May 14, 2018
For this blog post I am going to answer a question that literally nobody has ever asked me, but which I think is important to answer...what are the five security-related websites that everyone should know about?
VirusTotal (https://www.virustotal.com/ [1])
VirusTotal is an excellent resource for those concerned about computer viruses and malware. Using this site, you can upload files for analysis and even analyze suspicious websites.
When you upload a file to VirusTotal, it scans that file with 59 different antivirus engines to determine if it's good or bad. VirusTotal also offers the ability to scan websites for malicious content: simply enter a URL and it will provide you with a security rating so you know if you should visit that site or not.
Snopes (https://www.snopes.com/ [2])
Have you ever read a post on Facebook that looked too good to be true? This is what Snopes was made for: helping you determine what's real and what's fake.
Previously known as "The Urban Legend Legends Reference Pages," Snopes can help you validate or debunk online claims. You can search by keywords or you can check out their "Hot 50" for the most recent fact checks. Each article will tell you if the claim is true or not, and then provide a great deal of background information on the claim.
Cybrary (https://www.cybrary.it/ [3])
Want to learn more about cyber security for free? If so, then Cybrary is the site for you. Using this site, you can learn about everything from secure coding to advanced penetration testing.
Cybrary currently offer hundreds of free online courses across many subject areas and levels of experience. If you are looking to get into the cyber security field and don't know where to begin, this could be a good option.
Shodan (https://www.shodan.io/ [4])
Think of Shodan as Google for hackers.
With Shodan you can search for any IP address on the internet and find out a wealth of information on that system, such as the device type, operating system, available services, and open ports. You can also search for systems by organization, or look for specific systems vulnerable to a specific exploit type. While it's scary that this information is out there and available, it is also a tool that we can use for good purposes. The U of G Information Security team routinely uses Shodan to help us identify weak spots in our own infrastructure so that we can address them before they become a problem.
No More Ransomware Project (https://www.nomoreransom.org [5])
The No More Ransomware Project is a joint effort between European law enforcement and antivirus companies like McAfee. Their goal is to disrupt the criminal ransomware industry by helping victims restore their data without paying the ransom. They do this by offering awareness material and free decryption tools for known strains of ransomware.
The U of G Information Security team has always strongly advised against paying the ransom should you become infected with ransomware (see our previous blog post on this subject here - https://www.uoguelph.ca/ccs/infosec/dontpaytheransom [6]). This site could be very valuable should you find yourself in a situation where you have been infected.
Was this list useful? Want to see more? Let me know!
Written By: Stephen Willem (Manager, Information Security)