WEBVTT 1 00:00:00.080 --> 00:00:03.120 Welcome to another deep dive. Today we'll be exploring the 2 00:00:03.120 --> 00:00:08.400 complete cybersecurity course, Volume one, Hackers Exposed by Nathan House. 3 00:00:08.720 --> 00:00:11.839 Yeah. This one's a really fantastic resource for anyone who 4 00:00:11.839 --> 00:00:15.279 wants to better understand well the nuts and bolts of 5 00:00:15.320 --> 00:00:16.719 protecting their digital lives. 6 00:00:16.839 --> 00:00:19.079 It's a very hands on guide and it covers just 7 00:00:19.160 --> 00:00:22.519 a ton of cybersecurity topics, from the basics all the 8 00:00:22.559 --> 00:00:24.239 way up to more advanced stuff. 9 00:00:24.280 --> 00:00:24.839 Absolutely. 10 00:00:24.920 --> 00:00:26.199 You know, one of the things that really struck me 11 00:00:26.280 --> 00:00:29.480 early on was how the author really emphasizes, you know, 12 00:00:29.600 --> 00:00:32.240 figuring out what's actually important to you before you even 13 00:00:32.280 --> 00:00:35.759 start thinking about firewalls and encryption and all of that. 14 00:00:35.759 --> 00:00:37.759 That's a really important point. You need to know what 15 00:00:37.759 --> 00:00:41.000 you're trying to protect before you can effectively protect it exactly. 16 00:00:41.119 --> 00:00:43.600 I mean, what can you absolutely not afford to lose, 17 00:00:44.200 --> 00:00:49.439 What data, what accounts, what information is is really really 18 00:00:49.479 --> 00:00:50.159 critical to you. 19 00:00:50.280 --> 00:00:51.679 I think that's one of the things that makes this 20 00:00:51.679 --> 00:00:55.240 book so valuable. It really personalizes the security journey. 21 00:00:55.320 --> 00:00:58.119 Yeah, it helps you figure out what your priorities are 22 00:00:58.200 --> 00:01:01.359 and how to create a security plan that actually works for. 23 00:01:01.320 --> 00:01:05.159 You, right, because everyone's situation is different exactly. 24 00:01:05.200 --> 00:01:07.280 And It also helps to clear up a lot of 25 00:01:07.319 --> 00:01:10.519 confusion around around some key terms that I think get 26 00:01:10.519 --> 00:01:14.959 thrown around a lot. Privacy, anonymity, and pseudonymity. 27 00:01:15.040 --> 00:01:18.120 Yeah, those terms are often used interchangeably, but they actually 28 00:01:18.120 --> 00:01:19.640 have very distinct meanings. 29 00:01:19.760 --> 00:01:22.040 The book does a really great job of breaking those down. 30 00:01:22.239 --> 00:01:24.599 It does so privacy, for example, you know, the book 31 00:01:24.640 --> 00:01:28.680 talks about that being about controlling access to your information, 32 00:01:29.200 --> 00:01:32.280 like making sure only the intended recipient can read your 33 00:01:32.319 --> 00:01:35.239 emails or you know, access your financial data. 34 00:01:35.319 --> 00:01:38.239 Right, It's about keeping your information confidential exactly. 35 00:01:38.319 --> 00:01:40.599 And then anonymity that's a whole other level. 36 00:01:40.640 --> 00:01:44.519 Anonymity is about making it impossible to link actions back 37 00:01:44.560 --> 00:01:47.719 to your identity. It's like leaving no fingerprints at a 38 00:01:47.719 --> 00:01:48.400 crime scene. 39 00:01:48.519 --> 00:01:51.319 So like that burner phone scenario we always see in 40 00:01:51.319 --> 00:01:53.959 the movies, exactly, the spies use a burner phone, yeah, 41 00:01:53.959 --> 00:01:56.280 and then they just you know, check it in the trash, 42 00:01:56.400 --> 00:01:59.519 no trace, no trace. And then you've got pseudonymity, which 43 00:01:59.560 --> 00:02:00.519 is somewhere in between. 44 00:02:00.879 --> 00:02:04.239 Right. Pseudonymity is about using a fake name or an 45 00:02:04.319 --> 00:02:07.879 alias to protect your real identity, but still maintaining a 46 00:02:07.920 --> 00:02:08.960 consistent persona. 47 00:02:09.400 --> 00:02:12.439 Okay, so you're not completely anonymous, but you're not using 48 00:02:12.439 --> 00:02:15.680 your real name either, exactly. Okay, that makes sense. So 49 00:02:15.719 --> 00:02:18.560 we've talked about what we want to protect. Now let's 50 00:02:18.560 --> 00:02:19.159 talk about the. 51 00:02:19.120 --> 00:02:23.560 Threats, right, because the threat landscape is constantly evolving. 52 00:02:23.879 --> 00:02:27.360 Yeah, the book really opened my eyes to how diverse 53 00:02:27.599 --> 00:02:30.319 the dangers out there are. Mean, it's not just about 54 00:02:30.319 --> 00:02:33.280 some you know, lone wolf hacker in a dark room, 55 00:02:33.400 --> 00:02:35.000 you know, trying to break into my computer. 56 00:02:35.360 --> 00:02:38.080 Right. A lot of the threats are automated these days. 57 00:02:38.439 --> 00:02:42.360 Hackers use programs to scan for vulnerabilities, and that means 58 00:02:42.360 --> 00:02:43.719 that anyone can be a target. 59 00:02:43.960 --> 00:02:46.400 Okay, so it's not necessarily personal. 60 00:02:46.199 --> 00:02:48.560 Not always. And then they're also targeted attacks. 61 00:02:48.560 --> 00:02:51.120 Okay, so someone's specifically going after me, right. 62 00:02:51.199 --> 00:02:54.159 It could be based on your activities, your location, or 63 00:02:54.199 --> 00:02:55.919 the information that you share online. 64 00:02:56.199 --> 00:02:57.879 I actually had a question about that, you know, because 65 00:02:57.879 --> 00:03:00.319 I do a lot of online shopping and I always thought, well, 66 00:03:00.319 --> 00:03:03.400 if I see that little padlock icon in my browser window, 67 00:03:03.879 --> 00:03:04.960 that means I'm safe. 68 00:03:05.120 --> 00:03:08.759 That padlock means you're using HTTPS, right, which relies on 69 00:03:09.000 --> 00:03:12.199 ssltls to encrypt your connection. So it makes it much 70 00:03:12.240 --> 00:03:13.840 harder for someone to snoop on your data. 71 00:03:13.919 --> 00:03:14.800 Okay, that makes sense. 72 00:03:14.840 --> 00:03:17.520 But here's the thing you mentioned. You travel a lot 73 00:03:17.560 --> 00:03:20.280 for work, right I do. Yeah, imagine you're at a 74 00:03:20.319 --> 00:03:24.280 conference and you're using their WiFi. Someone could be using 75 00:03:24.319 --> 00:03:27.280 a tool like a Wi Fi Pineapple to perform what's 76 00:03:27.319 --> 00:03:28.680 called an SSL. 77 00:03:28.319 --> 00:03:30.479 Strip attack a Wi Fi Pineapple. 78 00:03:30.599 --> 00:03:33.080 It sounds kind of silly, but it's actually a pretty 79 00:03:33.159 --> 00:03:36.800 serious tool that hackers can use to basically trick your 80 00:03:36.800 --> 00:03:39.280 browser into thinking the connection isn't encrypted. 81 00:03:39.560 --> 00:03:41.919 Wait, so even though I see the padlock, my data 82 00:03:41.960 --> 00:03:43.120 could still be exposed. 83 00:03:43.520 --> 00:03:47.000 Exactly. It highlights the importance of being cautious even when 84 00:03:47.000 --> 00:03:48.639 you think you're on a secure connection. 85 00:03:48.840 --> 00:03:51.800 Okay, that's definitely something to think about. So even HTTPS 86 00:03:51.840 --> 00:03:54.039 isn't fool proof, No it's not. And then on top 87 00:03:54.080 --> 00:03:56.360 of all that, you know, the book mentions this whole 88 00:03:56.400 --> 00:04:00.240 marketplace of vulnerabilities, like hackers can actually buy ex wait 89 00:04:00.319 --> 00:04:03.360 kits and zero day vulnerabilities on the dark net. 90 00:04:03.639 --> 00:04:06.879 It's a chilling thought, right, there are literally marketplaces where 91 00:04:06.879 --> 00:04:10.039 cyber criminals can buy and sell tools to break into systems. 92 00:04:10.120 --> 00:04:12.639 Yeah, that's pretty unsettling, and they're paying a lot of 93 00:04:12.680 --> 00:04:13.560 money for these things. 94 00:04:13.639 --> 00:04:16.759 They are some of these exploits can go for thousands 95 00:04:16.800 --> 00:04:17.720 of dollars. 96 00:04:17.399 --> 00:04:20.759 So that tells you how valuable this information is. It does, Okay, 97 00:04:20.839 --> 00:04:23.079 so even if I'm being super careful, so it could 98 00:04:23.160 --> 00:04:26.560 still you know, buy a digital skeleton key to my 99 00:04:26.639 --> 00:04:27.480 online life. 100 00:04:27.560 --> 00:04:30.639 It's a possibility, and it's something to be aware. 101 00:04:30.319 --> 00:04:32.920 Of, okay. And then you know, on top of all that, 102 00:04:32.959 --> 00:04:35.879 you have the whole issue of government surveillance. I mean 103 00:04:36.199 --> 00:04:38.959 sometimes it feels like something out of a spy thriller, right. 104 00:04:39.120 --> 00:04:41.480 It's definitely something to be aware of. The book talks 105 00:04:41.519 --> 00:04:45.480 about programs like the Five Eyes Alliance, where intelligence agencies 106 00:04:45.839 --> 00:04:49.120 from multiple countries share information Five Eyes. 107 00:04:49.319 --> 00:04:51.560 Yeah, it sounds like something out of a James Bond movie. 108 00:04:51.720 --> 00:04:54.199 It does, doesn't it. And then there are tools like 109 00:04:54.279 --> 00:04:56.879 Carnivore that can intercept Internet traffic. 110 00:04:56.920 --> 00:04:58.439 So even our governments are watching us. 111 00:04:58.519 --> 00:05:02.079 It's a possibility, and it raises some serious questions about 112 00:05:02.079 --> 00:05:04.519 privacy and how much of it we actually have online. 113 00:05:04.639 --> 00:05:07.000 Yeah, it feels like we're walking a tightrope between staying 114 00:05:07.079 --> 00:05:09.160 safe and maintaining our privacy. 115 00:05:09.240 --> 00:05:11.240 It's a delicate balance, it is. 116 00:05:11.639 --> 00:05:14.000 What about these back doors that I've heard about? Are 117 00:05:14.000 --> 00:05:14.800 those real? 118 00:05:15.160 --> 00:05:19.240 Unfortunately? Yes, A back door is basically a hidden vulnerability 119 00:05:19.279 --> 00:05:22.000 that's intentionally built into software. 120 00:05:22.279 --> 00:05:24.160 Intentionally, Why would anyone do that? 121 00:05:24.199 --> 00:05:27.519 Often it's done by governments to gain access to encrypted data. 122 00:05:27.839 --> 00:05:30.360 So even our own governments could be putting back doors 123 00:05:30.360 --> 00:05:31.160 in our software. 124 00:05:31.360 --> 00:05:35.639 It's happened before. The book uses the example of Juniper routers. 125 00:05:36.120 --> 00:05:38.839 A backdoor was discovered in their software that allowed someone 126 00:05:38.879 --> 00:05:40.800 to eavesdrop on connections. 127 00:05:40.879 --> 00:05:43.000 So even the hardware can be compromised. 128 00:05:43.079 --> 00:05:46.800 It's a possibility, and it's why understanding these vulnerabilities is 129 00:05:46.800 --> 00:05:47.399 so important. 130 00:05:47.439 --> 00:05:49.000 It's a lot to take in. It makes you want to, 131 00:05:49.079 --> 00:05:55.120 you know, just run and hide, disconnect from the internet completely. 132 00:05:55.519 --> 00:05:58.480 But the book does talk about encryption as being a 133 00:05:58.519 --> 00:06:01.879 powerful tool it is. Can you explain how encryption works? 134 00:06:01.920 --> 00:06:03.920 I always get a bit lost with the technical stuff. 135 00:06:04.199 --> 00:06:08.160 Basically, encryption is the process of scrambling data to make 136 00:06:08.199 --> 00:06:11.920 it unreadable without the correct key. It's like putting a 137 00:06:11.959 --> 00:06:15.199 message in a locked box that only the intended recipient 138 00:06:15.319 --> 00:06:16.480 has the key to open. 139 00:06:16.759 --> 00:06:18.920 Okay, that makes sense. Sounds like a secret code. 140 00:06:19.040 --> 00:06:21.160 You could think of it that way. And there are 141 00:06:21.199 --> 00:06:24.839 different types of encryption. Symmetric encryption uses the same key 142 00:06:24.920 --> 00:06:29.120 to encrypt and decrypt the data, while asymmetric encryption uses 143 00:06:29.160 --> 00:06:30.600 different keys for each. 144 00:06:30.800 --> 00:06:33.480 Okay, so symmetric is like having one key that fits 145 00:06:33.519 --> 00:06:37.600 both locks, and asymmetric is like having two separate keys, exactly. 146 00:06:37.800 --> 00:06:40.759 And I always hear about AES encryption being the gold standard. 147 00:06:40.839 --> 00:06:41.279 Is that, right? 148 00:06:41.439 --> 00:06:45.199 AES is a type of symmetric encryption, and it's considered. 149 00:06:44.839 --> 00:06:47.399 Very strong, so it's pretty much unbreakable. 150 00:06:47.000 --> 00:06:50.079 With current technology. Yes, it's even used by governments to 151 00:06:50.120 --> 00:06:51.560 protect classified information. 152 00:06:52.079 --> 00:06:55.079 So encryption sounds like a powerful way to protect our data. 153 00:06:55.480 --> 00:06:58.800 It definitely is, but it's not the only strategy. The 154 00:06:58.839 --> 00:07:01.759 book also talks about the concept of isolation, which is 155 00:07:01.800 --> 00:07:05.839 all about dividing your digital life into different security zones. 156 00:07:05.920 --> 00:07:08.480 Okay, so it's like having different bank accounts for different 157 00:07:08.519 --> 00:07:09.600 purposes exactly. 158 00:07:10.040 --> 00:07:13.399 If one account is compromised, the others are safe. And 159 00:07:13.439 --> 00:07:15.759 the book talks about some interesting ways to achieve this, 160 00:07:16.000 --> 00:07:19.240 like using separate devices for different activities, so. 161 00:07:19.199 --> 00:07:22.120 Like having a dedicated computer just for online banking. 162 00:07:22.680 --> 00:07:25.800 Right, But that's not always practical for everyone. So the 163 00:07:25.800 --> 00:07:28.079 book also gets into virtual machines. 164 00:07:28.199 --> 00:07:30.759 Virtual machines, I've heard the term, but I'm not really 165 00:07:30.759 --> 00:07:31.839 sure what that means. 166 00:07:31.759 --> 00:07:35.000 A virtual machine is basically a computer within your computer. 167 00:07:35.519 --> 00:07:39.160 You can create isolated environments where you can run potentially 168 00:07:39.240 --> 00:07:43.120 risky applications without affecting your main operating system. 169 00:07:43.279 --> 00:07:45.560 So if something goes wrong in the virtual machine, it 170 00:07:45.600 --> 00:07:47.959 doesn't affect my actual computer exactly. 171 00:07:48.000 --> 00:07:50.160 It's like having a sandbox where you can play without 172 00:07:50.199 --> 00:07:51.519 worrying about making a mess. 173 00:07:51.680 --> 00:07:55.160 Okay, that's a pretty clever idea. Are there other isolation 174 00:07:55.319 --> 00:07:57.040 techniques that the book mentions. 175 00:07:57.360 --> 00:08:00.560 Yeah, it talks about hiding encrypted volumes, which makes your 176 00:08:00.639 --> 00:08:03.920 data much harder to find, and even changing your MEE. 177 00:08:03.800 --> 00:08:06.240 Address, changing my MA address. What's that? 178 00:08:06.519 --> 00:08:10.199 Your MS address is a unique identifier for your device's 179 00:08:10.319 --> 00:08:13.600 network card. Okay, by changing it, you can make it 180 00:08:13.680 --> 00:08:16.160 more difficult to track your device on a network. 181 00:08:16.439 --> 00:08:19.120 So it's like changing your car's license plate exactly. 182 00:08:19.480 --> 00:08:21.839 And the book even walks you through how to do 183 00:08:21.920 --> 00:08:25.519 this using tools like TMA for Windows and mechy changer 184 00:08:25.600 --> 00:08:26.279 for Linux. 185 00:08:26.360 --> 00:08:28.399 Okay, so it's not as complicated as it sounds. 186 00:08:28.519 --> 00:08:30.079 No, it's actually pretty straightforward. 187 00:08:30.120 --> 00:08:32.320 Okay, this is all starting to make sense. Yeah, but 188 00:08:32.360 --> 00:08:34.279 it sounds like the operating consume you use plays a 189 00:08:34.279 --> 00:08:36.320 big role in security too, it does. 190 00:08:36.679 --> 00:08:40.200 All operating systems have their strengths and weaknesses. The book 191 00:08:40.240 --> 00:08:45.159 compares Windows, mac OSX, and Linux in terms of security 192 00:08:45.240 --> 00:08:45.919 and privacy. 193 00:08:46.120 --> 00:08:48.799 I've always heard that MAX are more secure than Windows PCs. 194 00:08:49.080 --> 00:08:52.600 That's a common myth. While MAX have historically had fewer 195 00:08:52.679 --> 00:08:55.519 viruses targeting them, they're not immune to attacks. 196 00:08:55.679 --> 00:08:58.360 Okay, so no operating system is perfect. 197 00:08:58.159 --> 00:09:00.720 Exactly, and the book goes into detail tail about some 198 00:09:00.799 --> 00:09:02.559 privacy concerns with Windows ten. 199 00:09:02.919 --> 00:09:04.720 Windows ten. What's wrong with it? 200 00:09:04.720 --> 00:09:08.600 It collects a lot of data about your browsing history, 201 00:09:08.799 --> 00:09:10.240 app usage, location. 202 00:09:10.639 --> 00:09:12.480 It does I had no idea, It's all in. 203 00:09:12.399 --> 00:09:14.960 The privacy policy. And while some of this data collection 204 00:09:15.039 --> 00:09:17.840 can be useful, it also raises privacy concerns. 205 00:09:18.240 --> 00:09:19.639 Is there any way to stop it? 206 00:09:19.960 --> 00:09:22.679 The book suggests some tools to help you customize your 207 00:09:22.679 --> 00:09:25.919 privacy settings in Windows ten, or you could look into 208 00:09:25.919 --> 00:09:28.879 more privacy focused operating systems like Linux. 209 00:09:29.120 --> 00:09:31.720 Linux. That sounds pretty technical, it can be. 210 00:09:31.960 --> 00:09:34.720 But there are distributions like Debian that are known for 211 00:09:34.759 --> 00:09:37.200 their strong security and privacy features. 212 00:09:37.480 --> 00:09:39.559 So even though it might be a little more challenging 213 00:09:39.600 --> 00:09:42.480 to use, Linux could be a good option for someone 214 00:09:42.519 --> 00:09:44.159 who's really serious about. 215 00:09:43.879 --> 00:09:47.759 Privacy, absolutely, and the book provides some basic guidance on 216 00:09:47.919 --> 00:09:50.639 using Linux, so it's not as daunting as it might seem. 217 00:09:50.679 --> 00:09:53.480 Okay, So it's not just about choosing the right operating system, 218 00:09:53.480 --> 00:09:54.919 it's also about knowing how to use. 219 00:09:54.759 --> 00:09:59.000 It securely exactly. And the book goes beyond the technical solutions, 220 00:09:59.440 --> 00:10:01.919 highlighting the the human factor in cybersecurity. 221 00:10:02.559 --> 00:10:03.360 The human factor. 222 00:10:03.399 --> 00:10:06.000 What do you mean, well, that brings us to social engineering. 223 00:10:06.360 --> 00:10:10.320 Ah? Yes, those pesky phishing emails. 224 00:10:10.039 --> 00:10:13.639 That's one example, but social engineering is a much broader concept. 225 00:10:13.799 --> 00:10:17.279 It's about manipulating people into giving up sensitive information. 226 00:10:17.600 --> 00:10:20.000 So it's not just about hacking into computers. It's about 227 00:10:20.000 --> 00:10:21.480 hacking into. 228 00:10:21.360 --> 00:10:23.679 People exactly, and it can be very effective. 229 00:10:23.840 --> 00:10:27.039 Okay, So what can we do to protect ourselves from 230 00:10:27.080 --> 00:10:28.519 social engineering attacks? 231 00:10:29.080 --> 00:10:32.399 The book offers some strategies for managing your online identity 232 00:10:32.440 --> 00:10:36.279 and minimizing how much personal information you reveal, Like what Well, 233 00:10:36.320 --> 00:10:38.879 it starts by questioning whether you even need to be 234 00:10:39.000 --> 00:10:42.399 on social media? Could you avoid it altogether or at 235 00:10:42.519 --> 00:10:45.200 least minimize your usage. 236 00:10:44.840 --> 00:10:47.320 For some people, maybe, but social media is a big 237 00:10:47.360 --> 00:10:49.039 part of a lot of people's lives these days. 238 00:10:49.120 --> 00:10:52.960 I agree. So the next level is compartmentalization. Can you 239 00:10:53.159 --> 00:10:56.200 use different online identities for different purposes. 240 00:10:56.039 --> 00:10:58.360 So like having a separate persona for work and for 241 00:10:58.440 --> 00:10:59.639 personal stuff exactly. 242 00:10:59.679 --> 00:11:02.879 You can also keep your personal and professional networks completely separate, 243 00:11:03.200 --> 00:11:06.399 or be really mindful about what information you're sharing online. 244 00:11:06.559 --> 00:11:09.120 It's all about creating a strategy that works for you 245 00:11:09.240 --> 00:11:10.039 and your needs. 246 00:11:10.399 --> 00:11:12.360 Okay, that makes sense. What about when you have to 247 00:11:12.360 --> 00:11:15.320 register on websites it feels like you're always giving up 248 00:11:15.360 --> 00:11:16.399 some personal information. 249 00:11:17.200 --> 00:11:20.919 The book suggests some clever workarounds for that. First, try 250 00:11:20.919 --> 00:11:23.480 to find services that don't even require you to create 251 00:11:23.480 --> 00:11:24.080 an account. 252 00:11:24.639 --> 00:11:25.480 I never thought of that. 253 00:11:25.960 --> 00:11:28.919 But when you do need to register, the book suggest 254 00:11:29.000 --> 00:11:34.360 creating a separate email address specifically for online registrations. 255 00:11:33.639 --> 00:11:35.960 So like a throwaway email address that I just use 256 00:11:36.039 --> 00:11:37.159 for signing. 257 00:11:36.919 --> 00:11:40.000 Up for things exactly. And for those websites that require 258 00:11:40.039 --> 00:11:42.559 you to verify your phone number with an SMS code, 259 00:11:42.919 --> 00:11:45.960 the book even mentions sites that offer temporary phone numbers 260 00:11:46.080 --> 00:11:46.720 so I don't have to. 261 00:11:46.679 --> 00:11:49.320 Give up my real number. That's brilliant, it is. 262 00:11:49.320 --> 00:11:51.360 And it can really help to protect your privacy. 263 00:11:51.519 --> 00:11:54.919 Okay, what about those social engineering tactics we talked about earlier, 264 00:11:55.200 --> 00:11:58.519 Like phishing emails. How can I avoid falling for those? 265 00:11:59.240 --> 00:12:01.240 Well, one of the biggest those things is to never 266 00:12:01.440 --> 00:12:04.399 click on links and emails, especially if they're asking for 267 00:12:04.480 --> 00:12:05.919 personal information. 268 00:12:05.960 --> 00:12:09.679 Right because that link could lead to a fake website 269 00:12:10.000 --> 00:12:12.679 designed to steal my passwords exactly. 270 00:12:13.000 --> 00:12:16.120 Instead, always type the website addressed directly into your browser. 271 00:12:16.279 --> 00:12:18.840 Good advice. And if I do need to click a link, 272 00:12:18.879 --> 00:12:19.720 what should I look for? 273 00:12:19.879 --> 00:12:23.759 Pay close attention to the URL, look for misspellings, unusual 274 00:12:23.799 --> 00:12:28.000 domain names, or anything that seems off. Be a digital detective. 275 00:12:28.159 --> 00:12:30.799 Okay, I like that, Be a digital detective. 276 00:12:31.039 --> 00:12:35.080 Another good tip is to be suspicious of any unsolicited contact, 277 00:12:35.320 --> 00:12:39.039 whether it's an email, phone call, or text message. Don't 278 00:12:39.120 --> 00:12:43.039 give out personal information unless you've independently verified the identity 279 00:12:43.080 --> 00:12:45.320 of the person or organization contacting you. 280 00:12:45.559 --> 00:12:48.919 So no trusting those emails from Nigerian princes exactly. 281 00:12:49.159 --> 00:12:52.519 Remember, social engineering is all about exploiting our trust and 282 00:12:52.559 --> 00:12:56.679 our emotions. Staying calm and thinking critically is your best defense. 283 00:12:57.039 --> 00:12:59.720 Okay. So it's not just about technology, it's about changing 284 00:12:59.759 --> 00:13:01.840 the way we think about security exactly. 285 00:13:01.919 --> 00:13:05.000 It's about being vigilant, cautious, and skeptical. 286 00:13:05.159 --> 00:13:05.679 I like that. 287 00:13:05.840 --> 00:13:08.840 Not taking anything at face value and being aware of 288 00:13:08.840 --> 00:13:11.240 potential dangers both online and offline. 289 00:13:11.320 --> 00:13:13.080 Okay, So it's about taking ownership of. 290 00:13:13.000 --> 00:13:16.240 Our security exactly, and that's what this book is all about. 291 00:13:16.639 --> 00:13:20.440 It's about empowering us to protect ourselves in the digital world. 292 00:13:20.840 --> 00:13:22.879 This has been really helpful. I'm feeling a lot more 293 00:13:22.879 --> 00:13:25.840 informed and maybe a little more paranoid, but in a 294 00:13:25.879 --> 00:13:26.320 good way. 295 00:13:26.399 --> 00:13:29.960 That's the point. Awareness is the first step to protecting yourself. 296 00:13:30.039 --> 00:13:32.360 Okay. So now that we've got a basic understanding of 297 00:13:32.399 --> 00:13:35.000 the threats and the tools, where do we go from here? 298 00:13:35.080 --> 00:13:37.240 Well, the book goes into a lot more detail about 299 00:13:37.240 --> 00:13:40.440 the different types of attacks, the motivations behind them, and 300 00:13:40.480 --> 00:13:42.759 the strategies you can use to defend yourself. 301 00:13:42.840 --> 00:13:44.639 Okay, So there's a lot more to learn. 302 00:13:44.519 --> 00:13:46.679 There is, but don't worry, we'll cover it all in 303 00:13:46.720 --> 00:13:47.600 our next deep dive. 304 00:13:47.720 --> 00:13:48.919 Great, I'm looking forward to. 305 00:13:48.840 --> 00:13:51.720 It me too. We've talked a lot about, you know, 306 00:13:51.799 --> 00:13:56.240 the technical side of cybersecurity, firewalls, encryption. 307 00:13:56.200 --> 00:13:58.320 All that good stuff, right, the tools and the tactics. 308 00:13:58.440 --> 00:14:03.279 But this book that come complete cybersecurity course, it really 309 00:14:03.519 --> 00:14:07.480 it really hits home the point about well, the human element, the. 310 00:14:07.480 --> 00:14:10.399 Human element, right, right, because, like we said, social engineering 311 00:14:10.960 --> 00:14:13.840 that praise on our emotions, exact our trust. 312 00:14:14.279 --> 00:14:17.559 It's not just about you know, having the strongest firewall 313 00:14:17.679 --> 00:14:22.480 or the most complex encryption algorithm. It's about recognizing that people, 314 00:14:22.600 --> 00:14:24.320 well people are often the weakest link. 315 00:14:24.600 --> 00:14:27.600 Yeah, that makes sense. So let's talk about these attackers. 316 00:14:27.679 --> 00:14:29.200 Who are they, what makes them tick? 317 00:14:29.360 --> 00:14:32.399 Well, the book goes into like a pretty good amount 318 00:14:32.440 --> 00:14:36.639 of detail about the different types of attackers. You've got 319 00:14:36.679 --> 00:14:41.200 you know what they call script kitties, scrypt kitties. Yeah, basically, 320 00:14:41.519 --> 00:14:46.120 they're amateurs. They're using pre made tools causing mischief. 321 00:14:46.399 --> 00:14:46.600 Right. 322 00:14:47.039 --> 00:14:51.279 Then you've got your cyber criminals motivated by well profit, 323 00:14:51.759 --> 00:14:57.159 they're trying to steal data, financial information, intellectual property. 324 00:14:56.840 --> 00:14:57.840 Steal money basically. 325 00:14:57.960 --> 00:15:02.399 Yeah, and then you've got well, well, the state sponsored hackers. 326 00:15:02.080 --> 00:15:05.320 State sponsored hackers. That sounds like something out of you know, 327 00:15:05.440 --> 00:15:06.279 a spy movie. 328 00:15:06.399 --> 00:15:08.960 It does sound like a Hollywood plot, but it's very real. 329 00:15:09.120 --> 00:15:10.879 So governments are actually hiring hackers. 330 00:15:11.080 --> 00:15:14.559 Well, they're investing in you know, cyber capabilities, Okay, for 331 00:15:14.639 --> 00:15:16.720 both defensive and offensive purposes. 332 00:15:17.080 --> 00:15:19.759 Right, So they're trying to protect themselves, but they're also 333 00:15:19.879 --> 00:15:22.120 using these capabilities to attack other countries. 334 00:15:22.320 --> 00:15:27.000 It's a digital arms race, countries fighting for control in cyberspace. 335 00:15:27.159 --> 00:15:30.080 It's like a whole new battlefield. So what kind of 336 00:15:30.080 --> 00:15:31.080 tactics are they using? 337 00:15:31.240 --> 00:15:35.879 Oh, all sorts of things, spear phishing, malware, and you 338 00:15:35.879 --> 00:15:39.919 know those social engineering techniques we talked about spearfishing. What's that, Well, 339 00:15:39.960 --> 00:15:44.840 spear phishing, it's it's a targeted attack where the attacker, 340 00:15:45.200 --> 00:15:48.919 you know, researches their victim, they craft a very specific email. 341 00:15:49.159 --> 00:15:51.399 Oh so it's not just some random spam email. 342 00:15:51.559 --> 00:15:52.919 No, this is very personalized. 343 00:15:53.000 --> 00:15:53.320 Okay. 344 00:15:53.399 --> 00:15:56.879 They might use information they've gathered from like social media 345 00:15:57.039 --> 00:15:59.679 or company websites to make it look like it's coming 346 00:15:59.720 --> 00:16:01.559 from well, a trusted source. 347 00:16:01.679 --> 00:16:03.840 So it's like a con artist gaining your trust before 348 00:16:03.960 --> 00:16:04.840 taking advantage of you. 349 00:16:05.159 --> 00:16:07.000 That's a good way to put it. And then there's malware, 350 00:16:07.080 --> 00:16:10.039 which is any software designed to harm or exploit a system. 351 00:16:10.200 --> 00:16:12.720 Okay, malware, that's a pretty broad term, right, I mean, 352 00:16:12.759 --> 00:16:13.879 what are some examples of that. 353 00:16:13.960 --> 00:16:20.039 You've got viruses, worms, trojans, ransomware. There's all kinds. 354 00:16:19.799 --> 00:16:22.440 Really, so many different ways to cause havoc. 355 00:16:22.559 --> 00:16:26.399 They have different ways of infiltrating systems and causing damage yeah, 356 00:16:26.480 --> 00:16:27.559 I mean ransomware. 357 00:16:27.759 --> 00:16:30.200 That one's been in the news a lot lately. It 358 00:16:30.279 --> 00:16:33.240 has encrypting people's files and holding them hostage. 359 00:16:33.320 --> 00:16:35.720 It's become a big business for cyber criminals. 360 00:16:35.879 --> 00:16:39.679 Yeah, and it's not just targeting individuals anymore. It's hitting businesses, 361 00:16:39.720 --> 00:16:40.879 even government agencies. 362 00:16:40.919 --> 00:16:42.799 It can cripple entire organizations. 363 00:16:43.159 --> 00:16:46.440 Right, and I've heard they often demand payment, and bitcoin 364 00:16:46.600 --> 00:16:48.559 or some other cryptocurrency. 365 00:16:48.919 --> 00:16:55.120 Cryptocurrencies offer a level of anonymity that's well, it's attractive to. 366 00:16:55.080 --> 00:16:58.480 Criminals, right, makes it harder to trace exactly. So it's 367 00:16:58.519 --> 00:17:01.720 like a perfect crime digital it can feel that way. 368 00:17:01.840 --> 00:17:03.840 Yeah, it's a serious threat. 369 00:17:04.119 --> 00:17:07.839 Okay, so we've got phishing, we've got social engineering malware. 370 00:17:08.079 --> 00:17:11.000 What about those exploit kits we talked about earlier, those 371 00:17:11.039 --> 00:17:13.000 pre made hacking tools, Right. 372 00:17:12.880 --> 00:17:16.240 Those are packages of software tools that automate the process 373 00:17:16.279 --> 00:17:20.480 of exploiting vulnerabilities. They're like hacking for dummies, So. 374 00:17:20.519 --> 00:17:22.559 Even if you don't know how to code, you can 375 00:17:22.640 --> 00:17:24.440 still use these to launch an attack. 376 00:17:24.759 --> 00:17:29.039 That's the scary part. And they're readily available on the dirknet. 377 00:17:28.720 --> 00:17:31.079 Right, those underground marketplaces, making. 378 00:17:30.839 --> 00:17:33.920 It easier than ever for attackers to get their hands 379 00:17:33.920 --> 00:17:35.480 on sophisticated tools. 380 00:17:35.559 --> 00:17:39.240 Okay, this is all starting to sound well, kind of overwhelming. 381 00:17:39.319 --> 00:17:40.519 It's a lot to take in. 382 00:17:40.880 --> 00:17:43.680 It feels like we're constantly under attack from all sides. 383 00:17:43.759 --> 00:17:46.160 It can feel that way, but remember, there are things 384 00:17:46.200 --> 00:17:48.240 we can do to defend ourselves, right. 385 00:17:48.279 --> 00:17:51.400 Right, we talked about strong passwords, secure Wi Fi. 386 00:17:51.799 --> 00:17:54.319 Absolutely, those are the basics, the foundation. 387 00:17:54.599 --> 00:17:58.480 Okay, the foundation, Yeah, but what about going beyond the basics, 388 00:17:58.480 --> 00:18:00.640 what about more advanced strategies. 389 00:18:00.880 --> 00:18:03.960 Well, the book talks a lot about security through isolation. 390 00:18:04.400 --> 00:18:05.720 Okay, isolation, what's that. 391 00:18:06.119 --> 00:18:09.799 It's about compartmentalizing your digital life so that if one 392 00:18:09.880 --> 00:18:13.480 area gets compromised, well, the damage is contained. 393 00:18:13.519 --> 00:18:16.079 Okay. So it's like if one part of your house 394 00:18:16.160 --> 00:18:18.640 catches fire, you want to make sure the fire doesn't 395 00:18:18.640 --> 00:18:19.079 spread to. 396 00:18:19.039 --> 00:18:21.799 The rest of the house exactly. The book talks about 397 00:18:21.799 --> 00:18:27.799 physical isolation, which is using completely separate devices for different activities. 398 00:18:27.279 --> 00:18:30.039 Right, like having a dedicated computer just for online banking. 399 00:18:30.480 --> 00:18:34.000 Right, But like we said, that's not always practical. So 400 00:18:34.079 --> 00:18:37.640 the book also gets into virtual isolation, which is using 401 00:18:37.720 --> 00:18:39.680