standing between you and the bad guys. O'Donnell at Cisco said: "It is clear that the message about the updates annoy you. But the frequency of software updates to a lesser extent due to the new features of the software, and to a greater extent - the elimination of some deficiencies in the software that an attacker can use to gain control over the system. A software patch to update addresses issues that have been identified and are likely to have been used for attacks. You're not going to go for several days without disinfecting and bandaging bleeding wounds deep in your hand, do not you? Do not do this, and in relation to your computer ».
7. Hackers - not always prestupnikiNesmotrya the fact that for decades we prove the opposite, most of us continue to think of hackers as an fiends who want only one thing: to steal money and digital products.
But hackers are like black and white hats.
And the guys in the white hats get into the system before there is imbued with the bad guys in the black hats. After the "white" exposed the vulnerability of these holes can be repaired.
Tabriz from Google Chrome says:
«Hackers are not criminals. The fact that someone knows how to hack something, does not mean that he will use this knowledge for evil. On the contrary, many hackers are doing the security system ».
blockquote> O'Donnell points out that we need to hackers, because the software alone is not enough protection. Yes, antivirus software - it's wonderful. But ultimately need to be security experts, such as hackers:
«Security - is not only the construction of the walls and hiring guards. Protective equipment alone would not be able to stop an attacker with special means and huge resources. And then it will need people who are able to simulate a variety of network attacks, after which it will be possible to create the most effective tools to counter these attacks ».
blockquote> 8. Cyber attacks and cyber terrorism - a redkostKak mentioned above, the greatest threat to your account is a weak password. But this does not prevent people from experiencing uncontrolled fear of "cyber attacks", which, of course, fatal. Lilian Ablon says that these kinds of attacks - a rarity:
«Yes, there are ways to hack into a modern car from anywhere in the world. Yes, vital medical devices such as pacemakers and insulin pumps, often have their IP-addresses or are connected via Bluetooth. But an attack of this type often require restricted access, they are complex, plus it takes a long time for their development and implementation. Nevertheless, we should not ignore the millions of connected devices that increase the probability of such attacks ».
blockquote> And as cyber-terrorism, the Ablon writes:
«Cyberterrorism (currently) does not exist. What is now referred to as cyber terrorism, more like "hacktivism". This, for example, access to the core of Twitter and accommodation there LIH propaganda ».
blockquote> 9. "Dark online" and "deep web" - not the zheAblon writes that the biggest problems she had when covering cybercrime in the media is related to the misuse of the terms "dark web" and "deep web." It explains what is the difference:
«Deep Internet refers to the part of the Internet, domain names which begin with the prefix www. Just in the deep web sites are not indexed by search engines, therefore, can not find them through Google. Dark web - it's not www.-network and for access to sites such networks require special software. For example, the "Silk Road" and other illegal markets are just in the dark Internet, and access to them is possible only through I2P and Tor ».
blockquote> So use password manager, use two-factor authentication, visit only those sites that use https, and stop worrying about highly complex attacks from the dark Internet. And remember: the hackers here - to protect you. Anyway.