Cyber Security For All
Covering a wide range of cyber security topics, this is the place to come and learn about this exciting field. We break concepts down for you so you can learn about them better. We present you with cyber security information to help you stay safe in a world filled with digital dangers. If you are a business owner, or just someone that's interested in learning a little more about this cyber security stuff, this is the podcast for you!
Exploring CompTIA's Infrastructure Certifications
Website: apetech.me/social Voicemail: https://anchor.fm/apetech/message Email: email@example.com Twitter: @apetechda TikTok: @apetechda Show Notes: https://apetech.blog/2021/07/27/exploring-comptias-infrastructure-certifications/
July 27, 2021
CompTia Core Certifications
Website: apetech.me/social Voicemail: https://anchor.fm/apetech/message Email: firstname.lastname@example.org Twitter: @apetechda TikTok: @apetechda Show Notes: https://apetech.blog/2021/07/17/comptia-core-certifications/
July 17, 2021
Interview with John Lunn Azure Cloud Expert
Check out John Lunn at: https://jonnychipz.com/ Website: apetech.me/social Voicemail: https://anchor.fm/apetech/message Email: email@example.com Twitter: @apetechda TikTok: @apetechda
July 8, 2021
AFA's Cyber Patriot
Website: apetech.me/social Voicemail: https://anchor.fm/apetech/message Email: firstname.lastname@example.org Twitter: @apetechda TikTok: @apetechda https://www.uscyberpatriot.org/ https://apetech.blog/2021/06/28/afas-cyber-patriot-program/
June 29, 2021
Women's Society of Cyberjutsu
Website: apetech.me/social Voicemail: https://anchor.fm/apetech/message Email: email@example.com Twitter: @apetechda TikTok: @apetechda Show Notes: https://apetech.blog/2021/06/12/womens-society-of-cyberjutsu/
June 12, 2021
Ransomware And How It Impacts You!
Website: apetech.me/social Voicemail: https://anchor.fm/apetech/message Email: firstname.lastname@example.org Twitter: @apetechda TikTok: @apetechda Show Notes: https://apetech.blog/2021/06/05/ransomware-and-why-you-need-to-worry-about-it/
June 5, 2021
Interview with Christian Espinosa, Cybersecurity Expert, Best Selling Author
Check out Christian at Christianespinosa.com Details about his book: https://christianespinosa.com/book/smartest-person-in-the-room/ Website: apetech.me/social Voicemail: https://anchor.fm/apetech/message Email: email@example.com Twitter: @apetechda TikTok: @apetechda
May 28, 2021
Can Your Social Media Posts Be Used To Hack You?
Website: apetech.me/social Voicemail: https://anchor.fm/apetech/message Email: firstname.lastname@example.org Twitter: @apetechda TikTok: @apetechda Show Notes: https://apetech.blog/2021/05/26/can-your-social-media-posts-be-used-to-hack-you/
May 26, 2021
Why You Need to Update Your Software: The Good, The Bad, and The Ugly
Website: apetech.me/social Voicemail: https://anchor.fm/apetech/message Email: email@example.com Twitter: @apetechda TikTok: @apetechda Show Notes: https://apetech.blog/2021/05/20/why-you-need-to-update-your-software-the-good-the-bad-and-the-ugly/
May 20, 2021
3 Tips to Permanently Delete Files From a Hard Drive
Website: apetech.me/social Voicemail: https://anchor.fm/apetech/message Email: firstname.lastname@example.org Twitter: @apetechda TikTok: @apetechda Show Notes: https://apetech.blog/2021/05/13/3-tips-to-permanently-delete-files-from-a-hard-drive/
May 13, 2021
5 Ways to Protect Your Children From Cybersecurity Threats
Website: apetech.me/social Voicemail: https://anchor.fm/apetech/message Email: email@example.com Twitter: @apetechda TikTok: @apetechda Show Notes: https://apetech.blog/2021/05/10/5-ways-to-protect-your-children-from-cybersecurity-threats/
May 11, 2021
Can You Trust Your Operating System's Privacy Settings?
Website: apetech.me/social Voicemail: https://anchor.fm/apetech/message Email: firstname.lastname@example.org Twitter: @apetechda TikTok: @apetechda Show Notes: https://apetech.blog/2021/05/07/can-you-trust-your-operating-systems-privacy-settings/
May 7, 2021
The Best Browsers for Your Privacy in 2021
Website: apetech.me/social Voicemail: https://anchor.fm/apetech/message Email: email@example.com Twitter: @apetechda TikTok: @apetechda Show Notes: https://apetech.blog/2021/05/04/the-best-browsers-for-your-privacy-in-2021/
May 4, 2021
iOS 14.5: Your Data, Your Choice - Why Privacy Matters
Website: apetech.me/social Voicemail: https://anchor.fm/apetech/message Email: firstname.lastname@example.org Twitter: @apetechda TikTok: @apetechda https://apetech.blog/2021/04/30/ios-14-5-your-data-your-choice-why-privacy-matters/ https://www.apple.com/privacy/
April 30, 2021
Botnets - The Victimless Crime?
Website: apetech.me/social Voicemail: https://anchor.fm/apetech/message Email: email@example.com Twitter: @apetechda TikTok: @apetechda Show Notes: https://apetech.blog/2021/04/27/botnets-the-victimless-crime/
April 27, 2021
VPN For Beginners!
Website: apetech.me/social Voicemail: https://anchor.fm/apetech/message Email: firstname.lastname@example.org Twitter: @apetechda TikTok: @apetechda Show notes: https://apetech.blog/2021/04/22/vpn-for-beginners/
April 22, 2021
Data Breach 101 - Everything You Need to Know.
Website: apetech.me/social Voicemail: https://anchor.fm/apetech/message Email: email@example.com Twitter: @apetechda TikTok: @apetechda Link to Episode Notes: https://apetech.blog/2021/04/19/data-breach-101-everything-you-need-to-know/
April 21, 2021
Can Your iCloud Account Be Hacked?
Website: apetech.me/social Voicemail: https://anchor.fm/apetech/message Email: firstname.lastname@example.org Hello, and welcome to another episode of Cyber Security For All podcast. A podcast all about cybersecurity from Apetech. I’m your host, Alex and today we are going to be talking about can your iCloud account be hacked? Before we jump into the episode, let me update you on a few things. Almost at 650 downloads! I really do think we can get to 750 before the end of the month! Please feel free to share my podcast with your friends and family so that they too can benefit from Cyber Security For All! If you want to leave a message, there is a voicemail URL in the episode description that you can use to get a hold of me. Also, apetech.me/social is where you can find me and everything else that I am working on. This podcast is just one of many different side hustles that I’m working on. Alright, enough updates, let’s get into the episode. First, let’s talk about how your personal iCloud might get hacked. Apple does a pretty good job at securing their actual infrastructure that drives iCloud. What I mean by this, is the servers and computers that Apple uses to keep iCloud running are usually pretty safe. While a hacker might still be able to breach Apple’s iCloud, it’s more unlikely to happen. Because of this, most hackers will focus on attacking individuals rather than trying to attack Apple. There are a few ways that a hacker can get into your iCloud account. Unlike breaking into Apple’s servers, hackers will try to obtain your credentials and then log into your account. Once a hacker has your credentials, they can log in and do whatever they want. There are a few different methods that a hacker can use to obtain your credentials. Let’s talk about a few of those different methods. Hopefully, by the end of this podcast, you’ll have a better awareness of where the vulnerabilities are and you can then take action to minimize your chances of getting hacked.
April 15, 2021
Will a Virus Scanner Keep You Safe Online?
Website: apetech.me/social Voicemail: https://anchor.fm/apetech/message Email: email@example.com Hello, and welcome to another episode of Cyber Security For All podcast. A podcast all about cyber security from Apetech. I’m your host, Alex and today we are going to be talking about will my virus scanner keep me safe online? Before we jump into the episode, let me update you on a few things. Almost at 600 downloads! I really do think we can get to 750 before the end of the month! Please feel free to share my podcast with your friends and family so that they too can benefit from Cyber Security For All! If you want to leave a message, there is a voicemail URL in the episode description that you can use to get a hold of me. Also, apetech.me/social is where you can find me and everything else that I am working on. This podcast is just one of many different side hustles that I’m working on. Alright, enough updates, let’s get into the episode. Will having a virus scanner on your computer keep you safe online? Based on a Google search I did, the resounding answer is YES! I find this very interesting and it’s the reason why I wanted to create this episode today. While yes, a virus scanner will keep you safer online, I do not think it’s the only thing you should be using to keep yourself safe online. I also do not agree with the first article that popped up in my search. They state that the best antivirus program on the market is going to offer you 100% protection from advanced cyber threats. I really do wish they would have not state this information. I remember growing up and getting the internet installed in my house for the first time. I was 10 years old and I remember going to a radioshack to purchase MSN. I had no idea what I was doing, but my parents had just bought me my first computer and the year was 1998. Within a month of owning that computer, and having an internet connection, my computer broke to the point where CompUSA (where I purchased my computer) took almost three months to fix it. I was 10 years old and didn’t know what had happened. Back then, not a lot of people knew what could happen on the internet. Turns out a virus had wiped out my hard drive and rendered my computer useless. In 1998, this was easy enough to believe since it made sense. A simple virus scanner purchase later, and I was back in business. But now, in 2021, if your computer broke, would you blame a virus? Well that’s it for this episode. I hope you enjoyed it. If you feel that someone you know could benefit from listening to this episode, please feel free to share it with them. I appreciate you taking the time to listen to my podcast and thanks for the support! I know I’m just getting started, but I’m excited to see where I take this podcast in the future. Thanks for being a part of this journey with me. See you on the next one!
April 12, 2021
How safe is the cloud? And can you trust it?
Apetech Website: https://www.apetech.me/social Voicemail - Call me!! https://anchor.fm/apetech/message Email: firstname.lastname@example.org Twitter: @apetechda Hello, and welcome to another episode of Cyber Security For All podcast. A podcast all about cyber security from Apetech. I’m your host, Alex and today we are going to be talking about the cloud. Specifically, is it safe and can you trust it? I personally use cloud services to store some of my personal data. And it seems that more and more businesses are running to the cloud because it allows them to cut down on infrastructure expenses. They can also get away with charging a monthly fee which guarantees that business a steady stream of income every month. Every cloud service provider is different and you should be aware of a few things when it comes to safety and trust. First, let’s talk about trust. Every business, no matter what type of business they are in should strive to earn their customer’s trust. A business that fails to do that will not fare well long term. When thinking about the cloud, big names such as Apple, Amazon, Google and Microsoft come to mind. There are other key players like Box, Dropbox, and Adobe. All of these companies create products that basically require you to utilize a cloud in order to use their services. In my opinion, you should trust but be overly cautious about everything you store on the cloud. I believe that these companies do go to great lengths to keep your data safe and thus you should trust them. But, what you cannot trust is always having access to your data. Data that you store in the cloud doesn’t actually belong to you. It is stored on a remote server and a cloud provider could shut down services or just eliminate something that you used to use. In a matter of weeks, all your information could disappear. Because of this, I would say, you can typically trust cloud providers to keep your data safe and secure, but you shouldn’t trust them to keep your data long term. Always have a backup plan for your precious data. Now, let’s talk about safety. Is the cloud safe? Should you store your personal information there? This depends all on how good of an internet user you personally are. Companies try their best to combat the latest cyber security threats, but their protection systems are only as good as your password hygiene. If you have a bad password, or if you fall victim to a social engineering attack, then it doesn’t matter how safe a cloud service is, an attacker will be able to obtain your personal data because simply put, they’ll have access to your password. Most companies are getting a little smarter about their password security and many encrypt their databases that contain passwords. Some companies offer two factor authentication which add a second layer of protection to their cloud services.
April 8, 2021
How Secure Is Your "Smart" Home?
Apetech Website: https://www.apetech.me/social https://anchor.fm/apetech/message Email: email@example.com Twitter: @apetechda I was planning on talking about the future of warfare but then as I was researching that topic, I stumbled upon a video from Dan from What’s Inside. If you aren’t familiar, What’s Inside is a popular YouTube channel where they cut things open. Dan and Lincoln started the channel many years ago and after some growing popularity, they started a family channel where they show their fans a more behind the scenes look at their personal and “private” life. A little over a year ago, Dan and his family purchased a plot of land and began building out their forever home. This home is super advanced and has automation built into the entire house. Dan created a series of videos showing his fans the ins and outs of his house and they even had their house listed on a tour that allowed you to walk through the entire house right before the pandemic started. So, what does this have to do with cyber security? In one of the many episodes Dan published, he showed how his home automation was set up. He showed the server room and basically an in depth view of all the IP cameras and other smart home gadgets and devices he has throughout his huge house. Additionally, when he was testing his internet speed, he flashed up the speed along with his IP address. It turns out that a cyber security specialist from Europe was able to get into their IP cameras and see the live feeds. This to me, and obviously to them, is super scary. And I want to talk about this, because it’s nearly impossible to go to an electronics store and not see product after product on creating a smart home. I want to discuss some things on my mind when you are buying these products and also talk about some tips I would recommend if you are introducing these devices into your home. People like automation. They like the convenience you get when you can turn things on and off around your home with the power of your voice. I get it, I have many devices like this all around my house to make things easier. From smart bulbs, smart outlets, voice assistants, smart fridges, smart washing machines, the list goes on. It seems that manufacturers are basically making almost every aspect of your home smarter. And if you remember from movies from our past, you’d probably think that we are behind! Nonetheless, the majority of these devices rely on a home network in order to facilitate the automation that they provide. And this where things can start to get scary. Unless you are actively interested and engaged in the cyber security space, you probably aren’t thinking about the dangers of introducing these devices to your home. But, having these devices adds more vectors to your home, network, and overall privacy. Let’s talk about that some more. Every device you introduce into your home is a new area that someone with some malicious intent can take advantage of. Some devices are created by reputable brands and others are created by not so well known brands. If you look up smart X on Amazon, you’ll be flooded with devices from brands/manufacturers that you probably don’t recognize. But, because these devices are cheap, you buy them and integrate them into your home network. Is this dangerous? I think so. Introducing these devices, whether from reputable brands or not, is a safety risk that you are accepting. You see, even devices such as Ring Doorbells have been known to have significant security flaws. I worry even more when buying devices from companies that don’t have dedicated software engineers.
April 6, 2021
What War Will Look Like In The Future
Apetech Website: https://www.apetech.me/social Voicemail: https://anchor.fm/apetech/message Email: firstname.lastname@example.org I recently read a tweet that stated that war in the future will not be fought with guns, tanks, or bombs. It will be fought with networks, data, and artificial intelligence. I want to talk about this since I’ve spent a good amount of my career in both spaces. I’ve worked in large defense companies, developing advanced warfare systems and I’ve also been a cyber security specialist for some time now. I agree that the future of warfare is going to look drastically different in the future. I also believe that our “enemies” are going to look different in the future as well. Before I go any further, this is all going to be from a U.S. perspective. If you live in another country, you might have a different definition for what an enemy is. Every day, there is a new cyber threat that you can read about in the news. Entire power plants have been crippled by hackers and I believe that we are only just beginning to see what a truly digital warfare is going to look like. As a country, I do not believe that we are prepared enough for this new enemy. All of our military protocols are so ancient that no amount of training out in the desert is going to prepare our country to handle the numerous attacks that could come in the future. The main difference here is that cyber warfare can happen just about anywhere. As more and more of our services and utilities go online, more attack vectors are created. These attack vectors can be taken advantage of and have the potential to really cripple our country. Individuals that are responsible for keeping the lights on do not really know how to handle an attack at a level that could cause severe damage. Almost all critical infrastructure in the U.S. is going digital. And it almost has to because we expect our infrastructure to keep up with the rest of technology. But, some are still hesitant and some things don’t change. For example, many of our identification cards are still physical along with vehicle registrations. But vehicle registrations in California are going digital. And this is where the problems start. How safe are those digital license plates? Can they be hacked or manipulated? What kind of updates are being pushed to those plates? How are they tested against malicious attacks? So many questions that as consumers, we don’t always get all the information. Now, you can imagine an exploit becoming known that you can change the registration on a vehicle because of a bug that wasn’t patched. Granted, this might not be a doomsday scenario, but I don’t really trust the developers that help digitalize our infrastructure because I’ve been in the business long enough to understand how cyber security is handled. Frankly put, it’s not a priority most of the time and if this mentality is shared among the critical infrastructure sectors, I predict that complete mayhem is upon us. We have to do better. We have to invest more of our development efforts into not only creating better software and infrastructure, but also training individuals to be more cyber aware. Sure, software could have issues, but attackers still need to physically access these devices. And most of the time, these devices are being accessed because the individuals that are paid to utilize those systems allow attackers right in. In their defense, they don't always know they are doing so, but therein lies the problem.
April 6, 2021
Do You Need To Know How To Code To Get Into Cyber Security?
Do you need know how to code - as a cyber security specialist? For the certification tests? CISSP CEH Sec+ Common Cyber Security Roles/Responsibilities? Networking Writing Tools Scripting Applications Social Media: Apetech Website: https://www.apetech.me/social https://anchor.fm/apetech/message Email: email@example.com Twitter: @apetechda
March 2, 2021
Do You Trust Your Car?
In this episode, we talk about some of the issues and dangers found in "smart" connected cars. If your car is new (within the last couple years), you most likely have a car that falls under this category. Are you aware of the cyber security related risks your car has? Should you be worried? Let's discuss. Source for article topic: https://www.techrepublic.com/article/top-5-security-risks-to-connected-cars-according-to-trend-micro/ Apetech Website: https://www.apetech.me/social https://anchor.fm/apetech/message Email: firstname.lastname@example.org Twitter: @apetechda
February 23, 2021
To Pen or Not To Pen - The risks of not prioritizing Cyber Security
Apetech Website: https://www.apetech.me/social https://anchor.fm/apetech/message Email: email@example.com Twitter: @apetechda Does your business have any digital assets? Do you use computers, emails, or create any data stored on computers? What about software, is your business in the business of creating software? If you answered yes to any of these questions, and I have a funny feeling that you did, this episode was crafted just for you. Penetration Testing, or pen testing for short, is something anyone running a business should highly consider. Getting hacked in 2021 and beyond isn’t a matter of if it will happen, but a matter of when it will happen. It’s inevitable. If your company is creating and producing digital goods and services, someone out there is going to want to get into your system. But the problem is that Pen tests are complicated. They are expensive, they require contracts and they carry some risk. A pen test gone wrong can cripple a company. After a pen test is executed, the findings then have to be resolved. This comes with additional cost, risk, and schedule. As you can see, for a company to go all in on a pen test, they need to be 100% sure they are committed. So, because of this, many companies forgo running pen tests. Not running a pen test is easier. You don’t have to change your priorities or impact your budget on fixing things you don’t know about. You don’t have to introduce scope change because you aren’t aware of any new changes that need to be scheduled in. And besides, what are the chances that your company is going to get hacked? Pretty low right. Most companies hope that nothing bad is going to happen because on a perfect day, they are already pressed for budget and time. But life isn’t always the best case scenario. Sometimes bad things will happen and you’ll need to react to these life events. What type of company are you running? The one that is reactive to life events or the one that will go out and get ahead of critical issues. It easy to live a reactive life if nothing bad has ever happened or if you believe that nothing will happen to you. But, I can assure you that in my experience disaster will strike and you are going to wish you would have done things differently. I hope that his message serves as a wake up call to everyone out there that’s on the fence. Take your information/cyber security seriously. Right now, when the storm is calm, is the right time to make decisions. You don’t want your team making multi million dollar decisions in the middle of the storm. Right now, when your head is clear and you don’t have the pressure of your production systems being compromised, is the when you should be investing your time, energy, and money into making sure you are as covered as you possibly can be. Don’t wait to be reactive. If your system or service had the potential to kill a human being, would you stop everything you were doing right now to fix it? I would invest some time on fixing my cyber security gaps in my company. Run that pen test and start closing that gap. Future self will thank you later.
February 23, 2021
Safer Internet Day
Today, February 9th, 2021 is Safer Internet Day. There's an entire organization dedicated to sharing the message of a safer internet worldwide. https://www.saferinternetday.org/ In this episode, I discover what safer internet day means and share my thoughts on how younger people can learn more about being safer online. The internet is a very scary place, and I love that an organization is dedicated to helping make it a better one. We all need to do our part in making the internet a better and safer place. Apetech Website: https://www.apetech.me/social https://anchor.fm/apetech/message Email: firstname.lastname@example.org Twitter: @apetechda
February 9, 2021
How I Became a Cyber Security Practitioner
Apetech Website: https://www.apetech.me/social https://anchor.fm/apetech/message Email: email@example.com Twitter: @apetechda In this episode, I share my journey to becoming a cyber security practitioner. I share the process that I partook in and also share some of my thoughts on how YOU can jump into this exciting field. Check out my blog post on the subject here: https://apetech.blog/2021/02/04/how-to-become-a-cyber-security-professional/
February 9, 2021
Top 10 Worst Passwords to Avoid
Apetech Website: https://www.apetech.me/social https://anchor.fm/apetech/message Email: firstname.lastname@example.org Twitter: @apetechda In this episode, we review the top 10 worst passwords. These passwords are coming directly from the following site. I share my thoughts and opinions on the list and make recommendations on what you should do if your password is on the list. https://nordpass.com/most-common-passwords-list/
February 2, 2021
An Easy Way To Find Out If You've Been Hacked!
Apetech Website: https://www.apetech.me/social https://anchor.fm/apetech/message Email: email@example.com Twitter: @apetechda In this episode, we look at how you can easily see if you're accounts have been hacked or compromised. Don't forget to share this podcast with your friends and family. We go over how to check your Google, Facebook, and Instagram accounts. Google: https://support.google.com/mail/answer/45938?hl=en Facebook: https://smallbusiness.chron.com/look-past-logins-facebook-64045.html Instagram: https://www.alphr.com/someone-using-your-instagram-account/
January 27, 2021
Top 10 Hacking Tools For You
Apetech Website: https://www.apetech.me/social https://anchor.fm/apetech/message Email: firstname.lastname@example.org Twitter: @apetechda Did you know there are over 125 cyber security tools out there? In this episode, I discuss the top 10. I go over some details and share my opinions about each tool. If you want to check them out for yourself, head on over to sectools.org. Here are the tools we discussed in this episode. Wireshark Metasploit Nessus Aircrack Snort Cain and Abel BackTrack Netcat tcpdump John the Ripper
January 22, 2021
You Have Been Denied - Firewall Basics
Apetech Website: https://www.apetech.me/social https://anchor.fm/apetech/message Email: email@example.com Twitter: @apetechda There are 65,535 ports on your computer assuming you are only connected to one network at a time. That’s a lot of ports and this article is going to be a little more advanced than the previous articles. Your computer and router depend on ports to appropriately flow data from your devices, through the internet, and to their intended target and purpose. The Security+ exam focuses on a couple dozen ports that are the most common and most critical to know. While there are thousands of ports on your computer, you only need a few to do the most common things you do on the internet. The most common ports are 80 and 443. These two ports allow for most of the internet traffic to pass through. 80 allows for all HTTP traffic, which is basically any website and 443 allows for HTTPS traffic which is secure websites. So, if most of what you do on your computer can be handled via those two ports, why do we need the other 65,333 ports? That’s a lot of ports that are just open. Since I haven’t mentioned it here yet, some, but not all of the other ports can sometimes be exploited and give access to a bad actor to your network and data. With so many ports and so many different ways to be exposed, you may be wondering what you can do to protect yourself. If you are a Windows user, you’ve probably heard of a firewall already. A firewall helps you stay protected because it helps you control the traffic that enters your computer or network. Firewalls can exist on your individual computers or on your network router. Configuring a firewall is easy but I’d encourage you to do your own research or hire someone that is skilled in setting up firewalls. What I’ll be explaining in the next section assumes that you are comfortable with setting up firewalls. The first thing you want to do when configuring your firewall is to deny all. This will literally close all your ports and prevent traffic from entering your network or computer. This is a little too extreme as you literally cannot get on the internet anymore if you leave only this permission enabled. The next thing you want to do is open port 80 and 443. Since these are the most used ports, these should be allowed to transmit data. From there, it’s up to you what ports you need. There are ports dedicated to SSH, SMTP, FTP, and dozens others that are common and frequently used. If you use one of those other ports and you don’t re-enable them, then some services will fail to work properly since the deny all is preventing any traffic from transmitting on that port. If you’ve never configured your firewall, it can be a bit overwhelming. But this is an effective way of protecting your network and devices. Maybe to start out you don’t deny all, but at least close some of the ports that are obviously not in use.
January 13, 2021
FEAR the Zero Day!
Apetech Website: https://www.apetech.me/social https://anchor.fm/apetech/message Email: firstname.lastname@example.org Twitter: @apetechda If you have ever heard of a zero day bug or attack and didn’t know what it was, today you learn what it is and why you should be concerned. A zero day bug or attack can be a little misleading. What exactly does zero days mean? When I first learned about the zero day bugs, I thought it meant that it had been around for zero days, which didn’t make much sense to me. I had never heard of a zero day bug before and there wasn’t much information publicly available. Zero day bugs are bad. They are really bad because they have the potential to cause the most amount of damage when compared to a different type of attack. Alright, so what is a zero day bug? A zero day bug is a computer bug or vulnerability that is just discovered. But bugs are discovered every day right? Yes, and this is why being aware of zero day bugs is critical. The virus scanner on your computer uses known viruses and bugs to protect you. Once a virus is found in the wild, researchers get to work to create a signature that then gets deployed to millions of computers around the world to protect themselves.Once your computer has the signature, your computer is less likely to be attacked by that virus and your computer and data are more safe. A zero day bug is bad because those signatures that are created to protect your computer aren’t created yet. So, if you happen to have a device or software that has a known zero day bug, then the chances of being a victim are greatly increased. The manufacturer of the device or software has known about the bug for zero days. They’ve had zero days to start producing a very expensive fix to a problem they didn’t know they had. Additionally, the manufacturer or research team has to make the financial determination to actually fix the zero day bug. If someone does decide to fix the zero day bug, it will take time to understand and fix the bug. This time is extremely critical because until the bug is fixed, everyone is vulnerable to an attack. Discovering zero day bugs is important, and it’s even more important to get them fixed as soon as possible. As you can see, zero day bugs are pretty bad, but there are things that happen to help mitigate the impact zero day bugs have. First, white hat hackers, or good hackers, usually spend their time trying to find and identify these zero day bugs. Once they find something, they discretely notify the creator of the device or software and make them aware of the situation. They either work together to fix, or wait for the manufacturer to fix the problem before they go public. By doing this, the exposure and time that bad actors have to take advantage of the zero day bug is limited. Another way to help identify and fix zero day bugs are by holding bounty challenges. These challenges encourage white hat hackers to find bugs in production systems and code by being able to win a monetary prize for their contributions. While there isn’t much an end user can do against zero day bugs, just be mindful that they exist and take any precautions whenever possible.
January 11, 2021
Pen Test VS Vulnerability Scan - Which One is Right For You?
Apetech Website: https://www.apetech.me/social https://anchor.fm/apetech/message Email: email@example.com Twitter: @apetechda If you run a business and are curious about what pen testing vs vulnerability scanning is, then this is the article for you. Both services are useful and they each come with their own set of pros and cons. In this article, we’ll explore what each service is and which one is right for you and your business needs. A Penetration Test, or commonly referred to as a Pen Test is when a third party tries to get physical access to your building and/or network. They try to get past security, employees, and whatever other security measures you have in place preventing intrusion. Once they have breached the perimeter, they then go after your network and data. If they are able to access critical data, then they have successfully penetrated your business. Vulnerability scanning is a little less intense. A third party will access your vulnerabilities by doing very passive scans of your network. They are checking for known security flaws that your business may be exposed to, but don’t actually do anything to defend or attack. They just report what they find and make a recommendation about what you should to protect yourself. So, now that you know what the difference is between the two methods, which one do you need for your business? Pen testing is an active test. There are real people involved and while the attack is performed in a control manner, there is still a chance that something might go wrong. There is a small chance that data can be lost or damaged since the pen tester is actively trying to actually break into the system. The vulnerability scan, since it is typically a passive thing has much less risk. But the vulnerability scan is more of a theoretical test. Yes, it’s going to find real ports that are open, but unless you take action to close up your vulnerabilities, they are just going to be documented on paper. The same can be said about the pen test. The Pen test isn’t supposed to actually take down your network or steal your data. It’s just supposed to show you how someone could potentially do it. But like the vulnerability assessment, unless you actually take action to protect yourself, the white hat hacker can’t actually save or protect your data. So, which test is right for you? If you are confident in the security you have in place, I would recommend you go with a full pen test. They say ignorance is bliss and there’s no better way to test out your shiny new security policy than having someone actively try to break it. An attacker isn’t going to be asking for permission when they attempt to break in and steal your data, so a pen tester is as close as you are going to get to a real world simulation. With that said, this is a real world simulation which means things can go wrong. Have a backup plan for your data and network and then try to poke holes. If you aren’t quite there yet with your network and security infrastructure, then I’d recommend you get your feet wet and go for a vulnerability assessment. It will paint a picture of where you have holes and give you a few good critical next steps you can take to improve your security.
January 8, 2021
Protect Your RFID Badge!
Apetech Website: https://www.apetech.me/social https://anchor.fm/apetech/message Email: firstname.lastname@example.org Twitter: @apetechda If you have a badge that you can wirelessly scan to gain access to a building or facility, then you probably have an RFID badge. These badges allow you to tap or hold up against a device that reads the credentials on the badge and checks to see if they are on the access list. If there is a match, you will get a beep and whatever area you are trying to access unlocks. If there is no match, or if you do not have an RFID card, well you are not going to be gaining access to the area easily. I have a separate article that talks about tailgating and all the security implications of not appropriately handling tailgaters. While RFID tags are great for a different variety of business needs, they have a critical flaw that can easily be taken advantage of by bad actors. RFID badges work by wirelessly transmitting bits of data which can then be used to enable something. Since the RFID card itself is passive, you need a device that is powered and can read the data on the card. This simple technology can be easily used against you and your company or whatever you are trying to protect. How is this possible? A couple of things to demystify. RFID cards are made by a handful of manufacturers. Those manufacturers sell to anyone willing to pay money for their good. Both companies and bad actors have the ability to buy the exact same RFID card. Next, the tricky part is getting your credentials. This part is actually not that difficult. If you carry your badge around your waist, around your neck, or in your pocket, all someone has to do is get close enough to you to take your credentials. They have to have a special device that can either be bought or built which basically can take your credentials. This can be done while you are walking to lunch, at the park, on the subway. The attacker just needs to be close enough to your unprotected RFID card and then they have your credentials. The credentials themselves don’t actually do anything. The attacker just has some bits and a copy of a blank RFID card. The attacker then has to buy or have access to an RFID card creator which then puts the stolen credentials on their personal copy. Next, they have to do a bit of social engineering to put it to use. They have to make the card look believable and ideally a replica of your original card. Then, all a person has to do is walk up to your place of business and scan away. The card reader on your door wont know if it’s real or fake. On a separate but related note, some credit/debit cards also have RFID, so those are vulnerable to being stolen as well. By now, you are probably a little worried about having your RFID card out in the wild exposed. Worry not, there is a simple and effective way to protect yourself. Invest in an RFID shield. This is a thin sleeve that you slip your badge into and protects it from any attackers. They also make wallets that can keep your credit/debit cards safe. With all of this said, just don’t ever lose your RFID card, because there’s really no easy way to protect yourself against that.
January 6, 2021
Listen To This Before Connecting to A FREE Public Wifi!!
Apetech Website: https://www.apetech.me/social https://anchor.fm/apetech/message Email: email@example.com Twitter: @apetechda If you ever been to a Starbucks and connected to their wifi network, then listen up because this article is for you. Free wifi is always a great thing, especially when you do not have a mobile network to connect to. Free wifi is common in places such as malls, some eateries, and hotels. Most people connect to them because it’s free and it allows them to sit down and get online quickly and free. While there is no issue with connecting to a free wifi network, there are potential dangers to how and what network you actually connect to. Let’s talk about what a man in the middle attack is and then let’s explore how it can be used against you. A man in the middle attack, like the name implies, is when a bad actor sits in the middle between you, the user, and the world, the internet. An attacker digitally sits between your computer and the internet, watching everything that happens in between. Thus the name, man in the middle. The concept is not very complex, but here’s how it typically works. A bad actor will set up shop somewhere where people are connecting to wifi networks. Now, the attack is not isolated to free wifi networks, this can be done just as easily on any wifi network, but most attacks will open out in the wild where people are more likely to not question the connection they are using. The actor typically has some sort of physical device that broadcasts out a wifi signal. That signal is masked to look just like the real free wifi signal that a hotel offers. A user connects to it, thinking that it’s the real network and starts browsing online. At this point, if a user’s computer connects to the rogue free wifi network, then they become vulnerable to a man in the middle attack. But you still have internet, so who cares how you connect because your stuff is safe? A good portion of internet traffic is encrypted but some websites do not encrypt their traffic. That means that the attacker can have a free tool like Wireshark that allows the person to capture and analyze all the network traffic going through his/her device. Basically what this means is that if you visit a website that isn’t HTTPS, but just HTTP (notice the missing ‘S’), then any interaction you have with that website is plain and anyone watching can see everything. If you are uploading pictures, downloading pictures, entering credentials, usernames, anything you type on your keyboard is available. There are a couple of things you can do to protect yourself. First, whenever possible, do not join free wifi networks. If you are going to join, try to use a Virtual Private Network (VPN) which hides all your traffic regardless if you are visiting websites that are HTTPS or not. Also, disable auto join open networks. You want to have control of when and what network you connect. And lastly, as a normal rule of thumb, check the URL of every site you are visiting and whenever you are going to do something with your personal information, make sure it has an HTTPS at the beginning.
January 4, 2021
The Subtle Art of Tailgating
Apetech Website: https://www.apetech.me/social https://anchor.fm/apetech/message Email: firstname.lastname@example.org Twitter: @apetechda If you work anywhere that requires you to enter a building/property, you should be aware of tailgating and the potential dangers. Most people think of tailgating as an event in a parking lot somewhere outside of a sporting event. People hanging out with friends and having a great time cheering on their favorite teams. In the security world, tailgating has a different meaning. Tailgating means when someone enters a building or property without validating their credentials to enter. This is usually done by going in with or behind someone that has validated their credentials to enter the building. Some tailgating activities can be harmless, but as a best practice everyone should validate their credentials when entering a building or property. Let us explore some scenarios to help understand why this is so important. Physically gaining access to a building or property is one of the objectives of bad actors when it comes to not only information security, but physical security as well. Tailgating is one of the most common methods of gaining access because it is fairly easy and effective. A scenario would be a group of coworkers coming back to work from a team lunch. The energy is still high and the food comma has not kicked in yet. One by one, they all badge in at the main door. But, as they were approaching their lobby, a person was outside of the building on a phone conversation. That person naturally ends his call and proceeds to enter the building with the group coming in from lunch. No one questions the person because he looks like he belongs and maybe one or two of the members from the lunch crew also may have forgotten to scan their badges. . . no big deal. Except that a bad actor is now in your building and can start their next phase of their malicious attack. Another scenario to be mindful of is that of a disgruntled employee. This person, often fired, can be looking to get revenge, hurt employees, steal data, or any other malicious activity. The scenario goes like this. The former employee is fired for doing something bad. He is terminated and escorted out of the building. No one finds out because oftentimes, this information is not shared with other employees. The next morning, the fired employee shows up and waits for someone to let him in. Since they were coworkers the day before, it is very easy to ask to be let into the building because the actor forgot his badge at home or at his desk. The other employee lets him in the building because they work together. While this scenario does not typically happen, it can happen. Next time you are entering your building, make sure you challenge that person behind you. It can be very easy to just walk and not make sure the door closes behind you. It can be very easy to think that the person trying to get in belongs. But every time you walk through the doors of your building or property, remember that not everyone is what they seem. Challenge and question. Everyone should be validating their access. Even if you know them personally and are best friends with that person, just make sure that person can still access the building.
December 30, 2020
Warning: Disaster Proof Your Data!
Apetech Website: https://www.apetech.me/social https://anchor.fm/apetech/message Email: email@example.com Twitter: @apetechda Backing up your data and all critical information is a great hobby you should get into. Whether you are backing up monthly, weekly, daily, or hourly, you should be backing up your data. You never know when you are going to have a hard drive failure, physical damage, natural disaster, or a cyber attack. All the data that you create on a day to day basis should be protected and backed up that way when disaster strikes, you can sleep in peace knowing that your data is safe and secure. But is backing up your data on a schedule enough? Let’s explore the concept of off-site backups. The concept of off-site backups should be self explanatory. There are many ways to backup your data. You could go out and purchase an external hard drive and manually (or automatically) backup your data. This is a great, easy, and somewhat cheap solution to backups. But, while your data may be safe from a cyber attack on your network, what if the hard drive fails or worse, it catches on fire. It is not enough to just back up your data to an external drive, you should take an extra precaution and store that external drive, and in my opinion have multiple copies, in a different location. For example, you could keep a hard drive locked up in your drawer at work. Or you could keep the drive at a relatives house. If your data is that valuable, you could get a safety box at a bank and keep it there. Whatever your solution, having an off-site backup means that when tragedy hits, you will most likely have a reliable way to get your data back. The only downside to this is that since your drive is physically not with you, it becomes harder to do continuous backups. Other solutions may be to use a public cloud like Dropbox, Box, or Amazon Drive. All these solutions are remote, they typically offer some sort of 99% up time, and they worry about physical failures for you. You pay a monthly or yearly fee, but all your data is automatically backed up and secure in a remote location. This option is great because you can have a scheduled backup, but it can get very expensive if you have too much data. Those storage plans can get pricey. My recommendation would be to have your utmost important data in both locations. Maybe you can live without backing up your 50 GB games, but your pictures from your wedding, those should probably be on the cloud and in an external hard drive. Whatever strategy you pick, just make sure you have one. The number of people out there not backing up their data is mind blowing. Even if you are backing up your data to external drives, make sure you take a copy every once in a while and store it somewhere else. It’s always best to be prepared than to regret not having taken action when you had a chance. Be smart, backup and store off-site.
December 28, 2020
Life's a Simulation - Are You Prepared For A Disaster?
Apetech Website: https://www.apetech.me/social https://anchor.fm/apetech/message Email: firstname.lastname@example.org Twitter: @apetechda Tabletop exercises are a great way to practice your security processes. If you are like most businesses, you can’t really afford to have your network go down or worse; lose your data. Many businesses have security processes in place that allow them to recover from an event. These events may be natural disaster based or cyber attacks. Depending on the type of business you have, there are different levels of recovery that are required. A tabletop exercise is a great way to practice your security policies without actually compromising your network or data. There are a couple of reasons to perform this practice. The biggest reason is that it lets you walk through the recovery plan that you have put in place. This is critical because it allows you to validate if your plan will work when you need it. If you do not ever practice your recovery plan, you will not find gaps in it until it is too late. By practicing a tabletop exercise, it gives you the ability to poke holes in your process and validate if your original plan works or not. Tabletop exercises are not just for businesses. Anyone can create a plan for their home network and personal data. In fact, there really is no reason why you should not have a recovery plan for home. Once you have a recovery plan in place, you can then practice the tabletop exercise. I will not go into much details about what should be in your recovery plan as that is a topic for its own independent article, but some things to consider are documenting your data backup plans. How you detect intrusions to your network. Your important programs, services, and data should be well documented and if possible, you should have a remote location for a backup of all your data and configurations. Once you have all that information documented, you also want to document your process for recovering from an attack or loss. If you need to replace physical hardware, you should have either extras available, or at least documentation for how to replace those physical assets. Things that come to mind are hard drives, routers, switches, any other physical items that are part of your network or store your data. With your recovery process in hand, it is time to actually walk through the plan in a typical tabletop exercise. Start by getting everyone together that needs to be a part of your recovery. Everyone that has a role to play should be present and they should have a copy of the recovery plan. Partaking in the tabletop exercise is straight forward. You go line by line and people act out their part. They pretend to do the action being requested with hopes of either finding gaps in the process or confirming that their plan will work. This is a great way to see how well you are set up to recover from an intrusion without actually breaking your system. You should go through your recovery plan any time you add to your network or at least every six months. Participating in a tabletop exercise should become second nature. When an actual attack does occur, the only thing in your head is worrying about the money being lost due to your services being down. This can cloud your judgment and your technical abilities to recover. By having practiced your actions, it can reduce some of the stress encountered when trying to actually recover a system.
December 21, 2020
Ransomware - Are You In Good Hands?
Apetech Website: https://www.apetech.me/social https://anchor.fm/apetech/message Email: email@example.com Twitter: @apetechda Ransomware is starting to gain more mainstream attention as media attention increases. Ransomware is a different, yet familiar type of cyber attack that can happen to just about anyone. Ransomware is when someone takes hold of your valuable data and then they demand that you pay them, typically in some sort of digital currency, if you want your data back. For businesses, this can be detrimental to them because they literally lose access to all their customer data, financials, etc. A few years ago, many hospitals in the United Kingdom fell victim to this type of attack. Hospital records and other pertinent confidential information was held captive, bringing the hospital networks down to a halt. Individuals are not immune to this type of attack. The only difference is that most individuals do not create the type of valuable information that attackers are looking for. This is mainly why ransomware attacks go after government entities, small and large businesses, but anyone can become a target. Everyone should protect themselves from ransomware, regardless of the type of data you have. Before we go into how to protect yourself from a ransomware attack, let us first discuss what you can do today to reduce the risk of losing your data. Ransomware attacks typically encrypt the location of where your valuable data is stored. Usually this is the hard drive, or server environment for a business. The attacker will make a demand for money or something of value to them in exchange for freeing your data. Keep in mind that the attacker does not have to release your data, even after a payment is done. So, what can you do to protect yourself? The most simple solution is to backup your data. There are many different methods and strategies for backing up your data. Most large businesses have plans in place to backup their data, but small businesses and individuals do not typically have any kind of backup discipline set up. How often you backup your data is really up to you and the level of risk you want to carry. Having backups is a good practice even if you are not trying to protect yourself against cyber attacks and other non cyber attacks such as hard drive failure. At the very minimum, you should be backing up your data once a week. There are many software solutions out there that make this possible, so do some research and pick your favorite. If you are creating data on a day to day basis for yourself or for your business, then I would recommend you backup every night. If the data you have is extremely valuable, then hourly backups might be the way to go. While backup up your data does not protect you against a ransomware attack, it at least allows you to recover without falling victim to the demands brought forth by the attacker. As far as actual protection from ransomware, there is no easy solution. You need to protect yourself in layers by using safe passwords, encrypting your hard drives, not falling victim to phishing attacks. You need to be a good steward of cyber security at all times. There is no fool proof way to protect yourself from a ransomware attack. You just need to remain vigilant and backup your data!
December 16, 2020
Hidden Dangers Of Rogue USB Flash Drives
Apetech Website: https://www.apetech.me/social https://anchor.fm/apetech/message Email: firstname.lastname@example.org Twitter: @apetechda After watching a few Tik Tok videos on a Saturday night, I noticed there was an alarming trend being showcased by the social media platform. In an interest to pique an audience’s interest, there are videos being made about people finding USB drives out in public places. The person in the video finds the drive, takes it home, puts it in their computer, and then proceeds to check out the contents of the device. From a security perspective, this is a horrible idea. Don’t ever plug in a USB drive that you find out in public into your computer. If you are going to be plugging in the device into a computer, make sure it is one that is not connected to your network and preferably a computer with no data other than the core OS on it. That way, if and when things get corrupted by the malicious payload on the USB drive, your data and network are not compromised. Compromising your data or network is not difficult to do once you introduce a bad actor into your home. Most of the time, hackers have to figure out a way to get on your computer or network. This is the challenging part because once you have access, everything else is much easier given the array of software available to both white and black hat hackers. Inserting a USB drive you find on a public bus is a super easy way to get on that computer with minimal effort required. It may sound like a fun thing to try to do or if you are generally just curious about the contents of the drive, but do yourself a favor and don’t put that USB drive on your personal computer. This does not just apply to your personal life. Businesses are also vulnerable to this attack and quite frankly, it might be easier to pull off as an employee. For example, imagine you are walking to the office after parking your car. As you approach the building, you notice a shiny object on the floor. Clearly one of your coworkers dropped their precious USB drive. The next initial reaction is to plug it in and try to find out who it belongs to. This is a very innocent action from a coworker that cares. This type of behavior is exactly what an attacker wants to happen. They want you to take that USB drive and plug it into your work computer. Then, there goes the company network infected with the malicious payload. I know it is a bit of an exaggeration but the threat is real! Being a good samaritan isn’t always a bad thing. As mentioned earlier, the right thing to do is to turn in the drive to your local security office. If you are at home and you really want to find out what’s on that drive, plug it in to an isolated computer that has nothing on it. Be on the lookout for suspicious red flags such as the name of the drive or the contents of the drive. But, if you can avoid it all together, just get rid of the USB drive. Compromising your private network or data isn’t worth the hassle of figuring out how to get everything back to normal.
December 15, 2020
Send Hidden Messages with Steganography!
Apetech Website: https://www.apetech.me/ https://anchor.fm/apetech/message Email: email@example.com. Twitter: @apetechda Steganography is the subtle art of hiding information out in plain sight. It is a fascinating way of transmitting messages and other digital data out in the open without the risk of getting caught*. Data can also be encrypted to help add an extra layer of security. Almost any type of digital media can be used to hide any digital message. This sounds all very covert and spy-like, but what does this have to do with cyber security? Let’s dig a little deeper into what steganography is at a fundamental level and then we’ll make the correlation back to security. The fundamentals of steganography are pretty simple. You take a message that you want to send to another person. Rather than sending the message in plain text, you hide the message in an image or any other type of digital file. How does this work? If you’ve ever done any web development or worked with colors, you may recall that every shade of color is created by manipulating the values for red, green, and blue. If you change the value of just one of those colors, then you essentially still have the same color to the naked eye, but the digital value behind it is now different. By manipulating the values in an image, you can embed something else. In the case of steganography, you would put your secret message there. The information is basically useless unless you have the key to translate the message back to the original language. Anyone else that intercepts the message has no idea what they are looking at. Even if they try to reverse engineer the message, without the key, it’s very difficult to figure out what the hidden message is. How does this simple and effective way of hiding messages relate to security? Messages is the perhaps the simplest use case for steganography but malicious hackers can hide malicious code in their messages. There are various programs that facilitate the creation of steganography based messages. The use of these programs makes it super simple to send someone an image that contains a malicious piece of code which then can compromise a computer when the end user opens the picture. Since the image looks like any other image, and it has characteristics like any other image, most software designed to protect you from malicious attacks is ineffective. As you can see, this poses a rather difficult situation for white hat hackers because it is much more challenging to defend against an attack that you cannot see. With that said, there are however some ways to protect yourself. When receiving any file from anyone, make sure it is from a trusted source. If you did not request something, even if it appears to be harmless, question the validity of the item. It could be containing a dangerous payload that could cause serious damage to you and your data. If you are interested in learning more about steganography, I recommend you do some research. There is a lot of technical information out there that goes deeper into the algorithms used to create, distribute, and access the hidden data. Stegeneography has been around for centuries and its style has only evolved. The concept is still the same, but the means to deliver the message has obviously changed with time. Steganography is an interesting way to stay covert and share information with anyone.
December 12, 2020
The Best Tips and Tricks to Protect Against Phishing Attacks!
Apetech Website: https://www.apetech.me/ https://anchor.fm/apetech/message Email: firstname.lastname@example.org. Twitter: @apetechda Ever get a suspicious email with a link to change your password? If so, you'll want to listen to this entire episode! We are going to talk about Phishing attacks and how to protect yourself from falling victim of an attack! Several states started issuing shelter-in-place directives, which basically stated that people should stay in their homes and avoid going outside whenever possible. One of the main reasons people leave their house is to go to work. In order to comply with state mandated directives, businesses all over the country have transitioned to a work from home plan where employees do not come into a physical office, but are still able to get work done from the comfort of their homes. Other businesses are not able to provide this luxury and have been forced to close their doors. This new way of life has introduced new cyber threat vectors because many people and businesses are not used to taking their technology home to perform work which contains sensitive information. One of the easiest ways to social engineer people is through the art of phishing. During these challenging times, when people are looking to get more information on what is going on with the world, it has become far too simple to deploy a phishing attack. People everywhere are curious about how COVID-19 is going to impact their work, business, mortgage, and school. People everywhere are getting hundreds of emails with more information about how COVID-19 is impacting their sector. As such, sending out a phishing email with the promise of providing some sort of COVID-19 coverage is making it easier for attackers to trick people into clicking on their link. It is so easy to get caught up in the moment that you forget to check for some basic common sense items. There are going to be a lot of phishing campaigns that are going to try to take advantage of the fact that people are waiting to hear information from banks, credit lenders, schools, and businesses. Other types of news people might be looking for are those related to containment of the virus, or the spread. In any case, it is extremely important to remain vigilant and be on the look out for phishing emails that try to steal your personal information. What exactly is a phishing email and how do you protect yourself against it? A phishing email is an email that tries to look legit but it is actually trying to steal your personal information. There are many common sense steps you can take to protect yourself. The following are a few basic tips that should help you weed out the bad emails and hopefully just find the valid emails. First big tip is to check the sender! Oftentimes, these phishing emails come from bogus emails that are blatantly obvious. That is not always the case, but for the most part, there is mostly always something fishy about the sender’s email address that does not quite add up to the original from a trusted sender. The next major thing to check for is the body of the email. Most, if not all senders state they will never ask you for credentials or other sensitive information over an email. When you get a phishing email asking you to sign into something, that should be a huge red flag. Do not log in using the link in the email. Lastly, check for other anomalies in an email. Just because we are always in a rush, does not mean we should not pay attention to places where we put in our sensitive information. If the logo looks weird, things are misspelled, any other strange things, please do not click on the link. Stay safe out there and make sure you check for trusted sources when trying to find out what’s going with COVID-19.
December 10, 2020
Episode 14: Let's Share Your Password!
Apetech Website: https://www.apetech.me/ https://anchor.fm/apetech/message Email: email@example.com. Twitter: @apetechda In this episode, we are going to talk about why you shouldn’t share your password with people. This is one of those episodes I was hoping I wouldn’t have to write, but after watching a Tik Tok last night, I determined it was to create it and share it with the world in case someone really needed to hear it. Please, under no circumstances should you share your password with anyone. There are obviously a few exceptions to this rule, and we’ll get to them in a minute, but under general guidance, it’s always a bad idea to share your password. Let’s talk about why passwords are so important and go over the reasons why it’s a bad idea to share your password. First, a password serves as an identity for people. Passwords authenticate a person. They are used to gain access to a system or account. In most cases, the only person you want accessing that system or account are verified users. These accounts can contain sensitive data that shouldn’t be viewed by unauthorized users. For example, your tax records, bank records, and private data should be kept private. If you share your password, then the security put in place is invalidated. Anyone with that password can access the information. There are some exceptions to this of course. You might want to share your password with a significant other or if you have children, you probably want to know their passwords in case they forget. Overall though, unless you explicitly want someone to pretend to be you online, don’t share your password. The next reason is a little more complicated. For normal people around the world, having a password is a means to gain access to social media accounts, bank accounts, and websites where you may have an account registered. If you analyze the types of accounts that folks use passwords on, the most sensitive information is usually financial information. There’s other data like addresses, phone numbers, birthdates, but for the most part, your credit card or bank account information is what most people tend to try and keep secure. But, in the business world, passwords are a little more powerful. Having a password there usually means it’s a way on to a machine that then has company data. Having a password to an asset that doesn’t belong to you is very important to keep private. I know a lot of my podcast episodes make me sound like a paranoid person, but if someone else gets your password, they can basically impersonate you. This might not sound too bad, but what if they send an email on your behalf or delete something that might get you in trouble. Things can escalate even more if you have admin rights to a server. Servers are used to store customer or company data. This data is utilized to run the business. Any compromise to this data could not only be catastrophic, but it could also mean loss of revenue. When you have admin rights to a company server, you want to take extra precaution to make sure no one ever knows your password. I’ve worked in some places where everyone shares an admin password. This is a HORRIBLE idea. If someone does something malicious, whether intentional or on accident, there is no way of knowing who did it. If you share your password with someone, you open yourself up to a bunch of issues that you just shouldn’t open yourself up to.
December 7, 2020
Episode 13: Guest Wifi BEST Tips and Tricks
Apetech Website: https://www.apetech.me/ https://anchor.fm/apetech/message Email: firstname.lastname@example.org. Twitter: @apetechda In this episode, we are going to talk about 4 reasons why you should have a guess password for your wifi. Your home network should be a very private thing. All of your devices are connected to this network which means that your personal information transmits through this network. Because of this, you should always know what devices are on your network and who is accessing your network. When people come over to your house and they want to join your private wifi network, I would advise that instead of giving them full access to your network, you give them access to a guest network. Most modern routers have this feature built and and allows you to separate your personal devices from those of visitors. Some routers will even allow you turn your guest networks on and off by simply asking Alexa to enable the guest network. At this point you might be thinking. . . what’s the big deal if I have others join my home network. Let me run you through some of the most common scenarios that typically happen. I’ll start by the most riskiest. If you have complete strangers come to your house asking to join your network, this should be an immediate red flag. These people can be folks from a utility company, a contractor working on your house, etc. These folks should not, under circumstance gain access to your private home network. Some of the risks include them setting up a man in the middle attack where they can see your personal and private data. They might be able to access your shared network drives and printers which again contain your personal data. They could also introduce malicious attacks/malware that can compromise the other computers in your network. As you can see, giving someone you don’t know access to your network, while not always dangerous can have some serious consequences if the wrong person gains access. Next up are friends and family. The same risks from the previous example still apply with the exception that you actually know the people you are granting access to. Even though you know them, you still shouldn’t just hand out network access. All of the same attacks and vulnerabilities still apply with friends and family. If they want to do harm to you, having access to your personal home network is an easy way to get started. Sometimes, we like to let our guard down when we are with those we love and trust. But sometimes, that love and trust becomes our biggest vulnerability. I’m not saying you need to stop loving your friends and family, but why not exercise every precaution to keep your data safe. Enable that guest network and let them connect to that network. The peace of mind is worth it in my opinion. When someone access your network, they can then see other devices and data on that network. Network shared drives are starting to become a common thing in home networks. As we create more and more data, our devices overfill and all that data goes on to a network drive. These network drives can then easily be accessed by devices on your network. This is common with media servers that are usually used to store and stream videos and photos. When you allow someone outside your home to access your wifi, you are potentially allowing these folks to also access your files. If this is not your intention, letting them connect to a guest wifi can easily remediate this problem. Adding layers of security to your shared network services can also help remediate.
December 3, 2020
Episode 12: Forgot your password? Try these 6 things!
Apetech Website: https://www.apetech.me/ https://anchor.fm/apetech/message Email: email@example.com. Twitter: @apetechda In this episode, we are going to talk about 5 things you can do if you forget your password. Forgetting your password sucks. We’ve all been there at some point in our lives. No matter how smart we think we are, there’s always that one time that we forget our password. Obviously, the best thing to do is to NOT forget your password. But there are at least 5 things you can do to help future self for when you inevitably forget your password. #1 In most cases, a simple forgot password link is enough to get you through. Sure, it’s a little annoying all the different hoops you have to go through in order to restore or change your password, but in the end, all is not lost because you regain access to your account. #2 If you haven’t set up 2 factor authentication on your accounts, that is an excellent way to mitigate forgetting your password. Not only does it make it harder for others to gain access to your account, but having a different way to authenticate usually means that if you forget your password, you can easily verify your identity because you’ll most likely have a badge, fingerprint, face, etc. #3 Having a good password hint is another way to help you remember your password. Obviously, you don’t want you password hint to be super simple, but if a website allows you to provide a password hint, you should create something that is unique enough to trigger your memory, but not easy enough that anyone can figure it out. #4 A lot of websites / accounts don’t typically ask for password hints, but many do ask you for security questions. If a website gives you the option to set up security questions, you should take advantage and create strong password questions answers. A few years ago, there was a popular Facebook thread that asked you personal questions such as what street you grew up on, the name of your pet, your favorite color, etc. Do these sound familiar? They should because those are common security questions. When setting up security questions, answer them in a unique way where even if someone does know the street you grew up on, they can’t easily bypass your security. For example, instead of answering with just the street name, you can answer with a phrase such as “ I grew up on X street”. Makes it a little harder for people to guess your phrase even if they actually know what street you grew up on. #5 Utilizing a password manager is a great and cheap alternative to writing down or memorizing hundreds of passwords. Password managers integrate into your devices and help you when you need to authenticate. Utilizing a password manager will most likely make you forget your passwords as you don’t type them in as often, but these services are very secure and will allow you to access your accounts without worrying about remembering your passwords.
December 1, 2020
Episode 11: How to Minimize Your Chances of Getting Hacked!
Apetech Website: https://www.apetech.me/ https://anchor.fm/apetech/message Email: firstname.lastname@example.org. Twitter: @apetechda In this episode, we are going to talk about the good and the bad about changing your password every 90 days Passwords are susceptible to all kinds of attacks. If you haven’t listened to our first episode, I recommend you listen to that episode first. We’ll highlight some of the topics discussed, but for full details, make sure to give that episode a listen. If you work at companies that take security VERY seriously, then you’ve probably have had to change your password every 90 days. Not only do you have to change your password every 90 days, but you can’t reuse an old password, and you have always meet the minimum criteria for a strong and secure password. While it may be an inconvenience to have such stringent rules, there are some benefits to changing your password every 90 days. But like everything else in life, there are some downfalls as well. So, let’s look at the good and the bad in this episode. Why password expiry is good Let’s start off by talking about the good stuff. Changing your password often is a good thing. It can protect you from being exposed in case your existing password has been compromised. If someone gains access to a website that may contain your password, it might not matter anymore because you would have already changed your password. Another benefit of changing your password is if you accidentally store your credentials on a different device, that device will no longer have access to your account. This is a good thing because oftentimes, we forget where we logged into accounts. By changing your password frequently, you minimize the changes of someone else logging into your account without you knowing. As a side note, and not related to the topic of this episode, a good way to find out if someone has your password or log in information is to check the login history on your account. Some accounts like gmail and facebook have a setting that allows you to see every time someone logs into your account. Review it and if you notice a location that isn’t one where you were at personally, then you should immediately change your password because there’s a high chance that someone is logging into your account. Changing your password often also means that it breaks all those saved passwords that you stored in the browser. If you haven’t listened to our previous episode about why it’s not a good idea to store your password in the browser, make sure you listen to that episode as we go into more detail why this is a bad idea. Nonetheless, if you change your password, you’ll be required to update your saved password. If you don’t have access to a device that you might have saved your password in, then that password will no longer work and people with access to that device will not be able to access your account. Why password expiry is bad We are creatures of habit. Maintaining a password that is safe and secure is already hard enough. Now, imagine you need to make a unique password every 90 days. That’s a lot of different passwords. So, what do humans like to do to make things easier? They’ll make a pattern out of their passwords so they are easier to remember after each change. This is a bad idea because if an attacker gets access to an old password, they can try to figure out your pattern and then figure out your new password(s).
November 18, 2020
Episode 10: The BEST Password Managers Compared!
Apetech Website: https://www.apetech.me/ https://anchor.fm/apetech/message Email: email@example.com. Twitter: @apetechda I’ll be reviewing the following 4 password managers. Lastpass 1Password Bitwarden Strongbox Security Policy: LastPass: https://www.lastpass.com/security/what-if-lastpass-gets-hacked 1Password: https://support.1password.com/1password-security/#:~:text=Your%201Password%20data%20is%20kept,cryptographically%20secure%20pseudorandom%20number%20generators. BitWarden: https://bitwarden.com/blog/post/vault-security-bitwarden-password-manager/#:~:text=Bitwarden%20uses%20end%2Dto%2Dend,password%20can%20decrypt%20your%20vault.&text=Since%20your%20data%20is%20fully,store%20encrypted%20and%20hashed%20data. Strongbox: https://strongboxsafe.com/ Getting Started/Initial Thoughts: Lastpass - Easy to get started. Prompts 2FA if you log in from a new location. You can create the following secure items: See screenshot. Alternatively, when you visit a website that requires a password, LastPass notification pops up if you want to add. It’s best to use the popup because it saves metadata that manually entering passwords doesn’t do. I really like it. But maybe it’s because the interface is red and red is my favorite color 1Password - Chrome extension. Web interface is not as intuitive, but once you have a vault set up, you can add items. Has a built in password generator and audits your existing stored browser passwords. Tells you which ones you should change because passwords might be compromised. Bitwarden - Clean and simple interface. You get down to the brass tax right away. Very intuitive because they store your passwords. This is a password manager. Nothing special. No bells or whistles. You just get a tool to store your passwords and a few other things. Command line interface available and you can host bitwarden on your own server so you don’t have to go to the cloud. Strongbox - Accidentally installed Strongpass. Realized my mistake and then downloaded the right one. Please note that this is only an iOS or Mac app. I really don’t like that there’s no web interface. The app has a ton of features and is open source, but you need to use an apple based app. Lastpass - This is the one I’m keeping. It offers the most features. The Free version covers everything I would need. 1Password - I didn’t really like the interface, but other than that it’s very close to LastPass. Bitwarden - If I only want passwords, this would be my go to. I just felt it’s missing too many features. Strongbox - Too limited. Only works on iOS and Macs. I live on all types of devices. Not for me.
November 10, 2020
Episode 9: Why You Need to Password Protect Files
Apetech Website: https://www.apetech.me/ https://anchor.fm/apetech/message Email: firstname.lastname@example.org. Twitter: @apetechda In this episode, we are going to talk about 3 ways you can protect your files with a password Sometimes you don’t want to encrypt your entire hard drive or folder. Sometimes you just want to encrypt a specific file. PDF’s, Word, and Excel files are usually the most common types of files that folks like to encrypt. Password protecting a file means that you can share a file, or put it in a public place, but people can’t access it unless they know the password. This is perfect for sending confidential information to a coworker, or for selling electronic books. Even if someone gets a hold of your file, without the password, they will not be able to see the contents of the book. A good reason to password protect your files is if you use public document sharing sites like dropbox or google drive. As you may know, Google Docs doesn’t offer password protection on their files. So, people can create a Word document, password protect that file, and then upload it to the cloud. Now, it’s much safer and only the intended audience can view the contents of the file. If you are password protecting a Microsoft Office file, the steps are super simple to add this extra layer of security. First, go to File -> Info -> Protect Document -> Encrypt with Password. Next, type a password and confirm the password by typing it again. Finally, save the file and confirm the password took effect by trying to open the file. Like all the topics I’ve been writing about here, not everything is ever 100% secure. This is just adding layers of security to your files. Other ways of protecting your files is to encrypt your email, send via an encrypted USB, use encrypted cloud providers like Box. In addition, sometimes you may want to encrypt a bunch of files all together. In that case, you can put all your files in a zip file and then password protect that. This isn’t as easy or straight forward as with Microsoft Word, but the same theory applies. The biggest difference is that you’ll need to install special software on your computer that allows you to zip and password protect your file. Some are free, others are paid. I personally recommend using 7-zip as I’ve been using it for years. Another great benefit of using a zip file is that you can basically encrypt any type of file. You are no longer bound by just MS Office or PDF’s. You can encrypt music, movies, and even malicious data such as viruses or spyware. That about wraps it up for this week's episode. Let me know if you enjoyed this episode by reaching out to me on Twitter at apetechda. I’d love to hear from you! Stay tuned for next week’s episode where we take a look at 3 different password managers and answer your top questions about their use and effectiveness.
November 3, 2020
Episode 8: 2 Reasons Why You SHOULD Encrypt Folders
Apetech Website: https://www.apetech.me/ https://anchor.fm/apetech/message Email: email@example.com. Twitter: @apetechda In this episode, we are going to talk about Encrypting your sensitive files on your computer. Whether you are on a pc or mac, you have the ability to encrypt and password protect folders on your computer. This is a really neat feature that doesn’t cost anything and adds an additional layer of security on your computer. If you want to be super safe, you can encrypt your entire hard drive, but for the purposes of today’s topic, we are going to focus on just encrypting a folder. What is folder encryption? Folder encryption is pretty simple. You pick a folder on your computer, or create a new one. You then follow the simple steps to encrypt a folder. https://www.comparitech.com/blog/vpn-privacy/encrypt-windows-files/. https://www.intego.com/mac-security-blog/how-to-use-apples-built-in-features-to-encrypt-files-and-folders/ https://itsfoss.com/password-protect-folder-linux/ What this does is it scrambles the information stored in that folder and only a password can unencrypt it. Whenever you want to access the information in that folder, you’ll be prompted to enter a password. If you forget that password, then the content of that folder are gone forever. Because of this you’ll want to make sure you pick a strong, safe, but easy to remember password. Feel free to listen or watch one of our previous episodes where we discuss how to create a password. If anyone were to ever physically gain access to your computer, they can’t see the contents because they don’t have the password. If they try to copy the folder to a different computer, they will not be able to see the data either because the values are encrypted and will not assemble the appropriate data without the key, which is the password. But, why would you want to encrypt a folder? Well, there’s a couple of reasons. First, you may want to consider encrypting a folder on your computer that contains sensitive information. This information could be things like tax information, confidential information, or something as simple as pictures. The information encrypted is typically something you don’t want someone else getting their hands on. Companies encrypt entire hard drives because they don’t want any of their proprietary information being leaked. Similar idea, but specific to a folder only. Next, you may want to encrypt a folder because even if you delete files from your computer, they aren’t really deleted unless you perform a proper hard drive deletion or destruction. If you ever sell your computer, or if someone gains physical access to your hard drive, encrypting folders allows you to rest assured that your data is unreadable by anyone else. But just because you encrypted your data, it doesn’t mean that it’s 100% secure. An algorithm was used to encrypt your data, which means that if someone figures out the algorithm used, they could potentially reverse engineer it. If you write down your password and keep it close to your desk, or if someone finds it, well it doesn’t matter that you encrypted your folder at that point.
October 29, 2020
Episode 7: 3 Reasons Why You Should NOT Save Your Passwords in a Web Browser
Apetech Website: https://www.apetech.me/ https://anchor.fm/apetech/message Email: firstname.lastname@example.org. Twitter: @apetechda In this episode, we are going to talk about why you shouldn’t save your passwords to your browser. If you use a modern browser such as Chrome, Firefox, or even Edge, then you’ve probably seen a little notification that pops up when you first log into a website. It asks you if you want to save your username and password. How convenient you think. How awesome is this is probably another thought that crosses your mind. While it can be a tremendous time saver have your browser store all those passwords for you, there are some serious drawbacks that I’d like to highlight in this episode. If you have ever used your browser to store your username and password, you’ll want to stick around because we’ll be discussing some the biggest risks you have if you utilize that feature. Okay, so I’m not going to lie. I’ve used the feature on the browser that allows you to save your password. It almost immediately pops up and whenever you change your password, it reminds you to update your stored credentials to match the new ones. This is an amazing feature. Best of all, it stores your unique passwords for each website. Every time you come to the website, there it is, prefilled for you. Life can’t get any better. Except there are some issues with using this feature. Let’s jump into it. First, every password is saved on your one browser. In order to see the list of all those passwords, all you need is the administrator password for your computer. This one feature ruins it. It doesn’t matter how safe, strong, and unique your password is. It doesn’t matter if you use a different username and password for every website. It doesn’t matter if you update your passwords every 90 days. None of that matters if only 1 admin password can show and expose all of your hard work. With one password, an attacker can gain access to your entire catalogue of usernames and passwords. In my opinion, this isn’t very safe. You might be thinking, but I’m the only one that uses my computer. Well, what happens when you sell or pass on your computer to someone else? Do you take the appropriate precautions to wipe your computer clean? What if you have your admin password written down and someone finds it in your house? They then have access to every stored password. Worst case scenario, you log into a public computer and save your username and password. The next problem is that it makes you forget your password. Because you never have to retype your passwords, your passwords are more likely forgotten. Easy solution, write your passwords down. . . but then we are back to violating password safety guidelines. I’ve met countless people that depend on the browser saving their passwords that they need to reset their passwords whenever they log in from a different device. This then begins an endless loop of constantly having to reset your password because you forget what you change it to. Then your previous browser still has the old one saved and the new password doesn’t work because you forgot it. So then you update it in that browser and the cycle continues. Moral of the story, if you can avoid it, please don’t use the browser to save your passwords. It’s much more secure to use unique passwords that are long and easy to remember so you can avoid having to save them or writing them down.
October 23, 2020
Episode 6: 3 Things You Can Do If Your Password is Hacked
Apetech Website: https://www.apetech.me/ We just crossed over 50 listens to our podcast and super excited to hit our goal of 100! To everyone that’s listened, thank you very much. If there’s a topic that you want us to cover, please let me know. You can call in your questions or email me at email@example.com. Link for the voice messages in the episode description. Also don’t forget to check us out on social media. We’re pretty active on Twitter so, make sure to follow us! https://anchor.fm/apetech/message Twitter: @apetechda In this episode, we are going to talk about what to do if your password is hacked. A password is never 100% safe. Any company, at any time can get hacked and your password can be stolen. Because of this harsh reality, there's a good chance that your password has already been compromised. If you suspect that your password has been hacked or compromised, there’s a couple of things you need to do immediately in order to minimize your exposure. First, and this is the most obvious one is go directly into all the accounts you have change your password there. Do NOT, under circumstance, click on a link from an email stating your account has been compromised. This is a phishing attempt and you can very easily fall victim of this type of attack. If your password wasn’t actually compromised before, if you click on the link and follow through, your password sure is compromised now. By going to the website directly, you control the URL that you visit and you can check for SSL encryption as well. We’ll be talking about it in a future episode, but you should be updating and changing your passwords regularly, regardless of a known hack or not. The next thing to do once your password has been compromised is to set up 2 factor authentication. By doing this, you add a layer of security and if someone tries to change your password, then they’ll also need to have your phone or some other item in order to continue. Keep in mind, if you password is compromised, an attacker may know your password. If they use your password on lets say your banking website, they log in as you. Once logged in, they can change the password, keeping you out. With 2FA, the system will prompt for a code or something that typically goes to your cell phone via text or email. This added layer of security will either deter the attacker or prevent them from changing your password. If you ever get a 2FA notification and you didn’t “trigger” it, change your password immediately. The last thing to do once your password has been compromised is to change your user names. Having a compromised password is one piece of the puzzle. The second piece is knowing the username. Oftentimes, as we are creatures of habit, we use the same username for a lot of different places. If your password is compromised and usernames happen to leak, or your username is something like your name, an attacker might be able to log into your account and make changes. Changing your username often adds yet another layer of security. The focus of this article was mainly on if a website you use gets hacked and their stored passwords are compromised. There are of course many other ways to get your password compromised such as having a keylogger installed, a social engineering attack, a phishing attack, and many others. No matter the situation, it’s a good practice to enable 2FA AND change your passwords often. It’s better to be safe than sorry.
October 19, 2020
Episode 5: How to Make the BEST Password For Your Kid(s)
Apetech Website: https://www.apetech.me/ Welcome to episode 5 of the Apetech Podcast. We just crossed over listens to our podcast and super excited to hit our goal of 50! To everyone that’s listened, thank you very much. If there’s a topic that you want us to cover, please let me know. You can call in your questions or email me at firstname.lastname@example.org. https://anchor.fm/apetech/message Twitter: @apetechda In this episode, we are going to talk about passwords for your kids With most, if not all students going to school remotely, all of them now need to have a password to utilize their digital tools. If your student is anything like my child, then you know that they aren’t very good at dealing with passwords. They simply don’t understand the importance of a password and how critical it is to not share that password. If your kids are like mine, their minds are in their minecraft and roblox world. Their perspective on life is innocent and pure. They don’t understand the perils of the internet. Thus, it is so important to teach your kids about the dangers of the internet. They need to be taught how to utilize this powerful tool in such a way that they are safe. And it all starts with passwords. Well not really, but for the purposes of this episode, let’s assume that passwords should be one of the first things kids need to learn about. There are some options currently available on the internet, but after looking at them, I wouldn’t personally recommend them. The passwords are too “simple” and not very secure in my honest opinion. Services like dinopass create easy to remember passwords for kids, but they can be cracked in seconds. Don’t use that service, if you want a very secure, yet simple to use password for your kids, keep listening. Here’s the takeaway: Students need safe, strong, but EASY to remember passwords. Like all good passwords, the same principles that apply to adults works for students. So, what makes a good password for students? Let’s take a deep dive. We’ll start with the most important part. Passwords need to be easy to remember. That means that the password needs to be something memorable to them. This means that it’s something that’s important to them. So, the first thing to do when creating a strong password is to pick something that is special to you. This should be fairly easy to determine for your kid because kids are passionate about a lot of things. Pick one and let’s move on to the next phase. Passwords that are long in character length, make for the most secure passwords. Just because a password is long, doesn’t mean it’s hard to remember. When you combine it with the first suggestion, you’ll get a long password that kids can remember easily. For example, these passwords can be passphrases or sentences that they can remember. Finally, add a number or special character to make things a little more complex, but still just as easy to remember. After all of that here’s a good password for you kid. MyFavoriteIsSpid3rM@n! This password is easy to remember, very long, and has special characters, capitalization and numbers. You have officially created the best password your child can have. No more needing to write it down. Now all you’ll have to worry about is teaching your child how to type!
October 9, 2020
Episode 4: 2 Ways to Use Wireshark to Find Passwords
Apetech Website: https://www.apetech.me/ Twitter: @apetechda Welcome to episode 4 of the Apetech Podcast. We’ve also enabled voice messages on anchor, so if you want to call in your questions: https://anchor.fm/apetech/message In this episode, we are going to talk about using wireshark to find passwords. Wireshark is an amazing tool that is typically used for monitoring network traffic. Wireshark is such a powerful and capable tool that there are many books written on the tool. The tool is completely free and and can help uncover many things about a network. Since the topic of wireshark is so massive, I’m going to focus this episode on just talking about using Wireshark to find passwords. If you are interested in wireshark, let me know in the comments or on social media and I’d be more than happy to do a deeper dive into this tool. There are two different uses of wireshark that can help you find passwords. First, sending sensitive information over a non-secure website is a simple way of seeing passwords using Wireshark. The second method is to capture an image that contains a password. Alright, let’s get into the details. First, if you haven’t already, download wireshark. It’s a free tool and it can be found at: wireshark.org. I recommend getting the latest stable build, but if you are feeling lucky, get whatever version you want. There’s lot of documentation and tutorials on wireshark available on the website. Feel free to give them a watch. I wont go into much details in this episode, but you should still be able to follow along even if you’ve never used wireshark Fire up wireshark and start listening to your network of choice. Make sure you hit capture and watch a bunch of information flood the screen. You don’t have to pay special attention to any of this just yet. But this traffic is traffic coming in and out of your computer. If you want to see all the traffic on that network, then you want to enable promiscuous mode. Open up your browser of choice and head on over to any website that doesn’t use encryption. Since most websites use encryption, this is going to be harder to do. Assuming you find a website that’s unencrypted, you can watch Wireshark as each character from your computer is passed through the network. You’ll see something to the effect of: W Ww he next way of capturing sensitive information is via pictures. If you are transferring pictures over an unencrypted medium, then those images can be captured by wireshark. The images aren’t immediately easy to see. But once you are done capturing traffic, you can sort and search by JPEG. From here, you can see a list of all the images captured during the traffic capture. In order to find passwords, you’ll have to be patient. You are looking for pictures of stickies or documents that have their passwords written on them. If you are interested in wireshark, let me know in the comments section below, and I’ll make more episodes on wireshark. https://www.instructables.com/id/How-to-Find-Passwords-Using-Wireshark/ https://blog.packet-foo.com/2016/07/how-to-use-wireshark-to-steal-passwords/comment-page-2
October 2, 2020
Episode 3: 5 Things You Need to Know About Your Smart Devices
Welcome to episode 3 of the Apetech Podcast. I hope you are having a fantastic day. We’ve also enabled voice messages on anchor, so if you want to call in your questions, link in the description. Send us messages: https://anchor.fm/apetech/message Alright, enough of the chit chat, let’s get into today’s topic. In this episode, we are going to talk about passwords for all smart devices you have in your home. We all have them at home, whether they be smart light bulbs, smart cameras, smart voice assistants, smart fridges, smart whatever you can think of. . . these technologies are making it into homes across the world. They make our lives easier and it’s neat that the technology we dreamed about 50 years ago is slowly tickling into our every day lives. These devices are great. I can’t deny that I have my fair share of devices at home and use them on a daily basis. But are they safe? What risks are you accepting by having these devices in your home? Let’s talk about that today. I’ll be covering 5 basic things you should be doing to protect yourself and your devices. 1) Default Password 2) Different Accounts 3) Manufacturers 4) 2 Factor Authentication 5) App Permissions Well that wraps up our episode for today. If you liked it, please consider subscribing and hit that like button. Hopefully I didn’t scare you too much. These devices are great. They help us do things that are usually boring or mundane. They are getting better every year. Just be careful and use some of the tips I provided today to keep yourself and your family safe!
September 25, 2020
Episode 2: How 2-Factor Authentication Can Save Your Account
In this episode, we are going to talk about 2 factor authentication. In the most simplest terms, two factor authentication means using two different methods of authentication to verify that an individual indeed is that person. The good - makes your account safer The bad - still hackable, but it’s harder The ugly - it’s annoying when you are in a hurry. Something you know - passwords Something you are - biometrics Something you have - badge, phone Something you know - This is a password. This is something in your mind that no one else knows. Security questions - only you technically know them. But this isn’t enough. Someone else might figure it out. By itself, it’s not safe. Facebook questionnaire. Asking you where you grew up, your favorite color, etc. Biometric - using some element of your body to identify yourself. Fingerprint, face recognition, retina scan, hair, voice. Something you are utilizes a biometric to identify an individual. Something you have - something physical that no one else should have. Badge is a good example. Your phone, along with a text or email another good example Individually, these are just authentication methods. But, when put together, you get 2 factor authentication. Simply put, you use 2 items from the list above, to authenticate a person. This makes it harder for hackers to get into an account, because they have to have 2 pieces. While this solution isn’t 100%, it’s still better than just relying on a password. An attacker has to go the extra mile to get one of the other items. Security by layers. Most attackers are lazy. Unless this is a targeted attack, 2 factor will deter most attacks.
September 19, 2020
Episode 1: Introduction and Password Attacks
In this episode, we introduce ourselves, Alex and Bernandina Ortiz. We are the founders of Apetech LLC, an IT and Software services company. We work with small business to help them get online and secure all their digital assets. Check us out at apetech.me. The focus of this episode is to help our listeners learn about different types of attacks hackers perform in order to compromise your password. We offer tips to protect yourself and your business. More episodes will be added further outlining password protection and best practices. Subscribe to our Podcast so you never miss out on this critical information.
September 17, 2020