Author Archives: Heather
Author Archives: Heather
Data management and security are an important part in the daily lives of most people these days. A lack of knowledge on how to keep your data under control and organized can mean your business suffers in productivity or a hacker halfway across the world can loot your bank accounts. Luckily, the number of mostly altruistic experts who want to share their wisdom on data management and security is impressively large, and many of these experts and the companies who employ them maintain blogs that can be easily browsed to keep yourself abreast on the current state of the IT and InfoSec world. This list contains links and quick glimpses into thirty of the best offerings on the web. Blogs are divided into data management blogs, security blogs, and those with content that bridges the gap between the two.
Forensic technology encompasses a wide range of fields and technologies and is often used, with some controversy, in criminal trials. The blogs below examine forensic tech from all angles, from professionals active in the field, to journalists covering the impact and evolution of forensic technology, to skeptics concerned about the ramifications of junk science being labeled as forensic science being used to convict in trials.
With the recent unveiling of the intense Internet surveillance operation being carried out by the NSA, more people than ever are interested in keeping up to date on the latest laws, news, software, and other information related to maintaining privacy online. There is an immense number of blogs related to information security in all of its incarnations, so we have picked through the offerings to find you the best blogs that deal specifically with personal privacy law and technologies. These are listed mostly without any indication of which is better than any other and are instead separated into categories based on their focus. The focus of the blogs includes hacking methods, ways to protect yourself from identity theft, news on information security topics, and discussion about censorship and identity law.
Most of these companies function in the Information Security world in some form or fashion. They usually maintain fairly decent blogs as a way to generate site traffic, keep their users informed, and to increase their appearance as “leaders” in the field. You do have to watch out for product placement in some of them, but they are self-motivated to provide good and reliable information that keeps people coming back.
A good mystery should be a treasured find. Accompanying an investigator on their adventures as they try to undercover the truth or track down a criminal is an experience like no other, no matter what style of detective they are. Nothing works up adrenaline like accompanying a hard-hitting detective tracking down a murderer. Nothing excites the logical parts of the mind like seeing a skill sleuth unravel the convoluted trappings of a mastermind’s schemes. And nothing is quite as hilarious as watching a bumbling detective stumble through an investigation, cause mayhem, and still somehow end up solving the enigma. While it is hard to whittle off many of the great detectives that have been created for humanity by the minds of writers throughout the years, we have undertaken that difficult task and came up with 30 of the best fictional detectives in history.
Sherlock Holmes – No list about the best fictional detectives will ever be complete without this infamous gentleman detective from the mind of Sir Author Conan Doyle. Detective Holmes has been the inspiration for many, many investigative characters since his birth in the late 1800s. He has been reimagined on stage, in radio shows, and quite a few movies. As a detective, he is known for his logical reasoning, early use of forensic science, and penchant for costume. Quote: “Elementary, my dear Watson” In truth, this was never uttered by our esteemed Holmes but it is nevertheless representative of the character and his attitude.
The Hardy Boys – Inspiring the adventures of young boys since 1927, Frank and Joe Hardy, the teenage brother detectives, have appeared continuously in print, have starred in computer games, television shows, and even been parodied in South Park. The earliest books were praised for the excellent writing of a caliber not normally found in children’s books of the era. Surrounded in a rather felonious small American town, they play perfectly bonded intelligent young men with free access to cash as they weave their way through the mystery and action that lands in their path. Quote: “A secret door!” Joe said. “We haven’t’ seen one of these in, oh, several months,” Frank said.
Nancy Drew – Much like theHardy Boys, Nancy Drew has been inspiring girls since the 30s. The character was even the brainchild of the Stratemeyer Syndicate, the same group responsible for the Hardy Boys. Nancy was an immediate hit and has seen continued popularity ever since. My like the Boys, she’s appeared in television, movies, and video games. She has been an inspiration for a number of other girl detectives, and kick started a genre all its own. She is well known for having a can-do attitude, especially noticeable in her ability to drive and fix up her own car. Despite attempts to keep her domesticated by generations of ghost writers, Nancy has managed to maintain her independent quality. Quote: “If a guy’s hunch results in a dead-end, don’t flaunt your better judgment and intuition in front of him. Smirk secretly to yourself.” – The Phantom of Pine Hill
Miss Marple – The brainchild of Agatha Christie, Jane Marple appeared in 12 novels and 20 short stories as an elderly spinster who fills up her free time resolving the assorted mysteries in her home of St. Mary Mead. She is the counterpart to the gentlemen detective genre, a well-bred, well-educated older woman applying her keen wit, experience, and knowledge to the challenges of solving crime. The character evolved markedly over 40 years, starting off as a shrill and nasty gossip and growing to a more dynamic and well-rounded genteel lady. She had a remarkable tendency to connect every case to a story of her past and casual comments to key details of her current case. Quote: “People with a grudge against the world are always dangerous. They seem to think life owes them something. I’ve known many an invalid who has suffered worse and been cut off from life much more… and they’ve managed to lead happy contented lives. It’s what’s in yourself that makes you happy or unhappy.” – A Murder is Announced
Dirk Gently– This fictional detective created by Douglas Adams was introduced in the books Dirk Gently’s Holisitc Detective Agency and the Long Dark Tea-Time of the Soul. His real name is Svlad Cjelli which, as Dirk puts it, has a ‘Scottish dagger feel’ to it. Known for his ‘holistic’ approach to investigations, Dirk uses this to justify his extensive bills which include things like tropical vacations. Surprisingly, none of his clients ever manage to actually pay him. He is also a psychic in denial, believing himself to have a ‘depressingly accurate knack for making wild assumptions.’ He was supposed to appear in a third book, The Salmon of Doubt: Hitchhiking the Galaxy One Last Time, but it was never completed. Quote: “Don’t you understand that we need to be childish in order to understand? Only a child sees things with perfect clarity, because it hasn’t developed all those filters which prevent us from seeing things that we don’t expect to see.” – Dirk Gently’s Holistic Detective Agency
Philip Marlowe – Arguably one of the most significant figures in the ‘hardboiled crime fiction’ genre, Marlowe was first created by Raymond Chandler in 1939 for The Big Sleep. He also appeared in Farewell, My Lovely, and The Long Goodbye. This was followed by a number of films, radio shows, television adaptations, and one videogame. Philip is the hard drinking, gruff yet oddly charming PI. His rough personality is rounded out with a thoughtful mind well versed in poetry, philosophy, and a fair hand at chess. He drinks whiskey and is finicky over his coffee. The femme fatales common to the genre aren’t nearly as adept at distracting him. Quote: “I don’t mind your showing me your legs. They’re very swell legs and it’s a pleasure to make their acquaintance. I don’t mind if you don’t like my manners. They’re pretty bad. I grieve over them during the long winter nights.” – The Big Sleep
Sam Spade – Though not as widely appearing as some of his peers on this list, Sam Spade nevertheless left an indeliable mark upon the detective genre. Famously portrayed by Humphrey Bogart in one of the movie adaptations of his book, The Maltese Falcon, Sam Spade is not at all a gentlemen detective. He’s a shifty character capable of getting himself in and out of fixes with equal skill. Despite disliking his partner, even sleeping with the man’s wife, he goes all out when the man is murdered to bring his killers to justice. Quote: “The cheaper the crook, the gaudier the patter.” – The Maltese Falcon
Lord Peter Wimsey – Lord Wimsey is an archtypical representative of the British gentleman detective as conceived by Dorothy L. Sayers. He appeared first in Whose Body? In 1923 and subsequently solved murder mysteries in another 13 novels, 5 short stories, and assorted stage, television, film, and radio adaptations. In addition to solving assorted murders in his spare time, the great Lord Wimsey authors his own books, including ‘Notes on the Collecting of Incanabula’, his other genteel hobby. He is also a wine, fashion, and classical music aficionado. The character was in part a light satire on the British upper class. Quote: “It’s all right, Helen. That’s not swearing, that’s an adjective of quality.” – Clouds of Witness
Hercule Poirot– Around for a remarkable 55 years and appearing in 33 novels and over 50 short stories, Mr. Poirot has been a fixture in the detective genre for many years. Created by Agatha Christie alongside Miss Marple, this dignified Belgian detective solves crimes with the use of logical reasoning, or as he puts it ‘order and method’. Mr. Poirot also appeared on stage, in a number of film adaptations, several television shows, an animated series, and a number of radio dramas. Quote: “Chief Inspector, you have been thinking again. I have warned you of this before.” – Hercule Poirot’s Christmas (#6.1)
The Scooby Gang – The gang of animated teenaged friends (and one oversized dog) solve mysteries much to the dismay of the perpetrators whose plots they foil. These meddling kids include an unlikely array of friends, the All-American teen couple Daphne and Fred, the intelligent and shy Velma, the fumbling and perpetually starving Shaggy and his trusted sidekick and trouble-maker Scooby. These teens have a knack for shattering attempts to use fear of the supernatural to conceal criminal activity. Their antics inspired many television series, a number of films, video games, and stage performances. Quote: “Velma, here’s the only thing you ever need to know about boys. They are stupid. If you give a boy two choices, a smart one and a stupid one, he will always make the stupid one every time. That’s why you never give them a choice.” – Daphne Blake in Scooby-Do! Mystery Incorporated
Columbo – A homicide detective for the LAPD, Peter Falk is a gregarious, slightly rumpled detective who manages to get the job done in part because most of his targets underestimate him. He tends to talk too much and often seems to be a bit of an airhead, though in reality he has a keen attention to detail and a quick wit that helps him piece together the events of the crimes he investigates. The series ran for 10 seasons from 1972 till 1990 and continued in special runs as recently as 2003. Quote: “Perfect murder, sir? Oh, I’m sorry. There is no such thing as a perfect murder. That’s just an illusion.” – Columbo: Now You See Him (#5.5)
V.I. Warshawski – Warshawski is a woman in charge: sexy, smart, and packing heat. After earning a law degree and serving as a public defender, she decides to go the route of the one pursuing justice on the streets, particularly in the case of white-collar crimes that might not get as much attention from the police in the gritty world of Chicago politics. The fierce detective is not afraid to get into the melee, making it quite amusing that her best friend is the one who treats the war wounds from her escapades. Due to her ferocity and strength, Washawski is considered by many to be a strong, feminist detective. Quote: “Never underestimate a man’s ability to underestimate a woman.” – V.I. Warshawski
Dr. Temperance “Bones” Brennan – Based loosely on real life real life anthropologist and author, Kathy Reichs, Dr. Brennan represents a very unique sort of detective on this list. She solves crimes current and ancient with her companion FBI agent, Seeley Booth and a crew of brilliant and eccentric scientists housed at the Jeffersonian Institute on the TV show Bones. Her top-of-field expertise in forensic anthropology allows her to unravel clues from the bones of the victims. Her no-nonsense attitude and adherence to an absolutely logical worldview both aides in her field investigations, generating a lot of unintentional hilarity along the way. The character also applies her professional knowledge to her writing career, becoming a bestselling author of crime novels during the course of her show. Quote: “I’ve noticed that very few people are scary once they’ve been poked in the eye.” [to murderer who is trying to put a voodoo curse on her, so she pokes him in the eye to shut him up] – “Bones: The Man in the Morgue (#1.9)
Perry Mason – Mason is one of the most famous and prolific figures in recent detective fiction. Featured in close to 100 novels, a radio series, two television series, and over 30 made-for-TV movies. As a defense attorney, he was known for not shying away from the most difficult and hopeless cases and always fighting to the end for his clients. He does engage in some questionable actions early on in his history, but for the majority of his existence, Mason is an ethical idealist who sticks to the books and wins his cases by his wits and the evidence. The Mason stories do conform to a predictable pattern, but the enjoyment is in the details. Quote: “She’s more of a legitimate fake than I thought she was.” – The Case of the Curious Bride
Elijah Baley– Though he does not appear in a large number of works, Baley’s impact on the world Isaac Asimov created is profound. There are only four stories that feature Baley: The Caves of Steel, The Naked Sun, Robots of Dawn, and a short story titled Mirror Image. He operates in a world far different from ours, where robots are commonplace and Earth is filled with humans who live in enclosed cities. The mysteries Baley investigates are worthwhile for their whodunit quality, but they also investigate questions of a sci-fi nature and connect to the greater works of Asimov. Quote: ““The work of each individual contributes to a totality and so becomes an undying part of the totality. That totality of human lives–past and present and to come–forms a tapestry that has been in existence now for many tens of thousands of years and has been growing more elaborate and, on the whole, more beautiful in all that time. Even the Spacers are an offshoot of the tapestry and they, too, add to the elaborateness and beauty of the pattern. An individual life is one thread in the tapestry and what is one thread compared to the whole?” – Robots and Empire
Harry Dresden – Part detective, part fireball-throwing wizard, Harry Dresden has the unenviable task of solving mysteries in a world where things do not always conform to the rules of nature and science. The Dresden Files, the name for the book series and the short-lived television series, follows Harry through a world of vampires, werewolves, spirits, and crimes both mystical and mundane. Harry himself is a tough, stubborn young man with a sharp wit he used for detective work and pithy remarks against antagonists. Did we mention he can shoot fireballs? Quote: “Laugh whenever you can. Keeps you from killing yourself when things are bad. That and vodka.” – Changes
Kinsey Millhone – The main character in Sue Grafton’s alphabetically named series of detective stories, Kinsey Millhone is a feisty woman who has never quite played by anyone’s rules but her own. She was a delinquent as a teenager, dropped out of academics to pursue police work for more action, became an insurance investigator after that proved boring, and finally went on to become a private detective. The books are well-written murder mysteries that pit Millhone into tough situations only to prove she is tougher and smarter than anything that comes her way. Quote: “You can’t save others from themselves because those who make a perpetual muddle of their lives don’t appreciate your interfering with the drama they’ve created. They want your poor-sweet-baby sympathy, but they don’t want to change.” – T is for Trespass
Dave Robicheaux – James Lee Burke’s bad boy detective patrols the swamps of New Iberia, Louisiana, managing to break most of the rules, fight off his inner demons, and still catches the criminals at the end of the day. Some readers may find Robicheaux an overly cynical and irritable antihero, but the character is rounded underneath the wooden exterior. The murder and mayhem in the books is as gritty and dark as Dave, setting the stage for an enjoyably gruesome world of murder mystery. Quote: “When people make a contract with the devil and give him an air-conditioned office to work in, he doesn’t go back home easily.” — In the Electric Mist With Confederate Dead
Charlie Parker – It is difficult enough to be a detective, and dealing with supernatural horrors at the same time makes it a true challenge. John Connolly’s underappreciated work is a wonderful world to dive into for those looking for a more obscure detective series. Parker himself is a bad boy in a bad world, and Connolly masterfully blends the touch of supernatural horror alongside the shadow of mystery. The horror and supernatural elements do come to take on a greater focus as the series progresses, so if you are looking for a realistic detective series, the Charlie Parker series may not be the best bet. Quote: “Why did you shoot him?” “You weren’t around,” I replied, my teeth gritted in pain. “If you’d been here I’d have shot you instead.” – Every Dead Thing
Harry Bosch – Hieronymus Bosch, called Harry by most, had a rough time as he grew up. He was born to a prostitute, did not know his father until much later, his mother died when he was 11, he bounced between foster homes, and ended up in Vietnam while still a teenager. Despite the fires Michael Connelly put his detective through, Bosch turns out to be an all-around good guy who believes in doing the right thing, even if it means going against the norm or the boss. If you find yourself making it through all 16 Bosch novels and still wanting more, check out Connelly’s Mickey Haller series. Quote: “Everybody counts or nobody counts.” – Personal motto of Harry Bosch.
Bobby Goren – A main character in the Law and Order spinoff Criminal Intent, Goren is a dogged investigator with an attitude and a sometimes violent temper. His passion for justice is the main cause of his occasional rages, but there is no questioning that he gets the job done, even if criminals have to be wary of him for more than just the high likelihood of him putting them in chains. Law and Order stories are always gripping, and Bobby Goren is one of our favorite lead investigators throughout all of the spinoffs for blending humor and skill while being vulnerable enough in his emotional issues to be relatable. Quote: “The only medical condition you have is denial.” – Law & Order: Criminal Intent: Jones (#1.5)
Batman – The Dark Kinght might seem to be a poor example of a detective if you were to base your opinion off just the recent movies starring Christian Bale, but the real Batman does just as much investigation as he does bad-guy stomping. Armed with the latest in technology for whatever era he is in at the time, photographic memory, and sharp analytical skills, Bruce Wayne is the only one who can root out the hidden plots of the nefarious super criminals in Gotham City. Of course, once he does find out what they are up to, he puts the fear of the bat into them. Between multiple comic book series, cartoons, live action shows, movies, and games, you will have trouble getting through all of the available material on Batman without devoting time to him every day. Quote: “He thinks he can scare me. He thinks he can stop me. There’s nothing wrong with him a bullet in the head won’t fix.” – Batman Detective Comics Vol 1 734, Mark of Cain:2
Dick Tracy – The world of Dick Tracy is a dark one inspired by the feel of Chicago in the 1930s, full of grotesque and cruel villains, backstabbing, and the hopelessness of the fight against crime. You can draw many parallels between Batman and Dick Tracy: both are detectives, fancy gadgetry becomes important later on in the Tracy series, and both have cities plagued by demented criminals. Tracy is the less skilled detective, though that could be due to his cases being relatively simple, but he has the everyman spirit that billionaire Wayne can never have. Quote: Breathless Mahoney: “Thanks for calling. I was beginning to wonder what a girl had to do to get arrested.” Dick Tracy: “Wearing that dress is a step in the right direction.” – Dick Tracy (1990)
Dr. R. Quincy, M.E. – One of the first shows to include hard forensic science, Quincy M.E. follows the work of forensic pathologist R. Quincy, whose first name was never clearly given. A gentleman and a scholar, Quincy uses his position as a medical examiner to probe into their deaths and root out the real killer. Later on in the series, he even finds himself in the middle of deep social issues of the time. If you want a taste of the original version of CSI, check out Quincy M.E. Quote: “Gentlemen, you are about to enter the most important and fascinating sphere of police work: the world of forensic medicine, where untold victims of many homicides will reach back from the grave and point back a finger accusingly at their assailant.” – Quincy M.E.: Go Fight City Hall… to the Death (#1.1)
Lennie Briscoe – A major character in the Law and Order universe, Briscoe was the head detective in the original series and had appearances in both the Trial by Jury and Special Victims Unit spinoffs. His quips at the crime scene, sharp one-liners, cool demeanor, and dry wit belie his dedication to his work and getting to the truth. The best part about getting to know Briscoe is that you have almost 300 episodes in which to do it. You will also likely come to enjoy Briscoe’s interactions with his two partners: the stodgy and moral Curtis, and the brash rule-bender Green. Quote: “Love: a devastating disease instantly cured by marriage.” – Law & Order: Couples (#13.23)
Inspector Gadget – Another on our list who began as a cartoon, Inspector Gadget could be considered a defective detective, reminiscent of other simpleton detectives like our next one. Luckily, being a cyborg full of interesting tools like a helicopter, spring-loaded feet, and other crime-fighting tools keeps him going in the crazy situations in which he puts himself, and the crimes always end up being solved thanks to the work of his daughter, Penny, and their intelligent and aptly named dog, Brain. Quote: “It’s like I always say, Penny: If you can’t lick ’em, join ’em. Then lick ’em.” – Inspector Gadget, Down on the Farm
Inspector Clouseau– Proving that you do not have to be smart to be a successful detective, at least in the world of fiction, Clouseau is the epitome of the bumbling detective archetype. Even the above detective’s outfit was based on Clouseau’s typical attire, as homage to the older compatriot. Despite Clouseau failing at even the most basic investigative tasks in dramatic fashion, he always seems to come out ahead and solve the case. His unlikely successes are so far beyond the realm of reason that they even drive other characters in the story insane. To catch the first appearance of Inspector Clouseau, watch the original The Pink Panther from 1963. Quote: ”There is a time to laugh and a time not to laugh, and this is not one of them.” – Inspector Clouseau (1968)
Adrian Monk – Portrayed by actor Tony Shalhoub, Adrian Monk is a neurotic mess. Once a successful detective, the death of his wife due to a car bomb possibly intended for him exacerbated his obsessive compulsive disorder and various phobias to the point that he could no longer function on the force. Eventually, his keen powers of observation and great detective work get him pulled back in as a consultant, though his issues make every adventure even more challenging than it is for a saner person. The show and Shalhoub have won multiple awards, and there are several connected books if you finish the series and crave more. Quote: Sharona Fleming: “Are you sure you’re not getting your hopes up?” Adrian Monk: “That’s what hopes are for.” – Monk: Mr. Monk Goes to the Carnival (#1.5)
Shawn Spencer – Spencer is the lead character in the television series Psych. A child at heart, Shawn never professionally studied how to be a detective, instead learning the powers of observation – to the level of an almost photographic memory – and deduction from his detective father. After a string of failed jobs as an adult and with no credibility to his name, he does what any would-be detective would do: pass off his heightened awareness as extra sensory perception. Accompanied by his best friend, a pharmaceutical salesman named Burton Guster, Shawn begins to solve cases for the Santa Barbara PD while maintaining a façade of supernatural power, delivering pithy humor, childish antics, and daredevil actions. While his appearance is limited to the show, he is still one of the best and most entertaining detectives you will find. Quote – “Oh, you mean my pilot’s license? That’s out back in the Cessna. Or perhaps you’re referring to my license to kill. Revoked. Trouble at the Kazakhstan border. I could give you the details but then I’d have to kill you, which I can’t do because my license to kill has been revoked.” – Psyched: Poker? I Barely Know Her!
Magnum P.I. – Despite being somehow down and out regardless of a string of private cases, Magnum lives one of the most lavish lifestyles of any detective on the list. Set in the scenic Hawaii and in the same fictional universe as Hawaii Five-0, Thomas Magnum is equipped with a number of useful tools: a helicopter pilot friend, an amazing sports car, a glorious mustache, and the best Hawaiian shirts available. He is also notable for being one of the first depictions of a Vietnam veteran. With beautiful women, interesting cases, and tons of action, Magnum P.I. should be on the short list for anyone looking for a detective series to watch. Quote: ”I’m not really sure which kind of private investigator I am. The Holmesian-type with the constant deductive mind, or one with a Marlowe-type intuitive sense of the darker side of human nature? Hopefully a combination of both. At any rate, it doesn’t matter. Not when you have a “little voice”. I don’t know, maybe a gently nagging “little voice” is just another way of adding what you know, to what you feel, but right now mine wasn’t “gently nagging”. It was screaming.” (Narration) Magnum P.I., Round and Around (#6.6)
Looking for the best apps to protect yourself and your family on your mobile devices? Check out this list, which brings you the best in anti-spyware, anti-virus, phone trackers, data lockdown, and more.
App & Data Lockers
Other Nifty Apps
Locate Lost Phones
Humans are inherently social creatures who have developed a world strongly based on interacting with others. Just like the world of information technology, the human social protocols are a complex series of rules and guidelines for how people behave when interacting with each other, and just like any other system, there are methods to use and abuse it once you understand the rules that govern it. Social engineering is a broad subject, but in this article we will focus mostly on social engineering as it is used to gain access to social groups and sensitive information.
Social Engineer is one of the few blogs dedicated to the topic.
Social engineering is using the common tendencies of how people interact with others in order to gain information or a benefit of some kind. Effectively, social engineering can be referred to as the hacking of people. Before the Internet age, social engineering would more likely be referred to as conning, but the scope of social engineering’s applications goes beyond tricking people out of money. It is about causing people to act according to your wishes. Getting someone to say yes to a date is social engineering. So is getting your company a contract from a tough client. In regards to information security, social engineering is getting people to give up protected information.
A social engineering definition can be found here.
Even companies that place a high focus on securing their information networks can prove extremely vulnerable to social engineering attacks. DefCon, one of the largest hacking conferences in the world, routinely features a social engineering competition that has demonstrated over and over again that simple tactics can be used to get enough information to potentially do harm to a company. Position in the company also seems to have almost no effect on how susceptible a person is to social engineering; a big wig is just as likely to give up information as a cashier, but the big wig also usually has access to more pertinent info.
Social engineering is gaining attention for its insidious effectiveness, and is starting to get recognized in the media and the corporate world. Check out these news articles for an idea of how it is being perceived:
Smooth-Talking Hackers Test Hi-Tech Titan’s Skills – A look at DefCon hacking competitions, utilizing social engineering within legal boundaries to ferret out intelligence designed to weaken a company’s security.
Social engineering to blame in Syrian Electronic Army hijack of the Onion – The targets of these sorts of attacks aren’t always the ones you might expect, the Onion was a recent victim of a phishing scheme.
Facebook Social Engineering Attack Strikes NATO – Often, the targets are important, such as this attack against NATO. Every organization contains a human element, the target of savvy social engineers.
How a lying ‘social engineer’ hacked Wal-Mart – Many people are naturally biased to trust based on a set of subtle criteria; a tone of voice, a style of dress, even word choices can lead people to give credence to otherwise nonsensical ideas or situations, like this Wal-Mart store manager being duped into giving away company data in exchange for a non-existent contract possibility.
These are common guidelines and methods used by social engineers before and during any assignment on which they are working. These focus more on the preparation and mindset of the social engineer than the actual attack methods that are used.
Take a look at this seminar on social engineering strategies.
Information is everywhere. If there is a topic you want to know about, you usually only need to glance at the Internet. Reading the news and press releases from a company can give you a firm background history from which to work. A social media site may give you insights into the temperament of a person or give you an idea of the social scene in which they operate. If you are trying to infiltrate a group or become closer to a person with any notable focus, then the Internet can be used to familiarize yourself with the topic.
Hackers may go above and beyond in this regard. If they manage to gain access to someone’s email account or messaging service, there may be records of conversations that can be used to mimic the person in electronic communications or learn about key topics that anyone on the inside should know about.
Imagine for a moment that you are watching a movie set in modern times and focused on the happenings in a government or business office. If there was someone dressed in jeans and a hoodie in the middle of a meeting of executives or elected officials, you would likely immediately feel the character was out of place or at least question why they were there. The same holds true whenever you want to interface with another social group, whether it is a company or a club.
Also worth noting is that looking professional – wearing a nicely tailored and well-kept business suit – can generate an obscene level of trust in your social interactions. The suit conveys a lot of subtle messages: this person is a successful member of society, they likely have money, and you can trust then a bit more than the average person. You may not gain complete trust and unlimited access, but the difference between the trust levels shown to someone in a suit and someone in casual clothing is palpable.
This article gives you a glimpse into the advancement of research into the integration of robotics and emotions.
If computers are getting to the point that they can recognize and react to the emotional displays of people, then there is no reason that a person should not be able to better do the same task. Taking the time to read on facial expression theory and other psychological articles can help point you in the right direction, but the only way to really learn is to go out and talk with people. Doing this with new people consistently will also give you practice on learning how to pick up the subtleties in a new person’s expression and tone.
Just having an idea of how to work a plan does not mean you should ignore contingency plans. Even if a failure in one portion of a plan only leaves breaking off the attempt, you should be prepared for the possibility and have a clear idea of how you will break it off. This is not going to eliminate having to think on your feet, but having a guideline for your actions can mean the difference between a smooth response and something haphazard that sends the wrong signal.
Unlike the world of open conflict, more numbers on the side of the target can be a firm advantage. Working your way into a small firm can be a dogged task, but it can be easy to turn into “just another suit” at larger offices. It is almost always easier to work your way into social situations when the target has a larger number of people involved.
If you were to take movies and shows as fact, you would think social engineers waltz into a business with a suit and savvy and somehow manage to make their way into the confidence of the boss or gain access to sensitive areas within a few minutes. A real social engineering effort may take weeks or months to accomplish properly.
A number of techniques have become common practice for social engineers. The list here is not exhaustive, and the variations on these techniques makes covering them all a task better suited for a textbook.
This rainbow of techniques is typically meant to refer to scenarios where the attacker poses as a person or service the target already knows via electronic communications. One of the most common phishing emails is one that mimics the company’s style and email address while telling the target that their account has been locked out due to potentially malicious activity. A link is supplied to the target to reset their password. The site looks like the company’s to the smallest degree, but the reset instead sends your old and new passwords to the phisher.
The delineation between the terms is based on the attack vector. Phishing is done through the computer, vishing is done through the phone, and SMiShing is done through text messaging.
Pretexting is the art of constructing a scenario in which the target is more inclined to go along with the wishes of the attacker. The most common example of this in action might be taken from the ways people try to convince traffic cops to not give them tickets: “My friend is in the hospital”, “My wife is delivering our baby”, or “I’m on my way to stop the love of my life from getting on a plane and never coming back.” In the movie Live Free or Die Hard, a character uses the pretext of his grandfather in the hospital to get an OnStar agent to activate a car he wants to steal.
There is always a host of information for any company that is not considered protected, but social engineers can piece these bits together to create the façade that they are a member of the company or an associate. For example, instead of just sending an email to the tech support desk for a password reset, a social engineer might send it directly to one of the IT staff members with a message stating that there is a vital report wanted immediately by a big name at the company on that computer, and you need your password reset immediately.
When dealing with a pretty face, a person can become distracted and lose focus on the things that matter. Not every social engineer will be a model, but you can expect the ones that have been favored with good looks and charm to use the advantage.
Most people simply have no idea what is going on with their computers beyond interfacing with the applications they use to work. Computers also have an unfortunate tendency to break down due to misuse or just over time. In larger companies, it may not be uncommon for the IT department to be behind on fixing all the computer issues that are active. By masquerading as tech support, savvy social engineers can troubleshoot for the employee while also placing themselves in a trusted position to ask for personal information like passwords.
Coming up to a person directly and asking them about secure, private topics may immediately trigger warning signals. If the social engineer instead approaches a person via a secondary topic and befriends them, then later probing for the information has a higher chance of success due to the longer time for which trust has developed. As an example, if the target is an avid golfer, then a social engineer might find a way to arrange for them to end up playing together. This would let the engineer strike up a conversation naturally due to the common event.
It is nigh on impossible to stamp out the threat that social engineering represents even when utilizing proper security methods at a business or simply trying to avoid falling victim to it yourself. Much of the research and the supported methods for handling the threat of social engineering are to educate people on the dangers of it, develop security policies based on what needs to be protected, install Data Leak Prevention (DLP) software, and do penetration testing to get a real idea of the level of security in place.
Both in your personal life and in the business world, sensitive information should be treated with respect and controlled properly. That does not mean you have to give someone trouble every time they ask for personal information, but taking the time to double check that the person is who they say they are and that you can feel comfortable handing over sensitive information can be done with a high degree of trust.
To use an analogy, the human minds that reside within a social group can be thought of as computers on that social network. Where you would patch a computer, you would educate a mind. The ways in which you can be educated are numerous: you could have an article on social engineering (like this one) made mandatory reading, make social engineering news part of your company newsletter, or hold a class every couple of months. At the very least, people should be aware of the information policy on which you decide. The patch may not take on every person, but you should at least try.
An up and coming type of software is joining the ranks of applications like antivirus and firewalls on the list of things any network trying to be secure should have: Data Leak Prevention (DLP) tools. The software can monitor data in storage, in use, or going over the network, and it can perform tasks like preventing the data from sending or triggering an alert if something is sent. This is limited to just helping to prevent social engineering mishaps on computer networks, but social engineers are likely to use a combination of methods to try and gain access to the most valuable information.
Just like your hardware and software, your people can benefit from penetration testing in order to ascertain their awareness of social engineering as a threat and the information security policies that protect from it. This usually requires the aid of an outside entity to get a proper simulation of an attack from someone currently outside the company.
Social Engineering Fundamentals: Part II: Combat Strategies – An article on preventative measures against social engineering from Symantec, a notable information security software company.
You may not want to con someone out of their account passwords or savings fund, but that does not mean that the methods of social engineering cannot find their place in your life. They can even be used effectively for altruistic purposes. For example, making new friends can benefit from the inclusion of social engineering information.
Social engineering as a way to gain access to secure information is a threat of which everyone should be aware. Like almost any form of science or technology, it can be used for good and for evil. Taking the time to learn social engineering methods is the best way to use them to your benefit and know how to defend against them. Unless you move to a deserted island with no technology, you are going to be subject to the designs of social engineering, so you may as well stay informed on the subject.
A great number of excellent PI and related blogs have fallen in the last few years, but there are still quite a few worthy of perusing. They are pretty evenly divided between a focus on other PI’s and educated potential clientele. Most of the quality PI blogs come from professional investigative firms, but some are from individual PIs. This list also includes interesting criminal justice blogs from the perspective of police investigators as well as detective and murder mystery oriented writing blogs, as they often pull heavily from real investigation and often contain interesting or useful information.
Information theft and the damage it can cause to consumers and businesses have been featured extensively in the news for most of the past decade as we move to an almost entirely online way of doing business. The usage of the Internet for business has changed the landscape of the commercial world for the better, but it does provide an avenue of attack that allows malicious entities to acquire sensitive data without ever stepping foot inside an office. For this reason, the PCI DSS was created.
Chances are high that, as a modern business owner, you at least have a passing knowledge of the need for PCI compliance. For those less technologically savvy or who do not have the time to read through extensive regulations, this need can seem like an unnecessary burden, both to your budget and your time. To help you at least become more familiar with the PCI DSS, this guide will give a high level overview of the purpose and requirements of the regulations and provide advice and resources for becoming PCI compliant.
PCI stands for “Payment Card Information,” and the appended DSS often seen accompanying it stands for “Data Security Standards.” The PCI DSS was created by the PCI Security Standards Council, which consists of the five largest credit card companies: MasterCard, Visa, JCB, American Express, and Discover. Its intent was to establish a system for protecting payment card data which can be used for malicious purposes easily once it is in the hands of unauthorized persons. It details the baseline security procedures that companies who interact with payment card information should follow, assists in providing information so the companies can do so, and establishes penalties for noncompliance.
The PCI security guidelines apply to anyone who stores, processes, or transmits consumer payment card data. It does not matter if you run a restaurant, work from home, or have a small chain of stores. If you directly interact with payment card data in any fashion, even by just processing one payment, you are almost assuredly under the purview of PCI DSS. Even if you utilize a payment gateway or merchant account service, your business is responsible for adhering to the regulations as long as it interacts with the payment data in any fashion.
This is a general, step-by-step guide to becoming compliant with the PCI DSS. The PCI regulations themselves outline this process, though the sections are broken down a bit further. These steps do not address every action you need to take through the process. For the exact details on how to follow these steps, consult the PCI DSS version 2.0, available on the PCI security standards site. This especially applies to the more technical sections of firewall and encryption usage.
Firewalls are used to monitor and manage the network traffic running through a system. There are a number of free software firewalls available online, but a high quality, commercial firewall is typically going to be more secure. You can also opt for a hardware firewall for increased security.
Password policy is a simple security procedure that many people fail on regularly. A complex password system may be inconvenient, but when people use generic passwords such as “firstnamelastnamenumber,” “password1,” “qwerty,” or “abc123,” it becomes easier for rudimentary cracking programs to bypass this first level of defense and even makes it so an account could be accessed by an unauthorized user without the use of such a program. Passwords should be case sensitive and use a mixture of upper case letters, lower case letters, and numbers. They should also avoid common dictionary words and should not be recycled.
Data encryption renders a file virtually unreadable without a proper decryption key. Encryption technology has evolved to the point where, even if a hacker somehow accesses the encrypted data, decrypting the data is still a difficult task. The method is not foolproof, and you cannot store certain pieces of information even if you encrypt it.
Viruses and malware can find their way onto a computer through a number of seemingly harmless methods, such as installing a new program or browsing a website. Once compromised, an infected system may be more easily subjected to hacker attacks or the activity on that system, including network traffic that contains payment data, can be monitored remotely. The capabilities of these malicious programs are extensive, making the use of software to detect and remove them essential for information security.
Limiting the ability of unauthorized personnel to gain access to sensitive information is aided intuitively by limiting who can access it, both electronically and physically. With more people who can access the data through normal operations, the risk of a security breach increases. Payment data access should be restricted to specific user accounts based on need, and you should not utilize any group or public access accounts on sensitive systems. The physical access to the data should be limited as well and be situated in a secure and monitored area. Additional levels of access control such as managing user accounts, password cycling, secondary login verification methods like biometric data or access cards, and lockouts on repeated login attempts are also required.
Keeping track of the systems which interact with sensitive data can be useful in determining intrusion attempts or discovering the source of a data breach. All activities should ideally be monitored, but the PCI DSS specifically calls for keeping logs of access attempts, creation of system-level objects, the activities of root and administrator accounts, any accessing of payment card data, and audit trails with specific attention paid to recording the time, outcome, origin, type, and effected components of the event.
Once all the security measures are in place, the PCI DSS necessitates a variety of regular testing procedures. Quarterly procedures include penetration testing performed by an Approved Scanning Vendor (ASV), scanning for unauthorized access points, and vulnerability scans. Extensive penetration testing is required at least once per year, and additional testing should be performed after any significant changes to your systems.
This is one of the more detailed and overarching requirements of the DSS. Put simply, it requires that your business has established operating procedures relating to information security. Obviously, part one of this policy is to ensure that your systems remain PCI DSS compliant. Other considerations include maintaining a list of approved electronic devices for your systems and clear information as to who and what the devices are intended. The responsibilities of “information security manager” should be assigned to an individual or group, which can be an outside security provider. These responsibilities include account management, educating personnel on information security procedures, and monitoring the company’s networks. Security procedures should be discussed with any third-party vendors the company uses, and a formal, written agreement should be composed. The plan should also specify when testing procedures should take place, and the plan itself should be subject to testing and scrutiny.
Also, bear in mind that the individual payment card companies may place extra requirements onto merchants. For example, this is a list of Visa’s requirements. While not too far off from the main PCI DSS, it is important to be aware of these requirements to avoid issues.
While the PCI regulations are not enforced by law, the major credit card companies and banks level fines that are tiered to the volume of transactions a company processes. The exact amount of the penalty also varies based on a case by case basis, but they can range from $5,000 to $500,000. They may also continue fines on a monthly basis if non-compliance is not rectified.
While the overall concept of becoming PCI compliant is fairly straightforward, the intricacies of actually adhering to all the various guidelines and regulations can be difficult for small business owners to handle, and it can often eat up the limited time of the fewer employees that the smaller companies possess. Enlisting the help of companies certified to validate and assist with PCI compliance is recommended by the PCI regulatory body and is required in some cases, such as the regular testing by an ASV made necessary in the regulations. QSAs (Qualified Security Assessors) can be used to verify that you are adhering to the PCI DSS.
Aside from the companies directly related to PCI compliance, the help of a Managed Security Service Provider (MSSP) is good practice for enhancing your general security and thus helping your systems to comply with PCI guidelines. These organizations are experienced in setting up information security functions for businesses and individuals, and utilizing them is often more inexpensive for small businesses who cannot afford to bring on several IT staff members just to handle information security. Many MSSPs can also function as QSAs, but it is better practice to use different companies for these services, even if it is not required to do so.
A report detailing some of the best MSSPs based on various criteria can be found here and the lists of PCI Security Standards Council approved QSAs and ASFs are located in the resource section at the bottom of this guide.
You can also engage in further reading with tools like this free PCI for Dummies ebook, courtesy of Qualys.
PCI represents a baseline level of security that should be adhered to by companies that handle sensitive data. While it may seem to be an unnecessary burden, information security breaches have been responsible for trillions of dollars lost through fraud and secondary expenses. Even if your business does not handle high volumes of transactions from a number of different customers, neglecting to properly secure your information systems can result in data breaches that put you and your customers at risk and do extensive monetary damage. It is in your best interest to take information security extremely serious and even go beyond the security standards set by the PCI DSS.
PCI Security Standards – The main PCI DSS site. It contains the regulations, supplemental information, links to certified assistant companies, and more.
Approved Scanning Vendors – The official list of ASVs certified by the PCI regulatory body.
QSA List – A searchable database of QSAs certified by the PCI regulatory body.
PCI Compliance Guide – A helpful reference for PCI compliance questions and information.
Emerging Managed Security Service Providers, Q1 2013 – A detailed analsys provided by Forrester of the most promising MSSPs.
Becoming ‘PCI Compliant’ If You Accept Credit Cards – A checklist of tasks for becoming PCI compliant from the BBB.