Author: Griz

I am a cyber professional who has been computing since the late 1970s. My goal is to help our readers understand cybersecurity, for either protecting themselves, their family, or offices. A secondary goal is to help people into the cybersecurity field as a career.

Are your smart devices listening to you?

Posted on by Griz

Let’s start our posts off in a fun way. A way that you can play along at home.

I am sure that you have heard that websites use your browsing history to spy on where you browse, and what you search for. You likely know that your smart devices use GPS to track every move that you make while you carry them.

Did you know that they are actively listening to you also? Yes, they are like a little surveillance team that you willingly share some of your deepest secrets with. You know, the ones that you only tell your dog, cat, or maybe your plants as you water them? On the surface, we all must know that they listen. How else would Alexa hear your playlist request? Cortana and Siri are the same way, they are constantly sucking up the nuggets of voice and recording it.

If you want to prove that what you verbalize is being sold off for advertisers’ consumption, it is not too hard. This is where you get to play along at home. If you want, draft a partner to be your co-cyber-sleuth.

To maintain the integrity of this experiment, I am not going to suggest the subject of your test.

Here is the lab experiment:

Lab Requirements

  1. A smart device; Alexa, Siri, smart phone, or any other internet connected device with a microphone.
  2. Pen and paper
  3. If you are using a lab partner (or perhaps a group) you will need to communicate with the pen and paper to decide upon a product on the market that you have not searched for. This is going to be your target. Do not discuss it verbally at all while you decide.

Now it is time to conduct your experiment. Whether you are alone, as a pair, or team it is time to have a three to five minute discussion in the presence of your smart device about your subject. You might discuss brand names, qualities about the product, and possible vendors of the object.

Wait for thirty minutes to an hour, then open Facebook and scroll through your feed and watch the ads content. Did the test subject appear? If it did not, please drop a comment below letting me know of what your test subject was, and what device you were testing. If your test subject DID appear, please consider clicking on one or two of the ads on this page.

Does that sound fair? I look forward to hearing your results.

Topics For Us to Cover Over Time

Posted on by Griz
In the cyber security realm, there is always something to learn, share, and teach. We have to learn on a daily basis what the criminals have gotten into. It isn’t enough to know what they did, but HOW they did it is the important so that we can find methods to prevent them form doing it again. As users, we get tired of update after update coming along and making us reboot. Those updates are often critical. They make your operating system more secure. The reboot not only makes them take effect, but also may break the connection so that the crook cannot get back in when you reconnect to the internet. With that in mind, let’s build a list of topics that we should discuss as we progress down the path of cyber education. If you have any that you would like to cover, or cover sooner than later, please let me know in a comment. If you have a topic that is not on the list, I will add it.
  • Phishing – Starts here: https://cyber.pissedoffpirate.com/phishing-emails/red-flags/
  • Vishing
  • Smishing
  • Malware
  • Ransomware
  • Identity Theft
  • Information Protection
  • DoS/DDoS
  • Online Predators
  • Online Harassment

Password Reuse and You

Posted on by Griz
We could talk about password strength and safety first, but it is likely that you have heard that time and time again so I will slide that one down the priority list a bit. There are storehouses of passwords that belong to compromised email addresses. You may have gotten a phishing email that claimed to have your password. One that I have seen provided a somewhat censored version of one of my old passwords.This typically comes with a ransom demand. The way that these situations happen is the result of human nature. It is all too easy to use the same password on all of your online accounts. They keep increasing the password complexity and there are so many to keep track of. When a website that you use gets hacked and the username/password database gets stolen that data gets sold off. The majority of Americans bank at one of five major financial institutions. If the criminals have control of your email address (or as we say in the industry, pwns) they can get passwords reset. If they get as far as getting your bank password, where does that leave you? It doesn’t take much imagination to see how bad that can be. If you have a list of usernames/passwords it is like having a ring of keys. You can do some poking of common email providers and other services to see if those usernames and passwords open the door allowing criminals inside. Has your email password ever been compromised? Maybe you had to change your email password because you started getting weird email bounceback messages. Would you like to see if your email address has been discovered on a list for sale, or just out for public consumption? Try this link. (I have a few email addresses that have been blown, so don’t feel badly about being listed.) https://haveibeenpwned.com/Passwords Where do you go from here? Regardless of being compromised in the past or not, you can help protect yourself from this moment forward by starting to use different passwords for each account. This is where a tool to track your passwords in a secure manner is important. There are many password storage tools out there. Some are subscription based, some are free. This is not an endorsement, but I can say that I have had good experience with Password Safe. Some of the important aspect to consider is that the tool stores your usernames and passwords using encryption, and that the tool is easy for you to use. If it is not easy, you won’t use it. Please feel free to share your experiences in the comments. Maybe you have a password storage tool that you feel is wonderful, share it with the group. I am always happy to look over new products. Perhaps your input will give the rest of us a better tool to help us in staying safer. Enjoy the day, and be good to those around you.