Scatty.com

Category: Cyber Security

Protecting Your Privacy and Security in the Age of Computing

When we think of privacy and security, we think about the day and age that we live in now. That’s because, over the internet, hackers are able to gather your information seemingly within a matter of seconds. Prior to the internet era, criminals would have to go to great lengths to steal your information. They literally would go through your trash to collect private information, but it was much more rare.

After all, you could stop an identity thief in their tracks if you were to step outside while they were dumpster diving and you could identify who was doing it. These days, though, thieves are almost entirely anonymous and could be on the opposite end of the world when they take your information. What they do with it could damage your finances, your credit, and even your reputation. Let’s take a look at the importance of privacy and security in the age of computing, and what you can do to protect yourself.

Why They Want To Know You

During the early days of the internet, you didn’t have to agree to have all of your personal information tracked. You simply went onto whatever website you wanted, clicked around for a little bit, sent some emails, and called it a day. Times have changed rapidly, though, and every website seems to want to know everything about you.

The biggest reason for this is focused advertising. There is only so much money that can be squeezed out of the internet that your browsing information is sold quite frequently. Facebook is perhaps the biggest perpetrator of this, as you agree to have your browsing history tracked by the social media site so that they can present targeted advertisements to your news feed. While it may seem intrusive, it’s actually a necessity to keep these expensive large sites running.

Many people are becoming more informed on the ways that social media is tracking their information and opting to avoid this part of the internet altogether. Outside of major websites and social media companies, though, there are individuals who want your information for more nefarious reasons. These people want your passwords so that they can access your banking information, social security number, and much more.

Protecting Your Privacy

Privacy is one thing that most of us wish we had more of, especially in the age of computing. After all, privacy is a fundamental human right, but with many people carrying around cell phones that are ready to record at a moment’s notice, it can be hard to come by. The last place you want to lose your privacy is in your own home, but your computer can act as a gateway to a loss of that privacy.

When you aren’t staying on top of your privacy on your devices, you’re able to be tracked anywhere that you’re going and what you’ve been looking at online. With that said, always check the privacy settings on each one of the apps or websites that you visit to make sure that you’re only sharing the bare minimum of information. Location tracking is one of the big ones that almost every website seems to want to collect from you, so turn it off for everything except for directional apps like Google Maps or Waze.

At the same time, it may be a good opportunity to purge yourself from any apps that you aren’t using as they can still track your information. Your private information is only for you to know, and who you want to share with is entirely up to you. Even on search engines like Google and Bing, you can change your privacy settings so that your every search isn’t being recorded.

Staying Secure

The first cybercrimes that were committed didn’t come from an individual accessing someone’s checking account online. Instead, these early crimes focused on obtaining military passwords, which was a matter of national security. While there have been some leaks and hacks through computing when it comes to the government and military, they’re always upping their security systems to the point where their systems are nearly impenetrable.

As for your cell phone and computer, that might not be the case. There are security programs like Bitdefender, McAfee, and ESET that can help keep you secure, and they really come in handy with all of the fake links that are presented on the internet. It’s easy to be fooled by a legitimate-looking website or email, and it could lead to serious problems.

Many of these viruses put in keyloggers that can find out the usernames and passwords to your most valuable information like your bank account. Always make sure that your passwords are changing frequently, using password managers like Google to make them more secure. You can also enable two-factor authentication on all of your more sensitive apps and websites to make hacking nearly impossible.

While we entrust our privacy to be protected, it can always be exploited. With that said, it’s important that we do our part to make sure we’re on top of all of our security so that we aren’t victims of the fastest-growing form of crime in the world.

The Growing Field of Cybersecurity: Opportunities and Challenges for Professionals

Cybersecurity is one of the biggest branches of law enforcement these days despite the fact that it was almost non-existent all the way up until the 1990s. Before then, most of the computers that were connected via the internet were between colleges, and there wasn’t a lot of personal information such as bank accounts and credit card info. Now, e-commerce has pretty much everyone’s information online, making people a target to hackers and viruses on a daily basis.

As such, cybersecurity has become increasingly important over the years, which has saved a lot of people from disaster. There have also been a lot of challenges faced by those in the cybersecurity field. Let’s take a look at the field as a whole and some of the challenges that come along with it, as well as the opportunities for professionals.

Opportunity: Security Architects

There is a growing need for security architects in today’s digital world, as this position is for someone who is able to identify not only existing threats but anything that could potentially be an issue. Think of a security architect as sort of a meteorologist for cybersecurity in the fact that they have to think ahead and that potential hackers are like forming storm cells. It’s always best to be proactive rather than reactive in cybersecurity.

Challenge: Ever-Changing World

Perhaps the biggest challenge that cybersecurity professionals face on a daily basis is just how much it changes on a daily basis. Every day you wake up, there’s a potential new exploit that’s being created and requires professionals to adjust how they prevent them from being implemented. It can be an exhausting task, and hackers know that. They try to catch professionals napping for just a few moments when attacking, so it’s a round-the-clock job.

Opportunity: Cryptographers

Cryptography is not a new profession, but it’s one that has gotten a lot more attention in recent years. That’s because cryptography isn’t used for just coded information during wartime anymore. These days, cryptographers are important for e-commerce, including cryptocurrency and chip-based debit and credit cards. Cryptographers are also hard at work to make sure that information online is safe, using advanced algorithms so that you can send and receive encrypted information online.

Challenge: Human Error

You could take a hundred courses in cybersecurity and feel like you’ve learned everything that you need to know, but that doesn’t mean that everything will go perfectly. We already mentioned that cybersecurity is changing on a daily basis, and that means that there’s a higher chance of human error. Of course, artificial intelligence is helping to bolster security, but as we’ve seen thus far, there is still a lot of error from AI that needs to be ironed out.

Opportunity: Security Consultants

The job of a cybersecurity consultant isn’t too much different than a cybersecurity architect, but there are a few minor differences. A consultant will meet with an end customer to determine what type of services that they want whereas an architect typically already works with a company as the head of cybersecurity. Consultants will then put plans into place to make sure that the business’s cybersecurity is up to par, and it’s a field that has been growing for years.

Challenge: Insider Threats

In the same way that even one of the most trusted employees could be guilty of insider trading, insider cybersecurity threats also exist. Because some employees already have access to the information thanks to being trusted with passwords, they could end up taking advantage of that trust and pulling private information for their own nefarious personal use.

Opportunity: White-Hat Hackers

White-hat hacking, or ethical hacking depending on who you ask, is a very specific field that has seen a massive increase in demand. Essentially, these are people who are working for a company and attempting to hack the system to show consultants and architects any weak spots that might be present. As a white-hat hacker, you’re entrusted to not actually use the private information that’s found, but rather let cybersecurity professionals know how to fix it.

Challenge: The Cloud

Cloud computing has been a blessing for a lot of large businesses as it’s able to store data for much cheaper without having to take up space on servers. However, cloud computing has a different structure and is privy to a lot of potential invasions. There’s a special set of skills you have to have in order to prevent cloud computing attacks, and it will only become more common as the years go on.

Opportunity: Artificial Intelligence

There’s a growing demand for artificial intelligence in all fields, and cybersecurity is no exception. This doesn’t mean that cybersecurity professionals are being replaced, thankfully, but rather are being given a tool that ill help them fight hackers easier.

Challenge: Attacks From All Angles

As we mentioned earlier, hackers will attempt to find any exploits at any time of the day. They may also come from any part of the world. Having attacks coming in from all parts of the globe means that there’s a growing list of people who are trying to get into your system, and it can be a daunting task.

5 Huge Security Bugs In Major Protocols

Even if we don’t know the first thing about computers, we all want to know that we’re safe when we’re using them in our homes or at work. Computers end up containing a lot of personal and financial information, and it can be devastating when that information falls into the wrong hands.

Hackers have been able to exploit a lot of vulnerabilities in hardware and software over the years, causing some of the biggest data breaches ever seen. When discovered, these bugs are typically patched instantly, but a lot of damage can be done in that time. Here are five instances of huge security bugs in major protocols causing international problems.

EternalBlue

A vast majority of people around the world rely on Microsoft Windows to keep them safe when using their personal computers. Because of this, there is a lot of testing done to make sure that Windows is secure, and one of the biggest exploits that have ever been found came in 2016, which was able to attack Windows computers. Chinese hackers were found using the EternalBlue exploit to remotely hack PCs thanks to a Server Message Block vulnerability.

It was learned that 2016 wasn’t when EternalBlue was developed, but rather when it was first used maliciously. The exploit was designed by the US National Security Agency, with Microsoft knowing nothing about it until the hacks were underway. Microsoft quickly developed a patch to combat the exploit that had affected pretty much every Windows operating system.

HP Printers

When we think about internet security, our brains immediately turn to our personal computers, laptops, and cell phones. Very rarely do we think about printers as being able to be exploited because of a bug, but it turned out that we should’ve been worried all along. In 2011, an RCE vulnerability was found in Hewlett-Packard printers that allowed hackers to access the printer’s information remotely.

Not only did this bug let the hackers obtain the private information of the users, but it also allowed them to turn these printers into a weapon of sorts. The bug caused many of the HP printers to catch fire, even though HP refuted these claims. A company spokesman said that the reports of the bug causing fires was “false” and that the printers “have a hardware element called a ‘thermal breaker’ that is designed to prevent the fuser from overheating or causing a fire.”

Adobe

North Korea and South Korea have been at odds for many years, and due to the lack of physical fighting between the two, both sides have launched a lot of cyber attacks. One of the biggest exploits came via the Adobe Flash player when North Korean hackers exploited a vulnerability and collect a lot of personal information from South Korean targets.

The bug was known as CVE-2018-4878, and seemed like a harmless file when it was sent via email. As long as the person that was using their computer opened Adobe Flash through any source (i.e. webpage, Microsoft Office, etc.), then the targeting was successful. Thankfully, Adobe was able to catch wind of this bug and patched it within a day, allowing South Koreans to browse safely once again.

Heartbleed

Back in February 2012, Heartbleed became a security bug that would end up being talked about for more than two years before it was finally discovered and patched within a week during early April 2014. The bug affected millions of websites that were using Transport Layer Security and caused an overload in allowed data. Even after the patch was released, there were still hundreds of thousands of websites affected for months.

Thankfully, the number has dropped to almost nothing ever since then, but a lot of damage was caused along the way. Private keys were revealed on some pretty popular websites including Reddit, Pinterest, SoundCloud, Tumblr, and many more. Social security numbers and many other pieces of information were leaked before Heartbleed was shut down.

Shellshock/Bashdoor

Have you ever been in a situation where you seemingly lost control of your computer and it felt like a ghost was in charge of it? You may have been one of the many people affected by the Shellshock security bug that was discovered in 2014 after affecting many people. Interestingly enough, the bug was introduced in the late 1980s but took a while to shut down.

Those that were using Unix systems were the ones exploited by this bug, with macOS and Linux users being the biggest targets. The patches were implemented shortly after the bug was discovered, leaving many to wonder why it was able to go untouched for so long.

How to Recognize An Unsafe or Hacked Website

Almost all of us have run into a problem where we don’t know why our computer isn’t operating the way it should be. After doing some research, we find out that we’ve gotten hacked or have been infected with a virus. Then, you’re left wondering how that could happen. Every website you go to says that it’s secure, and browsers like Google Chrome confirm that, and you make sure to never open anything from an unknown email address.

So how does this happen? There are way more websites out there than you might think that are unsafe or hacked, and they can cause harm to your computer and your personal information. Before you click on any webpage, there are some surefire ways to spot a harmful site. Here are five tips on recognizing websites that have been compromised.

Respect the S

There was a time when we would all just blindly go to any website that started its URL with HTTP. These days, you want to make sure that every website you visit instead starts with HTTPS. What’s the difference between the two? 

HTTPS is the same thing, except it has an extra layer of encryption that makes sure that your data is more secure. The ‘S’ stands for secure, simply enough, and most websites have made the switch in recent years to avoid data breaches.

Keep Looking at the URL

The “HTTPS” at the beginning of the URL isn’t the only thing that you should be looking for. There are a lot of people who end up typing in the wrong web address when they’re moving too fast in their browser’s address bar and still hit enter. 

This can lead you to a similar-looking website that’s not actually safe. If you’re looking for sports scores and accidentally stumble on WSPN.com instead of ESPN.com, you might get something that looks legit but is actually a harmful website.

Payments

Almost all of these fake or unsafe websites have store options, but you can spot which ones aren’t legitimate by the ways that you can pay. The safest ways you can pay online are through sites like PayPal or via credit card. Fake websites won’t be likely to accept credit cards since they can easily be hit with a chargeback as credit card protection is more stringent than debit card protection.

If there is a website that only accepts mailed payments or money orders, that’s a massive red flag to stay away from that website and block it from your browser forever. Even some sites that look shady can be legitimate because they accept encrypted payments, allowing your payment information to remain safe.

Trust the Chrome

Over the years, Google Chrome surpassed all of the other web browsers to become the most commonly used in the world. These days, around two-thirds of computer users trust Chrome, and for good reason. Not only does it have a very user-friendly interface, but it has plenty of extension options that make the browsing experience much better.

One thing that not many people consider when using Chrome is that it adds a lot of layers of protection. Whenever you’re about to visit a site that seems unsafe or hacked, Chrome will offer up a warning. In most cases, you can still surpass Chrome’s suggestion, but there are other times when the browser simply won’t allow you to continue. It’s best to heed Chrome’s warning when it does come up.

Layout

There are plenty of legitimate websites that look like they were designed back in the Angelfire days (looking at you, Wikipedia). However, most of them that are completely dated and look like they have no HTML arrangement whatsoever and can hardly be trusted. Any legitimate website will make sure that there’s a web designer to make sure everything looks up to date.

They say that you should never judge a book by its cover, but that mostly applies to books themselves or human beings. When it comes to websites, though, image is everything for legit businesses, and they wouldn’t allow a shady-looking website to go live.

Bonus Tip: Email Links

Another thing that you should look out for is your email inbox. Instead of clicking on a link that you receive in an email, always make sure to type in a web address yourself. This will ensure that you’re not going to any harmful websites as there are plenty of virus-filled emails that look authentic. If you have any doubt whatsoever about the validity of an email, it’s best to just delete it and move on with your day instead of putting your computer and private info at risk.

When Should You Run A Background Check On Someone And How?

There are going to be some instances in life in which you have to submit to a background check, but there also might be times when you need (or want) to run a background check on someone else. Whether you’re checking their criminal record, credit, residential history, or anything in between, there’s some information that you’ll want to know.

In what cases are you most likely to need a background check on a person, though? We have a few scenarios where a background check is common, and we’ll also let you know how to perform a background check. While it might be easier and cheaper than you think, it can also involve some legal issues to think about.

Employer

A majority of the background checks that are performed are through employers who want to make sure that they’re investing their time and money into the right person. Typically, a background check will come after an interview and when a conditional job offer is issued. However, before everything is put into writing and signed, a background check is done for the final approval of the employee.

There are certain things in a background check that will end up being pertinent information for an employer. They’ll be able to see if their potential employee has been hopping from job to job while also seeing if there’s a criminal history that could hinder the safety of coworkers. If the applicant was found lying on their resume or has been charged with a white-collar crime, it could lead to the job offer being withdrawn.

Landlord or Tenant

A landlord is going to want to know that they’re renting the property they own to the right people, and they’ll find out much of the same information that an employer would. The background check can help to verify employment, guaranteeing that the tenant has enough money to pay the rent each month. If there’s no criminal background, it can also help the landlord feel at ease knowing that their property will go undamaged.

Tenants can also run background checks on their potential landlords. There are many landlords that aren’t exactly saints and can end up dealing in shady practices. You want to know that if you’re sending potentially tens of thousands of dollars per year to someone that you’re not going to get randomly evicted because the landlord is a potentially harmful person.

Dating

Let’s say that you start dating someone that you met online and you really like them. You don’t want to move too fast because you don’t know them all that well, but if you really feel inclined, you can have a background check run on them to make sure that you’re not getting into anything dangerous. While employers must notify someone that a background check is being run on them, it can be different for individuals.

In most cases, it’s illegal to conduct a background check on someone that doesn’t know there’s one being submitted. With that in mind, you’ll want to study your local laws to see what can be done. At the very least, you’ll still be able to verify who they are without breaking the law by getting a full check. If you both consent, though, a background check might be extreme, but it won’t hurt.

Childcare

You absolutely want to make sure that your children are safe above all else. With that said, never put your children in the hands of someone that you don’t know unless they are willing to submit to a background check. Anyone that’s willing to do so is likely going to be trustworthy, and the background check will show just that.

Some childcare providers may be offended by the thought, and if they are, it’s probably not worth your time to leave your kids with them. When it comes to teachers, though, they have already had background checks, so you can be assured that they’re qualified to watch your children throughout the day.

How to Run a Background Check

In most states, you’re able to access someone’s criminal history through a quick search on the state’s website. If you want more information such as credit, address, employment history, etc., you’ll have to get something more detailed. There are verified websites that can perform a full background check, and they usually only cost around $10 to $20.

No matter what kind of background check you’re getting, though, you want to inform the other party that you’re running a background check on them and you should obtain their permission. Failure to do so can lead to legal action against you.

Everything You Need to Know About DDoS Attacks

These days, it seems you can’t venture anywhere on the web without threats lurking around every corner. And each day, you hear about a new data breach, virus, or some other threat to your security and data online. 

When will the madness end? Well, probably never. As long as people are sharing sensitive information on the Internet (such as Social Security numbers and payment data), hackers will try to take advantage. 

Still, there’s one type of online threat that many people have never heard of, but that’s been gaining traction over the last several years. It’s the DDoS attack—and anybody with a server, website, or even an email address could be at risk.

What is a DDoS Attack?

Specifically, DDoS stands for “distributed denial of service.” In simplest terms, a DDoS attack aims to slow down a server or crash it altogether by essentially flooding it with fake web traffic. These types of attacks can wreak serious havoc, especially on websites that rely on steady uptime to generate revenue through direct eCommerce sales or even ads. In fact, one study has found that major server outages for the top five eCommerce sites in the United States total about $3.5 million per hour.

Unfortunately, DDoS attacks have grown not only in their frequency, but their size as well. Attacks of several hundred gigabytes per second are no longer uncommon, rendering some “DDoS protection” software unable to keep up. Meanwhile, it seems that nobody is safe from the threat of a DDoS attack; from major corporations to small non-profits and everything in between, attackers will target any and all vulnerabilities.

How to Protect Yourself

With all this in mind, what can you do to be proactive against DDoS attacks? While there’s no way to guarantee you’ll never fall victim to an attack on your site or server, there are some steps you can take to reduce your risk. 

Start by making sure you’re using a server or hosting platform with build-in safeguards against these kinds of attacks. Many hosting companies offer DDoS protection as part of their hosting packages. If you can upgrade your protection to guard against even larger attacks, do so.

Meanwhile, be aware of the signs of a DDoS attack. Most often, victims of DDoS attacks will notice problems accessing their website. The site may be slow to load or it may fail to load altogether. In other cases, you may still be able to access your own site, but you may receive reports from others that they cannot or that the site is loading very slowly. If this occurs, you’ll want to contact your hosting company as soon as possible so they can look into it further.

Don’t Become a Victim

Hopefully, you never have to worry about a DDoS attack causing downtime on your server or website. Unfortunately, these attacks are becoming a very real threat across the web. By being aware of what DDoS attacks entail, you can better protect yourself!

5 Most Unbelievable Hacking Incidents

It has become a major movie cliche: the computer hacker who, typing furiously under great pressure, needs only a few more seconds to break into “the mainframe.” Something akin to a superhero, the nerdy but attractive character at the keyboard accomplished the impossible, bypassing all necessary security walls in the nick of time.

 

This scenario certainly is exciting, but it is the type of thing that only happens on the film or TV screen, right? Read on for five unbelievable computer hacking incidents that seem too incredible to be true.

 

1. The 1995 Citibank Hack

 

Before Russian software programmer Vladimir Levin hacked into the New York IT system of Citibank in 1995, few industry experts would have thought such an attack possible. Sitting comfortably in his St. Petersburg apartment, Levin authorized a series of fraudulent banking transactions that drew a total of roughly $10 million from individual accounts around the world. Both Citibank and the FBI fortunately tracked many of the transactions, and Levin was extradited to the US, where he served three years in prison.

 

2. The 2000 MafiaBoy Hack

 

When MafiaBoy (the screen name of Canadian teenager name Michael Calce) hacked some of the top sites on the internet in 2000, people simply couldn’t believe that he could pull off such a coordinated attack at just 15 years of age. Using a DDoS (distributed denial-of-service) approach, he overwhelmed the IT networks of Amazon, CNN, eBay, Yahoo, eTrade, and Dell, resulting in financial losses estimated at $1.2 billion. When he was caught, MafiaBoy admitted that he did it simply to impress his fellow hackers.

 

3. The 2004 Delta Airlines Hack

 

Another teenage hacker, German Sven Jaschan brought down the entire IT system of Delta Airlines, among those of other large corporate entities, as an 18-year-old college student. An innovator in the hacker world, Jaschan allegedly coded the Sasser worm. Famous among IT experts for affecting Microsoft Windows, this self-replicating and self-distributing computer virus successfully infected tens of millions of computers that span the globe.  attacked vulnerable Microsoft Windows operating systems.

 

4. 2010 Marriott International Hack

 

One of the most unusual cyberattacks in history, this extortion attempt doubled as a search for employment. Hungarian citizen Attila Nemeth infected the security firm Marriott International with a malicious virus and then threatened further damage if they didn’t give him a job. Marriott responded to Nemeth with a fake employee account and the promise of work. After receiving forms of personal identification that include his passport and resume, the company passed the information to the US Secret Service.

 

5. The 2014 iCloud Celebrity Hacks

 

In what was certainly one of the most salacious of all hacking incidents, a team of hackers in various US locations used phishing techniques to gain access to the Apple iCloud accounts of numerous A-list Hollywood celebrities including Kate Upton and Jennifer Lawrence. After releasing private photos and videos (some of which contained nudity), two affiliated hackers were sentenced to roughly a year in prison.

How to Become a Cybersecurity Expert

Cybersecurity is on many people’s minds these days. It is also one of the fastest-growing industries. According to the U.S. Bureau of Labor Statistics, jobs in this field are growing at a much faster pace than average. What does it take to become a cybersecurity expert? 

Get an Entry-Level Job

You have to decide how you will develop the knowledge and skills to master cybersecurity. Work experience is crucial and often the key to meeting the requirements of critical advanced certifications that will mean better opportunities in this industry. 

Since cybersecurity companies are facing a labor shortage, now is an excellent time to try for that entry-level position that will train you and pay you at the same time. You will need to go to the job interview with plenty of knowledge, though. If you are not in a place where you can go back to school, then self-study using the internet. This may give you just enough information to get your foot in the door.

Get a Certificate

Some starter certifications you can take will give you enough to get an entry-level job. Many have no experience prerequisites, too, so you can take them even if you don’t work in the tech industry. 

Some examples of starter certificates include:

  • Microsoft Technology Associate Security Fundamentals – For just a little over one hundred dollars, you can learn core security principles and some other basic security concepts. To earn the certificate, you must pass an exam. 
  • ISACA CSX Cybersecurity Fundamentals Certificate – CSX is recognized for some of its advanced certifications, but they also offer a fundamentals course. There are no prerequisites for this course, but you must pass a 2-hour exam to get the certificate. It costs less than two hundred dollars. 
  • CompTIA Security+ – The Security+ course helps you establish core knowledge regarding cybersecurity. The course has the approval of the U.S. Department of Defense, possibly making you eligible for an entry-level government job. That bonus means the course costs a little more. You’ll pay 381 dollars to take the exam. 

All three of these are self-paced self-study courses. Once you think you know the information, you take an exam. If you pass, you earn the certification. You could also opt to go to college for a two or four-year degree in information systems or network security.

 

Get a Specialty

Cybersecurity is a broad term that includes many types of expertise. For example, you could be the person who designs secure networks or stays up to date on trends in hacking. You could also test the various connections looking for intruders. 

Each path is significant, but they can be different, too. You get to the expert level faster if you pick one instead of trying to learn everything at once.