You will never be completely safe. And that's fine.
Security is about managing risk.
Hello friends,
I want to start today’s letter by showing you one of my favorite channels on YouTube. The channel name is “LockPickingLawyer” and, true to his name, he’s a lawyer that likes to pick locks. Many locks. All the locks.
At the time of this writing, there are 1408 videos uploaded to his channel where he very quickly picks locks, including more ‘high-tech’ locks. In fact, to my knowledge, Mr. LPL has yet to encounter a lock that he was unable to pick.
He shows that with the enough practice and the right tools, any lock can be broken into.
So does that mean that we no longer need to lock our doors? Are we to expect a B&E apocalypse any second now?
Thankfully, no. Quite the opposite.
Discussing crime statistics is a topic for another time.
What I think is important to remember is that :
Security is about more than just how good the lock on your door is.
AND
No matter how good the lock on your door is, the LockPickingLawyer probably knows how to pick it.
The second point is what I want to discuss with you in today’s newsletter.
Safety and security are never perfect and will always involve trade-offs.
In my previous post I discussed how you can better protect your privacy online by being judicious about what information you provide to the social media apps.
That is a trade-off. Your friends might not find your Twitter account if you don’t use your real name, but that will allow you to more easily make snide remarks about today’s cybersecurity news without these remarks being linked to your name.
If that sounds like something you’re into - make sure to follow me on Twitter
It also means that if Twitter were to suffer another security breach your real identity is less likely to come up
I plan to do a bigger post in the future about how hackers can use databases from previous data breaches to find people’s social media, employers and even more personal information, like where they live. But for now let’s just say that having a firstname.lastname@gmail.com linked to your social media may give your identity away and it’s not the best idea.
So what is one to do ? Live like a digital hermit ?
Social Media has been shown to affect our mental health - so disconnecting wouldn’t the worst idea, but the reality is that people are more and more engaged with their digital realities.
So if we can’t delete our accounts - we have to accept that some of our information may become exposed, therefore we should do our best to mitigate the damage.
How do I know what to look out for ?
Most of the cybersecurity news you’ll find will emphasize big stories involving foreign intelligence agencies or the big-name ransomware gangs.
There are lessons to be learned from those stories for regular folks, but for the most part, it’s safe to assume you won’t be encountering these types of threat actors in your day-to-day life.
Your most likely adversary is a scammer that will use publicly available data to find your credentials either by cracking them or through social engineering. Best news for you is that these days they seem to be very preoccupied with scamming the NFT people.
This goes back to my earlier point about what information you make public. The users that flex their expensive NFTs on Social Media become obvious targets.
What information do the bad guys have ?
Allow me to introduce you to a free resource to protect yourself : https://haveibeenpwned.com/
Have I Been Pwned is a website run by a former Microsoft security researcher that analyzes data found in breaches and will notify users who’s information has been compromised.
You just access the website, input your email address in the text field and check if it was part of a previous breach.
The email I used for this example has been included in two separate breaches on LinkedIn. Most alarmingly, this user’s password was included in the compromised data and was most likely cracked within a few days.
My next post will be about passwords (subscribe so you don’t miss it !). But as a sneak peek I also encourage you to access the “Passwords” tab and check any password you are using. Here’s an old password of mine :
7 times ! This password should never be used by anyone ever again. If your password gets similar results, you should change it ASAP.
You can (and should) even add your email address to the notification mailing list so the website will let you know if your info appears in a data breach.
There are more advanced resources that the bad guys use - but we don’t have to worry about those, as long as we cover remember the basics.
What should I do ?
I started by showing you how a YouTuber breaks can break into every lock he can find. But I also showed you that it doesn’t automatically mean that locks are useless.
As long as our data is out there, it is vulnerable. But that doesn’t mean there’s nothing we can do.
Use resources like https://haveibeenpwned.com/ to get a quick feel for where you’re personally vulnerable and act accordingly.
And watch out for next week’s post where I will discuss passwords.
So for now the sun is going down, stay safe and sound. I’ll see you next week.
My mom's email is definitely in some hacker's database.
Hi I'm new here I wanna know you more