Skip to main content
Cyber Security For All

Cyber Security For All

By Apetech

Covering a wide range of cyber security topics, this is the place to come and learn about this exciting field. We break concepts down for you so you can learn about them better. We present you with cyber security information to help you stay safe in a world filled with digital dangers. If you are a business owner, or just someone that's interested in learning a little more about this cyber security stuff, this is the podcast for you!
Available on
Apple Podcasts Logo
Google Podcasts Logo
Overcast Logo
Pocket Casts Logo
RadioPublic Logo
Spotify Logo
Currently playing episode

Episode 4: 2 Ways to Use Wireshark to Find Passwords

Cyber Security For AllOct 02, 2020

00:00
23:17
5 Simple Things You Can Do To Significantly Reduce Getting Hacked in 2022
Dec 29, 202132:03
Exploring EC-Council's Security Awareness Certification
Dec 13, 202117:25
Exploring CompTIA’s Additional Professional Certs

Exploring CompTIA’s Additional Professional Certs

Website: apetech.me/social

Voicemail: https://anchor.fm/apetech/message

Email: letschat@apetech.me

Twitter: @apetechda

TikTok: @apetechda

Show Notes

https://apetech.blog/2021/10/17/comptias-additional-professional-certs/

Oct 17, 202120:35
Exploring CompTIA's Cybersecurity Certifications

Exploring CompTIA's Cybersecurity Certifications

Website: apetech.me/social

Voicemail: https://anchor.fm/apetech/message

Email: letschat@apetech.me

Twitter: @apetechda

TikTok: @apetechda

Show Notes

https://apetech.blog/2021/09/27/exploring-comptias-cybersecurity-certifications/

Sep 27, 202115:25
Exploring CompTIA's Infrastructure Certifications

Exploring CompTIA's Infrastructure Certifications

Website: apetech.me/social

Voicemail: https://anchor.fm/apetech/message

Email: letschat@apetech.me

Twitter: @apetechda

TikTok: @apetechda

Show Notes:

https://apetech.blog/2021/07/27/exploring-comptias-infrastructure-certifications/

Jul 27, 202115:00
CompTia Core Certifications

CompTia Core Certifications

Website: apetech.me/social

Voicemail: https://anchor.fm/apetech/message

Email: letschat@apetech.me

Twitter: @apetechda

TikTok: @apetechda

Show Notes:

https://apetech.blog/2021/07/17/comptia-core-certifications/

Jul 17, 202120:20
Interview with John Lunn Azure Cloud Expert
Jul 08, 202101:01:44
AFA's Cyber Patriot

AFA's Cyber Patriot

Website: apetech.me/social

Voicemail: https://anchor.fm/apetech/message

Email: letschat@apetech.me

Twitter: @apetechda

TikTok: @apetechda

https://www.uscyberpatriot.org/

https://apetech.blog/2021/06/28/afas-cyber-patriot-program/

Jun 29, 202109:53
Women's Society of Cyberjutsu

Women's Society of Cyberjutsu

Website: apetech.me/social

Voicemail: https://anchor.fm/apetech/message

Email: letschat@apetech.me

Twitter: @apetechda

TikTok: @apetechda

Show Notes:

https://apetech.blog/2021/06/12/womens-society-of-cyberjutsu/

Jun 12, 202111:07
Ransomware And How It Impacts You!

Ransomware And How It Impacts You!

Website: apetech.me/social

Voicemail: https://anchor.fm/apetech/message

Email: letschat@apetech.me

Twitter: @apetechda

TikTok: @apetechda

Show Notes:

https://apetech.blog/2021/06/05/ransomware-and-why-you-need-to-worry-about-it/

Jun 05, 202113:46
Interview with Christian Espinosa, Cybersecurity Expert, Best Selling Author
May 28, 202159:01
Can Your Social Media Posts Be Used To Hack You?

Can Your Social Media Posts Be Used To Hack You?

Website: apetech.me/social

Voicemail: https://anchor.fm/apetech/message

Email: letschat@apetech.me

Twitter: @apetechda

TikTok: @apetechda

Show Notes:

https://apetech.blog/2021/05/26/can-your-social-media-posts-be-used-to-hack-you/

May 26, 202115:47
Why You Need to Update Your Software: The Good, The Bad, and The Ugly

Why You Need to Update Your Software: The Good, The Bad, and The Ugly

Website: apetech.me/social

Voicemail: https://anchor.fm/apetech/message

Email: letschat@apetech.me

Twitter: @apetechda

TikTok: @apetechda

Show Notes:

https://apetech.blog/2021/05/20/why-you-need-to-update-your-software-the-good-the-bad-and-the-ugly/

May 20, 202116:19
3 Tips to Permanently Delete Files From a Hard Drive

3 Tips to Permanently Delete Files From a Hard Drive

Website: apetech.me/social

Voicemail: https://anchor.fm/apetech/message

Email: letschat@apetech.me

Twitter: @apetechda

TikTok: @apetechda

Show Notes:

https://apetech.blog/2021/05/13/3-tips-to-permanently-delete-files-from-a-hard-drive/

May 13, 202115:53
5 Ways to Protect Your Children From Cybersecurity Threats

5 Ways to Protect Your Children From Cybersecurity Threats

Website: apetech.me/social

Voicemail: https://anchor.fm/apetech/message

Email: letschat@apetech.me

Twitter: @apetechda

TikTok: @apetechda

Show Notes:

https://apetech.blog/2021/05/10/5-ways-to-protect-your-children-from-cybersecurity-threats/

May 11, 202109:43
Can You Trust Your Operating System's Privacy Settings?

Can You Trust Your Operating System's Privacy Settings?

Website: apetech.me/social

Voicemail: https://anchor.fm/apetech/message

Email: letschat@apetech.me

Twitter: @apetechda

TikTok: @apetechda

Show Notes:

https://apetech.blog/2021/05/07/can-you-trust-your-operating-systems-privacy-settings/

May 07, 202116:13
The Best Browsers for Your Privacy in 2021

The Best Browsers for Your Privacy in 2021

Website: apetech.me/social

Voicemail: https://anchor.fm/apetech/message

Email: letschat@apetech.me

Twitter: @apetechda

TikTok: @apetechda

Show Notes: https://apetech.blog/2021/05/04/the-best-browsers-for-your-privacy-in-2021/

May 04, 202119:28
iOS 14.5: Your Data, Your Choice - Why Privacy Matters

iOS 14.5: Your Data, Your Choice - Why Privacy Matters

Website: apetech.me/social

Voicemail: https://anchor.fm/apetech/message

Email: letschat@apetech.me

Twitter: @apetechda

TikTok: @apetechda

https://apetech.blog/2021/04/30/ios-14-5-your-data-your-choice-why-privacy-matters/

https://www.apple.com/privacy/

Apr 30, 202121:38
Botnets - The Victimless Crime?

Botnets - The Victimless Crime?

Website: apetech.me/social

Voicemail: https://anchor.fm/apetech/message

Email: letschat@apetech.me

Twitter: @apetechda

TikTok: @apetechda

Show Notes:

https://apetech.blog/2021/04/27/botnets-the-victimless-crime/

Apr 27, 202114:46
VPN For Beginners!

VPN For Beginners!

Website: apetech.me/social

Voicemail: https://anchor.fm/apetech/message

Email: letschat@apetech.me

Twitter: @apetechda

TikTok: @apetechda


Show notes:

https://apetech.blog/2021/04/22/vpn-for-beginners/

Apr 22, 202118:23
Data Breach 101 - Everything You Need to Know.

Data Breach 101 - Everything You Need to Know.

Website: apetech.me/social

Voicemail: https://anchor.fm/apetech/message

Email: letschat@apetech.me

Twitter: @apetechda

TikTok: @apetechda


Link to Episode Notes:

https://apetech.blog/2021/04/19/data-breach-101-everything-you-need-to-know/

Apr 21, 202116:03
Can Your iCloud Account Be Hacked?

Can Your iCloud Account Be Hacked?

Website: apetech.me/social

Voicemail: https://anchor.fm/apetech/message

Email: letschat@apetech.me

Hello, and welcome to another episode of Cyber Security For All podcast.  A podcast all about cybersecurity from Apetech.  I’m your host, Alex and today we are going to be talking about can your iCloud account be hacked?

Before we jump into the episode, let me update you on a few things.  Almost at 650 downloads! I really do think we can get to 750 before the end of the month!  Please feel free to share my podcast with your friends and family so that they too can benefit from Cyber Security For All!  If you want to leave a message, there is a voicemail URL in the episode description that you can use to get a hold of me.  Also, apetech.me/social is where you can find me and everything else that I am working on.  This podcast is just one of many different side hustles that I’m working on.  Alright, enough updates, let’s get into the episode.

First, let’s talk about how your personal iCloud might get hacked.  Apple does a pretty good job at securing their actual infrastructure that drives iCloud.  What I mean by this, is the servers and computers that Apple uses to keep iCloud running are usually pretty safe.  While a hacker might still be able to breach Apple’s iCloud, it’s more unlikely to happen.  Because of this, most hackers will focus on attacking individuals rather than trying to attack Apple.  There are a few ways that a hacker can get into your iCloud account. Unlike breaking into Apple’s servers, hackers will try to obtain your credentials and then log into your account.  Once a hacker has your credentials, they can log in and do whatever they want.  There are a few different methods that a hacker can use to obtain your credentials.  Let’s talk about a few of those different methods.  Hopefully, by the end of this podcast, you’ll have a better awareness of where the vulnerabilities are and you can then take action to minimize your chances of getting hacked.

Apr 15, 202115:42
Will a Virus Scanner Keep You Safe Online?

Will a Virus Scanner Keep You Safe Online?

Website: apetech.me/social

Voicemail: https://anchor.fm/apetech/message

Email: letschat@apetech.me

Hello, and welcome to another episode of Cyber Security For All podcast.  A podcast all about cyber security from Apetech.  I’m your host, Alex and today we are going to be talking about will my virus scanner keep me safe online?

Before we jump into the episode, let me update you on a few things.  Almost at 600 downloads! I really do think we can get to 750 before the end of the month!  Please feel free to share my podcast with your friends and family so that they too can benefit from Cyber Security For All!  If you want to leave a message, there is a voicemail URL in the episode description that you can use to get a hold of me.  Also, apetech.me/social is where you can find me and everything else that I am working on.  This podcast is just one of many different side hustles that I’m working on.  Alright, enough updates, let’s get into the episode.

Will having a virus scanner on your computer keep you safe online?  Based on a Google search I did, the resounding answer is YES!  I find this very interesting and it’s the reason why I wanted to create this episode today.  While yes, a virus scanner will keep you safer online, I do not think it’s the only thing you should be using to keep yourself safe online.  I also do not agree with the first article that popped up in my search.  They state that the best antivirus program on the market is going to offer you 100% protection from advanced cyber threats.  I really do wish they would have not state this information.  I remember growing up and getting the internet installed in my house for the first time.  I was 10 years old and I remember going to a radioshack to purchase MSN.  I had no idea what I was doing, but my parents had just bought me my first computer and the year was 1998.  Within a month of owning that computer, and having an internet connection, my computer broke to the point where CompUSA (where I purchased my computer) took almost three months to fix it.  I was 10 years old and didn’t know what had happened.  Back then, not a lot of people knew what could happen on the internet.  Turns out a virus had wiped out my hard drive and rendered my computer useless.  In 1998, this was easy enough to believe since it made sense.  A simple virus scanner purchase later, and I was back in business.  But now, in 2021, if your computer broke, would you blame a virus?

Well that’s it for this episode.  I hope you enjoyed it.  If you feel that someone you know could benefit from listening to this episode, please feel free to share it with them.  I appreciate you taking the time to listen to my podcast and thanks for the support!  I know I’m just getting started, but I’m excited to see where I take this podcast in the future.  Thanks for being a part of this journey with me.  See you on the next one!

Apr 12, 202117:31
How safe is the cloud? And can you trust it?

How safe is the cloud? And can you trust it?

Apetech Website: https://www.apetech.me/social 

Voicemail - Call me!! https://anchor.fm/apetech/message

Email: letschat@apetech.me 

Twitter:  @apetechda

Hello, and welcome to another episode of Cyber Security For All podcast.  A podcast all about cyber security from Apetech.  I’m your host, Alex and today we are going to be talking about the cloud.  Specifically, is it safe and can you trust it?

I personally use cloud services to store some of my personal data.  And it seems that more and more businesses are running to the cloud because it allows them to cut down on infrastructure expenses. They can also get away with charging a monthly fee which guarantees that business a steady stream of income every month.  Every cloud service provider is different and you should be aware of a few things when it comes to safety and trust.

First, let’s talk about trust.  Every business, no matter what type of business they are in should strive to earn their customer’s trust.  A business that fails to do that will not fare well long term.  When thinking about the cloud, big names such as Apple, Amazon, Google and Microsoft come to mind.  There are other key players like Box, Dropbox, and Adobe.  All of these companies create products that basically require you to utilize a cloud in order to use their services.  In my opinion, you should trust but be overly cautious about everything you store on the cloud.  I believe that these companies do go to great lengths to keep your data safe and thus you should trust them. But, what you cannot trust is always having access to your data.  Data that you store in the cloud doesn’t actually belong to you.  It is stored on a remote server and a cloud provider could shut down services or just eliminate something that you used to use.  In a matter of weeks, all your information could disappear.  Because of this, I would say, you can typically trust cloud providers to keep your data safe and secure, but you shouldn’t trust them to keep your data long term.  Always have a backup plan for your precious data.

Now, let’s talk about safety.  Is the cloud safe?  Should you store your personal information there?  This depends all on how good of an internet user you personally are.  Companies try their best to combat the latest cyber security threats, but their protection systems are only as good as your password hygiene.  If you have a bad password, or if you fall victim to a social engineering attack, then it doesn’t matter how safe a cloud service is, an attacker will be able to obtain your personal data because simply put, they’ll have access to your password.  Most companies are getting a little smarter about their password security and many encrypt their databases that contain passwords.  Some companies offer two factor authentication which add a second layer of protection to their cloud services.


Apr 08, 202121:12
How Secure Is Your "Smart" Home?

How Secure Is Your "Smart" Home?

Apetech Website: www.apetech.me/social
anchor.fm/apetech/message
Email: letschat@apetech.me
Twitter: @apetechda
I was planning on talking about the future of warfare but then as I was researching that topic, I stumbled upon a video from Dan from What’s Inside. If you aren’t familiar, What’s Inside is a popular YouTube channel where they cut things open. Dan and Lincoln started the channel many years ago and after some growing popularity, they started a family channel where they show their fans a more behind the scenes look at their personal and “private” life. A little over a year ago, Dan and his family purchased a plot of land and began building out their forever home. This home is super advanced and has automation built into the entire house. Dan created a series of videos showing his fans the ins and outs of his house and they even had their house listed on a tour that allowed you to walk through the entire house right before the pandemic started. So, what does this have to do with cyber security?
In one of the many episodes Dan published, he showed how his home automation was set up. He showed the server room and basically an in depth view of all the IP cameras and other smart home gadgets and devices he has throughout his huge house. Additionally, when he was testing his internet speed, he flashed up the speed along with his IP address. It turns out that a cyber security specialist from Europe was able to get into their IP cameras and see the live feeds. This to me, and obviously to them, is super scary. And I want to talk about this, because it’s nearly impossible to go to an electronics store and not see product after product on creating a smart home. I want to discuss some things on my mind when you are buying these products and also talk about some tips I would recommend if you are introducing these devices into your home.
People like automation. They like the convenience you get when you can turn things on and off around your home with the power of your voice. I get it, I have many devices like this all around my house to make things easier. From smart bulbs, smart outlets, voice assistants, smart fridges, smart washing machines, the list goes on. It seems that manufacturers are basically making almost every aspect of your home smarter. And if you remember from movies from our past, you’d probably think that we are behind! Nonetheless, the majority of these devices rely on a home network in order to facilitate the automation that they provide. And this where things can start to get scary. Unless you are actively interested and engaged in the cyber security space, you probably aren’t thinking about the dangers of introducing these devices to your home. But, having these devices adds more vectors to your home, network, and overall privacy. Let’s talk about that some more.
Every device you introduce into your home is a new area that someone with some malicious intent can take advantage of. Some devices are created by reputable brands and others are created by not so well known brands. If you look up smart X on Amazon, you’ll be flooded with devices from brands/manufacturers that you probably don’t recognize. But, because these devices are cheap, you buy them and integrate them into your home network. Is this dangerous? I think so. Introducing these devices, whether from reputable brands or not, is a safety risk that you are accepting. You see, even devices such as Ring Doorbells have been known to have significant security flaws. I worry even more when buying devices from companies that don’t have dedicated software engineers.
Apr 06, 202116:50
What War Will Look Like In The Future

What War Will Look Like In The Future

Apetech Website: https://www.apetech.me/social

Voicemail: https://anchor.fm/apetech/message

Email: letschat@apetech.me

I recently read a tweet that stated that war in the future will not be fought with guns, tanks, or bombs.  It will be fought with networks, data, and artificial intelligence.  I want to talk about this since I’ve spent a good amount of my career in both spaces.  I’ve worked in large defense companies, developing advanced warfare systems and I’ve also been a cyber security specialist for some time now.

I agree that the future of warfare is going to look drastically different in the future. I also believe that our “enemies” are going to look different in the future as well.  Before I go any further, this is all going to be from a U.S. perspective.  If you live in another country, you might have a different definition for what an enemy is.

Every day, there is a new cyber threat that you can read about in the news.  Entire power plants have been crippled by hackers and I believe that we are only just beginning to see what a truly digital warfare is going to look like.  As a country, I do not believe that we are prepared enough for this new enemy.  All of our military protocols are so ancient that no amount of training out in the desert is going to prepare our country to handle the numerous attacks that could come in the future.

The main difference here is that cyber warfare can happen just about anywhere.  As more and more of our services and utilities go online, more attack vectors are created.  These attack vectors can be taken advantage of and have the potential to really cripple our country.  Individuals that are responsible for keeping the lights on do not really know how to handle an attack at a level that could cause severe damage.

Almost all critical infrastructure in the U.S. is going digital.  And it almost has to because we expect our infrastructure to keep up with the rest of technology.  But, some are still hesitant and some things don’t change.  For example, many of our identification cards are still physical along with vehicle registrations.  But vehicle registrations in California are going digital.  And this is where the problems start.  How safe are those digital license plates?  Can they be hacked or manipulated?  What kind of updates are being pushed to those plates?  How are they tested against malicious attacks?   So many questions that as consumers, we don’t always get all the information.  Now, you can imagine an exploit becoming known that you can change the registration on a vehicle because of a bug that wasn’t patched.  Granted, this might not be a doomsday scenario, but I don’t really trust the developers that help digitalize our infrastructure because I’ve been in the business long enough to understand how cyber security is handled.  Frankly put, it’s not a priority most of the time and if this mentality is shared among the critical infrastructure sectors, I predict that complete mayhem is upon us.

We have to do better.  We have to invest more of our development efforts into not only creating better software and infrastructure, but also training individuals to be more cyber aware.  Sure, software could have issues, but attackers still need to physically access these devices.  And most of the time, these devices are being accessed because the individuals that are paid to utilize those systems allow attackers right in.  In their defense, they don't always know they are doing so, but therein lies the problem.  

Apr 06, 202121:23
Do You Need To Know How To Code To Get Into Cyber Security?
Mar 02, 202125:53
Do You Trust Your Car?
Feb 23, 202128:38
To Pen or Not To Pen - The risks of not prioritizing Cyber Security

To Pen or Not To Pen - The risks of not prioritizing Cyber Security

Apetech Website: https://www.apetech.me/social

https://anchor.fm/apetech/message

Email: letschat@apetech.me

Twitter:  @apetechda

Does your business have any digital assets?  Do you use computers, emails, or create any data stored on computers?  What about software, is your business in the business of creating software?  If you answered yes to any of these questions, and I have a funny feeling that you did, this episode was crafted just for you.

Penetration Testing, or pen testing for short, is something anyone running a business should highly consider.  Getting hacked in 2021 and beyond isn’t a matter of if it will happen, but a matter of when it will happen.  It’s inevitable. If your company is creating and producing digital goods and services, someone out there is going to want to get into your system.  But the problem is that Pen tests are complicated.  They are expensive, they require contracts and they carry some risk.  A pen test gone wrong can cripple a company.  After a pen test is executed, the findings then have to be resolved.  This comes with additional cost, risk, and schedule.  As you can see, for a company to go all in on a pen test, they need to be 100% sure they are committed.  So, because of this, many companies forgo running pen tests.

Not running a pen test is easier.  You don’t have to change your priorities or impact your budget on fixing things you don’t know about.  You don’t have to introduce scope change because you aren’t aware of any new changes that need to be scheduled in.  And besides, what are the chances that your company is going to get hacked?  Pretty low right.  Most companies hope that nothing bad is going to happen because on a perfect day, they are already pressed for budget and time.  But life isn’t always the best case scenario.  Sometimes bad things will happen and you’ll need to react to these life events.

What type of company are you running?  The one that is reactive to life events or the one that will go out and get ahead of critical issues.  It easy to live a reactive life if nothing bad has ever happened or if you believe that nothing will happen to you.  But, I can assure you that in my experience disaster will strike and you are going to wish you would have done things differently. I hope that his message serves as a wake up call to everyone out there that’s on the fence.  Take your information/cyber security seriously.  Right now, when the storm is calm, is the right time to make decisions.  You don’t want your team making multi million dollar decisions in the middle of the storm.  Right now, when your head is clear and you don’t have the pressure of your production systems being compromised, is the when you should be investing your time, energy, and money into making sure you are as covered as you possibly can be. Don’t wait to be reactive. If your system or service had the potential to kill a human being, would you stop everything you were doing right now to fix it?  I would invest some time on fixing my cyber security gaps in my company.  Run that pen test and start closing that gap.  Future self will thank you later.

Feb 23, 202117:32
Safer Internet Day

Safer Internet Day

Today, February 9th, 2021 is Safer Internet Day.
There's an entire organization dedicated to sharing the message of a safer internet worldwide.
www.saferinternetday.org/
In this episode, I discover what safer internet day means and share my thoughts on how younger people can learn more about being safer online.
The internet is a very scary place, and I love that an organization is dedicated to helping make it a better one.
We all need to do our part in making the internet a better and safer place.
Apetech Website: www.apetech.me/social
anchor.fm/apetech/message
Email: letschat@apetech.me
Twitter: @apetechda
Feb 09, 202121:10
How I Became a Cyber Security Practitioner

How I Became a Cyber Security Practitioner

Apetech Website: www.apetech.me/social
anchor.fm/apetech/message
Email: letschat@apetech.me
Twitter: @apetechda
In this episode, I share my journey to becoming a cyber security practitioner. I share the process that I partook in and also share some of my thoughts on how YOU can jump into this exciting field.
Check out my blog post on the subject here:
apetech.blog/2021/02/04/how-to-become-a-cyber-security-professional/
Feb 09, 202119:26
Top 10 Worst Passwords to Avoid

Top 10 Worst Passwords to Avoid

Apetech Website: https://www.apetech.me/social

https://anchor.fm/apetech/message

Email: letschat@apetech.me

Twitter:  @apetechda

In this episode, we review the top 10 worst passwords.  These passwords are coming directly from the following site.  I share my thoughts and opinions on the list and make recommendations on what you should do if your password is on the list.


https://nordpass.com/most-common-passwords-list/

Feb 02, 202117:21
An Easy Way To Find Out If You've Been Hacked!

An Easy Way To Find Out If You've Been Hacked!

Apetech Website: https://www.apetech.me/social

https://anchor.fm/apetech/message

Email: letschat@apetech.me

Twitter:  @apetechda

In this episode, we look at how you can easily see if you're accounts have been hacked or compromised.

Don't forget to share this podcast with your friends and family.

We go over how to check your Google, Facebook, and Instagram accounts.

Google:

https://support.google.com/mail/answer/45938?hl=en

Facebook: 

https://smallbusiness.chron.com/look-past-logins-facebook-64045.html

Instagram:

https://www.alphr.com/someone-using-your-instagram-account/


Jan 27, 202120:38
Top 10 Hacking Tools For You

Top 10 Hacking Tools For You

Apetech Website: https://www.apetech.me/social

https://anchor.fm/apetech/message

Email: letschat@apetech.me

Twitter:  @apetechda

Did you know there are over 125 cyber security tools out there?

In this episode, I discuss the top 10.  I go over some details and share my opinions about each tool.

If you want to check them out for yourself, head on over to sectools.org.

Here are the tools we discussed in this episode.

Wireshark

Metasploit

Nessus

Aircrack

Snort

Cain and Abel

BackTrack

Netcat

tcpdump

John the Ripper


Jan 22, 202125:17
You Have Been Denied - Firewall Basics

You Have Been Denied - Firewall Basics

Apetech Website: https://www.apetech.me/social

https://anchor.fm/apetech/message

Email: letschat@apetech.me

Twitter:  @apetechda

There are 65,535 ports on your computer assuming you are only connected to one network at a time. That’s a lot of ports and this article is going to be a little more advanced than the previous articles. Your computer and router depend on ports to appropriately flow data from your devices, through the internet, and to their intended target and purpose. The Security+ exam focuses on a couple dozen ports that are the most common and most critical to know. While there are thousands of ports on your computer, you only need a few to do the most common things you do on the internet. The most common ports are 80 and 443. These two ports allow for most of the internet traffic to pass through. 80 allows for all HTTP traffic, which is basically any website and 443 allows for HTTPS traffic which is secure websites. So, if most of what you do on your computer can be handled via those two ports, why do we need the other 65,333 ports? That’s a lot of ports that are just open. Since I haven’t mentioned it here yet, some, but not all of the other ports can sometimes be exploited and give access to a bad actor to your network and data.

With so many ports and so many different ways to be exposed, you may be wondering what you can do to protect yourself. If you are a Windows user, you’ve probably heard of a firewall already. A firewall helps you stay protected because it helps you control the traffic that enters your computer or network. Firewalls can exist on your individual computers or on your network router. Configuring a firewall is easy but I’d encourage you to do your own research or hire someone that is skilled in setting up firewalls. What I’ll be explaining in the next section assumes that you are comfortable with setting up firewalls.

The first thing you want to do when configuring your firewall is to deny all. This will literally close all your ports and prevent traffic from entering your network or computer. This is a little too extreme as you literally cannot get on the internet anymore if you leave only this permission enabled. The next thing you want to do is open port 80 and 443. Since these are the most used ports, these should be allowed to transmit data. From there, it’s up to you what ports you need. There are ports dedicated to SSH, SMTP, FTP, and dozens others that are common and frequently used. If you use one of those other ports and you don’t re-enable them, then some services will fail to work properly since the deny all is preventing any traffic from transmitting on that port. If you’ve never configured your firewall, it can be a bit overwhelming. But this is an effective way of protecting your network and devices. Maybe to start out you don’t deny all, but at least close some of the ports that are obviously not in use.

Jan 13, 202118:49
FEAR the Zero Day!

FEAR the Zero Day!

Apetech Website: https://www.apetech.me/social

https://anchor.fm/apetech/message

Email: letschat@apetech.me

Twitter:  @apetechda

If you have ever heard of a zero day bug or attack and didn’t know what it was, today you learn what it is and why you should be concerned. A zero day bug or attack can be a little misleading. What exactly does zero days mean? When I first learned about the zero day bugs, I thought it meant that it had been around for zero days, which didn’t make much sense to me. I had never heard of a zero day bug before and there wasn’t much information publicly available. Zero day bugs are bad. They are really bad because they have the potential to cause the most amount of damage when compared to a different type of attack. Alright, so what is a zero day bug? A zero day bug is a computer bug or vulnerability that is just discovered. But bugs are discovered every day right? Yes, and this is why being aware of zero day bugs is critical. The virus scanner on your computer uses known viruses and bugs to protect you. Once a virus is found in the wild, researchers get to work to create a signature that then gets deployed to millions of computers around the world to protect themselves.Once your computer has the signature, your computer is less likely to be attacked by that virus and your computer and data are more safe.

A zero day bug is bad because those signatures that are created to protect your computer aren’t created yet. So, if you happen to have a device or software that has a known zero day bug, then the chances of being a victim are greatly increased. The manufacturer of the device or software has known about the bug for zero days. They’ve had zero days to start producing a very expensive fix to a problem they didn’t know they had. Additionally, the manufacturer or research team has to make the financial determination to actually fix the zero day bug. If someone does decide to fix the zero day bug, it will take time to understand and fix the bug. This time is extremely critical because until the bug is fixed, everyone is vulnerable to an attack. Discovering zero day bugs is important, and it’s even more important to get them fixed as soon as possible.

As you can see, zero day bugs are pretty bad, but there are things that happen to help mitigate the impact zero day bugs have. First, white hat hackers, or good hackers, usually spend their time trying to find and identify these zero day bugs. Once they find something, they discretely notify the creator of the device or software and make them aware of the situation. They either work together to fix, or wait for the manufacturer to fix the problem before they go public. By doing this, the exposure and time that bad actors have to take advantage of the zero day bug is limited. Another way to help identify and fix zero day bugs are by holding bounty challenges. These challenges encourage white hat hackers to find bugs in production systems and code by being able to win a monetary prize for their contributions. While there isn’t much an end user can do against zero day bugs, just be mindful that they exist and take any precautions whenever possible.

Jan 11, 202122:18
Pen Test VS Vulnerability Scan - Which One is Right For You?

Pen Test VS Vulnerability Scan - Which One is Right For You?

Apetech Website: https://www.apetech.me/social

https://anchor.fm/apetech/message

Email: letschat@apetech.me

Twitter:  @apetechda

If you run a business and are curious about what pen testing vs vulnerability scanning is, then this is the article for you. Both services are useful and they each come with their own set of pros and cons. In this article, we’ll explore what each service is and which one is right for you and your business needs. A Penetration Test, or commonly referred to as a Pen Test is when a third party tries to get physical access to your building and/or network. They try to get past security, employees, and whatever other security measures you have in place preventing intrusion. Once they have breached the perimeter, they then go after your network and data. If they are able to access critical data, then they have successfully penetrated your business. Vulnerability scanning is a little less intense. A third party will access your vulnerabilities by doing very passive scans of your network. They are checking for known security flaws that your business may be exposed to, but don’t actually do anything to defend or attack. They just report what they find and make a recommendation about what you should to protect yourself. So, now that you know what the difference is between the two methods, which one do you need for your business?

Pen testing is an active test. There are real people involved and while the attack is performed in a control manner, there is still a chance that something might go wrong. There is a small chance that data can be lost or damaged since the pen tester is actively trying to actually break into the system. The vulnerability scan, since it is typically a passive thing has much less risk. But the vulnerability scan is more of a theoretical test. Yes, it’s going to find real ports that are open, but unless you take action to close up your vulnerabilities, they are just going to be documented on paper. The same can be said about the pen test. The Pen test isn’t supposed to actually take down your network or steal your data. It’s just supposed to show you how someone could potentially do it. But like the vulnerability assessment, unless you actually take action to protect yourself, the white hat hacker can’t actually save or protect your data.

So, which test is right for you? If you are confident in the security you have in place, I would recommend you go with a full pen test. They say ignorance is bliss and there’s no better way to test out your shiny new security policy than having someone actively try to break it. An attacker isn’t going to be asking for permission when they attempt to break in and steal your data, so a pen tester is as close as you are going to get to a real world simulation. With that said, this is a real world simulation which means things can go wrong. Have a backup plan for your data and network and then try to poke holes. If you aren’t quite there yet with your network and security infrastructure, then I’d recommend you get your feet wet and go for a vulnerability assessment. It will paint a picture of where you have holes and give you a few good critical next steps you can take to improve your security.

Jan 08, 202119:31
Protect Your RFID Badge!

Protect Your RFID Badge!

Apetech Website: https://www.apetech.me/social

https://anchor.fm/apetech/message

Email: letschat@apetech.me

Twitter:  @apetechda

If you have a badge that you can wirelessly scan to gain access to a building or facility, then you probably have an RFID badge. These badges allow you to tap or hold up against a device that reads the credentials on the badge and checks to see if they are on the access list. If there is a match, you will get a beep and whatever area you are trying to access unlocks. If there is no match, or if you do not have an RFID card, well you are not going to be gaining access to the area easily. I have a separate article that talks about tailgating and all the security implications of not appropriately handling tailgaters. While RFID tags are great for a different variety of business needs, they have a critical flaw that can easily be taken advantage of by bad actors.

RFID badges work by wirelessly transmitting bits of data which can then be used to enable something. Since the RFID card itself is passive, you need a device that is powered and can read the data on the card. This simple technology can be easily used against you and your company or whatever you are trying to protect. How is this possible? A couple of things to demystify. RFID cards are made by a handful of manufacturers. Those manufacturers sell to anyone willing to pay money for their good. Both companies and bad actors have the ability to buy the exact same RFID card. Next, the tricky part is getting your credentials. This part is actually not that difficult. If you carry your badge around your waist, around your neck, or in your pocket, all someone has to do is get close enough to you to take your credentials. They have to have a special device that can either be bought or built which basically can take your credentials. This can be done while you are walking to lunch, at the park, on the subway. The attacker just needs to be close enough to your unprotected RFID card and then they have your credentials.

The credentials themselves don’t actually do anything. The attacker just has some bits and a copy of a blank RFID card. The attacker then has to buy or have access to an RFID card creator which then puts the stolen credentials on their personal copy. Next, they have to do a bit of social engineering to put it to use. They have to make the card look believable and ideally a replica of your original card. Then, all a person has to do is walk up to your place of business and scan away. The card reader on your door wont know if it’s real or fake. On a separate but related note, some credit/debit cards also have RFID, so those are vulnerable to being stolen as well.

By now, you are probably a little worried about having your RFID card out in the wild exposed. Worry not, there is a simple and effective way to protect yourself. Invest in an RFID shield. This is a thin sleeve that you slip your badge into and protects it from any attackers. They also make wallets that can keep your credit/debit cards safe. With all of this said, just don’t ever lose your RFID card, because there’s really no easy way to protect yourself against that.

Jan 06, 202120:15
Listen To This Before Connecting to A FREE Public Wifi!!

Listen To This Before Connecting to A FREE Public Wifi!!

Apetech Website: https://www.apetech.me/social

https://anchor.fm/apetech/message

Email: letschat@apetech.me

Twitter:  @apetechda

If you ever been to a Starbucks and connected to their wifi network, then listen up because this article is for you. Free wifi is always a great thing, especially when you do not have a mobile network to connect to. Free wifi is common in places such as malls, some eateries, and hotels. Most people connect to them because it’s free and it allows them to sit down and get online quickly and free. While there is no issue with connecting to a free wifi network, there are potential dangers to how and what network you actually connect to. Let’s talk about what a man in the middle attack is and then let’s explore how it can be used against you.

A man in the middle attack, like the name implies, is when a bad actor sits in the middle between you, the user, and the world, the internet. An attacker digitally sits between your computer and the internet, watching everything that happens in between. Thus the name, man in the middle. The concept is not very complex, but here’s how it typically works. A bad actor will set up shop somewhere where people are connecting to wifi networks. Now, the attack is not isolated to free wifi networks, this can be done just as easily on any wifi network, but most attacks will open out in the wild where people are more likely to not question the connection they are using. The actor typically has some sort of physical device that broadcasts out a wifi signal. That signal is masked to look just like the real free wifi signal that a hotel offers. A user connects to it, thinking that it’s the real network and starts browsing online. At this point, if a user’s computer connects to the rogue free wifi network, then they become vulnerable to a man in the middle attack.

But you still have internet, so who cares how you connect because your stuff is safe? A good portion of internet traffic is encrypted but some websites do not encrypt their traffic. That means that the attacker can have a free tool like Wireshark that allows the person to capture and analyze all the network traffic going through his/her device. Basically what this means is that if you visit a website that isn’t HTTPS, but just HTTP (notice the missing ‘S’), then any interaction you have with that website is plain and anyone watching can see everything. If you are uploading pictures, downloading pictures, entering credentials, usernames, anything you type on your keyboard is available.

There are a couple of things you can do to protect yourself. First, whenever possible, do not join free wifi networks. If you are going to join, try to use a Virtual Private Network (VPN) which hides all your traffic regardless if you are visiting websites that are HTTPS or not. Also, disable auto join open networks. You want to have control of when and what network you connect. And lastly, as a normal rule of thumb, check the URL of every site you are visiting and whenever you are going to do something with your personal information, make sure it has an HTTPS at the beginning.

Jan 04, 202120:17
The Subtle Art of Tailgating

The Subtle Art of Tailgating

Apetech Website: https://www.apetech.me/social

https://anchor.fm/apetech/message

Email: letschat@apetech.me

Twitter:  @apetechda

If you work anywhere that requires you to enter a building/property, you should be aware of tailgating and the potential dangers. Most people think of tailgating as an event in a parking lot somewhere outside of a sporting event. People hanging out with friends and having a great time cheering on their favorite teams. In the security world, tailgating has a different meaning. Tailgating means when someone enters a building or property without validating their credentials to enter. This is usually done by going in with or behind someone that has validated their credentials to enter the building. Some tailgating activities can be harmless, but as a best practice everyone should validate their credentials when entering a building or property. Let us explore some scenarios to help understand why this is so important.

Physically gaining access to a building or property is one of the objectives of bad actors when it comes to not only information security, but physical security as well. Tailgating is one of the most common methods of gaining access because it is fairly easy and effective. A scenario would be a group of coworkers coming back to work from a team lunch. The energy is still high and the food comma has not kicked in yet. One by one, they all badge in at the main door. But, as they were approaching their lobby, a person was outside of the building on a phone conversation. That person naturally ends his call and proceeds to enter the building with the group coming in from lunch. No one questions the person because he looks like he belongs and maybe one or two of the members from the lunch crew also may have forgotten to scan their badges. . . no big deal. Except that a bad actor is now in your building and can start their next phase of their malicious attack.

Another scenario to be mindful of is that of a disgruntled employee. This person, often fired, can be looking to get revenge, hurt employees, steal data, or any other malicious activity. The scenario goes like this. The former employee is fired for doing something bad. He is terminated and escorted out of the building. No one finds out because oftentimes, this information is not shared with other employees. The next morning, the fired employee shows up and waits for someone to let him in. Since they were coworkers the day before, it is very easy to ask to be let into the building because the actor forgot his badge at home or at his desk. The other employee lets him in the building because they work together. While this scenario does not typically happen, it can happen.

Next time you are entering your building, make sure you challenge that person behind you. It can be very easy to just walk and not make sure the door closes behind you. It can be very easy to think that the person trying to get in belongs. But every time you walk through the doors of your building or property, remember that not everyone is what they seem. Challenge and question. Everyone should be validating their access. Even if you know them personally and are best friends with that person, just make sure that person can still access the building.

Dec 30, 202012:46
Warning: Disaster Proof Your Data!

Warning: Disaster Proof Your Data!

Apetech Website: https://www.apetech.me/social

https://anchor.fm/apetech/message

Email: letschat@apetech.me

Twitter:  @apetechda

Backing up your data and all critical information is a great hobby you should get into. Whether you are backing up monthly, weekly, daily, or hourly, you should be backing up your data. You never know when you are going to have a hard drive failure, physical damage, natural disaster, or a cyber attack. All the data that you create on a day to day basis should be protected and backed up that way when disaster strikes, you can sleep in peace knowing that your data is safe and secure. But is backing up your data on a schedule enough? Let’s explore the concept of off-site backups.

The concept of off-site backups should be self explanatory. There are many ways to backup your data. You could go out and purchase an external hard drive and manually (or automatically) backup your data. This is a great, easy, and somewhat cheap solution to backups. But, while your data may be safe from a cyber attack on your network, what if the hard drive fails or worse, it catches on fire. It is not enough to just back up your data to an external drive, you should take an extra precaution and store that external drive, and in my opinion have multiple copies, in a different location. For example, you could keep a hard drive locked up in your drawer at work. Or you could keep the drive at a relatives house. If your data is that valuable, you could get a safety box at a bank and keep it there. Whatever your solution, having an off-site backup means that when tragedy hits, you will most likely have a reliable way to get your data back. The only downside to this is that since your drive is physically not with you, it becomes harder to do continuous backups.

Other solutions may be to use a public cloud like Dropbox, Box, or Amazon Drive. All these solutions are remote, they typically offer some sort of 99% up time, and they worry about physical failures for you. You pay a monthly or yearly fee, but all your data is automatically backed up and secure in a remote location. This option is great because you can have a scheduled backup, but it can get very expensive if you have too much data. Those storage plans can get pricey. My recommendation would be to have your utmost important data in both locations. Maybe you can live without backing up your 50 GB games, but your pictures from your wedding, those should probably be on the cloud and in an external hard drive.

Whatever strategy you pick, just make sure you have one. The number of people out there not backing up their data is mind blowing. Even if you are backing up your data to external drives, make sure you take a copy every once in a while and store it somewhere else. It’s always best to be prepared than to regret not having taken action when you had a chance. Be smart, backup and store off-site.

Dec 28, 202018:05
Life's a Simulation - Are You Prepared For A Disaster?

Life's a Simulation - Are You Prepared For A Disaster?

Apetech Website: https://www.apetech.me/social

https://anchor.fm/apetech/message

Email: letschat@apetech.me

Twitter:  @apetechda

Tabletop exercises are a great way to practice your security processes. If you are like most businesses, you can’t really afford to have your network go down or worse; lose your data. Many businesses have security processes in place that allow them to recover from an event. These events may be natural disaster based or cyber attacks. Depending on the type of business you have, there are different levels of recovery that are required. A tabletop exercise is a great way to practice your security policies without actually compromising your network or data. There are a couple of reasons to perform this practice. The biggest reason is that it lets you walk through the recovery plan that you have put in place. This is critical because it allows you to validate if your plan will work when you need it. If you do not ever practice your recovery plan, you will not find gaps in it until it is too late. By practicing a tabletop exercise, it gives you the ability to poke holes in your process and validate if your original plan works or not.

Tabletop exercises are not just for businesses. Anyone can create a plan for their home network and personal data. In fact, there really is no reason why you should not have a recovery plan for home. Once you have a recovery plan in place, you can then practice the tabletop exercise. I will not go into much details about what should be in your recovery plan as that is a topic for its own independent article, but some things to consider are documenting your data backup plans. How you detect intrusions to your network. Your important programs, services, and data should be well documented and if possible, you should have a remote location for a backup of all your data and configurations. Once you have all that information documented, you also want to document your process for recovering from an attack or loss. If you need to replace physical hardware, you should have either extras available, or at least documentation for how to replace those physical assets. Things that come to mind are hard drives, routers, switches, any other physical items that are part of your network or store your data.

With your recovery process in hand, it is time to actually walk through the plan in a typical tabletop exercise. Start by getting everyone together that needs to be a part of your recovery. Everyone that has a role to play should be present and they should have a copy of the recovery plan. Partaking in the tabletop exercise is straight forward. You go line by line and people act out their part. They pretend to do the action being requested with hopes of either finding gaps in the process or confirming that their plan will work. This is a great way to see how well you are set up to recover from an intrusion without actually breaking your system. You should go through your recovery plan any time you add to your network or at least every six months. Participating in a tabletop exercise should become second nature. When an actual attack does occur, the only thing in your head is worrying about the money being lost due to your services being down. This can cloud your judgment and your technical abilities to recover. By having practiced your actions, it can reduce some of the stress encountered when trying to actually recover a system.

Dec 21, 202023:13
Ransomware - Are You In Good Hands?

Ransomware - Are You In Good Hands?

Apetech Website: https://www.apetech.me/social

https://anchor.fm/apetech/message

Email: letschat@apetech.me

Twitter:  @apetechda

Ransomware is starting to gain more mainstream attention as media attention increases. Ransomware is a different, yet familiar type of cyber attack that can happen to just about anyone. Ransomware is when someone takes hold of your valuable data and then they demand that you pay them, typically in some sort of digital currency, if you want your data back. For businesses, this can be detrimental to them because they literally lose access to all their customer data, financials, etc. A few years ago, many hospitals in the United Kingdom fell victim to this type of attack. Hospital records and other pertinent confidential information was held captive, bringing the hospital networks down to a halt. Individuals are not immune to this type of attack. The only difference is that most individuals do not create the type of valuable information that attackers are looking for. This is mainly why ransomware attacks go after government entities, small and large businesses, but anyone can become a target. Everyone should protect themselves from ransomware, regardless of the type of data you have.

Before we go into how to protect yourself from a ransomware attack, let us first discuss what you can do today to reduce the risk of losing your data. Ransomware attacks typically encrypt the location of where your valuable data is stored. Usually this is the hard drive, or server environment for a business. The attacker will make a demand for money or something of value to them in exchange for freeing your data. Keep in mind that the attacker does not have to release your data, even after a payment is done. So, what can you do to protect yourself? The most simple solution is to backup your data. There are many different methods and strategies for backing up your data. Most large businesses have plans in place to backup their data, but small businesses and individuals do not typically have any kind of backup discipline set up. How often you backup your data is really up to you and the level of risk you want to carry. Having backups is a good practice even if you are not trying to protect yourself against cyber attacks and other non cyber attacks such as hard drive failure. At the very minimum, you should be backing up your data once a week. There are many software solutions out there that make this possible, so do some research and pick your favorite. If you are creating data on a day to day basis for yourself or for your business, then I would recommend you backup every night. If the data you have is extremely valuable, then hourly backups might be the way to go. While backup up your data does not protect you against a ransomware attack, it at least allows you to recover without falling victim to the demands brought forth by the attacker.

As far as actual protection from ransomware, there is no easy solution. You need to protect yourself in layers by using safe passwords, encrypting your hard drives, not falling victim to phishing attacks. You need to be a good steward of cyber security at all times. There is no fool proof way to protect yourself from a ransomware attack. You just need to remain vigilant and backup your data!

Dec 16, 202021:03
Hidden Dangers Of Rogue USB Flash Drives

Hidden Dangers Of Rogue USB Flash Drives

Apetech Website: https://www.apetech.me/social

https://anchor.fm/apetech/message

Email: letschat@apetech.me

Twitter:  @apetechda

After watching a few Tik Tok videos on a Saturday night, I noticed there was an alarming trend being showcased by the social media platform. In an interest to pique an audience’s interest, there are videos being made about people finding USB drives out in public places. The person in the video finds the drive, takes it home, puts it in their computer, and then proceeds to check out the contents of the device. From a security perspective, this is a horrible idea. Don’t ever plug in a USB drive that you find out in public into your computer. If you are going to be plugging in the device into a computer, make sure it is one that is not connected to your network and preferably a computer with no data other than the core OS on it. That way, if and when things get corrupted by the malicious payload on the USB drive, your data and network are not compromised.

Compromising your data or network is not difficult to do once you introduce a bad actor into your home. Most of the time, hackers have to figure out a way to get on your computer or network. This is the challenging part because once you have access, everything else is much easier given the array of software available to both white and black hat hackers. Inserting a USB drive you find on a public bus is a super easy way to get on that computer with minimal effort required. It may sound like a fun thing to try to do or if you are generally just curious about the contents of the drive, but do yourself a favor and don’t put that USB drive on your personal computer. This does not just apply to your personal life. Businesses are also vulnerable to this attack and quite frankly, it might be easier to pull off as an employee. For example, imagine you are walking to the office after parking your car. As you approach the building, you notice a shiny object on the floor. Clearly one of your coworkers dropped their precious USB drive. The next initial reaction is to plug it in and try to find out who it belongs to. This is a very innocent action from a coworker that cares. This type of behavior is exactly what an attacker wants to happen. They want you to take that USB drive and plug it into your work computer. Then, there goes the company network infected with the malicious payload. I know it is a bit of an exaggeration but the threat is real!

Being a good samaritan isn’t always a bad thing. As mentioned earlier, the right thing to do is to turn in the drive to your local security office. If you are at home and you really want to find out what’s on that drive, plug it in to an isolated computer that has nothing on it. Be on the lookout for suspicious red flags such as the name of the drive or the contents of the drive. But, if you can avoid it all together, just get rid of the USB drive. Compromising your private network or data isn’t worth the hassle of figuring out how to get everything back to normal.

Dec 15, 202015:12
Send Hidden Messages with Steganography!

Send Hidden Messages with Steganography!

Apetech Website: https://www.apetech.me/

https://anchor.fm/apetech/message

Email: letschat@apetech.me.

Twitter:  @apetechda

Steganography is the subtle art of hiding information out in plain sight. It is a fascinating way of transmitting messages and other digital data out in the open without the risk of getting caught*. Data can also be encrypted to help add an extra layer of security. Almost any type of digital media can be used to hide any digital message. This sounds all very covert and spy-like, but what does this have to do with cyber security? Let’s dig a little deeper into what steganography is at a fundamental level and then we’ll make the correlation back to security.

The fundamentals of steganography are pretty simple. You take a message that you want to send to another person. Rather than sending the message in plain text, you hide the message in an image or any other type of digital file. How does this work? If you’ve ever done any web development or worked with colors, you may recall that every shade of color is created by manipulating the values for red, green, and blue. If you change the value of just one of those colors, then you essentially still have the same color to the naked eye, but the digital value behind it is now different. By manipulating the values in an image, you can embed something else. In the case of steganography, you would put your secret message there. The information is basically useless unless you have the key to translate the message back to the original language. Anyone else that intercepts the message has no idea what they are looking at. Even if they try to reverse engineer the message, without the key, it’s very difficult to figure out what the hidden message is.

How does this simple and effective way of hiding messages relate to security? Messages is the perhaps the simplest use case for steganography but malicious hackers can hide malicious code in their messages. There are various programs that facilitate the creation of steganography based messages. The use of these programs makes it super simple to send someone an image that contains a malicious piece of code which then can compromise a computer when the end user opens the picture. Since the image looks like any other image, and it has characteristics like any other image, most software designed to protect you from malicious attacks is ineffective. As you can see, this poses a rather difficult situation for white hat hackers because it is much more challenging to defend against an attack that you cannot see. With that said, there are however some ways to protect yourself.

When receiving any file from anyone, make sure it is from a trusted source. If you did not request something, even if it appears to be harmless, question the validity of the item. It could be containing a dangerous payload that could cause serious damage to you and your data. If you are interested in learning more about steganography, I recommend you do some research. There is a lot of technical information out there that goes deeper into the algorithms used to create, distribute, and access the hidden data. Stegeneography has been around for centuries and its style has only evolved. The concept is still the same, but the means to deliver the message has obviously changed with time. Steganography is an interesting way to stay covert and share information with anyone.

Dec 12, 202020:24
The Best Tips and Tricks to Protect Against Phishing Attacks!

The Best Tips and Tricks to Protect Against Phishing Attacks!

Apetech Website: https://www.apetech.me/

https://anchor.fm/apetech/message

Email: letschat@apetech.me.

Twitter:  @apetechda

Ever get a suspicious email with a link to change your password?  If so, you'll want to listen to this entire episode!

We are going to talk about Phishing attacks and how to protect yourself from falling victim of an attack!

Several states started issuing shelter-in-place directives, which basically stated that people should stay in their homes and avoid going outside whenever possible. One of the main reasons people leave their house is to go to work. In order to comply with state mandated directives, businesses all over the country have transitioned to a work from home plan where employees do not come into a physical office, but are still able to get work done from the comfort of their homes. Other businesses are not able to provide this luxury and have been forced to close their doors. This new way of life has introduced new cyber threat vectors because many people and businesses are not used to taking their technology home to perform work which contains sensitive information.

One of the easiest ways to social engineer people is through the art of phishing. During these challenging times, when people are looking to get more information on what is going on with the world, it has become far too simple to deploy a phishing attack. People everywhere are curious about how COVID-19 is going to impact their work, business, mortgage, and school. People everywhere are getting hundreds of emails with more information about how COVID-19 is impacting their sector. As such, sending out a phishing email with the promise of providing some sort of COVID-19 coverage is making it easier for attackers to trick people into clicking on their link.

It is so easy to get caught up in the moment that you forget to check for some basic common sense items. There are going to be a lot of phishing campaigns that are going to try to take advantage of the fact that people are waiting to hear information from banks, credit lenders, schools, and businesses. Other types of news people might be looking for are those related to containment of the virus, or the spread. In any case, it is extremely important to remain vigilant and be on the look out for phishing emails that try to steal your personal information. What exactly is a phishing email and how do you protect yourself against it? A phishing email is an email that tries to look legit but it is actually trying to steal your personal information. There are many common sense steps you can take to protect yourself. The following are a few basic tips that should help you weed out the bad emails and hopefully just find the valid emails.

First big tip is to check the sender! Oftentimes, these phishing emails come from bogus emails that are blatantly obvious. That is not always the case, but for the most part, there is mostly always something fishy about the sender’s email address that does not quite add up to the original from a trusted sender. The next major thing to check for is the body of the email. Most, if not all senders state they will never ask you for credentials or other sensitive information over an email. When you get a phishing email asking you to sign into something, that should be a huge red flag. Do not log in using the link in the email. Lastly, check for other anomalies in an email. Just because we are always in a rush, does not mean we should not pay attention to places where we put in our sensitive information. If the logo looks weird, things are misspelled, any other strange things, please do not click on the link. Stay safe out there and make sure you check for trusted sources when trying to find out what’s going with COVID-19.

Dec 10, 202024:37
Episode 14: Let's Share Your Password!

Episode 14: Let's Share Your Password!

Apetech Website: https://www.apetech.me/

https://anchor.fm/apetech/message

Email: letschat@apetech.me.

Twitter:  @apetechda

In this episode, we are going to talk about why you shouldn’t share your password with people.

This is one of those episodes I was hoping I wouldn’t have to write, but after watching a Tik Tok last night, I determined it was to create it and share it with the world in case someone really needed to hear it.  Please, under no circumstances should you share your password with anyone.  There are obviously a few exceptions to this rule, and we’ll get to them in a minute, but under general guidance, it’s always a bad idea to share your password.  Let’s talk about why passwords are so important and go over the reasons why it’s a bad idea to share your password.

First, a password serves as an identity for people.  Passwords authenticate a person.  They are used to gain access to a system or account.  In most cases, the only person you want accessing that system or account are verified users.  These accounts can contain sensitive data that shouldn’t be viewed by unauthorized users.  For example, your tax records, bank records, and private data should be kept private.  If you share your password, then the security put in place is invalidated.  Anyone with that password can access the information.  There are some exceptions to this of course.  You might want to share your password with a significant other or if you have children, you probably want to know their passwords in case they forget.  Overall though, unless you explicitly want someone to pretend to be you online, don’t share your password.

The next reason is a little more complicated.  For normal people around the world, having a password is a means to gain access to social media accounts, bank accounts, and websites where you may have an account registered.  If you analyze the types of accounts that folks use passwords on, the most sensitive information is usually financial information.  There’s other data like addresses, phone numbers, birthdates, but for the most part, your credit card or bank account information is what most people tend to try and keep secure.  But, in the business world, passwords are a little more powerful.  Having a password there usually means it’s a way on to a machine that then has company data.

Having a password to an asset that doesn’t belong to you is very important to keep private.  I know a lot of my podcast episodes make me sound like a paranoid person, but if someone else gets your password, they can basically impersonate you.  This might not sound too bad, but what if they send an email on your behalf or delete something that might get you in trouble.  Things can escalate even more if you have admin rights to a server.  Servers are used to store customer or company data.  This data is utilized to run the business.  Any compromise to this data could not only be catastrophic, but it could also mean loss of revenue.  When you have admin rights to a company server, you want to take extra precaution to make sure no one ever knows your password.  I’ve worked in some places where everyone shares an admin password. This is a HORRIBLE idea.  If someone does something malicious, whether intentional or on accident, there is no way of knowing who did it. If you share your password with someone, you open yourself up to a bunch of issues that you just shouldn’t open yourself up to.


Dec 07, 202017:37
Episode 13: Guest Wifi BEST Tips and Tricks

Episode 13: Guest Wifi BEST Tips and Tricks

Apetech Website: https://www.apetech.me/

https://anchor.fm/apetech/message

Email: letschat@apetech.me.

Twitter:  @apetechda

In this episode, we are going to talk about 4 reasons why you should have a guess password for your wifi.

Your home network should be a very private thing.  All of your devices are connected to this network which means that your personal information transmits through this network.  Because of this, you should always know what devices are on your network and who is accessing your network.  When people come over to your house and they want to join your private wifi network, I would advise that instead of giving them full access to your network, you give them access to a guest network.  Most modern routers have this feature built and and allows you to separate your personal devices from those of visitors.  Some routers will even allow you turn your guest networks on and off by simply asking Alexa to enable the guest network.

At this point you might be thinking. . . what’s the big deal if I have others join my home network.  Let me run you through some of the most common scenarios that typically happen.  I’ll start by the most riskiest.  If you have complete strangers come to your house asking to join your network, this should be an immediate red flag.  These people can be folks from a utility company, a contractor working on your house, etc.  These folks should not, under circumstance gain access to your private home network.  Some of the risks include them setting up a man in the middle attack where they can see your personal and private data.  They might be able to access your shared network drives and printers which again contain your personal data.  They could also introduce malicious attacks/malware that can compromise the other computers in your network.  As you can see, giving someone you don’t know access to your network, while not always dangerous can have some serious consequences if the wrong person gains access.

Next up are friends and family.  The same risks from the previous example still apply with the exception that you actually know the people you are granting access to.  Even though you know them, you still shouldn’t just hand out network access.  All of the same attacks and vulnerabilities still apply with friends and family.  If they want to do harm to you, having access to your personal home network is an easy way to get started.  Sometimes, we like to let our guard down when we are with those we love and trust. But sometimes, that love and trust becomes our biggest vulnerability.  I’m not saying you need to stop loving your friends and family, but why not exercise every precaution to keep your data safe.  Enable that guest network and let them connect to that network.  The peace of mind is worth it in my opinion.

When someone access your network, they can then see other devices and data on that network.  Network shared drives are starting to become a common thing in home networks.  As we create more and more data, our devices overfill and all that data goes on to a network drive.  These network drives can then easily be accessed by devices on your network.  This is common with media servers that are usually used to store and stream videos and photos.  When you allow someone outside your home to access your wifi, you are potentially allowing these folks to also access your files.  If this is not your intention, letting them connect to a guest wifi can easily remediate this problem.  Adding layers of security to your shared network services can also help remediate.

Dec 03, 202015:43
Episode 12: Forgot your password? Try these 6 things!

Episode 12: Forgot your password? Try these 6 things!

Apetech Website: www.apetech.me/
anchor.fm/apetech/message
Email: letschat@apetech.me.
Twitter: @apetechda
In this episode, we are going to talk about 5 things you can do if you forget your password.
Forgetting your password sucks. We’ve all been there at some point in our lives. No matter how smart we think we are, there’s always that one time that we forget our password. Obviously, the best thing to do is to NOT forget your password. But there are at least 5 things you can do to help future self for when you inevitably forget your password.
#1
In most cases, a simple forgot password link is enough to get you through. Sure, it’s a little annoying all the different hoops you have to go through in order to restore or change your password, but in the end, all is not lost because you regain access to your account.
#2
If you haven’t set up 2 factor authentication on your accounts, that is an excellent way to mitigate forgetting your password. Not only does it make it harder for others to gain access to your account, but having a different way to authenticate usually means that if you forget your password, you can easily verify your identity because you’ll most likely have a badge, fingerprint, face, etc.
#3
Having a good password hint is another way to help you remember your password. Obviously, you don’t want you password hint to be super simple, but if a website allows you to provide a password hint, you should create something that is unique enough to trigger your memory, but not easy enough that anyone can figure it out.
#4
A lot of websites / accounts don’t typically ask for password hints, but many do ask you for security questions. If a website gives you the option to set up security questions, you should take advantage and create strong password questions answers. A few years ago, there was a popular Facebook thread that asked you personal questions such as what street you grew up on, the name of your pet, your favorite color, etc. Do these sound familiar? They should because those are common security questions. When setting up security questions, answer them in a unique way where even if someone does know the street you grew up on, they can’t easily bypass your security. For example, instead of answering with just the street name, you can answer with a phrase such as “ I grew up on X street”. Makes it a little harder for people to guess your phrase even if they actually know what street you grew up on.
#5
Utilizing a password manager is a great and cheap alternative to writing down or memorizing hundreds of passwords. Password managers integrate into your devices and help you when you need to authenticate. Utilizing a password manager will most likely make you forget your passwords as you don’t type them in as often, but these services are very secure and will allow you to access your accounts without worrying about remembering your passwords.
Dec 01, 202012:20
Episode 11: How to Minimize Your Chances of Getting Hacked!

Episode 11: How to Minimize Your Chances of Getting Hacked!

Apetech Website: https://www.apetech.me/

https://anchor.fm/apetech/message

Email: letschat@apetech.me.

Twitter:  @apetechda

In this episode, we are going to talk about the good and the bad about changing your password every 90 days

Passwords are susceptible to all kinds of attacks.  If you haven’t listened to our first episode, I recommend you listen to that episode first. We’ll highlight some of the topics discussed, but for full details, make sure to give that episode a listen.  If you work at companies that take security VERY seriously, then you’ve probably have had to change your password every 90 days.  Not only do you have to change your password every 90 days, but you can’t reuse an old password, and you have always meet the minimum criteria for a strong and secure password.

While it may be an inconvenience to have such stringent rules, there are some benefits to changing your password every 90 days.  But like everything else in life, there are some downfalls as well.  So, let’s look at the good and the bad in this episode.

Why password expiry is good

Let’s start off by talking about the good stuff.  Changing your password often is a good thing.  It can protect you from being exposed in case your existing password has been compromised. If someone gains access to a website that may contain your password, it might not matter anymore because you would have already changed your password.

Another benefit of changing your password is if you accidentally store your credentials on a different device, that device will no longer have access to your account.  This is a good thing because oftentimes, we forget where we logged into accounts.  By changing your password frequently, you minimize the changes of someone else logging into your account without you knowing.

As a side note, and not related to the topic of this episode, a good way to find out if someone has your password or log in information is to check the login history on your account.  Some accounts like gmail and facebook have a setting that allows you to see every time someone logs into your account.  Review it and if you notice a location that isn’t one where you were at personally, then you should immediately change your password because there’s a high chance that someone is logging into your account.

Changing your password often also means that it breaks all those saved passwords that you stored in the browser.  If you haven’t listened to our previous episode about why it’s not a good idea to store your password in the browser, make sure you listen to that episode as we go into more detail why this is a bad idea.  Nonetheless, if you change your password, you’ll be required to update your saved password.  If you don’t have access to a device that you might have saved your password in, then that password will no longer work and people with access to that device will not be able to access your account.

Why password expiry is bad

We are creatures of habit.  Maintaining a password that is safe and secure is already hard enough.  Now, imagine you need to make a unique password every 90 days.  That’s a lot of different passwords.  So, what do humans like to do to make things easier?  They’ll make a pattern out of their passwords so they are easier to remember after each change. This is a bad idea because if an attacker gets access to an old password, they can try to figure out your pattern and then figure out your new password(s).


Nov 18, 202014:46