fbpx

January 2019 Breach Report

January 2019 Breach Report

The new year is already off to a bang with data breaches.  As I’ve always said, you have to take an active role in protecting yourself.  While we have to keep these companies accountable, you also can’t blindly trust them with your personal information.  Thus, I’ll be compiling a list of companies that experienced a breach each month.  I’ll be presenting the facts of each breach and what you need to do if you are a customer.

Houzz

The home decorating company House announced that hackers were able to gain access to their account details.  According to their announcement, usernames, encrypted passwords, and IP addresses were leaked.  If you log in with your Facebook account, then your Facebook ID was also leaked.  But, it’s important to note that if you logged in via Facebook, your Facebook password was not leaked.  So there is no need to change your Facebook password.

If you are a customer of Houzz, I would suggest that you change your password immediately.  As always, when I recommend that someone change their password, I recommend that they look at where else they have that password.  If your password for Houzz is used on any other site, I would suggest you change these passwords too.

Airbus

The French airplane manufacturer is another company that was hit with a breach.  According to their press release, the company identified a cyber incident that resulted in a loss of data.  The company is still investigating, but early results show that internal employee data was breached.  The incident report says that employee contact information and IT details were part of the leaked data.

According to their report, you should only have to worry about this if you are a European employee of AirBus.  If you’re a consumer, there should be nothing you need to do to protect yourself.

Discover

Discover announced recently that they noticed a data exposure of customers in California.  They have attributed it to a possible merchant data breach.  This probably means that one of their processors was breached and allowed hackers to steal credit card numbers.  If you are a Discover customer and were a part of the breach, you should have already received a new card.  While credit card breaches are always scary, it’s important to remember that you are not liable for fraudulent charges on your credit cards.  I would suggest that Discover customers review their credit card statements and call Discover immediately if they notice any unauthorized charges.

New Breaches from “Have I Been Pwned”

No, the website “Have I Been Pwned” was not breached. However, they announced that they have found a new set of breach data that includes 773 million records.  If you’ve never heard of “Have I Been Pwned,” I recommend you go and look at their site.  The man who runs it is a security researcher and he collects breach data from all over the internet.  He then loads it in to his database and provides you a search capability.  You can go to his site and search your email and he will tell you if your account has shown up in a breach.

He doesn’t have all the breach data out there, but he does have the largest collection I’ve ever seen.  I always suggest that people go to his site and sign up for breach notifications.  That way when he loads new breaches into his database, you will get an alert right away and can go change your password.  I recommend that you go and search for your email on “Have I Been Pwned.”  If your email comes up on a site, you should immediately change your password.

Local Bitcoins

The website Local Bitcoins detected a breach this month where hackers were able to gain access to user accounts.  It looks like it was an issue with their forum.  They immediately shut down the affected accounts and fixed the issue, which is great!  But, after any breach, I always recommend people change their password as a precaution.  Additionally, Local Bitcoins has two-factor authentication.  If you haven’t enabled it I recommend doing so.

Minnesota Department of Health and Human Services

The Department of Health and Human Services for the state of Minnesota announced that they were breached as a result of a phishing campaign.  According to a local news source, the breach included names, birth dates, phone numbers, email addresses, and general information related to child protection cases.  About 3,000 people’s data was leaked.  They suspect 30 more people could have had their Social Security Numbers, Drivers License numbers, and financial data leaked.

It’s always a bad breach when a Government entity is involved.  We trust the Government to protect our data and often we have no choice but to give it to them.  If you were affected by this breach, I would hope the Minnesota Government would send out a letter informing you of this.  If you are ever a part of a breach of this kind, it might be important to look into freezing your credit.  Hackers will oftentimes use this information to try and steal your identity.

Conclusion

This month didn’t have the worst breaches I’ve ever seen. Yet, it’s still important to maintain awareness about these threats.  If you have accounts with any of these companies, I recommend changing your passwords immediately.  Always remember that the best way to keep hackers out of all your other accounts is to have unique passwords for every site you have.

Past Breach Reports:

Facebook Privacy Overview for Data Privacy Day

Today is Data Privacy Day in the US and Canada.  Data Privacy Day started in 2008 and the campaign is organized by the National Cybersecurity Alliance.  So in celebration of the day, I wanted to take this time to discuss a little about online privacy.  We put so much of our personal data out on the internet and we expect that companies will protect it.

In this post, I wanted to talk about the privacy settings on Facebook.  These settings are important to keep your posts and pictures private.  I find it helpful to review these settings on a yearly basis.  It seems like Data Privacy Day is an appropriate time to do that.

Your Activity

Your Activity section of Facebook privacy settings
Your Activity privacy settings

This section of the privacy settings on Facebook deals with how others see your posts.  The first setting “Who can see your future posts?” sets the default visibility settings for all future posts.  When you post on Facebook, you are given an option to see who can see that post.  Your typical options are:

  • Public – Anyone on Facebook can see this
  • Friends – Only people you have confirmed as friends can see this
  • Friends Except – All your friends except a select few can see this
  • Specific Friends – Only the friends you choose can see this
  • Only Me – Only you can see this post
Facebook Create Post prompt showing the setting to restrict who can view that post
At the bottom of a new post there is the option to set who can view this post

By setting this, you set the default permissions for all your future posts.  My recommendation would be to set this to at least “Friends.”  This way, anyone who wants to see your posts must send you a friend request and you must accept it.

The next setting, “Review all your posts and things you’re tagged in,” allows you to see everything you’ve been tagged in.  If you don’t want that to show up on your timeline, you can choose to hide it.

The final setting in this section is “Limit the Audience for Old Posts on Your Timeline.”  This allows you to go back and change the audience for all of your past posts.  I showed you the audience settings above and how you can set the default audience for all future posts.  This setting allows you to change all of your past posts to “Friends Only.”  This way you don’t have to go through each individual post and make sure that the Friends Only was set on them.

How People Find and Contact You

How People Find and Contact You section of Facebook privacy settings
How People Find and Contact You section of Facebook privacy settings

This next section of the Facebook privacy settings deals with how people find you and your posts on Facebook.  The settings here are important, but how restrictive you are depends on how paranoid you are.  You can make it really hard to find you on Facebook by using these settings.

The first setting is a pretty standard one – “Who can send you friend requests?”  If you are truly concerned, you could absolutely change that to “Friends of Friends” only.  But I think leaving it at “Everyone” is fine.

The next setting is who can see your Friends list.  When people search for you on Facebook and find your profile, they can usually see a few things.  Typically, they can see your profile picture, where you live, and your friends list.  I would set this to “Friends.”  Often times hackers will try to scam your friends by creating a fake profile of you.  What they do is look at your friends list and submit friend requests to each of them.  This has probably happened to you if you’ve ever gotten a message from a friend asking if you created a new Facebook profile.

The next two settings are also pretty straight-forward.  They give everyone the ability to find you using your email address or phone number.  The way you set these also depends on how easy you want it to be to find you.  If you set them to “Everyone,” then anyone who knows your email address or phone number will be able to find you using Facebook search.  If you want to be harder to find, you could set it to “Friends of Friends.”  Anyone will still be able to look you up by name. However, they will only be able to look you up by email or phone number if they are already friends with one of your friends.

Finally, the last setting controls if search engines like Google will have the ability to see your profile and posts.  I would set this to “no.”  By setting it to “no,” another person needs to have a facebook account and use their search in order to find your profile.  If you set it to “yes,” then anyone could Google your name and find your Facebook profile.

Location Settings

Facebook location history privacy settings
Facebook Location history privacy settings from the settings menu

The next area in the Facebook settings that deals with privacy is the location area.  If you use the Facebook app on your iPhone or Android phone, then it will periodically collect your GPS location.  This helps them deliver ads based on where you live.  However, they also store that information and keep it.  Essentially, Facebook has a record of every place you’ve ever gone and when you were there.  My suggestion is to turn that setting off.  There is no need for Facebook to keep that record or even know where you are with out you explicitly telling them.  Don’t worry – with this setting off, you can still check in to places on the app.

Facial Recognition

Facebook Facial Recognition privacy settings
Facebook Facial Recognition privacy settings

The last section of the Facebook settings I want to discuss is Facial Recognition.  Have you ever been tagging a photo and Facebook suggests that person as someone to tag?  That’s their facial recognition at work.  They use facial recognition in a number of ways.  The first is to suggest tagging people in photos that you upload.  The second way they use it is to figure out if someone is impersonating you by using your picture as their profile picture.  I personally keep this setting off, because I’m paranoid.  But I can see the benefits to it.  You can learn more about Facebook facial recognition here.

Overall, Facebook has a lot of settings that protect your privacy.  You just need to review them and make sure they are set according to your own risk tolerance.  In most cases, I’ve told you how I set the settings on my personal facebook page.  I tend to be a little more cautious and paranoid about my privacy.  But it’s up to you to determine how private you want your data and how hard you want it to be to find your profile on Facebook.

New Year’s Resolution – Update Your Computer

Imagine yourself sitting at home watching YouTube.  You are binge-watching your 7th video of the best cat fails.  Everything is going great, and then you get that annoying popup in the corner of your screen.  It’s time to update your computer again.  But wait, didn’t you already update your computer?  So what do you do?  If you are like most people, you click “remind me later,” or “don’t remind me again.”

Now I’m going to tell you a little secret of mine.  Even as someone who is a practitioner and teacher or cybersecurity, even I sometimes click the “remind me later” button.  I know, I know.  I’m about to give you a dose of do-as-I-say-not-as-I-do.

Why Computer Updates Happen

So why are there updates all the time?  I know it seems like your computer wants to update almost every day.  Well, it’s an important part of the software lifecycle.  You see, when developers write code for the programs that you use, it’s often not a single developer.  Most of the time, it’s a team of people and those people make mistakes.  When mistakes are made, that unfortunately sometimes results in a security flaw.

So the developers test their software and when they find an issue, they develop a patch to fix the security flaw.  That is why you get updates all the time.  The windows operating systems alone consist of roughly 50 million lines of code.  That’s a lot of code to review, and that’s a lot of places a developer could make a mistake.

How Do You Make Sure You’re Protected?

Mac update window animated gif depicting a user clicking restart now
Click Restart Now every time!

Well, the only thing you can do is click the update button.  The next time you see an update popup, take the two minutes and click the update button.  This is one of the biggest things you can do to better protect yourself.  Most of the viruses and ransomware out there rely on a vulnerability in the software you may have on your computer.  More often than not, a vulnerability in your browser is what allows hackers to target you with ransomware.

By installing updates to your browser and your operating system, you are more protected from threats like viruses and ransomware.  I know it’s not some sexy cyber trick or some next-generation anti-virus program.  But to be honest, a lot of the time when you hear things like that from software companies, it’s mumbo jumbo.  The best way to protect yourself is good old fashioned software updates.

But Won’t My Next Generation Anti-Virus Protect Me?

You may have the new fancy Next Generation, Artificial Intelligence Anti-Virus program.  But the truth is, that’s a bunch of marketing talk.  Anti-virus is an important part of your computer defenses, but it’s not going to stop everything.  Updating with the latest patches on your software will do more good to your defense than any anti-virus application would do.

There is no one solution that is going to stop hackers in their tracks.  It takes layers of defense to make you more secure.  This year, I’m making a renewed effort to update my systems and stay on top of patches.  I hope you decide to do the same.

December 2018 Breach Report

2018 December Breach Report

2018 was the year of the breach.  Hundreds of companies were breached and your data may have been stolen from them.  And that’s the ones we know about.  Most companies have no idea that hackers have breached their systems.  Many companies have hackers in their systems for 1 to 2 years before they ever find out.

All this to say we can’t always trust that companies will protect your personal information.  This means that you have to do it yourself.  So every month I’m going to go over some of the worst breaches from the previous month.  I’ll tell you the main facts and what it means for you.  If you have an account with that company, then I’ll also tell you if there is anything you can do to protect yourself.

This month Marriott, Caribou Coffee, Bruegger’s Bagels, Dunkin Donuts, Warby Parker, Facebook, Quora, and 1-800-Flowers are among the victims of data breaches.

Marriott

It’s hard to say if Marriott is the worst breach of 2018. But it’s in direct competition with Equifax as the worst breach of 2018.  Over 500 million Marriott and Starwood customers had their accounts breached.  Stolen data was encrypted, but experts are unsure if the hackers were able to steal the encryption password as well.  Only a small subset of customers may have had their credit card information stolen.  But it is very likely that usernames and passwords were stolen.  

My suggestion would be to change your password if you have an account with Marriott. Remember that most credit cards do not hold you liable for fraudulent charges. If you are concerned, you could always request a new credit card number, but that may be unnecessary. You can read more about the Marriott breach here.

Caribou Coffee

Caribou Coffee announced that hackers breached their point of sale systems in 2018.  This means that credit card data could have been stolen from several Caribou Coffee locations around the US. The notice they issued here listed the locations that were breached. If you used your credit card at any of these caribou coffee locations, be sure to watch your credit card statements.  If you see fraudulent charges, immediately call your credit card company.  You could also call your credit card company and get them to issue you a new number.

Bruegger’s Bagels

Bruegger’s Bagels is owned by the same company as Caribou Coffee, so this breach is the same as Caribou Coffee. Bruegger’s Bagels issued a statement here that shows the locations that were breached.  If you used your credit card at any of the Bruegger’s Bagels locations, make sure to check your credit card statements.  If you discover fraudulent charges, call your credit card company immediately.  You may also call them to request a new credit card number if you are concerned.

Dunkin Donuts

If you are like me, you are a fan of Dunkin Donuts.  They are yet another victim of a data breach in December.  According to their announcement, hackers were able to gain access to “first and last names, email address (username), and your 16 digit DD Perks account number and your DD Perks QR Code.”  Luckily, no credit card information seems to have been stolen here.  But, I would suggest changing your password if you have a DD Perks account.

Warby Parker

If you are a customer of the eyeglasses company Warby Parker, you may have been required to change your password recently.  Warby Parker announced that hackers were able to get into their systems and steal the usernames and passwords of 198,000 of their customers.  They did the right thing by forcing affected users to reset their passwords.  But, if you have an account I would suggest changing your password even if they didn’t force you to.

Facebook

Facebook announced in December that a flaw in their system allowed 3rd party developers to access user’s photos.  I believed this was so bad that I wrote an entire blog post on it.  You can read all about it there, but my suggestion is to check on the apps that have access to your Facebook account.  I’ve outlined how to do that in my blog post on the subject.

Quora

The question and answer site Quora is yet another victim of a breach.  If you have an account with Quora, your username and password might have been stolen by hackers.  Quora announced that usernames, passwords, and data imported from Facebook and LinkedIn for 100 million of their users was stolen.  If you have an account, you should change your password immediately.

1-800-Flowers

The parent company of 1-800-Flowers announced that their Canadian operations suffered a breach.  Canadian customers who ordered from 1-800-Flowers could have had their credit card data stolen.  The parent company says this breach did not affect any customers in the United States.  As always, my suggestion is to watch your credit card statement and call your credit card company if you see any fraudulent charges.

Conclusion

It’s easy to look at these breaches and think there is no hope.  But it’s important to remember that there are some simple steps you can take to protect yourself.  With any breach that affects your username and password, make sure to change your password.  If you use that same password on other sites, it’s also important to change your password there too.  That’s why I recommend using a password manager.  With a password manager, you can create a unique password for every site you have an account.  This way when a breach happens, you don’t have to worry about changing your password on several sites.  I teach you how to do all this and much more in my course “A Hacker’s Guide to Internet Safety and Cybersecurity”.

Beware of Package Undelivered Phishing Emails

It’s that time of year again.  It’s the holiday season and for most of us, that means time with family and friends.  But this time of year isn’t only busy for retail businesses; it’s also a busy time for hackers and scammers.  They know that everyone is out purchasing gifts for their loved ones.  Since we increasingly turn to online stores to get us those great presents, hackers and scammers have figured out how to use that against you.  Everyone wants to know the status of their packages from online retailers.  Right after Thanksgiving in the U.S., there is a major increase in fraudulent package emails that make their way into email accounts. 

How to Identify Fraudulent Package Emails

Hackers and scammers are trying to prey on your worst nightmares when it comes to online shopping – a lost package.  They’ll send emails with subject lines like “Package Undeliverable” or “Delivery Exception”.  Think about it, if you ordered something and then a couple of days later you got an email saying your package can’t be delivered, how would you feel?  Who wants to deal with a shipping company?  And what if the package doesn’t arrive on time?

So you open the email, and without thinking, click on the link to try and resolve the issue.  That’s where they get you.  The resulting link usually has some sort of virus on it.  Typically, it’s ransomware that is designed to hold your files hostage until you pay the ransom.

UPS has compiled a lot of really great examples of fraudulent emails that they find.  Here’s an example of one –

Fraudulent UPS Email
Fraudulent UPS Email Source: ups.com

You’ll see that it looks pretty legitimate.  It has the UPS logo and some decent worded language in the email.  But, there are a few red flags here.  The first thing you should look at is who it’s from.  The From line on this email is not a valid UPS URL.  That should tip you off right away.  

But what if you don’t look at the “from” block of the email?  The second issue is that there is no tracking number in this email.  Most delivery exception emails from any carrier will have a tracking number in the body or subject of the email.  This example has neither.

The last red flag in this email is the link.  While this may look like the legitimate UPS URL, it might actually take you to another website.  When hackers send phishing emails, they typically use hyperlinks to get you to click on the link.  By using hyperlinks, the hackers have the ability to type in www.ups.com but have that go to their website, which typically hosts viruses.  The best way to defeat that is to hover your mouse over the link without clicking it.  Your browser will show where that link is actually going in the bottom right or left corner of your browser.

What can I do if I’ve received one of these emails?

I always recommend being cautious of any links in emails.  Especially emails that you didn’t sign up for.  So my first suggestion would be to not click links in any emails.  But what if the email is legitimate?  Well that brings me to my second suggestion.

Each of the main package delivery services have some sort of online account that will alert you of incoming packages.  UPS has UPS My Choice, FedEx has FedEx Delivery Manager, DHL has MyDHL, and USPS has Informed Delivery.  With all of these services, you can put in your address and it will inform you of packages that are coming your way.  Instead of clicking on the links in an email, log in to the services and see if there are any packages scheduled for delivery.  This way you know that the package is coming and you don’t have to worry about clicking any links in your email.

My final tip for you is to forward any suspected fraudulent emails to the shipping company’s fraud department.  Each of the major services has an entire department dedicated to fighting fraud.  They rely on you to help protect packages and their customers.  So if you get one of those emails use the links below to find the email address to forward the phishing email to.  This will help them take down the hackers and keep you safer.

The Facebook Photo Exposure and What You Can Do About It

Facebook Photo Leak. What happened and what you can do about it.

A few days ago Facebook let the world know that there was a flaw in the way that apps accessed photos. This flaw allowed developers of the Facebook apps to access the photos of 6.8 million users.  Facebook apps are one of the biggest security risks to Facebook users.  Cambridge Analytica came to light back in the summer when they asked users to take a survey and install an app on their profiles. This app gave the company access to lots of data that people have posted on their Facebook profiles.

When you install an app, you give that app permissions to data that you post on Facebook.  One thing you have to remember is that Facebook is not the developer of many of these apps.  So you are in essence giving someone other than Facebook to access your photos and posts.  Facebook is notifying people if their photos were leaked as a part of this issue. If yours were leaked, you’ll get a notification in the Facebook app the next time you log in. Facebook says that they are working with the app developers to scrub the exposed photos.

How Do You Stop Apps?

There is something you can do about this though. I recommend that everyone look at the apps that are installed. You can see all the apps and the individual permissions that those apps have. Make sure that you are alright with giving that third party access to your data. You can either delete the app or deny permissions to the app.

Facebook permissions page example for Pinterest

The image above is an app I had installed. You can see I’ve given this app permission to see my friends list, birthday, pages I like, and my email address. But this page gives me the ability to turn off those individual permissions. So if I don’t want Pinterest to see the pages I like, all I have to do is turn that permission off.

I will warn you in advance, turning off permissions like that could break the app. This means that it may not provide the service you want anymore. I would suggest looking at the apps and thinking about what service it provides you. If you don’t want or need that service anymore, delete the app.

We all give Facebook a lot of information about ourselves and we assume that they will protect that. We all need to do a better job of protecting ourselves online, but especially with regard to social media. It’s clear that the companies we do business with aren’t doing a great job of that. That’s why I’m working on a Facebook security workshop that I plan to launch in the next few weeks. If securing your Facebook account is something you want to learn how to do, sign up using the form below. I’ll send you an email to register for the free workshop.

[mc4wp_form id=”124″]

Anti-Virus and Its Place in Your Hacker Defense

Course Image for A Hacker's Guide to Internet Safety and Cybersecurity

[vc_row][vc_column][vc_column_text]When I first got in to Cybersecurity there wasn’t much talk about all these complex password requirements and next generation firewalls. The advice from experts was simple – ensure that you have an up to date anti-virus application and make sure that you patch your computers on a regular basis.

Now the advice is much different and the prevailing thought is that anti-virus is largely ineffective at stopping some of the more advanced threats out there. This means that we as individuals have to be more cautious about what we download and what we install on our computers. So let’s take a little bit to understand how anti-virus works and why it’s sometimes ineffective.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_custom_heading text=”How Does Anti-Virus Work?”][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]One of the most common ways that anti-virus finds and stops viruses, malware, and ransomware is by using what’s called “signature-based” detection. Signature-based detections is exactly what is sounds like – the anti-virus vendors create signatures for new viruses and the software and then scan your computer for those signatures.

There are two problems with this type of threat detection. The first is that these signatures are usually looking for something very specific in the virus. This could be some code they know will be in the virus or a specific file that is placed on the system when the virus is run. While these signatures can get very complicated, they are also easily broken by many tactics.

So let’s look at what a very simplistic signature would be. Say you have a virus and once it’s installed it runs the following code “printf (“hello world”)”. Now this is a very simplistic line of code and the likelyhood of this being in any virus is low. However, for this demonstration, let’s pretend our virus runs that. The anti-virus application will be looking for that particular piece of code running on your system.

As a malware author, all I have to do is add some random characters in to that line of code to tamper the anti-viruses signature. So if I change that line before to “printf (\x90 “hello world”)”, I have effectively defeated the anti-virus signature.

As a seasoned professional in the industry, I will be the first to say it’s not as easy as I just made it out to be. The anti-virus vendors are very good at creating signatures. However, the virus authors have been largely successful at getting past anti-virus applications thus far, so we can’t rely on anti-virus as our only means of protection.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_custom_heading text=”New Viruses and Their Non-Existent Signatures”][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]The other pitfall of anti-virus applications is that many of them rely on having seen the virus before. By this I mean that if the virus that gets installed on your computer is new to the internet, then the likelihood that any anti-virus vendor has a signature for it will be slim to none.

Anti-virus vendors have teams that are dedicated to finding new viruses on the internet. They use a highly-trained team of cyber analysts to scour the deep dark places of the internet where viruses are born, find new viruses, and put in protections against them. They also rely on outside people to submit what they think might be viruses to their team to be analyzed.

The problem with this is that if a new virus is released on the internet, it may take a while before their team finds the virus or someone submits it to them. The time between the virus release and the creation of a signature could be days, or even weeks. What this means for you, however, it that your anti-virus software isn’t protecting you against this new virus. If you download and install it before a signature comes out, you could have your data stolen or held for ransom.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_custom_heading text=”What Do You Do?”][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]All hope is not lost. I don’t want you to think after reading this article that anti-virus is awful and that you should uninstall it. anti-virus is a very important part of your layered security model. You just need to understand what anti-virus is good at defending you against and where it is lacking.

Anti-virus vendors pride themselves on being able to block a lot of what I call the “broad-based” viruses and malware. This means that you are protected from many of the common viruses and malware on the internet today. Nevertheless, you cannot open every file and click on every link sent to you and feel 100% protected by your anti-virus system.

My final advice to you is make sure your anti-virus tool is set to automatically update and stay vigilant when you open links and documents from people you don’t know. With these tips in mind, you will be more secure than many people out there, and that is our ultimate goal – be harder to hack than the next person.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_video link=”https://youtu.be/8PJkjaf2J5U” align=”center”][/vc_column][/vc_row]

Internet Safety and Cybersecurity Course Preview

Course Image for A Hacker's Guide to Internet Safety and Cybersecurity

[vc_row][vc_column][vc_column_text]Have you ever been hacked?  Do you know someone who has been hacked before?  Most people I talk to say they feel as though they don’t know enough about computer security.  I’ve spent a majority of my career protecting the networks of large companies and I’ve been able to translate what I’ve learned there in to simple tips and techniques that the average computer user can implement to ensure they protect their digital life.

I created a course, A Hacker’s Guide to Internet Safety and Cybersecurity, to teach those tips and techniques.  The course has over 30 lectures and over 2 hours of content.

Through out this week I’ll be posting a new preview video on our YouTube channel so you can get an idea of what the class will be like.  If you like what you see I’ll be posting a special coupon on Monday July 23rd so that you can enroll at our special introductory price.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_custom_heading text=”Password Reset Questions”][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]We’ve all been there, you enter your password and get the “Incorrect Password” error.  You panic because you can’t get in to your account.  Then the magical password reset link appears just below the error like an angel from heaven.

Most of the time when you set up an account anywhere online, part of the registration process is to set up password reset questions in case you forget your password.  We all typically set up the standard questions:

  • What’s your mother’s maiden name?
  • What was the make of your first car?
  • What is your maternal grandmother’s first name?

These questions are easy questions for us to remember for when we forget our password, but what most people don’t think about is that most of this information is public information.  Attackers can easily find out the answers to these questions.  A lot of information on your family is public record and sites like ancestry.com have done a great job of collecting these public records and providing a place for everyone to search for them.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_custom_heading text=”How to Choose More Secure Password Reset Questions”][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]Hackers have in the past used the answers to these questions to compromise people’s online accounts.  In the video preview I suggest changing the way you answer your password reset questions.  The first way to ensure that hacker’s can’t use your password reset questions against you would be to ensure that you choose questions that are not public information.  Questions like “What is your favorite food?” or “Where was your favorite childhood vacation?” are better questions because that is not something that a hacker can easily research from public records.

If you are unable to choose password reset questions about your likes and dislikes then you could always lie on the more public record questions.  For example if you put your best friend’s last name as the answer to “what is your mother’s maiden name?” hacker’s won’t be able to correctly answer that question from the public research they’ve done.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_video link=”https://youtu.be/t5WrHONYwC0″ align=”center”][/vc_column][/vc_row]

Adidas Breach – Time to Change Your Passwords

Adidas Password Breach blog cover

[vc_row][vc_column][vc_column_text]

Another one bites the dust!  One of my favorite things is to follow big internet breaches and collect breach data.  It seems that many large companies have had their fair share of breaches in the past and Adidas is no exception.

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]At the end of June Adidas issued a press release stating that they were informed that a third party had acquired some data on their customers from their systems.  The press release was very sparse with the details as it usually is.  But they did mention that during their investigation they found that “limited [including] contact information, usernames and encrypted passwords” may have been obtained by the third party.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_custom_heading text=”What Should I Do Now?”][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]Breaches like this happen all the time and if you are a customer of Adidas then you should seriously consider changing your password. While the press release says that the passwords were encrypted it’s always good practice to change your password after any breach. Just because a website says that the passwords they store are encrypted doesn’t mean that you are 100% protected from hackers.

Hackers have the ability to brute force or guess every possible combination of a password. Once they do that they run these passwords through the same encryption that the website uses and compares the results. If they find a match then they have been able to successfully get your password.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_custom_heading text=”Unique Passwords”][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]This is the perfect example of why everyone should be using unique passwords for every website. Hackers will often time exploit a persons password reuse to get into other accounts that user may have. Let’s assume that you had an account with Adidas and that the password for your Adidas account and Facebook account were the same. If an attacker were able to brute force your encrypted password from the Adidas dump they would then have your Facebook password.

However, if you used a password manager and all the passwords for your websites were different the attacker would only have gained access to your Adidas account. They would not be able to use that password on other sites and then get into more sensitive parts of your life. This is where unique passwords really show their value.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_custom_heading text=”What To Do Now?”][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]If you have an Adidas account I would suggest changing your password immediately. After Adidas completes their investigation they may find that there was no issue, but I always say “better safe than sorry”. If you change your password now you know that any password that was leaked will no longer be valid and you can rest assured that the attackers out there will not be able to get into your account using that old password.

If you are not using a password manager, why not? Password managers help you to create unique passwords as well as strong and secure passwords which are harder to brute force. Finally, using a password manager makes changing a password on an individual site very easy, you just let the password manager generate a new password and you never have to remember it.[/vc_column_text][/vc_column][/vc_row]

TSHARK Field Extraction

[vc_row][vc_column][vc_column_text]

For those of you who don’t know what TSHARK is you are missing out on a very powerful program.  TSHARK is essentially a command line version of wireshark.  Now, why is this important?  Well when dealing with very large PCAP files, wireshark tends to choke on the file processing.  Well, enter TSHARK.  It has the ability to quickly go through a large PCAP file, apply a filter and spit out a smaller PCAP of just the packets that match your Wireshark filter.  Well, this is all great, but that only scratches the surface of what TSHARK can do.

[/vc_column_text][vc_column_text]Let’s take a look at the -T function of TSHARK.  According to the manual page for TSHARK the -T function changes the format of the text output from TSHARK.  if you use TSHARK with the -T fields function it will spit out individual fields from each packet.  Now what does that mean?  Well look at the screenshot below.  Each of those items in the inspection pane is a field that you can tell TSHARK to output.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_single_image image=”76″ img_size=”full”][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]Now where TSHARK becomes really powerful is when you combine it with Linux’s powerful command line text manipulation like grep, sort, uniq, sed or gawk.  Say for example you wanted to see a list of all the destination IP addresses and how many times they have talked in a particular PCAP file.  Run the below command:[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][dt_quote font_size=”normal”]tshark -r http.pcap -T fields -e ip.dst | sort | uniq -c[/dt_quote][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]So what does each of those command switches do?  Well, the -r switch reads in an existing pcap file.  The -T switch we’ve already talked about, but I made sure to us the fields command to tell it I wanted specific fields to be output and finally the -e function tells TSHARK which fields you want outputted.  Now if I were to just run the TSHARK command I would get all the destination IP addresses for every packet in the http.pcap file.  That’s fine, but what I’ve done is piped that list in to sort and uniq -c and that counts the unique IP addresses and the number of times that IP address shows up in the PCAP list.

In the example above we only looked at one field, but what if you want to see more than one field within a packet?  Well that’s pretty easy as well, just add multiple -e flags with all the fields you want to see.  So for example if you wanted to see the source IP, source port, destination IP and destination port all together you would run something like this:

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][dt_quote font_size=”normal”]tshark -r http.pcap -T fields -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport[/dt_quote][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]Well, I hope you learned something with this little tutorial.  I was asked to create a video by one of my students on this very topic.  I thought it was such an important topic that I included the video tutorial on YouTube as well as in my Wireshark Crash Course.  See the video below.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_video link=”https://www.youtube.com/watch?v=DWVIEVjBKJo” align=”center”][/vc_column][/vc_row]