Cybersecurity is a very big and complex domain, even people working in the IT field have a hard time grasping this subject.
In this part of the book we’ll explore a variety of ways you can keep safe while using technology and the online world.
The Digital World
Downloading Software ====
Downloading cracked software / Downloading illegal software
So you’ve been thinking about downloading that brand new software. Yo could buy for $200. Downloading it form a torrent site. It’s free, it’s cracked, it works!
You’re forgetting something important. The people that cracked it have reverse engineered a way around the protection. Copyright infingement. Yet since they’re so smart they’re not about to give something to you for free. Yo uthink they put it there on good will. All they did was added to torrents so people who are greedy and don’t know any better can downloaded it. They’ve added malware to it. A virus, a botnet. Even a trojan horse What happens there is a botnet added. The botnet is extremely powerful. It gathers all the data you have in your computer. It can even intercept details. What’s worse they will use your computer for mallicious activities. Attacking other websites or people. When the police comes knocing on your door you won’t know what happened. Only download software from the official creator of the software. Always verify the checksum of the software . There are many programs. You just I’ve created a small script that can help you. Just input the website and you will see the checksum. Easy right? You can compare it automatically.
Verify and see if things check and add up. Don’t download riskingn your whole security and information. A big headache.
Download from authorized places. Or get free and open source software.
downloading software version 2
How often do you download software from the internet? Do you ever think about the security implications?
I’m sure since we live in Romania that everyone here has downloaded something from the internet at least once.
Software costs money, right? So why not download that free cracked version of your favourite game or software. It’s for free.
But do you really think you can get away without paying money?
No, the masked police is not going to come at your door at 4 Am in the morning. It’s far worse than that. While you have your sweet sleep something else will happen.
Every time you download something that doesn’t come from the legal creator you expose yourself and everyone else to a huge security breach.
Why? Well, the friendly person that graciously uploaded the software for free has other intentions than giving you something for free. You get what you pay for. Well in this case, he or she gets what he needs because of of someones greed greed.
You see, they usually inject other software into it the executable. Amateurs inject known viruses and trojan horses. Experts add untraceable botnet malware.
Now let’s talk a bit about what a botnet is to give you an idea how dangerous running unknown software can be Simply put a botnet is a network of computers which connect to a central command and center server.
Your PC becomes a part of that botnet and is called a bot or zombie. A server is just another computer, which issues commands.
Big deal, you might say. You might talk daily to bots on the internet on facebook, slack and whatever. It’s not that kind of a bot. What this kind of malware does is not science fiction, it’s reality so get ready.
The first part of actions is as follows: First it makes sure to analyze what kind of antivirus you have and it disables it. This process can be even so complex making itself invisible by pretending that your antivirus is still running while it’s dead. Then it installs itself as a service that starts automatically each time you reboot your system. And no, you can’t remove it from control panel.
After it secured itself starts analyzing the data on your PC. Searching for data that resembles accounts, passwords and anything related to pesonal information. This will later be used for identity theft and to compromise other people. IT’s so friendly that it even searches for any financial information like credit card numbers that you might have forgotten are there. This data is passed to the central server, for safekeeping you know. Storing a backup in the cloud is always a good idea. The botnet helps you achieve this instantly.
Are you scared yet? Don’;t be please. Let me talk about part 2 replication.
It starts scanning other systems either on your local network or on the internet. It searches for known vulnerabilities that it can exploit to get in/
Some botnet malware even injects a copy of itself in other executables on your computer. So whenever you give an executable to a friend he gets the joy of joining your botnet too! A big unhappy family.
If only the horror would stop here: No, if you use Usb sticks and other removable media it even replicates itself there. This is how the known Stuxnet malware got into the highly secured Iranian uranium enrichment plants.
Now back to our botnet.
Part 3 is the most interesting part. If you don’t have any money or valuable data no problem. If you don’t have any real friends don’t worry. It can still make a profit out of you for we live in a capitalistic world and everything is a opportunity to make money.
Your PC which is part of the network is always available to do certain tasks for it’s owner. It unwillingly attacks other servers, websites. But your PC can also be used as midpoint for accessing unauthorized systems. Luckily for you when this happens the other side is so overwhelmed with the attack that the police will probably not come knocking at your door. But if they do you’ll have a hard time.
So far the botnet took your information, replicated itself and probably infected all of your friends whom did not do anything wrong. Then it started attacking other systems.
If you’re part of a botnet you will usually not even notice it because: your help is needed in mother russia! (whisper) Or by the CIA and FBI.
Oh did you just remember that you downloaded your antivvirus from a torrent site? It was free right.. Yeah, about that.
NEVER download or run software if it doesn’t come directly from the creator’s website. Don;t be greedy, Either pay for the software or use open source alternatives FROM the official creator’s website. This also goes for smartphones, smart tv’s and even internet of the things hardware. All you have to do is download free software from the store. Yeah that compass app needs to make calls.
Be safe! Hey, If you want, I can give you a cracked version of anything you like, for free!
Your E-mail Address
E-mail addresses are extremely valuable. I’d say that it’s as valuable as your identity card.
If you’ve used any e-mail address and registered accounts on certain websites on your oficial name then you need to take extra care. Never close down an e-mail address completely. Never forget about it so it gets automatically deleted after 1-2 years.
Why? If you delete it then anyone else can register it.
I remember back in 2010 when Yahoo released e-mail addresses that wheren’t used you could chose up to 5 e-mails to be added to your accont. This was all great. i had chosen some names I’ve always wanted to have.
Cryptocurrency
Don’t get me started. Cryptocurrency and blockchain has only one thing that it did good. That was the Blockchain encryption part. For the rest it’s a disaster. A big slap in the face of nature and guilible people.
The whole cryptocurrency market was estimated at $700 BILLION on January 3d and it’s expected for it to hit $1 trillion in 2018.
Cryptocurrency was a good "idea" when I first studied it for the technological benefits it could bring. However it ended up being like Marxism and communism. A very bad idea to implement in the real world.
Passsword security
Never give your password out to anyone
What is password management and why should you care?
We all have tens of online accounts where we’re identified by an username/e-mail and a password. Managing all of them can be a hard task. Nothing is hard when you want to keep your information secure and don’t want someone to steal your identity, forge documents in your name or deplete your bank account!
What’s wrong with using the same password?
Hopefully no one is using the same password for multiple accounts. I can hear your thoughts, you are using the same password or variation for multiple accounts.
Yes password management can be very simple and easy but when misused it causes problems.
Congratulations. You’ve just made it much easier for the Bad Guys ™ to hack into your accounts.
If there is a breach, your data will be sold the next day on the Dark Web. Then the first thing the mallicious people who buy is to verify accounts that are using the same password. Then they view all the alternative e-mails you’ve set up, and try the other accounts. This goes on untill they have access to everything.. Then they’ll start using your creditcard, start placing bogus orders, posting spam or porn online. Getting you in trouble, banned and even with the police at your doorstep.
Identity theft is just some steps further and could be use for many illegal activities. Or you will find out .
Some even go as far as phishing your friends or coworkers. There have been cases when
All these things happen without you even knowing.
If you’re curious review your e-mail account here to see the breaches that occurred on accounts you use: https://haveibeenpwned.com/ Guide to password strength and security
Password strength is the thing that annoys protects you the most at work or on some "highly secure websites" where you need to have a password containing almost any type of character and of a greater length than 10. Those programs won’t be satisfied until you have a secure password. There are other websites that don’t even care. Is it simple for the user? Is it easy to implement?
What you should know is that it doesn’t matter if you use all kind of weird characters. The reason behind this is that most websites block unauthorized attempts after about 10-20 tries. As long as your password is longer than 20 characters you won;t have a problem. Let’s say making something up like a story.
Imagine the attacker knows you only use lowercase, uppercase, numbers and 8 other characters. This provides a possibility of 70 possibile choices per character for each of your 20 characters long password. Making it a 70^20 of choices (7979226629761200100000000000000000000) before anyone can brute-force your password. If you use 8 characters for your password all lower-case letters then you aren’t very secure.
Even by using ordinary dictionary attacks or if the attacker knows a portion of a password you use (but you modify it 20 to 30% every time) he’ll still have a long game ahead.
You only need to add a number and some type of special character # $ % ^&*(_+=?> … Creating them in sentences that are easy to remember but that are totally unrelated to you, your family, friends or interests is the best option.
Examples:
BuyingStampsSince2005 9TheHorsePaintsTheHouse7 Bugs13BunnyIsFunny-
Notice that they contain , lowercase, uppercase and a number. You can also add a special character depending on your preferences.
When creating a new password you could be using something way too simple or known. It’s always a good idea to to review the most known passwords from diverse security lists which contain millions of passwords from breached services.
Take a look at these lists of most widely used passwords so you KNOW what to avoid.
https://github.com/danielmiessler/SecLists/tree/master/Passwords Password mangement
Managing your passwords is the next most important step.
Like anyone you have more than 10 accounts online. How do you keep track of your data?
74% of the people save their passwords in a .txt, .xls or .doc file which is VERY BAD. If someone ever gains access to your pc your data is captured instantly.
Think no one can gain access to your pc?
Ever installed an application on your pc? All mallicious apps have the possibility to find such files and upload them somewhere else. If you run a free "USB" it can contain such software to search for password files and provide them to the bad guys.
Other people use text file or an agenda for passwords, this is a better step to security, but it’s also a little unsecure..
The best way to protect your passwords, keys, usernames.. is to save them with a password manager.
There are plenty of password managers that are even web based, cloud based (I’d like to keep my own data, thank you very much!), mobile based and desktop based
https://www.dashlane.com/passwordmanager https://www.lastpass.com/ http://keepass.info/
I would recommend the one I recommend to most of my clients: Keepass
It's cross platform and generates an encrypted file with a password. But you can use another file as a password. You can organize your data pretty well. It has a autotype function which you click and it logs you in automatically to websites. You can generate very complex passwords which you don't need to remember yourself It can even set expiry on some passwords if want the mega security structure required by most enterprises changing it every 30 to 70 days.
Personally I avoid saving passwords in the browser, you should too, there are a few reasons for this:
Browsers are insecure by default passwords are stored unencrypted , malware loves this If you let someone use your pc.. they can review passwords, login to your accounts.. you name it
Summary:
Use strong long passwords, you don't have to complicate your life. Never use the same password twice. Use a password manager to simplify and protect your accounts.
If you enjoyed this then I’m sure you’ll be eager to review the full Cyber Security guide I’m working on entitled:
Personal Data and Online Identities
Did you read that Privacy Policy
When was the last time you took the time to read a privacy policy and the Terms of Use for a service?
TODO: Explain about plagiarism software and any free software how they can use your data… you’re giving it away