Hi hi, I blog & video about Cars / Security, / and My Life. Meet me in my sidebar, find me fastest on Twitter, see you online

(Last line reads: because unless the car is stolen out of your driveway, the thief now knows where you live and where you’re not. 

Favourite line:

Securing your car isn’t so much about making it theft-proof (that’s impossible); it’s more about making it invisible and undesirable.

Where this week’s column came from.

24 Hours readers – you’ve met me through cars, but as a hobby around here, I blog about security, mostly online.

I love Slurpees. One year, I spent $2,200 on Pepsi Slurpees.

This costume comeON.  Daydreaming how to get to wear it…

… walk into the 7-11, full blue leotard on.

“Hi guys!  I’m cutting it fine eh, for the start of my 1pm shift!  Huh? Why are you looking at me… you didn’t get the call from head office, that I was coming? Huh well I’ll leave you to it, I gotta get out there *turn to eye up costume* because a few weeks ago woaaaah my boss maaaay have busted me oh man, it’s the craziest story okay so, first you have to know how it started…. hey, think I should stretch first? So okay, the story… so I was supposed to be there at 11, but the night before omg this is complicated for how much time wait, what am I saying, I’ll tell ya when I come back *pick up over, waving out the door, “see you soon!”

That is an example of “social engineering”.

It preys on emotions, and people’s goodwill.

Don’t feel shy to stop people tailgating you into your work, or any building to which you’ve been trusted with a key. On the phone, be mindful of the privacy level associated with the information that you’re giving out. Like that.

Social engineering is used in online attacks, too.

It’s a friendly & personalized approach… the email is welcoming, calls you by name, references that hazy night out a few weeks back, check out this photo I just found of us, click here…

No, a script pulled your name off a list, some well written copy was added, and then some malware was hidden behind the link, that the email really wants you to click.

The counter to this attack is your gut.

If it feels off, say no or don’t click.

And if ever I get to wear the costume, video.

That’s my Blackberry, with a warning all phones should come with.

You’ll never see me allowing anyone to Hotspot off my phone.

Because the signal goes: their phone > your phone > service provider

So if they’re looking up something illegal, then your name is now linked to it, and recorded in your cel phone provider’s database.

I’m sure you could explain your way out, but why even get into it.

A few months back I was looking out the window, waiting for the plane to take off… oh what’s that?

That’s my suitcase not being loaded on board. Instead, it’s about to be driven away on that little truck.

Oh no.  ”Excuse me”… “Hello?” By now the truck has started driving away, I stand up “HI LISTEN HI”.

I described what happened, and it was the pilot himself who leaped off the plane and ran after the truck.

It was only then that I started to worry… imagine if I was wrong, and I’d just held up the plane while the pilot was chasing someone else’s bag.

But it wasn’t, and he returned with my luggage, and the passengers around me were all, “sharp eye” and “nice catch”.  I only felt relief.

That’s why I use that giant orange luggage tag,
a bright red strap, and a green lock; VDMs

VDM – Visual Distinguishing Mark

(as I’ve blogged before, only use TSA approved red diamond locks when travelling)

I’m not at all doing this to see 120º behind me.

Works great, guys.

La la la.

Last time I was at the airport, I used an app on my Android to scan Bluetooth signals in a passenger waiting area.

Here’s the results:

Purple * - See the person’s name clearly displayed? The type of device/computer they’re using?
Green * -And that long number? That’s a MAC address

MAC address – a device’s unique number, a digital signature. Every device has one. Not related to Apple/Mac computers.

These people are unnecessarily broadcasting a lot of personal information.

Practice ‘Security through Obscurity‘, and name your phone something boring.

The name of my phone is –

And always remember, one of the most dangerous places to go online is using airport WiFi.

Even the best guys in the world don’t.

SOLUTION – tether your laptop to your phone using a USB cable

I don’t like that information is left behind.

Taken in a GM Spark press car. Hi Luke!

Now we know a phone’s name will remain in the car’s hard drive, and I’m not convinced there isn’t more infomation left behind, like my address book.

That’s what next week’s column is about, finding out.

Meet Melissa Hathaway, former Director of the Joint Interagency Cyber Task Force with the Obama and Bush administrations.

TELUS invited me to her keynote at their HQ on York Street. I loved it.

Unfortunately I wasn’t able to document the love, because it was one of those times you don’t pull out your camera.  Which is why I created this beautiful collage.

She was an eloquent speaker, covered a wide variety of topics and verticals, and imagine how globally this lady thinks, neat.

And what I took away from this experience was: woah, I know more than I realize.  I kept up with 90% of her presentation, knew every case study cited, my black-market prices are correct, as are which tools and what attacks are en vogue.  I’m proud of this; remember, this cyber security stuff is a hobby, I don’t have a degree or formal training.

What I decided this means is: I’m on the right track, let’s kick things up. But not gonna lie, I’m a bit nervous to.

For example:

I show you how to defeat a popular spear-phishing attack, the post takes off, helps many people, and the attack is defeated.  However, the attackers are now all, “what is this blonde thing that is hurting our business, let’s teach her a lesson“.

But, this stuff in my head could help you, so might as well *. And I’ll take Charlie Miller’s advice; I asked him about this when we met at SecTor 2012.

Me: You shut down stuff and affect large changes, do you worry about repercussions like I do, how do you stay safe?
Charlie: I try to be really nice and friendly always
Me: kk ty

And besides, lock it down as much as you want, but one good ‘ole SQL injection into the search bar and it’s game over, so there’s that too.

You should see the videos in my head, like when I track someone using free, publicly available tools and information they posted online.  Or show you the price you’re really paying when you stream “free” TV from overseas.  I’m excited.

Thank you Melissa and TELUS, I needed this.

* - There’s a phone scam in Southern Ontario right now – no one will ever call you to say your computer, or your ISP, is being hacked. Don’t give them the number they ask for, nor accept files or click their links.