A cold shiver runs down your spine as you stare at your screen as you think to yourself, “Could someone hack me?”. Any computer enthusiast has at some point considered their safety when it comes to the wonderful world that we call the internet. Some people get out right paranoid, while others call some smart IT person they know if they have a question like, can I use the airport’s WiFi connection to do my banking quickly?
For those concerned or interested in the matter of your device security let’s hop into some of the most vulnerable spots a nefarious black hat might hit you.
#5 – Get ready for your online date
The only dates that you should be concerned with regards to your security online are updates. Have you ever gotten tired of those pesky updates slowing down your connection when it is updating? Or those incessant messages that keep telling you that your automatic updates are disabled?
Well, I would suggest that you stick to keeping the updates on and all your software updated at all times, though this seems like common knowledge, you would be surprised at how many people turn them off and see them as an unnecessary evil on their computer systems. Even on mobile devices, is your device up-to-date with the latest patch or version?
The reason why these updates are important is, not only do they in many cases provide some cool features and functionality, but more importantly they contain core updates that removes vulnerabilities in the system. If you are not updated and there are known exploits for the version that you are running then you just become that much easier as a target to someone that wants to get their grubby hands on your precious information.
#4 – Get the anti game strong
Also something that you hear a lot. Get an antivirus, a good one. There are many suggestions out there for good anti virus software, but you should be careful of installing and downloading rogue software that looks like antivirus programs. These fake anti virus programs usually look very good, with well designed websites and a user interface you wish all the programs you ever downloaded would have. As soon as you boot one of these suckers up you get a result of 5,000 different issues and viruses that’s on your system. So? That’s good to find the bad stuff. On paper, yes, that’s brilliant, but with these programs as soon as you want to remove these issues that the program found for you, you get directed to a payment page. Asking you cold hard cash for fixing the issues, which it doesn’t.
For a list of trusted antivirus applications you can view a list of the best ones here.
Good, now that we are past the first hurdle in getting your antivirus, that is actually an anti virus, now we can have a quick look into why they are a good idea to have. These programs identify potential malware, viruses and other unwanted programs based on the researchers and developers that builds a database of these unwanted software. The antivirus then finds these occurrences on your device and then fixes them, either by isolating the threat or by removing it outright. Most antivirus suites these days also provides features to secure you online by protecting you from false websites and a range of other things.
It’s important to note that keeping antivirus software is important as per my previous point. It is also worth noting that some unwanted software might slip through the cracks, so you could always compliment your anti virus with a junk ware removal tool such as this one.
#3 – ugh, what was it again? P@ssw0rd?…shucks
Well, well, well, the old password thing again. The premise is simple. You log into quite a few things on a daily basis, ranging from you device, your emails, your Google account, your Twitter, your Facebook, the site you use to write your fire bars for your next mix-tape and probably a whole lot of other places too. We are only human and being as such a lot of us uses one password, almost like the ring from Lord of the rings, one password to rule them all. Question is, is your password as rock solid as you think it is? If an individual would get their hands on your password, where would they be able to look into?
If you are one of those one password users, that thought alone should scare you a bit, since most of your site newsletters etc. Goes to your email address, if someone gets your password and gets into your email, how far could an attacker reach? Not to worry, let me guide you a bit in some practices you could use to keep your password strong and your vulnerabilities minimal.
Change up your passwords every once-in-a-while. No, not one password for everywhere, get separate passwords for all your accounts. How am I supposed to remember them all? If you are anything like me then you can’t even remember what you ate last week, never mind almost 3 handfuls of passwords, luckily for us there are password manager tools that you can get, that keeps your information safe and in one place. Look into getting a password manager and use it to manage your multitudes of passwords that you might concoct to keep yourself safe.
You might also want to have a look at this list of the 1000 most common passwords that has been used and for good measure stay off of that list!
The other password that I want to make a specific mention about is the password on your router. All routers comes with a default password for logging into its settings. These default passwords are extremely easy to find. You can have a look for yourself here.
When someone can get into your router they can easily grab your ISP account details and use it to their hearts content, on your bill of course. My password just shows dots, not in plain text. The thing is there are multitude of tools that can show you what lies under the dots. Since it is useful for if you forgot yourself, you can look into Snadboy’s revelation v2 to see just how easy it is to use.
#2 – Let’s get technical.
Let us dive into some of the more juicy things. The above mentioned points are extremely valuable to your security online, but they should fall into common sense, maybe one day, am I right? Anyways, one of the things not many people know is that services or daemons running on your system may keep certain ports on your system open for communication purposes. These ports are numerical and serves to enable certain traffic to your system. Ports include email traffic, website traffic and a whole range of other traffic types.
There are a lot of these ports that keep listening for traffic, I will refer to this as open ports from now on. These open ports that serve no purpose to you as an individual user may be your personal backdoor to someone that is looking to get into your system. These services that are enables keeps ports open and active. There are a lot of port specific exploits and hacks that can breach one of the ports that you aren’t even using. You can easily narrow down your list of open ports by disabling the daemons/services that keep these ports open.
The question is, which ports do I disable? Here you can find a comprehensive list of services you can disable in order to shut down some of the ports (guide). One of the first things a hacker does is run scans against a target system to determine which ports are open and then they can work down a list of possible exploits to use against the system in order to either gather more information or to breach the system. This is also the reason why anti virus software is so important, since Trojan programs can create open ports and other vulnerabilities.
You keep talking about exploits and a list of exploits, you make it sound so easy. The thing is that there are tools to scan, sniff and attack systems around every corner. One of the biggest and most popular exploit databases (At least for ethical hackers) is the Metasploit platform. Just have a look at their extensive list of exploits exploits updated constantly with new things.
Ports are only scratching the surface of the technical things that you could do to minimize your target size for attackers. At least it is a strong and effective one.
#1 – Me, myself and I
Have you ever just googled yourself? Looked at your social media platforms to see how much someone can find out about you publicly? You could also use a people finder like PeekYou to see how much the internet could find out about you. This is probably the scariest trip that I had to take myself, to see how much people could really know about me.
The thing with information like telephone numbers, maiden names, pet names and the things you hold dear to you on a public domain, is that a lot of times they form part of your passwords. Maybe even where you work, hackers don’t really target individuals, but they could mark you as someone that works for a specific company and try social engineering techniques to draw out information from you to compromise your company’s network. They could also work their way into your social networks and gather as much information as what they possibly can from you.
The point that I want to make in this section is that the security of your online world and your physical system starts with you. Obfuscate the things that is not intended for everyone to see. Add your details to private sections, only friends sections or remove unneeded details completely. Never make mention of your passwords or share them with anyone. Educate yourself, keep up to date with your software, know the most common problems that you might face and never trust a source of an email or software that asks you for details when you are not ten thousand percent sure that you are where you need to be.
#0 – Conclusion
These points seem simple, but they pack a huge punch with regards to your security and privacy. If you haven’t implemented some of these steps then you really should consider doing so. The world of technology is expanding at a rapid rate and also the cracks where people might get in, luckily there are ways to keep safe and secure.
If you want to know more about hacking techniques or threats in our online world, make sure that you hit us up on our twitter account, drop a comment or email us. I hope that you enjoyed this article, see you for the next one.
Written by: NinjaClicks
Some links for further reading if you so desire:
http://webkay.robinlinus.com/ – How much your browser knows about you
http://www.passwordrandom.com/password-strength-checker – password strength check
http://www.smithtechres.com/fake-antivirus-and-antispyware.html – fake anti virus list
http://www.pearsonitcertification.com/articles/article.aspx?p=1868080 – list of ports
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#tab=OWASP_Top_10_for_2017_Release_Candidate – top ten threats