A Hacker's Guide to Secure Online Browsing | Kyle Slosek | Skillshare

A Hacker's Guide to Secure Online Browsing

Kyle Slosek, IT Security Ninja - CISSP, GCIH, GPEN

Play Speed
  • 0.5x
  • 1x (Normal)
  • 1.25x
  • 1.5x
  • 2x
6 Lessons (23m) View My Notes
    • 1. Skillshare Introduction

      0:51
    • 2. Drive By Downloads

      5:40
    • 3. What is HTTPS?

      2:51
    • 4. HTTPS Everywhere

      4:15
    • 5. Privacy Badger

      5:43
    • 6. AdBlock Plus

      3:57

About This Class

Have you ever been hacked?  Do you know someone who has been but aren't sure how to protect yourself?  Are you concerned that you might not be doing enough to protect yourself against hackers or scammers?  

Then this is the class for you.  

When you browse the internet on your computer you are open to attacks from hackers and scammers.  However, there are some simple things you can do to make yourself more secure on the internet.  These tips and tricks are easy to implement and this class goes over them in detail.  Don't worry if you aren't an IT wizard, this class breaks it down in to easy to understand sections so that you can be safer online.

Transcripts

1. Skillshare Introduction: Hello there. Welcome skill share users to my course on a hacker's guide to Internet safety and cybersecurity. And what I've done for my skill share students is I have taken my full course, which is over two hours long, and I've broken it down into much smaller modules. So what you'll see is the course you're taking is a small piece of the overall course, and I wanted to make it a little bit more easier to digest. So once you're finished with this course, feel Friedel. Check out the other sections of the course on my profile and learn more about keeping yourself safe online and protecting you and yourself in your family. I hope you enjoy the class. 2. Drive By Downloads: Hey, guys, welcome back in this lesson. I want to talk about a threat against your browser called Drive by Downloads. So a drive by download is is very similar to what it sounds as you go to a website. Code runs on your in your browser, and that code can affect your computer as well. So what is an adversary due to initiate a drive by download? What they'll do is they will go to a legitimate website and they will compromise that legitimate website. Maybe that website is Ah ah, blawg that you follow. And, uh, you know, if it's using the most common blogging software out there, WordPress, where press has some vulnerabilities that if you if the Blawg author does not update WordPress on a regular basis, it is possible for an adversary to get in and kind of put their their code into that WordPress blog's. So what happens is as you dress as you go to the WordPress blawg in your browser, your browser loads all of the content loads, the text, the pictures, maybe some videos, some advertisements and what not, But in there, there's also a little piece of code that the attacker has put in there and your browser will run that code, and that code can do things like download a file or download inexcusable to your your desktop or your computer and install that and the way that really works in the vulnerability they're exploiting. His first the vulnerability in the website in question and also vulnerability in your browser. So browsers typically have protections in place to prevent bad code from running and doing things like installing viruses and what not? But if you don't keep your browser up to date or it's a brand new vulnerability, your browser is probably going to run that code. So your biggest in your best mitigation against a drive by download is making sure that your browser's always up to date. And then there are a couple other plug ins that you can use to protect yourself against some of these things. Drive by downloads and what not, and we'll talk about those in this section. Talk about the browser plug ins that protect you. Another thing that Attackers will often times two is the compromise advertisements. The Web advertising is that we see all over the place, and it may not necessarily be something that the blog's author or whatever website you're going to knows about. They've just have signed up for an ad network to put ads on there. Um, their website and the attacker has taken out an ad that has some bad code in it. A lot of the kind of weird third party ad networks will allow this kind of stuff were not necessarily allow it, but they don't check for, um, bad code in the advertisements. So one of the ways that I tell people to protect themselves is blocked. The advertisements on advertisements We all are annoyed by seeing massive ads on any website. There are plug ins that you can put into your browser that will block thes advertisements, and we'll go over some of those when we talk about browser plug ins in this section. So yet another thing you can do to protect yourself against drive by downloads is ensuring that your browser third party browser applications are up to date. So I talked about patching your browser, and that's really important. But often times you'll run across a website that uses an application like drop Java or flash, and those air to kind of most common third party applications that you have to install in order to run. We see this running on a lot of like gaming sites and whatnot, so if you play online games, oftentimes you'll have java or flash installed. And that's another way that act Attackers will get into your computer is putting code on a website that starts up Java and exploits a vulnerability in Java to install their virus on your system. So ensuring that those air patched on a regular basis and that when a website comes up and that you see a pop up that says You want to run flash or do you want to run Java? If you don't explicitly trust this website, don't run those those little apple it's hit. No, I don't want to run job on No, I don't want to run flash, and that will protect you. So in conclusion, a drive by download is an attack where the adversary is kind of exploiting your browser and exploiting your trust in the website that you're going to so the best ways to protect yourself. Make sure your browser is up to date and install Cem security plug ins that we'll talk about later in this section. So with that, I hope to see in the next lesson. 3. What is HTTPS?: Hey, guys, welcome back in this video. I want to talk to you about https because we're talking about browser security in this section. We have to talk about the secure communication between your browser and the server. We've all been browsing the Web sites, and we probably just don't we either ignore it or take it for granted? But there's typically next to the browser you Earl. There's a green lock, and the green lock tells us that the connection between your browser and the server that is sending the information is secure. So what does that mean? Well, when you go to a website that eyes secure you, your browser reaches out to the server and says, I want to secure connection and then they negotiate. There's a lot of technical stuff that goes on there, but it happens pretty quickly, and what they're doing is they're securely sharing a password, very random long password. But once that they've shared that, they then use that to encrypt all data that goes across. So if you don't see that Locke, what you're what that means is that data that is going from your browser to the server is unencrypted and anybody who is listening on your network can view that data. So when you go to sites that are you know but are important to you, you want to make sure that they're always using H T. T. P s. And so you put in. Most browsers will go there automatically, but you type in https colon slash, slash and then the website. That should take you to the secure version. Now you always want to check to make sure that there is a green lock in the corner of the browser that tells you it's a secure website. That green lock is the only thing that tells you that it's secure so you can actually go to https sites that don't have a green lock, and that means just means that it's unsecured and their browser wasn't able to secure it. So in conclusion, when you're browsing the Web, you want to make sure that you're paying attention to the green lock next to the URL to ensure that your communication between your browser and the server is fully encrypted and that will make sure that data you send across whether it be your user name or password or anything else is secure. But that will see you in the next lesson. 4. HTTPS Everywhere: all right. Hey, guys, welcome back in this video. I want to talk to you about something that is and vitally important in your online browsing habits, and that's using https. We talked about what https and is and why it's important. So I want to talk to you about a browser plug in that is available for most of the modern browsers. Firefox and Chrome called https everywhere, and what this browser plug in does is it looks at all of the connections as you. As you browse websites, your browser will connect to multiple servers around the world because most websites will in bed images or videos or what not from other websites. And what https everywhere will dio is it will check to see if those embedded um items have a secure connection. And if it does have a secure connection, it will force your browser toe, load it in a secure manner. The other thing it does is if you go to a website that has a secure connection but is not necessarily set up properly, too, Um, show you the secure connection over the unsecured connection. It will force your browser to load the secure connection automatically. So this is This happens when you go to a lot of times smaller websites, you know, some smaller blog's and what not may not have configured their website properly to load the secure connection and again were always looking for the secure lock on every website that we go to. We don't want to be putting any private information into a website that doesn't have that secure lock. So what you can do is you can I'll post this link in the description. But you can just google https everywhere, and it will bring you to this website here, and you can then click on the install and chrome button and it will say, Add the TPS everywhere extension. If you're in Firefox, you do that as well. Now I already haven't installed, so it just adds this nice little logo right here the https everywhere logo and I can click on that and I can see that, you know, it says enable https everywhere. As long as that's checked, you know that most sites that you're gonna go to are gonna be loaded in a secure manner. And so the other thing you can do is if you have a site that does not low securely but you know they have a secure site. You can click at a rule for this site and it will show you. OK, what host? You know, what is the U R l you want? And if you click, add rule. It will add that rule to your local plug in database. And then every time you visit that site, it will force your browser toe loathe secure site. Now, this is again this is Onley. Um, you can only use this if you know that the site in question loads insecurely but has a secure side to it. If they have a security certificate installed, then you can use that this so https everywhere protects your day. Today, browsing protects your information from being stolen from hackers who are listening on the same network. And, um, it's a free plug in provided by the Electronic Frontier Foundation. And I highly suggest that everybody go out and install it. So with that, I'll see you in the next lesson. Thanks 5. Privacy Badger: Hey, guys, welcome back. I wanted to talk in this video about another browser plug in that I highly recommend yet another project of the Electronic Frontier Foundation. And this plug in is called the Privacy Badger. And what the privacy badger does is it provides you are it tracks the trackers. So as you browse the Internet, there are a lot of advertising trackers out there that will track the links you click on. They track the items you view in different Web stores, Um, and what not? And then most of the time, it's there to provide you with a, uh, provide out of advertisers with your browsing history. Um, and that's something that, uh may not necessarily be in your risk profile that you care so much about, but a lot of people are concerned with. Well, you know, all these different companies air tracking my whereabouts, and they can pinpoint me and where I've gone. Um, you know, that's that's something that I just don't want, right? I mean, if you think about have you ever been to a website? You say gone to Amazon and you've looked at, um, you know, a couple items on Amazon. And then the next day you're browsing, um, Facebook, for example, and you see an advertisement for that exact item that you were browsing on Amazon. That's what's happening is that their trackers out there that are tracking your browsing history and saving that history. So the privacy brat Badger attempts to try and and thwart the trackers out there. So to install it, you just go to this site and again, I'll put this link in the description and you click on install Privacy badger and you have hit ad extension. It has AH option for Firefox or opera as well, Since I already have it installed. I'm gonna show you what it looks like right here, says the privacy Badger here detected a potential tracker on this page, and it gives you all the different trackers. Um, you know, you can allow a certain tracker you can block the cookies from the tracker, which are, You know, one of the ways that it's most trackers are are tracking your your browsing history is through cookies in your browser, or you can completely block the domain, and your browser won't even load the The data now completely brought blocking the domain on some cases will break a website. So a lot of times, just setting that toe block the cookies is important. But the privacy badger does a good job. You don't really even need to do much to it to allow it to protect your private information . So if we go to a website that tracks a lot, let's take for example, CNN dot com. Let's go there. We can see the privacy, Badger says. There is a lot of things tracking us right now. A lot of different trackers, and you can see that it looks at a few of these things and says, You know what? Um, they're not good, and a few of them are Okay, well, there, okay, did to track, um, and the privacy Badger does a good job of, um, kind of looking at those, um, the code on the website and and determining whether or not it is a good tracker or a bad tracker. And this is based on crowd sourcing that. So, like everybody who has the privacy badger installed, the FF takes that information kind of determines what what trackers air out there that attracting across multiple websites and, you know, tells you whether or not it's Ah, it's good or not. So here we are, looking at the privacy badger. If there was something broken on the website, we could dio and, um, disable the privacy badger for this site and allow it to toe work. If the privacy badger does break something on a website, this little link right here will let the let the FF No, and they can kind of investigate what happened and figure out the best way of protecting your private information while at the same time allowing you to view the site so they try to do that balance. You can also individually turn things off. So you know this particular tracker here, If I decided I didn't really want that to be tracking me, I could just turn it off. And now that tracker can't track me anymore. I'm gonna leave it on because I think the trust that you have f and they're, um and what they say is good and bad. So that is the privacy badger So in, You know, in conclusion here where we looked at the privacy badger as a way to protect yourself from online advertising and online tracking. Um, and it's a free install or free browser plug in from the Electronic Frontier Foundation, and it's one that I highly recommend that everybody install. So with that, I'll see you in the next lesson. Thanks. 6. AdBlock Plus: Hey, guys, welcome back in this video I want to talk about another browser plug in that I think is vitally important. And that is Adblock Plus, So everybody serves the web. We hate seeing the advertisements. And Adblock Plus does its best job of attempting to block any advertisements out there. So the cyber security, you know, reason for installing this is that there are plenty of cases where hackers have compromised an ad network where they kind of put their malicious code into an advertisement. And then that advertisement loads on, you know, thousands of websites out there because the website owners want to generate a little revenue from advertisements. So they go to the ad network and they say, I will sell you space on my, um, my advertisement or my website and the hackers can then by legitimate adds to host there malicious code. And this is happens a lot on kind of the smaller ad networks where they're not vetting, Um, a lot of ah, the advertisements. You don't see it a whole lot on things like Google ads and what not, but still, it's something that you you just want to block because it's it's not not worth it. And, honestly, who likes looking at So um too? Install Adblock plus and and there's there's a couple of different ad blockers out there. I prefer Adblock. Plus, I think it doesn't really good job. You just goto adblock plus dot org's, which I've got this site up here and you can just click the install button, um, for chrome or for Firefox or whatever browser you're using. Click add extension again. Since I already have it installed, I'll hit. Cancel here, and I'll show you that Adblock Plus comes up here and you can say enabled on this site. And it will tell you how many ads have been blocked and in total right. I've been using this for a long time, so I've total blocked 135,000 ads. Um, so one of the issues you run into with using an ad blocker is that sometimes sites will detect that you are using the ad blocker and won't serve up sites. These air, usually news agencies and what not who who provide free content but rely on ads to generate revenue. Um, and so Forbes dot com is one of the examples I like to go to when you load it with the Adblock or you have this, you know, Adblock detected, and sometimes it will let you, you know, go to the site or whatnot. Other times it requires you to disable the ad blocker, and that's really easy to do. You can click on the add block plus, and you can just click on enabled. And now it's a disabled on this site, which means that it will serve up Connor that it won't block any ads on this particular site. So with that, um, the conclusion we are looking at Adblock plus as a browser plug in that blocks advertisements and helps you stay more secure on the Internet. This is, ah, free plug in that I highly recommend people install. So what? That we'll see when the next lesson thanks.