Cyber Threats: Beware Of The World Wild Web

25 Dec 2020

My Dearest Mad-readers,

Modern society probably never has been as perilous as in the past decade. The emergence of what experts enjoy calling cyber security demonstrates the fateful ill-being of the internet. Our world may never have seen such an enlightened era yet, ethically speaking, the tools humans play with have the capacity to bring as much good as bad.

Disclaimer

I may not be a professional engineer, yet I profoundly look up to system administrators. One of their many duties is to anticipate potential threats. Whether it be for a company or any type of organization, and even on a more personal level. Indeed, you never know where an attack might come from. As it is, I take my admiration rather seriously, I see it as my duty to warn you against said threats.

Beware of the world wild web!

Social Engineering

What used to be known as phishing now has now evolved into something much more powerful : spear phishing, which one may also refer to as social engineering.

Be careful of what you post on social media such as Snapchat, Facebook, Twitter, Instagram, LinkedIn... These web platforms are gold mines for hackers, and they will not ask for your permission before helping themselves and ruining your lives. In my humble opinion, social networks should not even exist anymore. People have repeatedly proven they cannot responsibly make use of them. Not only do they represent the biggest security breaches out there, but they also maintain an atmosphere of disinformation.

Everything begins with you.

A company may have the best technical security policy in the world, it is worth nothing if its people are not sensitized. Keep yourself informed and careful, and you should be at least one step closer to being secure. Indeed, anyone can accomplish this type of hack. Anyone. No need to be a professional engineer.

Brute Force Attacks

Before worrying about what happens online, you need to change your behavior, as I said in the previous paragraph:

1. Do not leave your computer or your phone somewhere unguarded. Anyone could plug in a USB key and access all the data from your hard-disk anytime they want. Without even needing your password. They could also just steal your computer and take their time to mess with said data when they are comfortably back at home.
2. This goes with my first point: do mind your surroundings when in a public place and/or connected to a public network.
3. Have a strong and different password for every user account you have. Otherwise you will be vulnerable to password attacks. If you still have a password like "123456789", or "P@ssword", or even the name of your cat, for all I know, it is time for a change! A dictionary attack would break your password in less than 10 seconds... This is 2020 people! The Far Web is a dangerous place, so start taking it seriously!

What is it a dictionary attack, you ask? Why, glad you asked! First of all, it is an attack on your password. An individual tries to uncover it with:

• A file which contains a list of potential passwords (of words or other potential combinations).
• An algorithm which, when fed that file, tries all the potential combinations as quickly as possible. If your password is too weak, it can take seconds. If it is strong, it can take years.

Since it has never been easier to know where you click or what you spend the most time looking on a page, I recommend you be careful which web pages you visit, with which protocol, and where you click when on said page. If you follow this advice, you should avoid a lot of malware, ransomware, spyware, and whatnot.

How To Protect Yourself: Beware Of Appearances!

• Update your software regularly so that breaches of security coming from the source code get fixed. Keep away from outdated software as much as you can.
• Install a firewall and configure it properly.
• Install an antivirus and do the same. I am not talking about Windows proprietary junk like Avast or McAfee, though. Keep away from that. As the saying goes: Better be alone than in bad company.
• Avoid connecting to public networks or do it at your own risks...
• Do not trust certain old protocols: prefer https to http. Block telnet. Use ssh, though only if necessary. If you do not need it in your workflow, block it with your firewall.
• Do not take your emails for granted. You could always be the target of a hacker. Especially, never execute a .exe file which you do not know! Ever! It probably goes without saying for Linux users, but obviously do not execute a bash script if you are not sure what it does!
• Disable JavaScript whenever possible. If it does not break the website (you will not be able to watch YouTube without Javascript, for instance), just disable it entirely. It will be much more difficult to get to you already. Regarding cross-site scripting (JavaScript injection to change the behavior of a website), I hope all companies are aware of it nowadays and are taking it seriously.

Do not just buy a Mac Book because it is nice and shiny. Do not just buy Windows because it is easy. These operating-systems are targeted everyday because loads of people (like you) use them. Choose to stand out and run GNU/Linux or Unix (any flavor of BSD really). You will never be bothered again. First of all because it will force you to know what you are doing much more. Secondly, because it would not be profitable for a hacker to create a virus for BSD or Linux users, since there are so few (and Linux distributions all have their differences).

When installing opensource software, a community of enthusiasts and professionals also proofread the code. This means that you would know straight away if there was a virus in the program you intend to run.

You should really carefully choose your gear. This does not begin with your operating-system, obviously. It rather begins with the personal computer you will pick at the store or, as it is now customary, order online. If you purchase a Chrome Book, at least know what you are in for. If you always want the latest intel CPU on the market, at least know that Minix, a small operating-system originally created for educational purposes, runs inside of it. At least know that it has the capacity of running a web server behind your back and send your data wherever it feels like without asking your permission.

I have not spoken of network attacks like Man-in-the-middle, packet sniffers, compromised keys, distributed denial-of-service (DDoS) attacks... but this was voluntary. Most of you will never have any problems with those, since most of you (I expect) are not working with servers or ssh keys on a daily basis. If I was wrong, feel free to tell me in the comments and I will be happy to write a more detailed article about network attacks later. In 2021, for instance?

Conclusion & Sign-Off

In this troubled modern era in which cheating at a general election has become child play, and all big companies are fighting for your personal data and attention, it has never been more urgent to protect yourselves.

Cyber security starts with you!

Do be careful with everything you do online and, especially, begin reducing the time you spend connected to the internet. Your brain will thank you, and so will your family. It strangely is SO MUCH easier to connect with people when it does not happen through a screen.

Thank you for taking the time to read this blog post! If you liked it, feel free to let me know via email, by subscribing, liking, and/or commenting. You may also check out some more of my work. I also have a Patreon page, a YouTube channel, if you wish to support me there, and a GoodReads account.

Take care of yourselves,

Phil.