A broad metal chain made of torus-shaped links Source: Wikipedia |
9 years ago I wrote a post titled: The Chain is as Strong as the Weakest Link in the Chain.
Based on my experience in a Penetration Test, I argued that human beings are the weakest link.
Many employees Security awareness is insufficient. Few employees are even motivated to breach Security.
As far as the home computing or the consumers computing is concerned, there is even less Security Awareness than in organizations.
I am a Security and Risk Management expert, therefore I should be aware of Cyber and Security threats and I should refrain from being damage by these threats.
I am certainly aware of them, however I failed twice by ignoring a potential threat.
This post is about lessons learned from my Security protection failures.
I love you - I hate you
Many years ago I received an e-mail message from a friend. My friend is an IT expert, who participated in a Security Software product development.
I did not suspect that the link I Love you will install a worm in my PC. I opened the link and the worm changed my Windows Registry file.
It duplicated itself as part of e-mail messages that was sent to all the people included in my address book.
I was aware of the problem shortly after my careless mistake.
A young guy whose girlfriend decided to end their relationship coded a worm using Windows Visual Basic Script and spread it.
The worm was named I Love you.
Cleaning my computer from I love you
1. I warned all my e-mail connection not to open the message.
2. I checked that I have an updated backup file.
3. I found and executed a program named "I Hate you" which was documented as a cure for "I Love you".
4. Few months later I discovered that the worm was not moved from JPEG files. Anytime I tried to open a JPEG file the worm was send by e-mail to all my connections.
5. I found another solution to the problem by searching the Web.
The new solution was not automatic. I had to clean the System and the Registry systematically step by step.
The Facebook Bear is a Worm
Recently I received few Facebook messages from a Facebook friend.
My Facebook friend is a Computers expert. The messages were part of a discussion on Bridge, however, a link to a video was included.
I pressed the link showing a bear which surely does not play Bridge.
The video was a Facebook Worm. All my Facebook friends received immediately a message from me including the Worm.
Cleaning my computer from The Facebook Bear
1. I warned all my Facebook friends by writing on my timeline that I was infected by a worm and they should not press the hyperlink included in the message sent by the worm and not by me.
2. I closed Facebook and open it again and Facebook notified me that a Trend Micro Security program is automatically checking and cleaning my Facebook application and data.
The program corrected the Security problem.
3. I deleted the infected message.
Analysis and Conclusions
In both cases I lowered my Security awareness because the sender was an Information Technology expert and because the sender is a friend of mine who sends many messages.
Quick identification of a Security breach was a key in solving the problem.
Lesson Learned
1. Always be alert and ready to identify Security threats.
2. Suspicious hyperlinks are suspicious hyperlinks. It does not matter who the message sender is.
3. In most cases it is possible to solve a Security problem, but quick problem identification is a must.
4. Notify all your connections about possible messages sent from your computer by worms. Tell them to ignore the message and to scratch it without reading it.
5. Do not postpone worms and viruses removal. As soon as you discover the problem stop working and try to fix the problem.
5. Full problem correction is a must.