Alexa, Am I Safe?

By Maelisha Kahlbaum, ICS 171 student

Alexa is a form of AI (artificial intelligence) that was designed by Amazon to make everyday tasks like answering questions, setting reminders, make lists, play music, and shopping easier by the sound of the user’s voice. All the user has to say is “Alexa, _______.” According to Amazon, the advanced programming of Alexa has security features built in for data protection, but it doesn’t mean that Alexa is completely bulletproof from cyber-attacks especially if people have it connected to appliances and home security.

There are multiple incidents around the country, where victims (and their family) of cyber-crimes went through months of small terrorizations from playing with their appliances to actually stealing their identity and racking up debt. Most times it will start by the perpetrator gaining access to their Wi-Fi or having a relationship with the victim and allowing themselves into their devices and home. When setting up an Alexa it asks to link various accounts to it, such as their Amazon account, apple music and Ring camera system. It seems innocent but it can result in a breach. Alexa also reads e-mails aloud or placing an online order. Family members or anyone visiting can draw personal information from the device.

Three ways to protect yourself

  1. Device Password Protection:

Most device passwords consist of four to six numbers/letters and it may protect it from some people to gain access but… it’s still hackable. It is a healthy security habit to change passwords every four to six months to become less predictable.

The first password people try is something personal, like a birthday or dog/cat’s name. Tip: Avoid anything personal but it should be memorable.

2. Wi-Fi Encryption Protection:

Same thing for Wi-Fi Passwords it is a healthy security habit to change passwords every four to six months to become less predictable. The first password people try is something personal, like a birthday or dog/cat’s name. It’s also healthy to switch up Wi-Fi names every few months to keep it fresh and confuse hackers who have tried to get in before.

3. Disconnect from Unnecessary Appliances:

Buying Alexa compatible lights seems unnecessary in the sense that you can just use yourself or ask someone to turn the light on/off. If you have an Alexa connected to an appliance that is operatable physically, you should disconnect it. It’s one less appliance that can be used in a cyber-attack. The worst thing to happen is murder by the enemy giving themselves access to the security system or the door locks.

In conclusion, Alexa users are not bullet proof to cyber attacks and can get hit at any point of time, but to avoid this disaster it’s important to take the threat seriously and create a healthy habit of changing passwords and Wi-Fi names and disconnect unnecessary appliances to take away extra ammunition from the enemy and prevent a more serious heinous crime.

Spear Phishing – Not the Good Kine

By Lindsey Freitas, ICS 171 student

I’ve never gone diving or spear fishing; I’m significantly better at eating or cooking seafood. Spear phishing on the other hand, requires preparation to deny a threat the opportunities to be successful in their attempts to access servers, databases and more.

Phishing, according to CompTIA, is ‘a type of cyber attack that uses email, phone or text to entice individuals into providing personal or sensitive information, ranging from passwords, …to details about a person or organization.’ As shown in the example here, even simple phishing scams can appear to be affiliated with real, trusted entities.

Over at Cisco’s webpage on email security, spear phishing ‘targets specific individuals instead of a wide group of people.’ What makes a spear phishing attack particularly dangerous is that attackers will often research the victim to make the attack seem more legitimate. In other words, spear phishing is tailored more specifically to the victim – a personalized scam, so to speak. This may be the first move by an attacker to gain unauthorized access or data.

Even the best security software and policies are only as good as the users who adhere to them – or don’t. The fact of the matter is that no matter what can be done, there will never be a system that is completely and totally secure. Phishing, and spear phishing attacks in particular, rely on the human element as the weak link in any security system. The illegitimate attempt to gain confidential, privileged, or administrative data is the key point in a spear phishing attack.

According to the SANS Institute, 95% of all attacks on enterprise networks are the result of successful spear phishing. A high profile, very recent example: the Twitter hack in July earlier this year, reported to be the result of a successful spear phishing attack, allowed attackers to tweet a bitcoin scam from verified accounts belonging to Bill Gates, President Barack Obama, and several others. News reports indicated that attackers successfully gained access to powerful tools used by only a few Twitter employees, tools that would allow access to, and control over accounts – including access to personal messages.

But wait! When even government entities and tech companies, with their budgets and specialized knowledge are susceptible to spear phishing attacks, how can we protect ourselves from such a sophisticated threat? It’s as vital now as ever to be aware of threats such as spear phishing, and how to prevent from these and other threats. Like most threats, the best ways to mitigate spear phishing attacks is being mindful and aware of best practices in regards to cyber security.

One of the most important things in protecting against this type of threat is being able to recognize the illegitimate attempt to gain access or gather information. Not supplying personal or confidential information over email or text is a common recommendation, as is ensuring that antivirus and other malware protection is updated regularly. It’s also good practice to not open attachments from unknown sources, and to check the emails from known contacts carefully.  Attackers may attempt to mimic legitimate emails in an effort to gather confidential information.

Figure 1 – Legitimate SharePoint Invitation

Figure 1 is an example of a legitimate SharePoint invitation from my IT department at work. Compared to the previous example, it can be difficult to distinguish a legitimate request from malicious attack. When in doubt, it’s a good idea to contact the organization directly – a phone call might seem inconvenient and old fashioned, but the time it saves will pale in comparison to the potential damage wrought by a successful spear phishing attack.

A Parent’s Guide to Cybersecurity for Kids

IN THE AGE OF DISTANCE LEARNING

By Ross Ledda, ICS 171 student

Now your kids are online—so learning is online. It is a new kind of danger that many of us are unfamiliar with. As the younger generation makes its way through the first few months of distant learning, the concern of online security issues is on the rise. Here are 3 steps you can enact to let your mind rest in ease as your children pursue online learning:

Step 1: Talk to your child!

Educating our children on privacy and confidentiality is of utmost importance. Teaching them that the importance of withholding information from people, even their classmates, confidential information (home address, date of birth, etc.) will get them to act smarter and think twice about their actions taken on the internet! Just as we would tell them never to talk to strangers, goes the same as a foreboding to who may be on the other side of the screen.

Step 2: Cover that webcam!

If there is any one thing we can do, it’s covering our webcam when not in use! The idea that someone may be watching us through the other side of the screen, though rare – is true! A peak into our private life is far from what any of us want. So, while our children are out of class or simply not in use of their webcam, covering it with something as simple as a post-it note will nullify the possibility of somebody trying to monitor us.

Step 3: Educate and converse!

Redundant as it seems, this is the single most important factor. As said in “Step 1: Talk to your child!”, we must have an open conversation with our children on any privacy problem that we can perceive. Home address and date of birth are only two examples of what not to share. Passwords and email addresses are also things that are not to be shared with random people or websites! Not only should we instruct our kids on why we should not share personal information, but it can go for problems far beyond that! Education and communication are two key factors in ensuring online safety.

As the entire world continues to wait on new ways to combat COVID-19, online education will be at the forefront of learning. While seemingly tedious, these steps are nothing more than second nature than when it comes to tasks such as locking your car door before going into the grocery store!

What We Can Learn From Our ICS Faculty and Staff

Aloha everyone! 2020 has been one intense, crazy, and completely unpredictable year, and the events that occurred will continue to affect all of us in one way or another for many years to come.

October brings us another event, but this time it’s a good one—the 17th annual National Cybersecurity Awareness Month. We know there are many distractions going on right now—COVID-19 continues, the elections, the economy, and just dealing with life—are all more than enough to keep us busy! Who has time for cybersecurity?

Well, think about the following: Did you know that after COVID was declared a pandemic, 88% of the organizations worldwide made it either mandatory OR encouraged employees to do remote work? This pandemic has re-written a lot of the “norms” for remote work. This statistic doesn’t look scary, but it should – look at these sobering numbers:

  • Cyber-attacks were most prevalent against healthcare and financial industries
  • Email scams related to COVID-19 surged 667% in March alone
  • Also in March, the search term “how to remove a virus” rose by 42%
  • Users are 3x more likely to click on pandemic related phishing scams
  • 530,000 zoom accounts were sold on the Dark Web

The Internet was a dangerous place (non-secure) BEFORE COVID-19. Since then, the entire global community had a large-scale push to deploy systems, software, processes & procedures, and even new working paradigms (remote work). It’s probably safe to say that we are less secure now; consider that this surge really means that more and more information (of all kinds) is being created, passed, processed, disseminated, and in some cases stored, in a non-centralized environment (like those remote work computers) – defenders have a larger environment to keep secure. But how many users were trained how to work in this new macrocosm securely? How many defenders were trained to defend this expanded environment?

Let’s also consider the state of our new “global” information system. Many of us use it as the sole means to retrieve and disseminate news and information about the world we live in – how much has this changed? A quick search in google on “COVID-19” gives us 6.3 billion results. Hmm. might take a while to getthrough all that information.When we add “Hawaii” to thesearch – it narrowed down to amere 620,000,000 results;searching for “COVID-19” and“Kaneohe”, brought it to a reasonable (??) 12,100,000 results. That should take care of the weekend reading right?

So, just trying to get reliable, accurate, local news about what was going on and how daily life would be affected, requires a large amount of intellectual “sorting” – and that’s just for local news – what about news on other cities, states, or even countries? How much of this information out there is fake? Dangerous? With all that confusion out there, how easy would it be for bad actors to take advantage (fake news, phishing scams, etc.)? It’s easy to allow frustration and confusion to make you forget about information security and protecting yourself and your family.

The main goal of National Cybersecurity Month is to raise awareness of the importance of cybersecurity – and to remind you that YOU play a vital role in protecting your part of cyberspace, whether you are using it for work (remote work) or in your personal life (or both). The theme this year is “Do Your Part #BeCyberSmart.” And they are emphasizing “If You Connect It, Protect It”. Protecting information is the goal, and even small steps on your part can help to achieve that.

In the next few weeks, the ICS staff will be sharing articles from both CISA (Cybersecurity and Infrastructure Security Agency) and from our own Windward Community College ICS students, starting with articles by students in our current ICS 184 Introduction to Networking class. There is a lot of good information in there to help keep you safe; please use these resources, share them with friends and family and make this month—and every month—your cybersecurity awareness month.

—ICS faculty & Staff

Michael Kato, ICS assistant professor, katomich@hawaii.edu
Laura Sue, ICS assistant professor, laurasue@hawaii.edu
John Oshiro, ICS lecturer, oshiroje@hawaii.edu
Jodie Yim, ʻAo Kahi Project coordinator, jodieyim@hawaii.edu

Chatbot Avatar Design Contest

Create an avatar for our new website Chatbot!

Win a $25 Amazon gift card and Windward swag!

All entries must be submitted by November 6, 2020

You’ve got character. Share your avatar design skills with Hawaii and the world for a new chatbot, Windward’s little robot that will answer all of your questions, for our college website.

Your design should

  • Connect or mo‘olelo to Windward Community College
  • Keep it original and creative
  • Have a friendly face
  • Have a creative name that works with “Ask ___” (Like “Ask Pua” or “Ask Mo”)
  • Include our campus color (PMS 376, #81bc00, or R129 G188 B0) in some way (optional)

Submit your designs to:
Makamae Sniffen
jsniffen@hawaii.edu

Is Your Connection Secure?

By Mimo Yuen, ICS 184 student

Are you the kind of person who, after arriving at a hotel or Airbnb, immediately tries to figure out how to get onto the Wi-Fi? Don’t be that guy.

With the increased presence online, as schools and organizations from all over the world transform to work remotely, it is imperative that your Internet connection is secure.

To help you with this, consider the following simple tips:

  1. Avoid Public Networks
    You might be tempted when you see free Wi-Fi at airports, restaurants, malls, and hotels, but you should never connect to public networks. They are inherently unsecure. You don’t know who else is connected at the same time. If another user’s device is infected with malware, that malware may spread to your device through the network. Furthermore, a public network is a real treat for hackers. They can distribute malware through the connection, eavesdrop on you, and intercept all of your data. You may not even be connected to the Wi-Fi provided by the organization but rather a rogue network set up by an attacker, waiting for you to take the bait.
  2. Use a VPN
    A virtual private network (VPN) offers a secure connection by using a proxy server that navigates the Internet on your behalf. It can hide your IP address and protect your online activity. Most importantly, it encrypts your data, so if it does get intercepted, there is less of a chance that it will be compromised. It essentially lets you go online anonymously. If you absolutely must use a public network, use a VPN.
  3. Enable a Firewall
    A firewall acts as a shield that blocks out unwanted internet traffic. It looks at incoming data packets to check whether they are safe by using a set of rules and policies. Some firewalls also monitor outgoing data in order to prevent your sensitive information from being sent to unauthorized entities. Nowadays, operating systems usually have built-in firewalls, such as Windows Defender or macOS’s Firewall, but you need to ensure that it is enabled. Don’t forget that this tip, along with those above, applies to all devices that access the Internet, not just computers.
  4. Change the Default Settings of Your Home Networking Devices
    While it may come as second nature to worry about security when it comes to unfamiliar networks, you may not be as cautious when it comes to your network connection at home. The most basic security measure you can take is modifying the default settings of your router or modem. For example, change the factory password and the default SSID (the name used to identify your wireless network). You can also turn off the SSID broadcast, so that your network isn’t listed as available for devices. These steps can protect your network from intrusions, thus securing your connection further.

The Internet comes with risks, and as a user, you are susceptible to those risks. Wouldn’t you want to take five minutes doing these things to prevent an attack, rather than what feels like five lifetimes recovering from one? There are so many other things that you CAN and SHOULD do to improve your cybersecurity. Today, I encourage you to start by asking yourself, “Is my connection secure?”

Who Stole the Cookie from the Cookie Jar?

By Katrell Plunkett, ICS 184 student

Cookies might sound like a delicious and sweet treat however, when talking about your computer we are referring to the pieces of data collected from your web session that get stored in your browser. Every time you revisit the website, the browser then sends the cookie back to the website with all the stored data from the earlier visit.

For this reason, cookies can be helpful and can appear to be sweet making browsing a breeze, pulling up your usernames and passwords and even showing you ads for things you previously searched for. On the flip side these cookies can be stored for years causing your browser to move slower and these targeted ads can start to become annoying.

However, these cookies travel across the internet bouncing from server to server and can easily be intercepted falling into the hands of a hacker. While cookies are mostly used by ad services, they also store information from banking sites as well as other personal information you may have entered on shopping sites like your address or other contact details. Therefore, cyber security experts recommend clearing your cookies from your browser frequently and especially whenentering personal and sensitive information to websites.

These are the basic steps to clearing your cookies.

Google Chrome

Google Chrome will automatically delete cookies after the browser is closed if the “Keep local data only until I quit my browser” selection is made. Specific site exceptions can also be made from this menu.

  1. Click the Chrome menu on the browser toolbar.
  2. Select Settings.
  3. Click Show advanced settings.
  4. In the “Privacy” section, click the Content settings button.
  5. In the “Cookies” section, Remove all at the bottom of the dialog.
  6. You can also choose to remove all cookies created during a specific time, using the Clear Browsing Data dialog.

Safari

  1. Choose Safari > Preferences, and then click Privacy.
  2. Click Details.
  3. Select one or more websites that stores cookies, and then click Remove or Remove All.
  4. Click Done.

Internet Explorer

  1. Click the Internet Explorer icon on the taskbar.
  2. Click the Tools button, point to Safety, and click Delete browsing history.
  3. Select the Cookies and website data check box, and then click Delete.

Delete all cookies

To delete all cookies stored on your computer:

  1. On the menu bar, click on the History menu, and select Clear Recent History.
  2. Set Time range to clear to Everything.
  3. Click on the arrow next to Details to expand the list of history items.
  4. Select Cookies and make sure that other items you want to keep are not selected.
  5. Click Clear Now to clear the cookies and close the Clear Recent History window.

Remember to practice internet safety and most importantly to protect your cookies by deleting them. While cookies can be used to your advantage they can also be used to the advantage of hackers leaving you wondering who stole the cookie from the cookie jar, and by the time you figure it out the damage could be done. Users should clear their cookies after every session and especially when exiting a session containing sensitive and important data.

Preventing the Unauthorized Access of Your Home Wi-Fi

By Anela Yuen, ICS 184 student

Nearly every average person today uses the Internet on a daily basis, whether it be through their mobile phones, their laptops, their desktop computers, and even their tablets. By default, the average home Wi-Fi has vulnerabilities that allows outsider access to devices on your network. Are you safe browsing the Internet within your own home? Is your private information safe from unauthorized access? Securing your home Wi-Fi may atfirst seem like a technical task, but there are a few simple ways that anybodycan secure their Internet access in their own homes.

Better security can be as easy as:

  1. Changing the default name of your Wi-Fi network
    A router is the device used to provide Internet access in your home andan example of a default network name from a standard router is NETGEAR09. Unwanted access to your Wi-Fi can be thwarted by changing the default name of your network given by the router manufacturer. The technical term for a network name that may be in your settings is SSID.
  2. Changing the default password of your Wi-Fi network
    Changing the default password is crucial because it is easy for outsiders to guess, especially if the router manufacturer is known through the default name. When creating a password, make sure it is long and complex.
  3. Enabling network encryption
    This may seem complicated at first, but most modern routers offer WPA2 encryption and it just needs to be enabled. Encryption protects the data going in and out of your network by scrambling it so it can’t be easily read.
  4. Turning off network name broadcasting
    Basically, network name broadcasting or SSID broadcast, broadcasts the name of your wireless network, making it easy to find and connect to. By turning off SSID broadcast, your network is less susceptible to trouble because it is not immediately and obviously discoverable by outsiders.
  5. Enabling MAC filtering
    A MAC address is basically like an identification number for wireless devices. Every device has its own unique MAC address and with MAC filtering enabled, only those specific devices with those unique ‘identification numbers’ can be allowed on your network.

By implementing some or all of these simple changes in your home network, you will that much closer to preventing intruders from easily accessing the devices on your network and consequently your private information.

WCC Notice: Positive COVID-19 Case Reported on Campus

October 1, 2020

Aloha Windward CC community,

A member of the Windward CC community has tested positive for COVID-19 and is currently in isolation. The individual tested on Wednesday 9/30 and received the positive results on Thursday 10/1. They were last on campus on Thursday 9/24. At that time, the individual was wearing a face mask. Others who were in close or prolonged contact with the individual have been notified and instructed to contact their healthcare provider to be tested and cleared before returning to campus.

The Hawaii Department of Health (DOH) has been notified, and the contact tracing process is underway.

Anyone who tests positive for COVID-19 is not allowed to return to campus until they are cleared by a medical provider consistent with the standards of DOH and the Centers for Disease Control and Prevention (CDC).

Please remember to follow campus COVID-19 guidelines including staying home when you are sick and using the daily health check-in app LumiSight UH before coming to campus. When on campus, wear a face covering, practice safe physical distancing and wash your hands often.

No further details can be shared as the privacy of the individuals involved must be respected. The campus is following all privacy and confidentiality laws, including the Health Insurance Portability and Accountability Act (HIPAA) and the Family Educational Rights andPrivacy Act (FERPA).

Information on reported positive cases on UH campuses can be found at http://go.hawaii.edu/xy3.

If you start to experience symptoms and/or come into “close contact” with someone who tested positive, isolate yourself as soon as possible and contact your healthcare provider. “Close contact” is defined by the Centers for Disease Control and Prevention as being within six (6) feet of a person with COVID-19 for 15 minutes or more, even when both parties are wearing face masks.

Please remember to follow health and safety protocols, and educate yourself about these protocols. More information can be found on the Windward CC website in Returning to Campus Guidelines.

Use the daily health check-in app LumiSight UH before coming to campus, stay home when you are sick, wear your face covering if you have to come to campus, practice safe physical distancing and wash your hands often.

LumiSight UH: http://go.hawaii.edu/6k3

Please be safe!  

Mahalo for your vigilance,
Windward Community College

Positive COVID-19 Case Reported on WCC Campus

Sept. 14, 2020

Aloha mai kākou,

A member of our Windward CC community has tested positive for COVID-19 and is currently in isolation. They were last on campus on September 4, before showing any symptoms, and notified the campus late yesterday, as soon as they received a positive test result.

The Hawaiʻi State Department of Health (DOH) has been notified, and the contact tracing process has begun. The two people the individual came into close contact with on campus have been notified and are self-isolating and are monitoring for symptoms after testing. Anyone who tests positive for COVID-19 is not allowed to return to campus until they are cleared by a medical professional.

The impacted space has been closed, following the Centers for Disease Control and Prevention (CDC) and university COVID-19 guidelines.

No further details can be shared as the privacy of the individuals involved must be respected. The campus is following all privacy and confidentiality laws, including the Health Insurance Portability and Accountability Act (HIPAA) and the Family Educational Rights and Privacy Act (FERPA).

Report all positive and suspected cases of COVID-19 to Kelli Brandvold at kellib@hawaii.edu at or 808-235-7403. The information will be kept confidential. Information on reported positive cases on UH campuses can be found at http://go.hawaii.edu/xy3.

Please remember to use the daily health check-in app LumiSight UH before coming to campus, stay home when you are sick, wear a face covering and practice safe physical distancing while on campus and wash your hands often. Mahalo for your vigilance, supporting our campus’ health and safety.

E mālama pono,

Ardis Eschenberg
Chancellor