Category Archives for Tutorials

Why My Webcam Is Covered & Why Yours Should Be Too

webcam security

Webcams are so prevalent nowadays.  Almost every device has one and we take them for granted.  Most modern laptops have a forward-facing webcam. iPhones, Androids, and other cellphones all have cameras that can watch us.  I was recently visiting a museum and even the audio tour device had a camera on it!  The point is they are everywhere, and a lot of us never think about their security.

What are webcam threats?

What you may not know is that hackers have the ability to spy on you using your webcam.  Many of the viruses that hackers use have the capability to turn on your webcam.  They may turn it on and take a full video of you or just snap a picture every couple of minutes.  The point here is that everything has a webcam now, and that just gives hackers more ability to spy on you.

There are a lot of weird things being sold on the shadier parts of the internet nowadays.  We are used to seeing credit cards being traded in hacker forums because of all the news coverage the bigger hacks get.  One thing people don’t realize is that webcams are bought and sold on the internet too.  Hackers will often sell access to the computers that they have installed their viruses on.  The people buying them want the ability to activate your webcam without you knowing.

What can I do to protect myself?

I hope I haven’t scared you too much.  Webcams are wonderful devices.  They allow us to see friends and loved ones while being on the other side of the world, so I don’t want you to go out today and smash all the cameras on your devices.  There is a simple way of protecting yourself.  

All you have to do is cover your webcam.  By putting a cover over your webcam, you have stopped any hacker from seeing you.  They would be able to activate your webcam, but all they would see is darkness.  There are a bunch of ways you can do this.  One of the simplest ways is to put a piece of tape over your webcam.  This will distort the picture enough that any hacker who activates it won’t be able to see you.  You can also use the sticky part of a Post-It note.

My favorite way is to use a removable static cling like the ones that the EFF sells.  These webcam covers make it very easy to cover the camera when you are not using it and uncover it when you want to have a video call with someone.  Tape tends to be harder to stick and unstick when you need it.

What about the light?

Many computers nowadays have a light that turns on when the webcam is activated.  This was a feature that hardware developers implemented to protect us from the prying eyes of hackers.  If the light is lit on your webcam but you are not actively using it, you should be concerned.  However, these lights are not foolproof.  There are plenty of viruses hackers use that have the ability to turn the light off while turning the webcam on.

I don’t think that you need to go out and replace your computers with ones that don’t have built-in webcams.  But having the knowledge that webcams can be turned on remotely without you knowing should make you a little more cautious.  

The Best Defense Against Ransomware

Over the past couple of years, there has been a growing threat that targets families and business alike. That’s Ransomware. It’s unlike any virus that has been in the past. It’s a money-making scheme for lots of cyber criminals.

What is Ransomware?

Ransomware is a virus that, once installed, silently encrypts all of your documents, pictures, and other important files.  You then get a popup telling you the files have been encrypted and if you want them back, you have to pay the criminals.  As the name of the virus sounds, the criminals are holding your files ransom.

Some variants of the virus have the tendency to spread.  Some people have reported an initial infection and then several more infections after a few days.  There are thousands of different ransomware viruses out there.  Some target small businesses, and others target people like you and me.  Either way they are a major pain to deal with.

How Does Ransomware Get Installed?

There are numerous ways that ransomware can get installed.  One of the most common ways is for a criminal to send you a phishing link.  When you click on the link, it will take you to a site that will install the ransomware if your system is not up to date.

Most people think that anti-virus will stop these types of infections.  They aren’t wrong.  Anti-virus companies have worked hard to develop virus definitions for all kinds of ransomware viruses.  Like I’ve said before though, anti-virus isn’t a foolproof protection.  The best way to avoid ransomware is to not click on links in emails that you suspect might be phishing.  

What Happens If I Get Hit With Ransomware?

If you get hit with ransomware, there is little that can be done to decrypt your files.  You will have to either deal with the loss of your files or pay the ransom.  As I write this in early 2019, the average ransom is running anywhere between $500 and $1,000.  So you have to figure out how much your files are worth to you.

You may be thinking, can I go to the police?  The answer is that most police don’t know what to do about ransomware. They don’t have the ability to decrypt your files. It’s also hard for them to arrest these criminals because many of them are in foreign countries. Following the money trail is impossible too because criminals use untraceable digital currency like Bitcoin or Monero.

If you do get hit with ransomware and you decide to pay the ransom, there is good news. Since the criminals are after your money, the probability is high that your files will be decrypted.  If word got out that people were paying the ransom and weren’t getting their files back, then nobody would pay the ransom anymore.  So they have an incentive to decrypt your files.

Yet I would caution you against paying the ransom.  One, it is expensive.  Two, the more we give incentive to criminals to run this kind of scam, the more they will run it.  So while it may look like your only choice, I would urge you not to pay these criminals.

How Do I Get My Files Back?

The one tried and true method of getting your files back from a ransomware attack is to have good backups.  If you have recent backups of your files, then you can clean up the virus using a virus scan or anti-malware suite. Then, restore all your files from a backup.  This is the best way to get your files back because it guarantees that your files are safe and you don’t have to pay a ransom.

So How Do I Backup?

One cheap and easy way to backup your files is to get a portable hard drive and manually copy files over to it.  I like the portable hard drives from Western Digital (affiliate link, see affiliate disclosure below). Most of them allow you to encrypt the hard drive so that no one but you can access it. But you can use any portable hard drive you may have.  If you choose this option, then there is one important thing you should remember.  If the portable hard drive you are using for back up is connected to your computer when you get a ransomware infection, then those files will be encrypted too.  This means that the backups would be useless if you kept that portable hard drive connected to your computer all the time. Instead I suggest you backup the files and then unplug the hard drive.

Online Backups

The only issue with that is you might forget to backup your files on a regular basis.  So to combat that, there are several online backup services out there that provide automatic backups to their data centers.  There are any number of them out there, but my favorites are iDrive and Carbonite (affiliate link, see affiliate disclosure below).  Both of these services have software for both Windows and Mac that you install, and it takes care of the backups for you.  The nice thing about these services is you never have to think about it.  Most of them will backup a file as soon as it’s saved on your computer.  And your data is safe because it is encrypted before it leaves your computer.  If these services were to ever get hacked, all the bad guys would get is the encrypted data. That data would be almost impossible to decrypt.

I suggest these two services for a reason.  They are best suited for specific situations.  If you only have one computer that you need to backup, then I highly suggest Carbonite.  It provides unlimited backup for a small yearly fee (usually about the price of an external hard drive).  But it is limited to just one computer. If you have a second or third computer in your house, then you have to pay a yearly fee per computer.

iDrive is a little bit different.  You pay a yearly fee for a certain amount of storage, and then you can install their backup software on as many computers as you want.  This option is perfect for families who may have more than one computer.  I usually tell people to start at their lowest package and see how much you actually backup.  If you need to, iDrive will allow you to upgrade your storage to a higher tier.  This is the service I personally use for all of my computers at home.


Honestly, backups are the single best way to ensure your data is protected.  I suggest you go out today and get one of the backup solutions I suggested here.  Think about the files on your computer.  Maybe you have pictures of family or loved ones.  Maybe you have important business documents.  Either way, they all have a value. Imagine if tomorrow they were all gone.  Backups protect you from ransomware or natural disasters like fire or computer failure.  With the price of storage dropping, it’s never been cheaper to backup your files.

Affiliate Disclosure

This post contains affiliate links, and I may get a small commission if you sign up for the service.  But I never recommend a product without having first used it myself.  If you prefer not to choose the affiliate link that’s fine, there’s no hard feelings.  The non-affiliate links in this post are listed below.  See my affiliate disclosure here.

Facebook Privacy Overview for Data Privacy Day

Today is Data Privacy Day in the US and Canada.  Data Privacy Day started in 2008 and the campaign is organized by the National Cybersecurity Alliance.  So in celebration of the day, I wanted to take this time to discuss a little about online privacy.  We put so much of our personal data out on the internet and we expect that companies will protect it.

In this post, I wanted to talk about the privacy settings on Facebook.  These settings are important to keep your posts and pictures private.  I find it helpful to review these settings on a yearly basis.  It seems like Data Privacy Day is an appropriate time to do that.

Your Activity

Your Activity section of Facebook privacy settings
Your Activity privacy settings

This section of the privacy settings on Facebook deals with how others see your posts.  The first setting “Who can see your future posts?” sets the default visibility settings for all future posts.  When you post on Facebook, you are given an option to see who can see that post.  Your typical options are:

  • Public – Anyone on Facebook can see this
  • Friends – Only people you have confirmed as friends can see this
  • Friends Except – All your friends except a select few can see this
  • Specific Friends – Only the friends you choose can see this
  • Only Me – Only you can see this post
Facebook Create Post prompt showing the setting to restrict who can view that post
At the bottom of a new post there is the option to set who can view this post

By setting this, you set the default permissions for all your future posts.  My recommendation would be to set this to at least “Friends.”  This way, anyone who wants to see your posts must send you a friend request and you must accept it.

The next setting, “Review all your posts and things you’re tagged in,” allows you to see everything you’ve been tagged in.  If you don’t want that to show up on your timeline, you can choose to hide it.

The final setting in this section is “Limit the Audience for Old Posts on Your Timeline.”  This allows you to go back and change the audience for all of your past posts.  I showed you the audience settings above and how you can set the default audience for all future posts.  This setting allows you to change all of your past posts to “Friends Only.”  This way you don’t have to go through each individual post and make sure that the Friends Only was set on them.

How People Find and Contact You

How People Find and Contact You section of Facebook privacy settings
How People Find and Contact You section of Facebook privacy settings

This next section of the Facebook privacy settings deals with how people find you and your posts on Facebook.  The settings here are important, but how restrictive you are depends on how paranoid you are.  You can make it really hard to find you on Facebook by using these settings.

The first setting is a pretty standard one – “Who can send you friend requests?”  If you are truly concerned, you could absolutely change that to “Friends of Friends” only.  But I think leaving it at “Everyone” is fine.

The next setting is who can see your Friends list.  When people search for you on Facebook and find your profile, they can usually see a few things.  Typically, they can see your profile picture, where you live, and your friends list.  I would set this to “Friends.”  Often times hackers will try to scam your friends by creating a fake profile of you.  What they do is look at your friends list and submit friend requests to each of them.  This has probably happened to you if you’ve ever gotten a message from a friend asking if you created a new Facebook profile.

The next two settings are also pretty straight-forward.  They give everyone the ability to find you using your email address or phone number.  The way you set these also depends on how easy you want it to be to find you.  If you set them to “Everyone,” then anyone who knows your email address or phone number will be able to find you using Facebook search.  If you want to be harder to find, you could set it to “Friends of Friends.”  Anyone will still be able to look you up by name. However, they will only be able to look you up by email or phone number if they are already friends with one of your friends.

Finally, the last setting controls if search engines like Google will have the ability to see your profile and posts.  I would set this to “no.”  By setting it to “no,” another person needs to have a facebook account and use their search in order to find your profile.  If you set it to “yes,” then anyone could Google your name and find your Facebook profile.

Location Settings

Facebook location history privacy settings
Facebook Location history privacy settings from the settings menu

The next area in the Facebook settings that deals with privacy is the location area.  If you use the Facebook app on your iPhone or Android phone, then it will periodically collect your GPS location.  This helps them deliver ads based on where you live.  However, they also store that information and keep it.  Essentially, Facebook has a record of every place you’ve ever gone and when you were there.  My suggestion is to turn that setting off.  There is no need for Facebook to keep that record or even know where you are with out you explicitly telling them.  Don’t worry – with this setting off, you can still check in to places on the app.

Facial Recognition

Facebook Facial Recognition privacy settings
Facebook Facial Recognition privacy settings

The last section of the Facebook settings I want to discuss is Facial Recognition.  Have you ever been tagging a photo and Facebook suggests that person as someone to tag?  That’s their facial recognition at work.  They use facial recognition in a number of ways.  The first is to suggest tagging people in photos that you upload.  The second way they use it is to figure out if someone is impersonating you by using your picture as their profile picture.  I personally keep this setting off, because I’m paranoid.  But I can see the benefits to it.  You can learn more about Facebook facial recognition here.

Overall, Facebook has a lot of settings that protect your privacy.  You just need to review them and make sure they are set according to your own risk tolerance.  In most cases, I’ve told you how I set the settings on my personal facebook page.  I tend to be a little more cautious and paranoid about my privacy.  But it’s up to you to determine how private you want your data and how hard you want it to be to find your profile on Facebook.

New Year’s Resolution – Update Your Computer

Imagine yourself sitting at home watching YouTube.  You are binge-watching your 7th video of the best cat fails.  Everything is going great, and then you get that annoying popup in the corner of your screen.  It’s time to update your computer again.  But wait, didn’t you already update your computer?  So what do you do?  If you are like most people, you click “remind me later,” or “don’t remind me again.”

Now I’m going to tell you a little secret of mine.  Even as someone who is a practitioner and teacher or cybersecurity, even I sometimes click the “remind me later” button.  I know, I know.  I’m about to give you a dose of do-as-I-say-not-as-I-do.

Why Computer Updates Happen

So why are there updates all the time?  I know it seems like your computer wants to update almost every day.  Well, it’s an important part of the software lifecycle.  You see, when developers write code for the programs that you use, it’s often not a single developer.  Most of the time, it’s a team of people and those people make mistakes.  When mistakes are made, that unfortunately sometimes results in a security flaw.

So the developers test their software and when they find an issue, they develop a patch to fix the security flaw.  That is why you get updates all the time.  The windows operating systems alone consist of roughly 50 million lines of code.  That’s a lot of code to review, and that’s a lot of places a developer could make a mistake.

How Do You Make Sure You’re Protected?

Mac update window animated gif depicting a user clicking restart now
Click Restart Now every time!

Well, the only thing you can do is click the update button.  The next time you see an update popup, take the two minutes and click the update button.  This is one of the biggest things you can do to better protect yourself.  Most of the viruses and ransomware out there rely on a vulnerability in the software you may have on your computer.  More often than not, a vulnerability in your browser is what allows hackers to target you with ransomware.

By installing updates to your browser and your operating system, you are more protected from threats like viruses and ransomware.  I know it’s not some sexy cyber trick or some next-generation anti-virus program.  But to be honest, a lot of the time when you hear things like that from software companies, it’s mumbo jumbo.  The best way to protect yourself is good old fashioned software updates.

But Won’t My Next Generation Anti-Virus Protect Me?

You may have the new fancy Next Generation, Artificial Intelligence Anti-Virus program.  But the truth is, that’s a bunch of marketing talk.  Anti-virus is an important part of your computer defenses, but it’s not going to stop everything.  Updating with the latest patches on your software will do more good to your defense than any anti-virus application would do.

There is no one solution that is going to stop hackers in their tracks.  It takes layers of defense to make you more secure.  This year, I’m making a renewed effort to update my systems and stay on top of patches.  I hope you decide to do the same.

Beware of Package Undelivered Phishing Emails

It’s that time of year again.  It’s the holiday season and for most of us, that means time with family and friends.  But this time of year isn’t only busy for retail businesses; it’s also a busy time for hackers and scammers.  They know that everyone is out purchasing gifts for their loved ones.  Since we increasingly turn to online stores to get us those great presents, hackers and scammers have figured out how to use that against you.  Everyone wants to know the status of their packages from online retailers.  Right after Thanksgiving in the U.S., there is a major increase in fraudulent package emails that make their way into email accounts. 

How to Identify Fraudulent Package Emails

Hackers and scammers are trying to prey on your worst nightmares when it comes to online shopping – a lost package.  They’ll send emails with subject lines like “Package Undeliverable” or “Delivery Exception”.  Think about it, if you ordered something and then a couple of days later you got an email saying your package can’t be delivered, how would you feel?  Who wants to deal with a shipping company?  And what if the package doesn’t arrive on time?

So you open the email, and without thinking, click on the link to try and resolve the issue.  That’s where they get you.  The resulting link usually has some sort of virus on it.  Typically, it’s ransomware that is designed to hold your files hostage until you pay the ransom.

UPS has compiled a lot of really great examples of fraudulent emails that they find.  Here’s an example of one –

Fraudulent UPS Email
Fraudulent UPS Email Source: ups.com

You’ll see that it looks pretty legitimate.  It has the UPS logo and some decent worded language in the email.  But, there are a few red flags here.  The first thing you should look at is who it’s from.  The From line on this email is not a valid UPS URL.  That should tip you off right away.  

But what if you don’t look at the “from” block of the email?  The second issue is that there is no tracking number in this email.  Most delivery exception emails from any carrier will have a tracking number in the body or subject of the email.  This example has neither.

The last red flag in this email is the link.  While this may look like the legitimate UPS URL, it might actually take you to another website.  When hackers send phishing emails, they typically use hyperlinks to get you to click on the link.  By using hyperlinks, the hackers have the ability to type in www.ups.com but have that go to their website, which typically hosts viruses.  The best way to defeat that is to hover your mouse over the link without clicking it.  Your browser will show where that link is actually going in the bottom right or left corner of your browser.

What can I do if I’ve received one of these emails?

I always recommend being cautious of any links in emails.  Especially emails that you didn’t sign up for.  So my first suggestion would be to not click links in any emails.  But what if the email is legitimate?  Well that brings me to my second suggestion.

Each of the main package delivery services have some sort of online account that will alert you of incoming packages.  UPS has UPS My Choice, FedEx has FedEx Delivery Manager, DHL has MyDHL, and USPS has Informed Delivery.  With all of these services, you can put in your address and it will inform you of packages that are coming your way.  Instead of clicking on the links in an email, log in to the services and see if there are any packages scheduled for delivery.  This way you know that the package is coming and you don’t have to worry about clicking any links in your email.

My final tip for you is to forward any suspected fraudulent emails to the shipping company’s fraud department.  Each of the major services has an entire department dedicated to fighting fraud.  They rely on you to help protect packages and their customers.  So if you get one of those emails use the links below to find the email address to forward the phishing email to.  This will help them take down the hackers and keep you safer.

TSHARK Field Extraction


For those of you who don’t know what TSHARK is you are missing out on a very powerful program.  TSHARK is essentially a command line version of wireshark.  Now, why is this important?  Well when dealing with very large PCAP files, wireshark tends to choke on the file processing.  Well, enter TSHARK.  It has the ability to quickly go through a large PCAP file, apply a filter and spit out a smaller PCAP of just the packets that match your Wireshark filter.  Well, this is all great, but that only scratches the surface of what TSHARK can do.

[/vc_column_text][vc_column_text]Let’s take a look at the -T function of TSHARK.  According to the manual page for TSHARK the -T function changes the format of the text output from TSHARK.  if you use TSHARK with the -T fields function it will spit out individual fields from each packet.  Now what does that mean?  Well look at the screenshot below.  Each of those items in the inspection pane is a field that you can tell TSHARK to output.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_single_image image=”76″ img_size=”full”][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]Now where TSHARK becomes really powerful is when you combine it with Linux’s powerful command line text manipulation like grep, sort, uniq, sed or gawk.  Say for example you wanted to see a list of all the destination IP addresses and how many times they have talked in a particular PCAP file.  Run the below command:[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][dt_quote font_size=”normal”]tshark -r http.pcap -T fields -e ip.dst | sort | uniq -c[/dt_quote][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]So what does each of those command switches do?  Well, the -r switch reads in an existing pcap file.  The -T switch we’ve already talked about, but I made sure to us the fields command to tell it I wanted specific fields to be output and finally the -e function tells TSHARK which fields you want outputted.  Now if I were to just run the TSHARK command I would get all the destination IP addresses for every packet in the http.pcap file.  That’s fine, but what I’ve done is piped that list in to sort and uniq -c and that counts the unique IP addresses and the number of times that IP address shows up in the PCAP list.

In the example above we only looked at one field, but what if you want to see more than one field within a packet?  Well that’s pretty easy as well, just add multiple -e flags with all the fields you want to see.  So for example if you wanted to see the source IP, source port, destination IP and destination port all together you would run something like this:

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][dt_quote font_size=”normal”]tshark -r http.pcap -T fields -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport[/dt_quote][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]Well, I hope you learned something with this little tutorial.  I was asked to create a video by one of my students on this very topic.  I thought it was such an important topic that I included the video tutorial on YouTube as well as in my Wireshark Crash Course.  See the video below.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_video link=”https://www.youtube.com/watch?v=DWVIEVjBKJo” align=”center”][/vc_column][/vc_row]