fbpx

Category Archives for Tutorials

Facebook Privacy Overview for Data Privacy Day

Today is Data Privacy Day in the US and Canada.  Data Privacy Day started in 2008 and the campaign is organized by the National Cybersecurity Alliance.  So in celebration of the day, I wanted to take this time to discuss a little about online privacy.  We put so much of our personal data out on the internet and we expect that companies will protect it.

In this post, I wanted to talk about the privacy settings on Facebook.  These settings are important to keep your posts and pictures private.  I find it helpful to review these settings on a yearly basis.  It seems like Data Privacy Day is an appropriate time to do that.

Your Activity

Your Activity section of Facebook privacy settings
Your Activity privacy settings

This section of the privacy settings on Facebook deals with how others see your posts.  The first setting “Who can see your future posts?” sets the default visibility settings for all future posts.  When you post on Facebook, you are given an option to see who can see that post.  Your typical options are:

  • Public – Anyone on Facebook can see this
  • Friends – Only people you have confirmed as friends can see this
  • Friends Except – All your friends except a select few can see this
  • Specific Friends – Only the friends you choose can see this
  • Only Me – Only you can see this post
Facebook Create Post prompt showing the setting to restrict who can view that post
At the bottom of a new post there is the option to set who can view this post

By setting this, you set the default permissions for all your future posts.  My recommendation would be to set this to at least “Friends.”  This way, anyone who wants to see your posts must send you a friend request and you must accept it.

The next setting, “Review all your posts and things you’re tagged in,” allows you to see everything you’ve been tagged in.  If you don’t want that to show up on your timeline, you can choose to hide it.

The final setting in this section is “Limit the Audience for Old Posts on Your Timeline.”  This allows you to go back and change the audience for all of your past posts.  I showed you the audience settings above and how you can set the default audience for all future posts.  This setting allows you to change all of your past posts to “Friends Only.”  This way you don’t have to go through each individual post and make sure that the Friends Only was set on them.

How People Find and Contact You

How People Find and Contact You section of Facebook privacy settings
How People Find and Contact You section of Facebook privacy settings

This next section of the Facebook privacy settings deals with how people find you and your posts on Facebook.  The settings here are important, but how restrictive you are depends on how paranoid you are.  You can make it really hard to find you on Facebook by using these settings.

The first setting is a pretty standard one – “Who can send you friend requests?”  If you are truly concerned, you could absolutely change that to “Friends of Friends” only.  But I think leaving it at “Everyone” is fine.

The next setting is who can see your Friends list.  When people search for you on Facebook and find your profile, they can usually see a few things.  Typically, they can see your profile picture, where you live, and your friends list.  I would set this to “Friends.”  Often times hackers will try to scam your friends by creating a fake profile of you.  What they do is look at your friends list and submit friend requests to each of them.  This has probably happened to you if you’ve ever gotten a message from a friend asking if you created a new Facebook profile.

The next two settings are also pretty straight-forward.  They give everyone the ability to find you using your email address or phone number.  The way you set these also depends on how easy you want it to be to find you.  If you set them to “Everyone,” then anyone who knows your email address or phone number will be able to find you using Facebook search.  If you want to be harder to find, you could set it to “Friends of Friends.”  Anyone will still be able to look you up by name. However, they will only be able to look you up by email or phone number if they are already friends with one of your friends.

Finally, the last setting controls if search engines like Google will have the ability to see your profile and posts.  I would set this to “no.”  By setting it to “no,” another person needs to have a facebook account and use their search in order to find your profile.  If you set it to “yes,” then anyone could Google your name and find your Facebook profile.

Location Settings

Facebook location history privacy settings
Facebook Location history privacy settings from the settings menu

The next area in the Facebook settings that deals with privacy is the location area.  If you use the Facebook app on your iPhone or Android phone, then it will periodically collect your GPS location.  This helps them deliver ads based on where you live.  However, they also store that information and keep it.  Essentially, Facebook has a record of every place you’ve ever gone and when you were there.  My suggestion is to turn that setting off.  There is no need for Facebook to keep that record or even know where you are with out you explicitly telling them.  Don’t worry – with this setting off, you can still check in to places on the app.

Facial Recognition

Facebook Facial Recognition privacy settings
Facebook Facial Recognition privacy settings

The last section of the Facebook settings I want to discuss is Facial Recognition.  Have you ever been tagging a photo and Facebook suggests that person as someone to tag?  That’s their facial recognition at work.  They use facial recognition in a number of ways.  The first is to suggest tagging people in photos that you upload.  The second way they use it is to figure out if someone is impersonating you by using your picture as their profile picture.  I personally keep this setting off, because I’m paranoid.  But I can see the benefits to it.  You can learn more about Facebook facial recognition here.

Overall, Facebook has a lot of settings that protect your privacy.  You just need to review them and make sure they are set according to your own risk tolerance.  In most cases, I’ve told you how I set the settings on my personal facebook page.  I tend to be a little more cautious and paranoid about my privacy.  But it’s up to you to determine how private you want your data and how hard you want it to be to find your profile on Facebook.

New Year’s Resolution – Update Your Computer

Imagine yourself sitting at home watching YouTube.  You are binge-watching your 7th video of the best cat fails.  Everything is going great, and then you get that annoying popup in the corner of your screen.  It’s time to update your computer again.  But wait, didn’t you already update your computer?  So what do you do?  If you are like most people, you click “remind me later,” or “don’t remind me again.”

Now I’m going to tell you a little secret of mine.  Even as someone who is a practitioner and teacher or cybersecurity, even I sometimes click the “remind me later” button.  I know, I know.  I’m about to give you a dose of do-as-I-say-not-as-I-do.

Why Computer Updates Happen

So why are there updates all the time?  I know it seems like your computer wants to update almost every day.  Well, it’s an important part of the software lifecycle.  You see, when developers write code for the programs that you use, it’s often not a single developer.  Most of the time, it’s a team of people and those people make mistakes.  When mistakes are made, that unfortunately sometimes results in a security flaw.

So the developers test their software and when they find an issue, they develop a patch to fix the security flaw.  That is why you get updates all the time.  The windows operating systems alone consist of roughly 50 million lines of code.  That’s a lot of code to review, and that’s a lot of places a developer could make a mistake.

How Do You Make Sure You’re Protected?

Mac update window animated gif depicting a user clicking restart now
Click Restart Now every time!

Well, the only thing you can do is click the update button.  The next time you see an update popup, take the two minutes and click the update button.  This is one of the biggest things you can do to better protect yourself.  Most of the viruses and ransomware out there rely on a vulnerability in the software you may have on your computer.  More often than not, a vulnerability in your browser is what allows hackers to target you with ransomware.

By installing updates to your browser and your operating system, you are more protected from threats like viruses and ransomware.  I know it’s not some sexy cyber trick or some next-generation anti-virus program.  But to be honest, a lot of the time when you hear things like that from software companies, it’s mumbo jumbo.  The best way to protect yourself is good old fashioned software updates.

But Won’t My Next Generation Anti-Virus Protect Me?

You may have the new fancy Next Generation, Artificial Intelligence Anti-Virus program.  But the truth is, that’s a bunch of marketing talk.  Anti-virus is an important part of your computer defenses, but it’s not going to stop everything.  Updating with the latest patches on your software will do more good to your defense than any anti-virus application would do.

There is no one solution that is going to stop hackers in their tracks.  It takes layers of defense to make you more secure.  This year, I’m making a renewed effort to update my systems and stay on top of patches.  I hope you decide to do the same.

Beware of Package Undelivered Phishing Emails

It’s that time of year again.  It’s the holiday season and for most of us, that means time with family and friends.  But this time of year isn’t only busy for retail businesses; it’s also a busy time for hackers and scammers.  They know that everyone is out purchasing gifts for their loved ones.  Since we increasingly turn to online stores to get us those great presents, hackers and scammers have figured out how to use that against you.  Everyone wants to know the status of their packages from online retailers.  Right after Thanksgiving in the U.S., there is a major increase in fraudulent package emails that make their way into email accounts. 

How to Identify Fraudulent Package Emails

Hackers and scammers are trying to prey on your worst nightmares when it comes to online shopping – a lost package.  They’ll send emails with subject lines like “Package Undeliverable” or “Delivery Exception”.  Think about it, if you ordered something and then a couple of days later you got an email saying your package can’t be delivered, how would you feel?  Who wants to deal with a shipping company?  And what if the package doesn’t arrive on time?

So you open the email, and without thinking, click on the link to try and resolve the issue.  That’s where they get you.  The resulting link usually has some sort of virus on it.  Typically, it’s ransomware that is designed to hold your files hostage until you pay the ransom.

UPS has compiled a lot of really great examples of fraudulent emails that they find.  Here’s an example of one –

Fraudulent UPS Email
Fraudulent UPS Email Source: ups.com

You’ll see that it looks pretty legitimate.  It has the UPS logo and some decent worded language in the email.  But, there are a few red flags here.  The first thing you should look at is who it’s from.  The From line on this email is not a valid UPS URL.  That should tip you off right away.  

But what if you don’t look at the “from” block of the email?  The second issue is that there is no tracking number in this email.  Most delivery exception emails from any carrier will have a tracking number in the body or subject of the email.  This example has neither.

The last red flag in this email is the link.  While this may look like the legitimate UPS URL, it might actually take you to another website.  When hackers send phishing emails, they typically use hyperlinks to get you to click on the link.  By using hyperlinks, the hackers have the ability to type in www.ups.com but have that go to their website, which typically hosts viruses.  The best way to defeat that is to hover your mouse over the link without clicking it.  Your browser will show where that link is actually going in the bottom right or left corner of your browser.

What can I do if I’ve received one of these emails?

I always recommend being cautious of any links in emails.  Especially emails that you didn’t sign up for.  So my first suggestion would be to not click links in any emails.  But what if the email is legitimate?  Well that brings me to my second suggestion.

Each of the main package delivery services have some sort of online account that will alert you of incoming packages.  UPS has UPS My Choice, FedEx has FedEx Delivery Manager, DHL has MyDHL, and USPS has Informed Delivery.  With all of these services, you can put in your address and it will inform you of packages that are coming your way.  Instead of clicking on the links in an email, log in to the services and see if there are any packages scheduled for delivery.  This way you know that the package is coming and you don’t have to worry about clicking any links in your email.

My final tip for you is to forward any suspected fraudulent emails to the shipping company’s fraud department.  Each of the major services has an entire department dedicated to fighting fraud.  They rely on you to help protect packages and their customers.  So if you get one of those emails use the links below to find the email address to forward the phishing email to.  This will help them take down the hackers and keep you safer.

TSHARK Field Extraction

[vc_row][vc_column][vc_column_text]

For those of you who don’t know what TSHARK is you are missing out on a very powerful program.  TSHARK is essentially a command line version of wireshark.  Now, why is this important?  Well when dealing with very large PCAP files, wireshark tends to choke on the file processing.  Well, enter TSHARK.  It has the ability to quickly go through a large PCAP file, apply a filter and spit out a smaller PCAP of just the packets that match your Wireshark filter.  Well, this is all great, but that only scratches the surface of what TSHARK can do.

[/vc_column_text][vc_column_text]Let’s take a look at the -T function of TSHARK.  According to the manual page for TSHARK the -T function changes the format of the text output from TSHARK.  if you use TSHARK with the -T fields function it will spit out individual fields from each packet.  Now what does that mean?  Well look at the screenshot below.  Each of those items in the inspection pane is a field that you can tell TSHARK to output.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_single_image image=”76″ img_size=”full”][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]Now where TSHARK becomes really powerful is when you combine it with Linux’s powerful command line text manipulation like grep, sort, uniq, sed or gawk.  Say for example you wanted to see a list of all the destination IP addresses and how many times they have talked in a particular PCAP file.  Run the below command:[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][dt_quote font_size=”normal”]tshark -r http.pcap -T fields -e ip.dst | sort | uniq -c[/dt_quote][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]So what does each of those command switches do?  Well, the -r switch reads in an existing pcap file.  The -T switch we’ve already talked about, but I made sure to us the fields command to tell it I wanted specific fields to be output and finally the -e function tells TSHARK which fields you want outputted.  Now if I were to just run the TSHARK command I would get all the destination IP addresses for every packet in the http.pcap file.  That’s fine, but what I’ve done is piped that list in to sort and uniq -c and that counts the unique IP addresses and the number of times that IP address shows up in the PCAP list.

In the example above we only looked at one field, but what if you want to see more than one field within a packet?  Well that’s pretty easy as well, just add multiple -e flags with all the fields you want to see.  So for example if you wanted to see the source IP, source port, destination IP and destination port all together you would run something like this:

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][dt_quote font_size=”normal”]tshark -r http.pcap -T fields -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport[/dt_quote][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]Well, I hope you learned something with this little tutorial.  I was asked to create a video by one of my students on this very topic.  I thought it was such an important topic that I included the video tutorial on YouTube as well as in my Wireshark Crash Course.  See the video below.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_video link=”https://www.youtube.com/watch?v=DWVIEVjBKJo” align=”center”][/vc_column][/vc_row]