Securing Your Car in the City

Defend against 2 types of attacks when parking your car in an urban environment.

(Last line reads: because unless the car is stolen out of your driveway, the thief now knows where you live and where you’re not. 

Favourite line:

Securing your car isn’t so much about making it theft-proof (that’s impossible); it’s more about making it invisible and undesirable.

Above – where this week’s column came from.

24 Hours readers – you’ve met me through cars, but as a hobby around here, I blog about security, mostly online.

***

Back to ‘Keri on Driving’ – Index

 

 

Don’t Name your Phone your Name

At the airport, scanning Bluetooth signals in a passenger waiting area.

The results:

Purple * – See the person’s name clearly displayed? The type of device/computer they’re using?
Green * -And that long number? That’s a MAC address

MAC address – a device’s unique number, a digital signature. Every device has one. Not related to Apple/Mac computers.

These people are unnecessarily broadcasting a lot of personal information.

If someone shouted, “Hi Rahul!”,

a gentleman within a 30-feet radius would react.

Someone with bad intentions could do a lot with that.

Practice ‘Security through Obscurity‘, and name your phone something boring.

The name of my phone is —

And always remember, one of the most dangerous places to go online is using airport WiFi.

Even the best guys in the world don’t.

SOLUTION – tether your laptop to your phone using a USB cable

 

 

Why I Never Pair my Phone to a Car

I don’t like that information is left behind.

Taken in a GM Spark press car. Hi Luke!

Now we know a phone’s name will remain in the car’s hard drive, and I’m not convinced there isn’t more infomation left behind, like my address book.

That’s what next week’s column is about, finding out.

 

 

Meet the Former Head of USA Cyber Security

Meet Melissa Hathaway, former Director of the Joint Interagency Cyber Task Force with the Obama and Bush administrations.

TELUS invited me to her keynote at their HQ on York Street. I loved it.

Unfortunately I wasn’t able to document the love, because it was one of those times you don’t pull out your camera.  Which is why I created this beautiful collage.

She was an eloquent speaker, covered a wide variety of topics and verticals, and imagine how globally this lady thinks, neat.

And what I took away from this experience was: woah, I know more than I realize.  I kept up with 90% of her presentation, knew every case study cited, my black-market prices are correct, as are which tools and what attacks are en vogue.  I’m proud of this; remember, this cyber security stuff is a hobby, I don’t have a degree or formal training.

What I decided this means is: I’m on the right track, let’s kick things up. But not gonna lie, I’m a bit nervous to.

For example:

I show you how to defeat a popular spear-phishing attack, the post takes off, helps many people, and the attack is defeated.  However, the attackers are now all, “what is this blonde thing that is hurting our business, let’s teach her a lesson“.

But, this stuff in my head could help you, so might as well *. And I’ll take Charlie Miller’s advice; I asked him about this when we met at SecTor 2012.

Me: You shut down stuff and affect large changes, do you worry about repercussions like I do, how do you stay safe?
Charlie: I try to be really nice and friendly always
Me: kk ty

And besides, lock it down as much as you want, but one good ‘ole SQL injection into the search bar and it’s game over, so there’s that too.

You should see the videos in my head, like when I track someone using free, publicly available tools and information they posted online.  Or show you the price you’re really paying when you stream “free” TV from overseas.  I’m excited.

Thank you Melissa and TELUS, I needed this.

 

* – There’s a phone scam in Southern Ontario right now – no one will ever call you to say your computer, or your ISP, is being hacked. Don’t give them the number they ask for, nor accept files or click their links.