An Ethical hackers, come across numerous typical security blunders in their daily work that allow them to access computer systems without authorization. If someone leaves a password scribbled down on their desk, it makes their workday much easier. However, I’m not the only lazy person who prefers an easy victory.
Black-hat hackers with a focus on profit are typically on the lowest-hanging fruit. It will be far more difficult for someone to carelessly compromise your security and violate your privacy if you make a few simple adjustments. In light of this, I’ve put up a list of the best five online behaviors you should break—as seen through the eyes of a hackers. You might already be aware of a few, but being aware of the others could mean the difference between staying protected and being hacked.
Make use of a VPN
In a perfect world, TLS + HTTP Strict Transport Security would be the minimal encryption used on all websites. Since the world isn’t perfect, virtual private networks (VPNs) are available for everything else. If you frequently travel and connect to public Wi-Fi hotspots, they build a secure connection that carries your internet traffic across your device and the VPN servers of a provider. Sincerely. One day, take your laptop outside and install Wireshark to check what kind of data you’re sending out via the free airport Wi-Fi on your phone. It’s not attractive.
It’s true that security experts disagree somewhat on whether or not you need to utilize a VPN. There are good reasons not to use a VPN, most of them have to do with giving your data’s routing over to an unknown third party. You already have faith in your internet service provider (ISP), which is obligated to operate with government approval. It’s likely that your government is eavesdropping on you as well. Why not up the difficulty a little bit? You can obtain some protection against government surveillance by choosing an audited, no-log VPN provider, even though I wouldn’t recommend using any VPN service you come across.
More crucially, a good VPN has two main advantages: it hides your IP address, making it much harder to find out where you really are; and it uses DNS blocking to stop popular malware distributors and corrupted advertisements. I would advise blocking ads just for this reason because it already significantly lowers the virus vector.
Make use of a JavaScript whitelist or blocker.
A large portion of the content you see in your web browser is transmitted via JavaScript due to the design of the internet. Although JavaScript can improve the appearance and feel of websites, it can also be used as a vector for a wide range of attacks, such as clickjacking, breach of service, request forgery, cross-site scripting, and in certain situations, arbitrary code execution.
You can restrict access to scripts from reliable sources while reducing the dangers of harmful or invasive scripts by using a JavaScript blocker or whitelist. This lessens the likelihood of having your user credentials taken in a drive-by attack and mitigates attacks that result from malicious advertisements. When it comes to Javascript blocking suites, NoScript remains the benchmark. For most of my online needs, I utilize it along with uBlock Origin.
Get personal with yourself
It’s surprising how many individuals are unaware of how much of their private lives are available online, waiting for the right person to make the connection. I frequently utilize LinkedIn to gather data about personnel, equipment, and locations of businesses; nevertheless, handling focused hackers necessitates an alternative strategy.
Pick a publicly accessible piece of data, like an email address or the username that you use. Your true name, address, and a tonne of other personal information are easily obtainable if you use some basic open-source intelligence tools and do some serious Googling.
Once you are aware of the processes required for someone to connect your actual and online identities, you can break the connection by deleting or removing the data from your online accounts. Because of this, it is far more difficult for bad actors to use your personal information for their own purposes.
This is especially crucial for social media sites like Twitter and Facebook. You’d be shocked at how many security question answers may be found by just scrolling through someone’s Twitter stream or Facebook page. While you’re at it, be sure to check the privacy settings provided by social media platforms to guarantee that your personal data is only accessible to those you know. Although mastering open-source intelligence (OSINT) takes time, any effort is preferable to none at all.
Yes, the counsel is trite. Regretfully, simple safety measures frequently determine whether a cybersecurity project succeeds or fails. Please update both your operating system and your applications on a regular basis. Outdated software versions are a nuisance for security professionals worldwide.
You can get a notion of how many software exploits exist just by taking a quick look at the list of Common Vulnerabilities and Exposures.
This is particularly crucial for mobile devices since they are frequently the hiding places for extremely sensitive data, making them a hacker’s dream come true. It’s highly likely that you have come across the Pegasus malware, which used multiple intricate exploits inside the operating systems of both iOS and Android to remotely access the phones of well-known celebrities through text messages.
Nevertheless, these attacks do not simply occur on phones. Zero-click malware assaults, which corrupt your machine with just one click on a dubious link, are particularly easy to target for older browsers.
Think about separating outdated operating systems as virtual machines or sealed with air systems that aren’t connected to the internet if you must keep them around for legacy reasons, such running outdated software.
Don’t reuse your passwords.
This is nothing new—you’ve probably heard it a thousand times—but it’s not accidental. Your passwords are trusted to an endless number of unreliable websites and applications. Unsalted MD5 or plaintext passwords are still saved by some of them.
You run the risk of your password winding up on the dark web if you reuse them and one of those platforms is compromised. It will only be a matter of time after that for someone to attempt and succeed in using your email and password combination to access well-known websites.
Using common passwords leaves you open to attacks even in the unlikely event that your credentials haven’t been compromised. The time required to actually obtain working login credentials is significantly reduced by brute force assaults, which frequently use password lists that have been compiled from data breaches.
I don’t look at just one user and attempt each username and password I know while I’m trying to get into a system. I test the top three passwords on each user on the network. How often this works is disheartening. Make a new password!
Nevertheless, remembering a password for each website you visit can be challenging. It is advisable that you use a password manager (or, at the very least, turn on two-factor authentication). Using tools like Haveibeenpwned, you can also determine whether any of your online accounts are being compromised or if the password you use is frequently attacked.
Never trust anything.
While there are many other precautions you may utilize online to protect your personal data, the five mentioned above are the most important. In my experience, hackers frequently succeed by taking advantage of human carelessness and indolence rather than by demonstrating exceptional technical skill or masterful engineering. You can lower the chance of being a victim of a hack attack by implementing a few small behavioral adjustments.
