Week 12: Cloud Gaming

Technology is always evolving to things you might have never imagined. Google announced Stadia mid-summer of this year. The rundown is: for $10 a month, you’ll be able play video games without a high end computer. It works by having Google run the games for you on their servers/computer and it streams it back to your device (laptop, TV, smartphone etc) in “real” time.

Being able to play without lags or interruptions is paramount to gamers, and flawed internet connections could cause frustration. Internet speed will also determine how rich in-game graphics can be.

Let’s hope this turns into something great!

Source.

Week 11: Holiday Shopping

As the holidays are arriving, a lot of people will be shopping online. Be it on Black Friday, Cyber Monday, Christmas shopping, etc.. Cyber criminals are always looking for a way to get your personal data like credit cards.

Beware of e-skimming, the process of skimming code on e-commerce payment processing webpages that captures credit card, debit card, or other personally identifiable information. Smaller businesses/websites that don’t have the operations to ward off the attack are usually targeted.

Stay safe and use a VPN!

Source.

Week 10: Vulnerability in Asus Wi-Fi Software

A data leak in Asus Wi-Fi software gave hackers access to users’ networks and the possibility to hijack smart devices.

“With this access, hackers and criminals can embed many attacks on these devices: malware, ransomware, spyware, viruses,” the researchers continue. “They can compromise users’ email addresses and personal accounts, extracting additional sensitive personally identifiable information.”

According to vpnMentor, the vulnerability has been closed, but there has been no official word from Asus yet.

Source.

Week 9: Smart Speakers Hack

A group of researchers based in Tokyo and the University of Michigan were able to find a vulnerability in smart speakers (Google Home, Alexa, Siri, etc.) by pointing lasers at it.

“ The lasers basically trick the microphones into making electrical signals as if they're hearing someone's voice. A hacker could seemingly use this method to buy stuff online, control smart home switches and remotely unlock and start a car that's linked to the speaker. “

Source.

Week 8: Hitting Jackpot at an ATM

ATMs all around the world are actually rather easy to hack. When I say hack, I mean there is an EXE file you could open up and have it spit out cash for you. A popular malware called WinPot has had so much time perfecting their malware that the attacker can actually play a game similar to a casino’s slot machine.

The question comes to, why are they so easily hackable? Well, most of these machines run on an old, unsupported OS. If companies would like to fix this problem, they can easily use a OS that is still supported (receives updates), and create a whitelist of approved programs and blacklist everything else.

Source.

Week 7: The Internet of Things

The internet of things (IoT) is quite literally everything we see nowadays. Anything and everything that is connected wirelessly is considered an IoT. The Washington Post put a nice diagram on what can/already is happening with IoT. Examples of IoT are smart speakers, locks, sprinklers, light bulbs, etc.. The convenience of being able to talk to the devices, or tuning them via a smartphone does comes with tradeoffs. Security vs privacy.

"Smart factories cut machine downtime by alerting supervisors to problems, though they can also monitor workers’ movements — even trips to the toilet.“

Source.

Week 6: Android Exploit

Android devices running Android 8 or later should be receiving an update to patch a bug in the next few days. The exploit would allow hackers to take over a person’s phone. Lucky, you would need to download an app for the exploit to take into effect. Stay safe on the web and make sure you know what you’re downloading!

Source.

Week 5: Virtual Machines

In 2017 there was a rather famous ransomware that had spread to a lot of users, and quite a bit of organizations like hospitals, police stations, and even governments. The attackers named it WannaCry. I had wanted to install this ransomware onto my computer but did not want to lose my file...

That gave me the brilliant idea to install a virtual machine (VM) on my computer. A virtual machine behaves like a separate computer system, complete with virtual hardware devices. In the case that you do install a virus, ransomware, etc. it would not affect your personal computer. Just your virtual one. Just be sure to not have/do anything important on that VM.

When dealt with the infamous red ransom note of telling you to send $300 worth of Bitcoin to said address, you could easily exit from the virtual machine and go on your day without a worry of your computer getting nuked.

Here is a tutorial on how to install a virtual machine (I recommend using VirtualBox).

Week 4: Yahoo Breach Settlement

Yahoo just recently released a settlement for it’s 2016 data breach. If you had an account between 2012 and 2016 you might be compensated with either two years of free credit monitoring or up to $358 in cash. Users will have until July 20, 2020 to file a claim.

From what I could remember at that time, it was about the largest data breach to date. Names, email address, phone numbers, birth dates, passwords, etc were all stolen in the 2016 data breach. The only use my Yahoo Mail gets is receiving my junk mail. I suggest you do the same.

Source.

Week 3: Virtual Private Network (VPN)

In an Engadget article by Violet Blue, it suggests that you use a VPN when surfing the web. A VPN keeps your IP address and physical location private. It works by encrypting the data you transmit through your VPN server which then travels to the destination you want. By having your data transmitted to the VPN first, advertisers, attackers, and your ISP only sees you visiting the VPN.

It would be most crucial when you’re using public wi-fi. With a lot of free wi-fi connections, there are a lot of hackers that can tap into that wi-fi connection and track your data. If not, the company providing the wi-fi can track your data and do whatever they want with it.

There are a ton of VPN providers and they’re all generally the same, just be sure they do not log your information. As they say, if you’re not paying for the product, you are the product.

Source

Week 2: Two Factor Authentication

Time magazine author Patrick Lucas Austin reminds us that passwords are not safe. Austin encourages users to use Two factor authentication wherever they can. Two factor authentication, also known as two step verification/authentication, adds another layer of security by having the user “put an extra security code after typing in your username and password to prove you’re really you.”

A lot of websites are already placing this in use as emails and passwords get exposed everyday. There are various methods of 2FA, but they’re mostly by text message, app authentication, or hardware authentication.

Text message, or SMS authentication is when a website texts you a string of code to enter to verify your identity.

App authentication requires you to download an authentication app (like Authy, or Google Authentication) and they generate a code for you every minute to verify yourself.

Hardware authentication is rather new, but would be the most secure. With no app, or text message, you would need to purchase a hardware token. Yubico, the most popular hardware 2FA manufacturer, advertises a USB-like token that has options for NFC to establish yourself.

Source.

Week 1: Back To School

In my article “Back to school cyber security tips” by Ellis Wiltsey of KOLAN-TV (Local Lincoln, NE news stations) they recommend updating your computer completely. Not so much the hardware, but your antivirus. Infogressive, a cyber security firm in Lincoln “says their best advice when it comes to creating accounts and filling out all those forms is to never use the same password twice.“

I follow this rule quite a lot with LastPass. LastPass is a freemium password manager that keeps all my passwords in one place, generates unique and random passwords, autofills them into my websites so I never have to memorize them. No, I am not endorsed by LastPass.

According to Infogressive, 91% of cyber breaches begin with an email. These kind of attacks are known as phishing. Attackers will often change their email address characters to numbers, I’s into ones, or O’s into zeros. If it’s too good to be true, it’s probably is too good to be true...

Lastly in Wiltsey’s article, Infogressive endorses parents to talk to their kids about these kind of attackers and to help set guidelines with the amount of social media that’s readily available now. The parents should also help kids setup their online accounts, weather it be for their classes or for their social media accounts.

Not only can antiviruses keep your computer clean of malware and viruses, using different passwords for different websites will make it harder for someone to hack into those accounts such as your bank accounts, social media, etc.

Source.