The biggest computer security vulnerability ever

I talk quite a bit about computer viruses and computer security on this site. It’s probably one of the bigger problems that I grapple with for my customers. Today I’m going to talk about the biggest computer security vulnerability there is. In fact, this is a general security vulnerability. It doesn’t affect a specific operating system or piece of software. It’s also the MOST attacked and exploited vulnerability in all of computing.


Yes, the computer user is usually the weakest link in the computer security environment.

Social Engineering is what is referred to as the computer cracker con-man’s best tool.

Take this example. The phone rings, “hi I’m from _yourisp_, we’ve had a problem here with some of our mailservers and need to get some information from you about your username and password.” Ok, many home users have to scratch for the information, but is the caller really from your isp, don’t they know that information? Unfortunately some people are gullible enough to bite.

This is, in many ways, no different from the phishing attacks that we see. A message claiming to be from your bank asking you to login and “verify” your account information.

OK, let’s say it’s a business environment. Hi, I’m the new computer tech guy and was asked to install some software on your machine….. oh, I didn’t realize… well, ok.

I’m sometimes amazed when I go into a business and explain to a new face that I’m there to look at their computer and many without question to me or anyone else will say ok and let me in to the keyboard. Of course, I’m not going to install trojans or backdoors, I’m always at businesses for a legitimate call. It is a bit amazing when you consider how easily some will accept the story at face value without batting an eye.

The bottom line here is to try and check with someone who knows whether or not the person should be there. Is he really the new tech guy, call the IT desk and ask to verify. If you’re only there some days, but suspect that other people know him, check with someone that should have met them.

The next element of security fault you might present is the choosing of passwords. Usually dictionary or name based passwords are TERRIBLE security wise because they can easily be cracked by an automated, dictionary-based password cracking tool. “But it’s hard for me to remember something else.” Try this approach, think of a phrase…. let’s see….

“ask not for whom the bell tolls, it tolls for thee”

Let’s use the first initials of words to make a password…

ok, not bad, better than bell (or belltolls).

Let’s try substituting numbers that sound like words (four/for)
That looks much better. It appears fairly random, would be tougher to crack and probably easy to remember. In fact even without the phrase some folks might have it memorized in about 4-6 uses.

One important note. Be careful about leaving passwords taped to the monitor, keyboard or in close proximity to the computer. That is VERY obvious, even if you don’t specify PASSWORD.

Think about what you throw away. Did you just through out your login information into the trash or did it get shredded before going out. Don’t underestimate the advantage that a cracker could gain by any detail of information about network layout, usernames, internal software. As we might have seen in the article on google’s use in cracking there are lots of bits of data that can be gleaned from a search engine that could be useful for a cracker. (If you followed the links you’ll be certain to have seen some great examples.) One such is computer system software audits. This would detail the version of the Operating system and all software installed. A literal goldmine for an attacker looking for a foothold in the network.

Another avenue is web pages. Let’s say we go to a site and something pops up saying “you have a virus – click here to remove”. Wow, I guess I better do what it says. Stop and look. Is it in a web browser window, what does the title look like. Is it very flashy and eye-catching or is it something more like what you’ve seen your antivirus software warn with before. I’ve seen people fall for this as an ad and on the click, a piece of software downloads and installs that is more of a headache than some of the real viruses. If in doubt, close that window and any others, open a new browser session and visit Trendmicro’s online antivirus scan

Beyond that stop and think anytime a website tries to automatically download software.

Be cautious, be “web smart” and don’t let yourself be the weak link in the security of your pc.

Related Posts

Blog Traffic Exchange Related Posts
  • The virus arms race? is locking down systems the key? The securityfix has a post on the "dirty little secret" about antivirus. Eugene Kaspersky of Kaspersky antivirus has posted an introspective article on the antivirus industry and it's current problems. The biggest problem with antivirus is that it's always one step behind the virus writers. Antivirus software only can prevent......
  • Firefox out and be cautious with extensions... Well, let's start with the extensions first. Like ANY software, you should be cautious installing something from an untrusted source. If you think an extension looks neat and cool - look for reviews and third party information before installing it. That much said.... never install an extension that comes attached......
  • Network Security guide for the home or small business network - Part 11 - Why? Alright, so you're still reading this series and you're thinking. Look, I'm not protecting national security secrets. All I'm doing is (running a business|emailing my grandkids|using the web for research). True, good point. You're not at the defense department. OK. Let's say you just use your computer for email and......
Blog Traffic Exchange Related Websites
  • How to Steer Clear of Shady Advisors - It is Hard than you Think As I have stated, I constantly read's Personal Finance Section online, I find that their articles are usually interesting and informative; well tonight I read an article which was neither.  It was titled, "How to Steer Clear of Shady Advisors" written by Mary Pilon.  It was obviously (in my......
  • Significant Things To Remember Before You Buy Your Business Plan Software Most people, who plan on buying any kind of software, will search for the reviews online. If you are looking to buy good business plan software, you should do the same. There are plenty of such reviews on the Internet today. But only some of them can be helpful. Many......
  • My experience as a member of CNBC's Fast Money live audience - Part 2 Yesterday, I took you though the preparation and process of being an audience member of CNBC's Fast Money. When we last left, I was just arriving at the Computer Science Museum at 12:20, ten minutes before I was requested to be there and an hour and a half before the......    Send article as PDF   

Similar Posts

See what happened this day in history from either BBC Wikipedia
Amazon Logo

Comments are closed.

Switch to our mobile site