Cybersecurity

Today's Technology is Growing faster than Ever Before

Rapid changes in Technology can lead to knowledge gaps for those who are not constantly updating what they know. That is not only a difficult, but also for most people it is very inconvenient to have to 'study' each new device, OS, app, etc.. Even for those who work in with computers in some fashion, they usually have an area of focus, or at least do not interact with every type of tech everyday. That being said, it is nearly impossible for any one person to know 'everything'. That is why companies employee a Team of people to work on, diagnose, and repair their systems as needed.

If you are interested in some sort of technology, there are tons of resources online nowadays (YouTube) and you can basically teach yourself the basics of anything. I started learning Python by watching a 4-hour YouTube video.

Encryption: The Importance of Multi-Factor Authentication

Multi-factor Authentication/ 2 Factor Authentication (MFA/2FA) is key to making sure your accounts are secure. A "complex" password is no longer good enough to keep accounts safe, there are a few reasons why, Internet Speeds increase, other password databases being breach and leaked, but those factors can be nullified using MFA/2FA. MFA requires you to use an app (usually on your phone) which generates a random number that you use as the MFA.

Nowadays there are a lot of different software and hardware companies and each one is making several different products which all may run on different software. So, how can you find out if there is vulnerability in the software or hardware that you use? First, you need to know exactly which hardware/software you are working with. For example, if you signed into a website, they now have your data, so you need to know software is running on that website and search for the vulnerabilities it has. This is actually much easier than you would think, simply by installing the Wappalyzer extension on your browser (you should only be using Firefox or MSFT Edge) when you go to a website it will let you know what third-party software is running and the version, which is important. You could just take the names and version numbers and drop them into the Exploit-DB's search.

I cannot stress enough the importance of two-factor authentication. Last year (2021) a parking app was hacked, which exposed its users personal info, but the company did not make it a priority to tell their users about the breach, leaving them/their information vulnerably. The data the hacker/s gained would have been worthless if the company made a statement telling users to change their passwords as soon as possible because of the breach. Here is where two-factor would save the day. Even if they (hacker) got your username and password, they still would not be able to sign into your account because the two-factor authentication messages are sent to your phone/app on your phone. Also, you would be notified instantly about someone trying to log in with your account information.

Technology's growing speed; How do we keep up?

In the last 10-15 years technology has evolved at an incredible rate. Even for computer nerds like me it is nearly impossible to keep up with every new thing. In a way that is exciting, wondering what crazy invention is going to change the world next, but no matter what it is, it needs to focus on security constantly.

I am sure we all know what Network is (2 or more PCs connected and able to communicate). Looking at a network that way, it is easy to picture the internet as one Giant Network made up of every computer/server online. ((Inter)network). When it comes to sharing information, having a network of PCs to use as sources is helpful, the downside is that if there is flaw in a program, usually many computers will be affected since they share the same software. This is how hackers try to gain access to different sites/apps/etc., by exploiting a flaw in the underlying software.

Most of the time these flaws are patched before any real harm can be done, which is why I always stress to download any updates your device has and when you do make sure you do it the "proper way". For example, when updating Windows DO NOT click on a pop-up, even if it came from the Notification Center, saying 'Update'. Instead go to Settings, Update and check there. The same goes for all other devices.

New exploits come out daily! I have exploit-db, the exploit database as my homepage. These are legitimate exploits that have been reported to the companies and since been patched, but that does not mean that everyone has updated their software, and that's how hacks happen.

Even though the number of Cyber Attacks seemingly increases day by day, lately so does the number of people who want to defend against them. Which means you do not need a 3rd party Anti-whatever program if you are running Windows, Windows Defender and common sense will do just fine!

That being said it is always good to know what you may be up against and that will vary depending on a number of factors such as, the devices you use, the amount you use them, your understanding of the tech, and more. That's why sites like The Exploit DB and others exist.

Pegasus: The iOS (and Android) Spyware

Pretty much since their beginnings, iOS devices have been thought of as "impossible to get a 'virus'" and for a long time that may have been true, but is no longer since at least 2016. Oddly, it has been 6 years as of writing this (2022) and there is still no anti/virus/spyware/malware etc. app in the iOS App Store.

Pegasus, the spyware that infects iOS devices, was found 'by accident' in 2016 by a UAE human rights activist, Ahmed Mansoor. Here is where Pegasus starts to get worrying. It was only found because the person who was the target of the campaign had a feeling that it was illegitimate and asked his cybersecurity team to look at it, and it turned out he was right. He turned the evidence over to Lookout, a cybersecurity firm, who said this was by far the most sophisticated attack they had ever seen on any type of device!

It turns out that Pegasus is/was a 'commercial' exploit, meaning it was being sold. Once upon a time another cybersecurity firm was offering $1 million if someone found a single iOS Zero-Day Vulnerability, Pegasus relied on 3 in order for it to work; any one of which they could have turned in for $1 million or all 3 for $3 million, so you can imagine how much it is 'worth' and how much was spent to create it!

Pegasus is as bad as it can get as far as what it does once it is on your device. For iOS devices it started by silently jailbreaking the device, then it got to work decrypting everything, and I mean everything. It also had a keylogging and voice recording aspect as well. The group responsible for Pegasus is an Israeli hacking group called NSO.

For more information visit Kaspersky.com

For information about learning Ethical Hacking skills, you can visit:

Computers were invented by a gay man to stop a war...

Under Construction:

Thank you for visiting, please excuse the mess.