Featured post

Arduino FreeRTOS Mutex Examples

In this section, we will explain using an example to demonstrate mutexes in Arduino using freeRTOSThere are two freeRTOS Mutex examples in this tutorial, the first example demands some hardware (LCD) While the second does not need any hardware, you can try out both if you have the resources.

In the last tutorial, we considered in detail: semaphores and mutexes and we also established the difference between binary semaphores and mutexes.
Just for a review:Recall that a mutex is a locking mechanism that implements the take and gives functionality in itself, unlike a binary semaphore. See this tutorial if you have not before continuing.
Example 1: Protecting the LCD Resource Using Mutex in freeRTOS
Program Description

In this program, we Demonstrated the use a 16x2 LCD display to implement a mutex.

The LiquidCrystal library works with all LCD displays that are compatible with the Hitachi HD44780 driver. you can usually tell them by their 16-pin interface.

THE CIRCUIT

* LCD RS pin to digital…

CyberSpace Security: How to protect yourself from Attacks


Cyberspace Threats and how to protect yourself from these attacks.




Recent studies have shown that a new type of threat is emerging on a global scale. Due to the proliferation and adoption of computer technology in various parts of the world, every data leaves a digital footprint, Cyber threats and attacks are being launched on-a-second basis: attacking financial institutions, tech companies, web servers, hosting companies, websites, applications, IoT services, etc.




Your inability to understand and mitigate yourself from these Cyber attacks will make you very vulnerable and insecure. For instance, your mobile bank app is at risk if you cannot protect your Android device from these attacks.




In this post we intend to achieve the following objectives:




  • Explain what these threats are and peculiar cases
  • How these threats can be mitigated and checked
  • Safety measures you should take in protecting yourself and your organization




CyberSpace and CyberSpace Threats





Cyberspace is a recent word in the English lexicon which refers to the computer world. Cyberspace is an electronic medium used for data and information interchange amongst global connections of computer networks. Thus, it includes every device that is connected to the internet.




Cyberspace threat is an attempt to maliciously obtain any unauthorized access to information or a computer network, to damage, destroy or steal data from a computer network or system, It is a threat to any business, entity or any activity, that is connected to the internet. You can also see some of the services used by corporate bodies to protect their network.




At a conference I attended last month, it was shown that cyberspace attacks are increasing at an alarming rate such that the world market and economy is being threatened by this new form of terrorism. Take a look at the following:




Top Data Breaches of 2018 and 2019




  • 1.16 billion email addresses and passwords exposed [article by Fortune]
  • As announced in 2019, 540 million Facebook users were exposed in the breach
  • Marriott breach exposed 500 million user accounts
  • Ransomware attacks to increase 5 times by 2021.
  • The Federal Bureau of Investigation (FBI) reported $12.5 billion in losses to companies between October 2013 and May 2018 due to business email compromise (BEC).




What are the different forms of Cyber Attacks?





Cyber Attacks and threats can come in different forms, no matter the form, the purpose and aim is already set: To maliciously steal data and disrupt a network. Everything from calculators, mobile apps, memory,  and Google docs to webmail platforms and dynamic websites — are vulnerable to a variety of attack methods which we would see shortly.




  1. DoS and DDoS attacks: DoS is an acronym for Denial of Service while DDoS is Distributed Denial of Service. DoS and DDoS attacks is aimed at making it difficult for users to access services. This is done by flooding a resource or targeted system such that there is no more room to accommodate the user who needs this service.
  2. EavesDropping Attack: This form of attack is popularly called Man-in-the-middle attack. In this form of attack, an authorized entity gets into a network and tries to access the information communicated between the premise equipment and the server. Thus, it becomes imperative that all website owners should implement site secure lock (SSL) on their server so that data being sent to them from their users is encrypted before transmission.
  3. Phishing Attacks: Phishing attack is simply mimicking an authorized or recognized entity or business in order to get access to information. For instance, imagine a hacker clones facebook design and redirects you to login to your Facebook account, if you do not check the address bar of your browser to ensure that the address begins (not ends) from https://facebook.com or any of their facebook domains, you are risking your facebook account when you enter in your Facebook username and password, they store this and use it to access privileged information about you. Between October 2013 and May 2018, the Federal Bureau of Investigation (FBI) reported $12.5 billion in losses to companies due to business email compromise (BEC).
  4. SQL Injections: SQL injections are deliberate attempts made to maliciously inject SQL query statements into an application. It can be prevented easily by using a framework such as CodeIgniter, laravel, etc. To show you what it looks like, imagine a login SQL query statement that looks like this:"SELECT id FROM users WHERE user = $_POST['username'] AND password = $_POST['password']";The query string above is vulnerable to sql injections, suppose the user keys in "1 OR 1 = 1" as username and password. the query will evaluate as true. Thus, he can even drop the database, if he writes the statement and comments out the other predicates.
  5. Cross-site scripting (XSS): Here, web services are used to inject malicious scripts into trusted websites.
  6. Brute force attack: This cyber attack equivalent of trying every key on your key ring, and eventually cracking the password, it is permutative and can be prevented by restricting the number of tries, also by implementing captcha
  7. Cross-Site Request Forgery(CSRF): This used to common to wordpress powered websites, you are having 10 views and 15,000 comments! Where are the comments coming from? Scripts have been written to submit a request to your page as though the request are coming from your site itself. To protect against these, you can add a hidden field with a randomly generated token with an expiry time that identifies and ensures that every request received is coming from your website.




Cyber Attack Major Prone Areas





Before war breaks out, there are reasons behind it. Although we have listed the objective of cyber attacks, we want to now elaborate by giving popular applications of cyber attacks.




  1. Destructive attacks to destroy an information source or make information permanently unavailable.
  2. Payment card data theft, illicit ACH/EFT cash transfers, extortion, and ransomware.
  3. Exposure of personal identification information (information used to uniquely identify individuals).
  4. Accessing and exposing Protected Health Information (PHI).
  5. Insider threat actions performed by employees, vendors and other insiders to their organization.




Ways to Protect Yourself and Organization from Cyber Attacks





  • Avoid using Cracked Software: Using cracked software can expose your system to unprecedented and untold attacks.
  • Always Upgrade Your Operating System: Ensure you are utilizing the latest software release by your OS provider. If not, make sure the OS version you are using is still supported by your OS provider.
  • Turn On Automatic Updates: This ensures that lates releases and security features are automatically added to your PC. New virus definitions and Spyware signatures emerge on a daily basis, if you fail to do this, your system will be partially unprotected.
  • Install Anti-Virus Software: Install Anti-virus software and run regular scans, this is because it is extremely possible that your system is under attack and you do not know about it, from what we have discussed so far, not all attacks are destructive some are in your PC just to observe and monitor your actions and inputs, steal passwords and credit card information without your notice. Installing antivirus software will assist you in fishing them out.
  • Set your browser to validate ssl, to ensure the site you are using or visiting is using a valid ssl certificate before passing any data to their server




Other measures include:




  • Avoiding clicking on a link from authorized emails
  • Back Up Your Data regularly separated with dates ( recommended) so that you can always restore to last clean record. This is because you can back up your data with the virus or malware inside.
  • Avoid using easy to guess passwords, make your passwords a combination of characters, numbers and symbols, you can use ie iPassword to create one.
  • Set Up a Firewall Client
  • Be Careful what you Download.

Comments

Popular posts from this blog

Arduino FreeRTOS Tutorial 05: Binary Semaphores and Mutexes

Arduino FreeRTOS Beginner Tutorial: Task Creation, Scheduling, Deleting

Arduino FreeRTOS Mutex Examples