If you haven’t heard, October is National Cyber Security Awareness Month (NCSAM). NCSAM is sponsored by U.S. Department of Homeland Security and the National Cyber Security Alliance, and each week of the month has a different theme. The STEALTHbits team will be observing the month with a new blog post on the theme each week. So stay tuned in to catch all the NCSAM info coming your way.
The first week theme for National Cyber Security Awareness Month (NCSAM) is “STOP. THINK. CONNECT.™: Simple Steps to Online Safety.” You will see a lot of advice about being careful. Be careful what links you click. Be careful what emails you open. Be careful what attachments you open. All of that advice is good advice, but I always feel there’s an element missing from it. Security pros will tell the average user a lot about the potential consequences of making mistakes. They will give you ways to spot potential bad things online. But there isn’t often much of an attempt to teach about how those things are bad – what they do that makes them bad. So let us see if we can take a teaching to fish approach and make it clear how the bad things get to be so bad without getting too technical about it all.
Most people today are aware that everything from mobile apps to full blown programs like the copy of Microsoft Word I’m writing in right now all start their life as something called “code.” The code is something like a recipe that tells a computer what to do – code is literally synonymous with “instructions” in computer science. If the code is the recipe, then a program is a cake baked and ready to consume. But the internet is an odd exception to this in an important way. Your web browser is program, but it’s only half baked. You don’t launch a browser to look at a blank screen. You want a web page! The web page is code, too. And your browser grabs that code from the internet, bakes it up on your computer, and serves it hot and fresh for you. But maybe you see the problem. If I told you I was going to bake something in your kitchen with secret ingredients from a recipe you can’t read, what would you think? Would you let me do it? When you click on a link, any link, you are trusting a recipe and ingredients you don’t control to get cooked up on your computer. That cake may have a few surprises baked in for you, and it will be able to see and touch anything you can on your machine.
Now, that is a vastly simplified view of things, but maybe it starts to give you a clue about why security folks get so worked up about opening bad links. Even if you may be adventurous enough to let a stranger cook a recipe you can’t see with ingredients you don’t know in your kitchen, the security pros working to protect you are not. They don’t want anything blowing up in the computer you use and they are charged to protect. So as you see all the advice this week about being careful where you click, keep in mind that it’s all about making sure what you bake up is what you intended. After all, everyone likes cake when they know it’s good.