By Ann Grove
Do you want to learn how to hack into the family vehicle aka "hack a two-ton computer"? Check out The Car Hacker's Handbook by Craig Smith, author, and Dave Blundell, contributing author.
I love the focus on DIY/low-cost hacking, which makes the concepts accessible. The book covers using open source tools and building an ECU test bench.
As Brian Benchoff at Hackaday explains, "This is a guide on how to reverse engineer, exploit, and modify any kind of embedded system; cars are just the example. Craig presents this in a way that is eminently comprehensible and spends enough time reinforcing the idea of hacking a car safely, legally, and ethically. It’s a great read, an excellent introduction to fiddling with embedded bits, and truly owning the devices you’ve already purchased."
By Ann Grove
Just thought I would share two of my favorite resources for people entering or growing a career in information security:
My two cents: All of the top security people I know are voracious learners and usually have unpaid personal research projects. Whether a penetration tester or security engineer, he or she typically is buying things to take apart or confirm the security claims or is building or coding something new. In addition, he or she is contributing to industry standards or industry conversations.
So if you are not into puny 40-hour work weeks, then this may be the field for you!
By Sue Blizzard
According to www.sandboxie.com, “Sandboxie uses isolation technology to separate programs from your underlying operating system preventing unwanted changes from happening to your personal data, programs and applications that rest safely on your hard drive.” But what, you may ask, is ‘isolation technology’ and why is it useful?
In essence, a sandbox application or program is the embodiment of ‘isolation technology.’ Wikipedia defines a sandbox, in computer security, as, “A security mechanism for separating running programs. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system.”
The Sandboxie FAQ uses a simple analogy.
Think of your PC as a piece of paper. Every program you run writes on the paper. When you run your browser, it writes on the paper about every site you visited. And any malware you come across will usually try to write itself into the paper….
Sandboxie will work on any Intel processor-based operating system and in most browsers. You can run almost any application or program in Sandboxie – and more are being worked on and added continually – including web browsers, email programs, and to test new applications and programs. Sandboxie even protects your personal data files and folders stored in My Documents from access by internet sites and malicious programs.
To those of us who use computers extensively in our work and personal lives, a sandbox is very useful. If I can use it and then trust a new program or download, it’s worth every effort and cost.
If you've tried a sandbox program or application, how well did it work for you? If you're considering one, tell us which one(s) you're looking at.
By Ann Grove
Privacy When Logged On
If your browser is logged on to your Google account, Google by default is tracking your search history and other online activity in order to serve you targeted ads and create a richer user experience.
If desired, you can limit the information Google collects about you by updating your preferences. You can delete Google's history of your past searches and stop Google's tracking of future searches.
You should also consider pausing Google's access to places you go, your YouTube searches, the YouTube videos you watch, and other settings. These settings are found in the same place you pause Google's search tracking.
How do you know if a browser is logged on to Google? Go to www.google.com in each browser and see if your special Google toolbar is displayed at top right. It looks like this:
If your browser isn't logged on to Google, instead of your name or initial you'll see a Sign in box (usually blue).
Other search engines such as Bing also encourage you to log on. You should review privacy settings for each search tool.
Note: You can still use your browser's history to review recent search results and find websites you viewed.
Privacy Concerns Even when Logged Off
Even if you are not logged on, Google and other search engines can still uniquely identify your computer and build a profile on you.
To avoid leaving any tracks, use your browser's private browsing feature or better yet, especially if you open unknown websites, use a sandboxed (isolated) browser. If you accidentally download malware while surfing, you simply refresh the sandbox; this restores the sandbox to pristine condition and discards the malware. A friend introduced me to Sandboxie, a pay-if-you-like tool, and I use it for all research.
For more infomation on Sandboxie, read Sue Blizzard's post, Why Everyone Should Use a Sandboxed Browser.
Today's topic is a sneaky type of cyber attack that typically targets a specific organization and then moves through the organization's systems low and slow to avoid detection, sometimes for years. We like the following effort by Symantec to describe the anatomy of an Advanced Persistent Threat (APT), and we are glad Symantec encourages sharing.
Source link: Advanced Persistent Threats: How They Work on Symantec.com