The Consumer Guide To Digital Security | Tim Smith | Skillshare

The Consumer Guide To Digital Security

Tim Smith, Top Instructor - Data & Security

Play Speed
  • 0.5x
  • 1x (Normal)
  • 1.25x
  • 1.5x
  • 2x
14 Lessons (2h 17m)
    • 1. Welcome To The Consumer Guide To Digital Security

      4:12
    • 2. Preliminary Lesson 1

      5:49
    • 3. Preliminary Lesson 2

      7:50
    • 4. Preliminary Lesson 3

      9:23
    • 5. Security Principle 1

      10:39
    • 6. Security Principle 2

      10:03
    • 7. Security Principle 3

      10:53
    • 8. Security Principle 4

      12:28
    • 9. Security Principle 5

      11:21
    • 10. Specific Security Tactics

      14:57
    • 11. File Attack Example

      9:13
    • 12. Time Relevant - April 2020

      5:09
    • 13. Time Relevant - May 2020

      10:42
    • 14. Bonus Content - December 2020

      13:54

About This Class

Jason spent four years saving for his family's dream home.  As the time approached, Jason and his wife shared their goals with all of their family and friends on Facebook and Instagram.  They made it their goal to buy the home with as little debt as possible.  Before the end of the year, when they would purchase the home, their home savings account was hacked and completely liquidated.  Even though their attorney promised they could recoup the losses, the lawsuit failed because the money had been sent to another country and the bank was not responsible.

Jason and his wife were both financially responsible, yet committed mistakes with security.  These mistakes came with significant costs.  In this course, we look at the risks that you face with digital security and what you can do to protect yourself.

Transcripts

1. Welcome To The Consumer Guide To Digital Security: Welcome to the Consumer Guide to Digital Security. We're gonna be looking at why we should learn date of digital security. There are three great examples to financial and one informational as to why we should learn Digital secures security. One of the best examples I know is a business owner. This was out of Florida, had his business account hacked and lost $95,000 because the money was wired to Ukraine. He went to court over this, and the bank stated that he did not have the latest anti virus Stauffer installed, and the judge accepted that. However, even with that, I've seen other individuals with the latest anti virus installed that they still lost the lawsuit and even though it was usually a lower amount, and part of that was, they were just not practicing good security with their accounts. Another good example of this was a Chris crypto investor that I knew that had 50 Bitcoin tact, which cost him the loss of funds invested, plus the opportunity to trade them in the future. When he had that hacked, I believe the price of Bitcoin was about 2000. And as some of you know that it had, I think, a high of around 20,000. So even if he had sold it half without it at 10,000 that would have been a decent amount of of money that he lost. That would've been with over $500,000. And then, of course, in terms of the informational side, there was a large trader that practice poor security, which allowed a hacker to sell his trading strategy to his opponents, allowing his opponents to front run him. And so that's more of an informational one. But somebody compromised his information, which then allowed the hacker to attack him in a different way. Another good example of this was about five years ago. I was trying to write articles about sin swapping for two technical publications that I've written for, and they were not feature it anywhere. And the reason is because Sim swapping about five years ago, it was kind of new. Ah, lot of people hadn't heard of it, and so they didn't want to take a risk of publishing something that wasn't very common, which, if you think about it, if you're a user, you need to know what is a possible risk as early as possible, and so that was very irresponsible of those editors. But I realized one of the downsides of trying to get through media is there's a gatekeeper effect where they will prevent something if it's not that well known, because, really, they just want page clicks. And so, as we see on Krebs and Security, it's become more of a topic of of interest in the last few years. But the problem is, five years ago, it would have given a lot of people a way to prevent these attacks because these are some of the worst attacks that we see. So in this course we're gonna be going there. There's three parts to this course. The first part is the problem. Preliminary material, some. So this covers from the most basic security technique to insurance, because insurance is going to be a part of how we protect our digital security. So we looked at some of these preliminary security practices. The bulk of the course is going to be principles of security, the's air security strategies we should always be using. You'll see them listed in the courses principle, one principle to etcetera and then, of course, Number three is the latest security details. So this is where, since I'm not reliant on a publication to filter my security information, I can feature some of the latest information that we have so that you can get first access to it. So this will be some of the latest information on attacks and techniques as far as the requirements. First of all, I will suggest all of you build on what you learned by developing your own strategies. Every single lesson will have homework assigned except for this is just the introduction. So there is a bonus homework, and then there's just set homework. Do at least the minimum set homework. And then the bonus home workers for people who want to go above and beyond, of course, remains silent about what you learn. For every strategy, there's a counter strategy. Most hackers are unbanked. They can't get into a course like this, so they don't know what you're learning. That gives you an advantage and then, of course, review this course. There's a rule of 80 19 1 80% of people will complete up to 50% of this course, 19% of you will complete this course and you will do all of the basic homework, and then 1% of you will go through this course multiple times. You'll complete all the homework and you'll do all the bonus homework, so I highly suggest that you'll be the 1% and that's a very rare student who is. But you'll get something out of it each time that you go through the course. And another thing as well is. For those of you who do all of the homework, you will learn your own techniques and keep that quiet when you learn those techniques as you go through the homework, which is why I have a sign that 2. Preliminary Lesson 1: So why should we be concerned with the digital world and digital security? How many of you who have been hacked? You know already. Why you should be learning digital security. And you know why you should be going through this course if you haven't been hacked, you probably won't know this that much. We're gonna kind of cover the why. Some of you may skip this because you already know the why. But if you don't, this is definitely for you. And I wouldn't be keeping this pretty short. So every slide on here is going to have strong security is predicated on the assumption of your opponent miscalculating you and being unaware of your techniques silences a mandatory daily practice. In this course. If you cannot master silence, you will never be secure. So science is the most basic security technique will be to covering more that in a second. But it is something that I'm gonna put on these slides. Just as a constant reminder about why you should be quiet about what you learn. You should develop techniques above what you learned. You shouldn't even share them with me. You should keep them quiet to yourself. But one of the best security techniques is going to be silence. So let's just talk about the benefits of the digital world. First, the digital world has many positives, right? It's convenient, right? I mean, think about how quickly you can get a hold of your friends, right? It's fast. You can send your friends a message. You can call them immediately. It's also easy. Most digital things do not require a lot of difficulty to learn. Maybe there's a few things to do. And then, of course, it's cheap, right? If you think about it, it's much cheaper to go to Wikipedia than it is to buy an encyclopedia set right? It is much easier to do. It's also faster, more convenient. Google searches very convenient, right? So there are many benefits of the digital world, but they're also downsides to the digital world. Okay, one of the books that I would recommend for those of you who are overachievers, read is a book called Basic Economics by Thomas Soul, and one of the things he talks about is opportunity, cost and everything has cost. So there's trade offs with everything. So there are downsides to the digital world. If we go back and we look at convenient, it's fast. It's easy. It's cheap. Well, some of the problems with the digital world can be. It's insecure. Generally, if something is convenient, it's less secure. There are very few exceptions where something is convenient and secure. Fact. They're almost always opposites. The other thing is well about this. It's convenient. It's fast, it's easy. It's cheap. It's invading right. It's It's very easy to send like, for instance, a text message or call someone that can be invading to the other person. In fact, I remember there was a girl that I dated in college who did not have a cell phone, and she didn't want to cell phone. And I love what she said about it, she said. I don't want anyone to be able to get a hold of me at any time. She's like my time is valuable, so I want people the only get ahold of me when I want them to get a hold of me. And I thought that was very interesting. She did not like the fact that the digital world was very invading, however, the other side of that to the user is those of us who used technology. Let's say I go to Wikipedia because it's convenient. It's fast and it's easy. And of course it's cheap. It's there's a part of it which it is encouraging me to rely on it right and that reliance on it may end up leading to not only maybe some manipulation in terms of the material I look at, but also some logging in terms of what I look in terms of sources of information. And that could be an invasion of privacy. The other thing about the digital world is it could be misleading because it's cheap going back to this that fourth point, it's cheap. It misleads us into thinking that we can do things that we we may not be able to dio. My favorite example of this one is I was giving a talk. This is in the Bitcoin community a long time ago about what was asteroid mining for gold, and the attitude for all millennials is yeah, it would only cost, like 500,000 or a $1,000,000 to mine asteroids for gold. This is their view and the reason why they had that view And for those of you who know a lot about mining, no, it would cost a lot more than that. But the reason why they had that view is because technology has led them to believe that everything is cheap. This point here, right? Since everything is so cheap, it wouldn't cost that much to do any asteroid mining. The problem is, it actually would cost a lot. And so it can mislead us technology and the digital world can mislead us into thinking things are true that are not true. And then finally, the other one is It's wasteful, right? The one of the downsides to the digital world. We have access to all kinds of information. The problem is, a lot of that information is not useful for us. And so weaken begin to engage in behavior like friends is reading news or reading information all the time. That's actually not moving us forward. So to be very careful about that, and these are some of the downsides to the digital world, by the way, there are other downsides, and there also are other benefits as well. These are definitely the highlights for this course. So your first homework assignment here is based on the costs and benefits of the digital world. Where do you feel for your life that it belongs, right? Where do you think it's much? That's very appropriate, I should say in your life. And where do you feel that it doesn't belong again? The example that I used of that girl that I dated in college was like, I'm not gonna have a cell phone because I don't want somebody to be able to get a hold of me at any time that works for her. That probably is not gonna work for most of you, so but where do you draw the lines like, Do you draw the lines with That's a social media? Or do you draw the line with some social media? Or do you draw the line? Let's say with news or maybe some news. So that's something to think about. And then where do you feel like in your life? It doesn't belong, And then this is just a bonus. If your library has it, or if you can request a book for your library, I highly suggest a book hyper culture of the Human Cost of Speed at your library. The reason why I suggest this book is because he does discuss technology's impact on us, how it's making us more impatient and affecting our behavior as humans. And so it's a really good read many of you who want to go further into this if you're interested in anything that I've discussed this faras, you know, the cost and the benefits. This is a book that you will really appreciate and get a lot from. So if you have a library that you can request books that way you don't spend any money on it. You can request that from your library. 3. Preliminary Lesson 2: So let's look at the most common security mistake, and I dropped ah hint on it earlier because on each of these slides with text move on, which is a most of the slides, I am going to have a repetitive message. And each of these lines. And that repetitive message, of course, involves the strong security is predicated on the assumption of your opponent miscalculating you and being unaware of your techniques. Silence is a mandatory daily practice in this course. If you cannot master silence, you will never be secure. So strong Security requires secrecy, privacy and silence. Now just think about that for a second and recognize that the world that we live in encourages to encourages us to do all of the opposite things. Social media is a good example. Is probably the most popular example of what encourages us to do the opposite of all those things. But strong security require secrecy. It requires privacy in require silence. My granny used to say, growing up, you should mind your own business that was actually very common in their date. You didn't ask people certain questions. We just understood that most people's information back in those days It was supposed to be secret in private. Were supposed to be silent. Okay, Strong security also involves our opponent miscalculating us, right? Our strong security involves your opponent. Miscalculating you? I'm saying it is us to as well. Strong security means that you strategically build upon what you learn, right? What does that mean? It means as you go through the homework assignments, you're gonna come up with ideas on your own. And remember going to the first point when you come up with your own idea. You want to keep that idea secret, going to be private about it. They want to be silent about it. You want to be sharing that with other people, right? So you're gonna develop your own ideas as you complete homework assignments. In this course. That's part of the thing about developing strategies. It's like playing a video game and developing strategies with the video game. You don't share that with others, right? And then, of course, strong security provides a barrier that delays attacks or compromises. It is true that for every strategy there is a counter strategy how to avoid the counter strategy being developed, of course, Silence. But keep in mind that hackers ultimately because they haven't sentenced to compromise us. The only thing we can really do is delay an attack or have such a good defense that they find somebody else to attack. We can never permanently stopping attacker, because for every strategy, there is a counter strategy. But as long as we're quiet and we don't go around and discuss our strategies, then a hacker isn't gonna know what we're doing. And the other thing, too, is if we have a high barrier to entry, the hacker isn't going to be able is more than likely gonna target a lower target than us. Okay, so these are just some examples that saying too much many of you are gonna connected some dots here. So this is This will be pretty interesting for some of you. For instance, one of my passions is helping abused dogs find loving owners, right? This is not based on a true story, but a person offering divine one of the hacks that she experienced she experienced because somebody used social media, pretended to have the same interest of her and was able to socially engineer information from her. So when you tell people about what your passion is? I know some of you may be confused. Why would that be? Why would that put me at a weakness or in disadvantage? It's because a hacker could now socially engineer you knowing that that's one of your passions. Again, if you think about it, social media encourages us to do this. Here's another one. I could been trust £400. Think about what we know about the person who says that, right? I mean, what do you think that person does? What do you think that person enjoys doing? What do you think that per? How do you think that person feels accomplished all of these things? Put that person that weakness, right? Another one. Here's a good one. I'm depressed that today's my birthday Birthday is a private, identifiable information. There's a lot you can do with someone's birthday. By the way, just name and birthday for especially. Here's another one. Pizza is my favorite food again. That's another one that's very revealing. And then publicly posting any picture of yourself guys, it's very revealing. You're giving away details of yourself very popular and think about it. Everybody encourages us to do this right. But those things reveal those things reveal characteristics about us that could be used against us. This one, by the way, and going back to this one example with the bench press always find this kind of funny, because if somebody's like they told me Hey, I convinced press, you know, whatever it is, but I can't keep my mouth shut. It's kind of interesting, right? Like ultimately, you should be proud of what you can do, regardless of whether other people are proud of what you're doing right. Think about what I just said, like you should be proud of what you do, regardless of whether other people are. So what that means is that silence also is confidence. It's confidence that you know what you're doing and that you are following the pattern of what you should be doing right. There's there's a confidence in silence that somebody who is locations does not have, right. So how strong are we if we can't be silent, right? Are we really that strong? If we can't be silent and there is no counter strategy against silence because silence inherently means on attacker doesn't know what he doesn't know, right? So if someone's trying to attack us but we're not saying anything, he doesn't know what he doesn't know. He's not gonna be able to socially engineer us, right? And then here's ah, good question. Just ask yourself included in the homework as well. But just ask yourself this on a day to day basis, like, why am I giving information about myself to other people? What am I trying to achieve here? Okay. And how? Just keep this mind that hackers desperately want to know your behavior. This is the ultimate way they can compromise you. And what you give up about yourself may compromise your behavior. Keep in mind that silence equals humility, right? Silence means that we don't know the future right. By talking too much today, we may be revealing too much about ourselves that we later regret. Silence also means that we don't know future things about ourselves, right? You probably have seen this with many of your friends, right? You will reveal an interest, but you may lose that interest in time. And your friends seem to always think that you're interested in that, right? That's one of the things that I've observed about people's. They don't realize that people change in time. Silence also means that we accept that will change and that people may not understand this right. Silence means that how we view ourselves is more important than how other view us think about that for a second. That silence means that how we view ourself is more important than how others view us. Think about a time when somebody tries to get you to defend yourself or tries to get you to answer something. But you don't because how you view yourself, the reason why you don't defend yourself. The reason why you stay silent in that situation because how you view yourself is more important than how they view you again. That line right there is another technique hackers will use. Hackers will try to extract information from you by putting you on the defensive, especially through any type of social media, So keep that in mind. They can try to get you to reveal things about yourself, but it fundamentally you respect yourself more than what you feel like others respect about you. In other words, you don't really concern yourself that much with others think about you. You have to realize it. That's very hard to compromise somebody like that. And then silence also means that it is inappropriate for most people to know things about us right there. Maybe a few people in our life who should. We should be close relationships, family, maybe some close friends. So for this lesson, the homework assignment is just for one week. This is the basic assignment here for one week at the end of each day. Review how much information you revealed about yourself in reflect over ways to reduce this . Also to the point earlier I made Ask yourself why you're giving so much information away about yourself. So just for one week, this is the minimum assignment here. Ask yourself how much information you revealed about yourself and why right? And then reflect over ways to reduce that for just one week, and then for those of you who want to go above and beyond. The bonus here is reduced social media use by 40% or more, starting with 10% less each week for one full month. Now if you're not on social media, but you do tend to reveal yourself in other ways. See if you can reduce how much you reveal about yourself in those other ways again, just doing 10% less each week over time. 4. Preliminary Lesson 3: This is an updated recording of the video. How can we ensure our digital stuff? So there was a couple of points that I missed, and I'm gonna consolidate this and go a little bit faster. And I do want to briefly point out to students that I may take the preliminary three lessons and put them after the principles. I haven't decided yet, and that's because to a certain degree, after you go over the principles, the preliminary steps will make more sense. But it is true that, for instance, in this video and I can understand, students are like, Why would we want to insure our digital stuff? Or why would we want to look at this? I can understand why that is, and it's because once you go through the principles and you understand those, then it's like, OK, this is this is applying a couple of those principles. So first we have to know the difference between physical and digital wealth, since one of the many risk of hacks involves money, wealth and information, and I should say money, wealth and information, physical wealth and information, insurers against digital risk to digital wealth and information. Ah, quick story about this is one of my friends. She would go to this one website that was very helpful for her profession every day and what happened. And you could see this at the bottom. What happened to a website and what happened was is the Web site was taken down. Not only that all of the Internet history of the website was removed, and so while this was very useful to her profession, she never anticipated that something could be completely removed. And she never thought about saving it or printing anything out. And so it was gone, and she never had access to those resources again. So keep that in mind. We tend to think that something that's a digital is always gonna be around. That's not true. Something that's digital could be gone tomorrow. And it reminded her that there's something to be said for a physical resource, like a physical book or physical information that is a form of insurance if you think about it when it comes to digital information. So due to the nature of anything, digital hacking is possible. Eso was editing. So is compromising. So is removing all of those things were possible with anything digital, right? That's true with physical resources, we could burn and we can destroy it. But physical resource is they do come with their own risks. Right? But a digital hack is not a risk with a physical resource. You could not hack a physical book digitally, right? If it's a physical book, you're not gonna be ableto hack that. Okay, so I'm using information as an example. It could be physical wealth as well. We're going to use both of these. And then, of course, the amount of insurance depends on how you, um, depends on you. I mean, and how comfortable you are with losses on either side. Keep this in mind. This is the same with insurance. Like an auto insurance policy, right? Do you want to insure your car for 150,000 or do you want to insure it for 1/2 a 1,000,000 ? Right? And I know people who do both right. They may only do it for a small amount. They may do it for a large amount, right? And that's the same with us. Like, if I want to ensure, let's say all of my digital information with physical information than every single bit a physical in from our digital information, I mean is gonna be printed on physical. Now I may say, Well, let me take the most useful techniques and write them out right? Or let me consolidate all those techniques. I'm saving 10%. Let's say of all of the stuff that I've learned digitally, that's that's one thing. OK, but the same thing with many of you in this course, many of you in this course may be taking notes, and you may be taking a small amount of notes compared to the amount of content that makes sense, You're consolidating the information, right? So let's say the insurance premium here is much smaller, right? It's only about 10 or 20% of the total content show physical wealth or physical information . Physical wealth assets that exist in the physical world or their assets that have an impact on the physical world but are not at risk to digital attacks will see examples of that or physical wealth, our assets that do not require human or digital intervention. And so we'll see examples of that. OK, so their assets that exist in the physical world, such as a book, their assets that have an impact on the physical world that are not or they have an impact on the physical world but are not at rest. Additional attacks think of that as being like skill. Right? Discipline is a physical form of wealth. It is an asset that you can have that you can change the physical or digital world, for that matter. But you're not at risk to a digital attack right now. We, as humans, you're at risk to other attacks, like health attacks. But we're not at risk to, ah, physical attack. And then, of course, assets that do not require human or digital and intervention. This one of the simple examples of this is like, Ah, Barb rolled right there's there's no human or digital intervention to make gold useful, right? It's just useful on its own. And so it it performs a function. The same thing with an apple and apple doesn't need a human. Devalue it. It's valuable to Mother nature of watermelons, A really good example, cause it has all kinds of seeds in it, right. It can reproduce without humans ever doing anything, and so those are examples of it doesn't require human or digital in for intervention to do what it does. Okay, so let's look at some examples, Okay? Examples of physical wealth that cannot be hacked. Number one is family. Okay, right now with what's going on, this is May 2020. When this is recorded, a lot of people are realizing how valuable family is. They really are valuable, right? Thomas Soul in the book Basic Economics, I believe he points out that the original insurance unit was Stanley, and it's valuable, right? Another one here is character, right that your character is what people are. Character is what you have, and reputation is what people believe that you have, by the way, so character reputation is different in character. Reputation is what other people think. You have characters, what you know, you have so character would be things like discipline, right? It would be things like patients. It would be things like kindness, right, and the reputation it would be how people perceive that another one here would be, or another two year would be skills or knowledge, right? So some of the things we in terms of physical resource is this is this is not technically physical, but they haven't impact on the physical world, or they can have an impact on the physical world. But again, we cannot. You cannot hack someone's skills digitally. You might be able to hack their skills in other ways by health wives, but definitely not digitally. Okay, Another example of physical wealth is health, right at the fact that we're in a healthy state is a form of physical wealth. I always remember what is it? Juvenile said. You know, if you're going to ask the gods for anything, asked for a what is it? A healthy body and a sharp mind or a sharp mind in a healthy body? And his point is, Is that over time those two things are very rare. Tohave most people lose their mind or most people lose their body. And so if you're in good health and you have a good mind to sharp mind, you actually have ah form of all that a lot of people don't have, unfortunately, throughout history and then, of course, agriculture. That's another good example. Keep in mind, plants reproduce, right? Ah, lot of people talk about, you know negative or low interest rates. Plans never pay a negative interest rate. I mean, they do die thanks to Mother Nature, unfortunately. But the fact is, is that plants inherently tried to reproduce, right? So agriculture is another form of physical wealth, and this one compounds so skills the knowledge. By the way, I would argue those actually compound two medals. This is the most popular one that people always think of with physical wealth would be like gold. Silver. Copper is a big want to. You have to have a lot of storage capacity for copper, but copper is a very valuable metal, but this one is very popular. People always think of metals, and I'm like, Yeah, there's a lot of other forms of physical wealth, but yet metals are true. And then the other one, as I put here, is physical information, as I say, writing poetry, etcetera. As I've gotten older, I've really appreciated poetry because I realized the purpose of music and poetry in the past. I just it seems like a distraction. It seems like entertainment, but actually in the past it was to store information and I realized with poetry it's very easy to memorize things because it rhymes and there's a rhythm, and that makes it easy to memorize facts. And so what's interesting about poetry is even though I've marked it in the past, it's like it's very useful to store information in poetry, and he makes it easy Teoh to call back in your own mind. So even though I kind of have made fun of poetry in the past, and this is me personally, don't this isn't any of you all that I'm like of your poets? I'm not making fun of you. I just have made fun of it in the past with Why would people be into poetry? I As I've gotten older, I realized what the purpose of poetry is is. It's. It makes it easier to remember or recall information. Same thing with music. So the homework for this video here and the homework for the Simon, I should say, is to focus on one form of physical wealth where you have an advantage. So going back to this, where is an advantage that you have? It could be skill, right? You might be a farmer or that say you grew up on a farm you might have actually agricultural skill. You might have health skill. You might be a doctor taking this course, so you have skill and you have, like, health underside. But focus on where you have an advantage. And how can you use that advantage to ensure against what you have digitally. So whatever you have digitally, let's say we're just use an example $100,000. How can you physically ensure that $100,000? Right? Let's say that's what your physical that your digital in trim. Or let's say it's an information like my friend. So you have a website that you go to every day to learn something. How can you physically ensure that you retain some of that information? Let's say it's this course. Let's say you think that maybe one day this course won't exist. So riding down a percentage of this course or whatnot, OK, so wherever you have an advantage, how can you ensure that against what you have digitally for what you use digitally? And then this is a bonus. Here, the baby bonus is always harder, but in your experience and just in your life experience, what is the least known form of physical wealth. And how can you use that to your advantage? That's that's a harder challenge because it takes a lot of thought. But in your experience and not in other people's mind. But in your experience, what is the least form least known form of Fisk wealth? Keep in mind, this means you probably aren't gonna be able to go and ask other people because it's not known right, so that's Ah, that's a really big challenge, but it's a It's a good challenge to sit there and think about what is a form of physical wealth that very few people, if anyone knows about. 5. Security Principle 1: we now start with our first principle lesson, and we're gonna be starting with one of the most important concepts in cybersecurity insecurity in general. And that is the concept of behavioral attacks. So behavioral attacks are one of the most ominous things that can happen to anyone in the cybersecurity realm. We're gonna discuss why hackers love them. We're gonna also to discuss why were so quick to give us up and techniques that we can use to avoid this. So first of all, let's look at why is it that hackers love behavioral attacks so much? What is it about behavior that they dream of? Or what is it about behavior that they want to compromise? So what you do and what I do, I'm gonna say we instead of you, but what we do says everything about us, okay? It not only says who we are, but it's also useful in spoofing in predicting, in bribing, in front running, in controlling and in many other things, I'm listing five of the more dangerous ones. But there are definitely other things. Okay, so think of it this way. How do we use our digital devices? Right. They capture very important behavior with us. But how we use them in general is a behavior right? So spoofing Ah, good example of spoofing is someone who is who sees your behavioral pattern and pretends to be you and ends up hurting others where you get the blame. That's one predicting right. If I know your behavior, I can predict future behavior of yours right, which also is useful in front running, right. Another thing about behavior. If I know your behavior, I can bribe you right? If I know you're compromising yourself in some way, let's say any behavior, a weakness, I may be able to bribe you. And then, of course, behavior is useful in controlling. If I know your behavior and things that you may want to avoid or things that you may like or things that you may enjoy doing. I can control you the last point. Their behavior is useful in controlling. That's very interesting. Right now, a lot of people feel that way about what's going on in this video is being recorded March, April, May 2020. So I have it here we are watching you, right digital devices, intentionally or unintentionally watch and monitor our behaviour. All of us are being monitored on this. Okay. For instance, Alexa has to pay attention to you when you say her name, right? So she has to be aware on some level of what you're saying, right? That's just a example of a digital device. Your cellphone has to respond when you turn it on or launch certain applications. Certain applications also monitor your behavior on those because they try to use that information to try to market more material to you. Not all. Okay. Applications on digital devices may collect meta information on you about your use. Let me tell you, some of the meta information is very useful is like when you use an app how you scroll through a nap, how you move your cursor over a nap. All of those things were very interesting there, like a fingerprint, right. And as the point here, APS do it too. Applications want to know why, how and when you use them. Because these offer Ossa insights into monetization. Now they're just trying to make money. Most of them are not trying to hurt you in any way, right. But hackers will get information from these applications, right? They don't necessarily have to compromise you. They can compromise the applications that store your information. Exactly. Spiral. It was a great example of a database of all kinds of behavioral information about people. And that was one of the worst, in my opinion, one of the worst compromises in cybersecurity. Because not only was there a significant amount of people in stored in that database, but that behavioral information is incredibly powerful. We'll get into one of the principles here in a second. As to why applications may request details about you before allowing you to use them. Think about an application that you use. It's like Tell us more about yourself. Tell us about this. Tell us about that, right? They want they want to go after that behaviour, right? They may even convince you it's no big deal. Hey, this is just an online personality test. What they're really capturing is your behavior. And again they may be capturing meta behavior. If I have an online personality test and you click on that, it tells me what type of things you're interested in. You like to think about yourself a lot, right? For instance, you see all these people posting? I'm an introvert. I'm judgmental. I'm an extrovert. I'm all these types. Why are people taking these personality test? Right. But what do you wait? What do you know about somebody who does those things? It's very informative, Right? And then applications may require other forms of identity tying behavior sets to date debt together. It's very concerning, right? So you have an application that ties to another application, and there's two different behavioral sets in those applications. And if a hacker can compromise to things, then he or she really knows a lot about our behavior. So the principle of behavior, we are our behavior. Okay, Behavior is private information, right? Or it's demarcated information. Maybe people only know parts of our behavior, but they don't know other things about our behavior. Right? And then behavior is Onley our business, right? So again, there is behavior that other people may know of, and there is behavior that does affect others. And there is an interaction. For instance, let's say you go to the gym on a regular basis. There are other people at the gym. They're going to be other people at the gym that know that. But those people, the gym, marginally not going to know all of your other behaviors. Maybe there are a few things, um, that they'll know about you by the Well, I'll say this on that we are our behavior. The happiest marriages that I've ever seen are people who get married, who have similar behavior sets. It's amazing, but it's it's very true. Everybody is always talking about when it comes to What is it dating? You know, they have to be this. They have to be this, like if a person is has similar behavior to you, you will be very compatible. It's just because you fundamentally are your behavior. You may like somebody who's different you than you in the short run, but they're gonna drive you crazy because you think about any relationship. It's a behavioral thing, right? That's what's really going on. But again, a relationship is private, right? It's not something that should be public. It's private, so even that should be kept secure. So why do we compromise our behavior right? If you think about why are we making this known Tuapse? Why are we making this known to our cell phone. Why are we making this known to Alexa like? What is? Where do we get this desire from? To compromise this information, which is very valuable right outside of again. The few people who on no ashore or in those certain situations where they will observe that well, unfortunately, compromise her own behavior for the following reasons. First, there's often a quicker benefit, right? Like messaging, a friend establishes behavior. Such is visiting a friend visiting a friend. There's no way, depending on how you do it, that a hacker is able to compromise your behavior right. Like friends defy text, my neighbor dine. Information could be derived if my phone is compromised to, let's say, Sim swap. But let's suppose I leave my cell phone here and I go visit my neighbor. I mean, it's like I didn't do that right. It's very interesting, right? So But there's a quicker benefit to just messaging my neighbor, right? It's It's easier to dio also convenience, right? Using a map is easier than memorizing route, even though I think the latter memorizing a route is actually better for our brains definitely strengthens it. But using a map on Google maps. But again, Google Maps also says a lot of things about what I do right, and if that information is captured in any way, there you go there that allows for scooping that may allow for bribing. That may allow for certain compromises. It also the reason why we also compromises sometimes is temporary, thinking it solves the now right. We use these APS. We compromise our behaviour because it solves. Right now. We don't think about what happens later, though. Okay, there's also low current cost. It rarely cost a lot to compromise our behavior or to expose our behavior right. If it costs a lot, then marketers would be at a loss, and that wouldn't be good. It also is because of consumptive thinking. We compromised our behavior a lot of times because it's we want everything now versus what actually enriches, and this is a big one that goes back to the early lesson on silence. If you think about it, part of the reason why we don't respect silence as a society or as individuals is because silence can actually enrich. It makes us think about things we actually value. Instead of focusing on just getting attention because when we get attention from other people, it may feel good. But it doesn't actually enrich us, right? And then, of course, our obsession with happiness. We may feel a temporary high right from compromising our behavior. This is a good example of this is any time somebody is in a positive emotional state, they will often compromise themselves unintentionally. They don't intentionally do it. But if they're feeling positive emotions, they may compromise himself because there's a temporary high and there's almost this invincibility that they feel even though they're actually at risk. And then, of course, I point out of here of the reason why we compromise our own behavior is because of the unknown. We don't know about risks that we don't know about right. We don't know all of the different things that hackers could do with our behavior, So because of that, we're willing to compromise our behavior. Okay, so definitely one of the big takeaways is the principal. Be behavior in this lesson is we are our behavior. Behavior is private information and behavior is only our business, right? So for the homework for the next week, write down on paper all your cell phone behavior by logging the time and activity, and this is going to take time. And by the way, I'm just doing the cell phone because I realized if I did this with a computer and tablet and Kindle and all that other stuff, it probably would be a lot for you. Also, let's let's just do cell phone, Okay, so and I know many of you will say what this going take a long time? That's right. But it's gonna make you aware of your behavior on your cell phones every time that, say, you pull up your cellphone right down the time of day, what APS you used right? And then when you stopped just your collecting kind of meta information on yourself and then look at that at the end of the week. Now, for the bonus, do this for a month, and I will predict that if you actually do of this for a month, you will see a reduction in your cell phone use because if you're writing down everything you're doing with your cell phone and your writing down all of the different tasks, you probably you're gonna be like you know, I don't want to spend this much time doing all this, so I think I'll just reduce my usage. But maybe some of you will are. Maybe some of you don't use it that much. Anyway, I actually know people, and I'm kind of like this myself where some people will really restrict their use on their cell phones. So it may not be something that you have, Ah, long list. But you you probably will still be surprised the time that you access it and then see how you know, predictable your behaviors. And if a hacker were to use this, if they could compromise you. 6. Security Principle 2: are in this video. We're going to be discussing the principle of demarcation, and we're also going to be getting into one of the most dangerous concepts in security and technology today. So what is the demarcation of use? So convenience is seldom secure. In fact, I can't think of any example in which convenience is ever secure at all. Every time I think of convenience or every time somebody so tried to sell me on convenience , what I find when I really think through it is that it's actually very insecure because think about it this way. If it's easy for you to do something, it's gonna be easy for a hacker to do something right. So as a case in point, I'll give you a simple example. Let's suppose that you disable all online banking or disabled all online bill pay. You disable any type of any type of technology that can access your bank account. Well, it's inconvenient for you to have to go into the bank, right. However, that means that hacker is not gonna be able to digitally hack you as far as your bank account, so it's inconvenient for you to dio. That's true but it's a lot more secure, right, so convenience is never secure. Now it may be convenient to do everything with one device, service or technology tool, but it's far less secure. If hackers compromised one device or service, they may be able to compromise other dividing devices or service. This is a concept called link ability. This is one of the most dangerous concepts in technology because most people think this is a good thing, and it is not at all so. Link ability is the design where one utility and we'll say a digital utility is tied to another digital utility, often for convenience or identification purposes. Now this is in the cybersecurity context. We're talking about likability, so link ability would be like, Hey, log into our Web site using your Facebook account were log into our Web site using your Gmail account you just created of link between. Let's say that Facebook account in whatever that services or that, uh, Gmail account and whatever that services. Okay, that's link ability. It's incredibly dangerous. Okay, Link ability is one of the biggest cyber security risks. Why? Because if a hacker compromise is one of those links, he is now able to compromise multiple of those links, right? Okay, so it is worth the effort to delineate your identities from each other. We'll cover that in a second. So a great example of this just in the personal realm and by the way I would apply this to the personal realm as well, is when you allow people to get involved in, let's say, a personal relationship. So this happened with one of my friends. She got married to her spouse and everything was good. They went through a very difficult period of time that most people do not go through in their first year of marriage. Basically, they had a major health crisis, and her family and his family were not being very supportive. And it was because there was too many links, if you would, between their immediate families and their marriage. And so they actually stirred up a lot of discord between the husband and the wife. And she was ranting to me one day and I just told her, Look, you and your husband have been through a lot. Most Mary people never go through that in their entire lifetime, and your families are actually doing more damage than good. They're not supporting you at all. But part of that is because you have to separate them from that part of your life. Like an intimate relationship should be between the two people that are part of that relationship. It should not be between other people. You really shouldn't go out and ran to other people about your your personal relationship or your intimate relationship. And so she did learn that from that. And once they got the family's away from their marriage, it ended up doing a lot better. That's a great example of how they were basically linking other people to an intimate relationship. And I don't mean to be rude, but that's just gonna be a disaster in general. And then another example of this, which really was the lightbulb moment for me. I was running a very popular blogger back in the day, not going to say what it is because I shut down. Nobody knows it, but the last interview I did on the block I was interviewing on this individual who wrote a book about how people could get other people fired from their job if they disagreed with him and the purpose the person was advocating this and of course I was willing to always listen to anyone. So even if I disagreed with him, I was willing to listen to them. But what I realize is if this person disagreed with people that they would go out and they would get people fired from their job and they would use link ability, they would use the fact that people are linking, you know, there let's say their Twitter account to their Facebook account or the linked in account to the Gmail account to so on and so forth. They would use this link ability to get people fired from their job. And the person admitted to me in the interview that they will go so far as even, maybe make up a story to get someone fired if they disagree with them or if they don't like a certain view that they have. And the reason why I put that in red, you've all been warned is when you have all of these links, you don't realize the danger you're setting yourself up for. It's not just hackers. It could be somebody who just doesn't like you right. And these links make it very easy for people to abuse that. So, you know, I hope that doesn't happen to anyone. But I saw this person organized campaigns that successfully got people fired from their job because they disagreed with people. And it was one of the reasons why I shut down the block. In fact, I had a Twitter account. This is back in the 1st 3 years of Twitter at about 3000 followers. But I was like, No, I'm done with this. I'm done with linking identities. That was a very dangerous thing. So the principle of demarcation with this is identifying the requirement of whatever the application is. The tool is the devices, whatever it is they need or want, then set up and use a tool for the requirement and never overlap. Okay, so let's look at this. We're gonna break this down by image here in just four squares. Let's imagine these are devices, but these could be applications, right? Let's imagine these emails. There were devices. Let's go with devices first. So we have a device for financial stuff. Let's say that would be our bank accounts. We have a device for personal. We have a device for fun. Personal would be like family friends. Maybe some learning. We have a device for fun. Fun Could be things like some people will download. That's a games on the Internet. Those games may come with viruses. The reason why separate fun out. You could put fun and personal together. You have to be careful about. If you're downloading things off the Internet, there could always be viruses on that just in general. And this is anything you could be downloading popular YouTube videos or something, and I would just be very careful, very cautious about that. And so it's better to have a device just for that purpose, because if that device gets compromised, well, it doesn't really mean much as long as you're not connecting it to your other devices. And then finally, we have a device for business. Let's look at this in terms of email, so we have an email address solely for financial. We have an email address for personal this to be friends and family, and we may even break that down when they have ah ah, friend, family email and a friend's email and then maybe an acquaintance email. Right then we have an email for fun that probably wouldn't apply as much. In that case, there might be just a email for other, let's say, and then we have an email for business. So for those of you who own domains, this is actually really easy to do. You can set up about six emails and have it going there, or you can you can use it with a combination of providers. Okay, so there's this principle of demarcation that were using were were taking the roles right at that word using the needs of the once. And we're saying it's only for this purpose or what not now I will agree. Some of you are gonna correctly point out well, if you have multiple devices, but they're all connected, connected to the same router, the hackers We're just gonna go after the router. And that is correct. And one of the things that I would say with that I mean, you can use to Internet providers. And I lived at a house for a while where the roommates and I, we actually had two different Internet providers so even demarcated that. But the other thing is, well, let's say in the case of fun, one of the things that I would suggest is let's say you have a Starbucks or you have a library by your house Recon. Connect to the Internet. You could always go download your things on a public WiFi right, And likewise, with your personal, you might do another public WiFi. So you're keeping your financial in your business separated in terms of your network. So, yes, if that is a concern, if there's any weakness there, that's something that I would suggest as well. And yes, you are demarcating even on that level. That traffic level keep in mind of the hacker is, let's say, going after the company. And I hate to say this. We've seen this with Sim Swaps, but Sim swap. Some of them have occurred because the hackers compromised companies so they compromise. That's a T mobile or Sprint or T and T or any of those providers. And what that means is, even if you do everything to secure your phone, they're actually going to the company itself, hacking it and then going that way. It's just crazy what hackers were able to do now so that the same is true with If we had, let's say, a router situation, they could compromise. That's a that's a spectrum is a case in point as a whole and an intercept traffic. So for the homework here we have to. The first part of this, and the more simple, straightforward one is what devices, services or other digital tools do you have that are linked to others? Just identify it right and create a map of these links. So, for instance, let's say let's say you use duo lingo and you connect dueling Go to Facebook. I don't know if that's possible, but let's suppose you dio like, create a map of like, all of the things that you connect to with Facebook, right, because you have a Facebook account waters, all of the other absent. You connect too, right? Okay, so create a link of all of that. And it's not just a Facebook. It could be do anything and then, as a bonus, here, develop a map that demarcates the link by function. So now that you see the map that you have in the first step, where all of the identities that you have a leaked, then look at that and say OK, so how should it be like, what am I using all of these four? Okay. And let me develop a map where they're all separated and then that will involve some work as to slowly but surely separating those identities. And there's functions from each other. 7. Security Principle 3: Now we turn our attention to elimination as a security practice. So if you think about the world that we live in right now, we are considered, too. Pursue MAWR more and more right, for instance, more social media, which is equals more link ability, as we've discussed. How about more pleasure or pain or absence of both? For instance, there's a demand in society for that same or pleasure, but likewise more pain you can. You can see things like What is it? Pain is weakness leaving the body. That's kind of like the inverse of the more pleasure people. But likewise, you also have the people who do. What is it, floating kinks? The idea is more absence in both of those that's just turn off our bodies again. There is a misunderstanding of functionality. There's a misunderstanding off people living towards their own vision. It's like people are just following these carbon copies of what other people are putting in front of them. There's also a encouragement of more information. Now, as I say, you're Mawr inculcation or indoctrination, right? I need to find out more about this and more about this. Keep in mind to some of the people in the last, I would say 10 years who have been talking about how there's just been. There's just too much information, you know, we need to go on a low information diet, especially right now in April 2020 and you can look up the time frame of what's going on right now. It's interesting that those same people have been saying that for the last 10 years are obsessed with information right now, so they're not following their own example. Another thing is, there's we need more. According to society. We need more money and wealth. We need more work and we need more play. We need to work more, but somehow we need to play Maura's. Well, there's just this demand for more, more, more right, And you could even in versus and say there's a demand for less less less, like minimalism is the other extreme. What what's missing in all of these again is whatever a person's vision is supposed to be for their life, like a person should be living according to their vision. So, for instance, for an individual, let's say that, yeah, in your vision, you are a doctor you might need more information for the function of getting more information right? That doesn't mean that you're getting more for the sake of getting more in your situation, you may need more information, and so the idea is that as long as it's it, it fits with your vision. That's what's important. It's not about following carbon copies of what other people suggest, right? So it's just kind of Ah, funny observation again. This this video is being recorded during the time frame of April 2020. You can look up the historical context of the statement, but I just made some observations about people who have emphasized things like stoicism, discipline, dopamine, detox is and fearlessness. Doc. Fearlessness is the one that that cracks me up the most because not even three months ago, people were walking around wearing shirts that said things like fearless. I'm not afraid of anything. Well, let's just say that right now they're all walking around, and it's very clear from looking at them that they're very afraid of something. So they were hardly fearless, right? So I've observed that some of the people like, for instance, there's an individual who wrote a book that lets or a book Siri's, That's, let's say, the four hour and you can fill in the blanks. But these same people are running around with their pants on fire. They're not stoic. They're not disciplined. They're not what they have presented themselves to be at all. I think it's interesting that the last 10 years they were talking about how their stoics, how they could just stay calm under pressure. Well, it turns out they can't stay calm under pressure. They are also more likely to over consume meaningless information, even though they were also the ones preaching low information diets. And then what I think is interesting is it's very clear to me that they're afraid of death , which, if you think about it, is inevitable, right. But if we fear death, we're going to stop living and they are doing exactly this right? So again, think about this world in which that we live in where there's there's no elimination, there's this encouragement of more. And what's interesting to me is that these individuals, in their own way, are encouraging their followers to get more of their information or more of their material . Even if it doesn't necessarily fit in with their life. For instance, if you were Amish, you don't need this course digital security because it's not gonna benefit you in any way like why some of you may live in some type of country context where you don't need any of this, either. Because you don't have any digital resource is to protect your digital information that's in digital. Resource is So The thing is, is that you wouldn't need a course like this. You wouldn't need something like this. This material is only useful to somebody who has something to protect. So the reason why you're taking this course is you're looking at ways to protect that. But if it doesn't apply to you, you don't need that. But I do think it's interesting that many of the people who have been preaching some of these principles do not follow these principles when push comes to shove. Also, in the last nine years, almost 10 years I've observed as well this is more on social media, just the observation of more and more of this and think about this from the perspective of link ability. People went from my space to then Facebook to the Twitter to than instagram to now it's tic Tac. That's the latest one. So in other words, there's this encouragement that now you need to go to the latest one. You know, it's it's now it's now it's tic tac. Before it was Instagram. Before then, it was Twitter, etcetera. And what's interesting is people are leaving breadcrumbs. Think about this from a security perspective, breadcrumbs behind and each of these periods, right by not eliminating by not or by even getting on these were actually opening ourselves up to attack. Likewise, by being dramatic about things going back to to this point right here by being dramatic about things. When we've preached stoicism, we are indicating the hackers how susceptible we are and how open we are to attacks, right? I mean, hacker can really exploited by the way some hackers are about what's going on right now, because they can see now that some of the people that were preaching like, say, stoicism or discipline or fearlessness or not, and so they can capitalize on that fear on those emotions. So determined values equal security, right? So again, going back to what we said about our vision earlier is depending on what you need to accomplish, depending on what you need. Depending on what's valuable to you, you are going to determine the values based on what you've learned, right. So by determining values, we increase our strength through elimination and positioning. If we determine that social media is not a value of ours, we eliminate a form of link ability right again going back to the example of the doctor. Let's say that you're a doctor and you don't need social media, right? Like you don't need this at all. Your there's especially in today's world. There is a shortage of doctors, so there's gonna be plenty of demand for your services, period. Right, so you determine you don't need this. You could eliminate this from your life, and that increases your security right. If we determine that the Internet is only good for information that we can use, we eliminate most behavioral tracking, right? If we only determined the Internets and good for just just getting information that may apply to us in specific situations. For instance, if we're protecting security, of course, like this may be useful. But if we determined the Internet is only good for that. We don't use it for these other things. I'm gonna you know, you use an app to track my diet. It's a very dangerous thing to do, right? If if I don't need that, I don't want to be using that right. I can definitely track that on paper, especially. I just kind of eat the same combination of foods, right? But if if we use it just for information, we can eliminate the Internet for other uses. If we determine that were most enriched to physical social contact, we eliminate electronic communication were strengthens our security, get all digital communication, could be compromised by hackers. Fact there. Right now, as I'm speaking, there is a recent zoom hack. A lot of people are using this this app called zoom and basically hackers can penetrate into calls and get into them and disrupt him, and there could be security practices for those. But it's irrelevant as long as your digital communication. There's digital hacks to that communication. We want to get away from using that type of communication if we can. And so again, if we're enriched, do physical social contact, we want to keep that regularly in our lives, for instance, to prevent what's currently happening right now. For most people, the smart thing to do would be to have family, because family is, if you think about it, regular physical, social contact, right with family members. So the principal elimination is on. Lee used what is absolutely necessary. Ask yourself this question. What is your vision? What are you living for? What are you trying to accomplish? Okay, what is absolutely necessary to do that? Okay, if everything else or everything else that's not necessary to accomplish that vision, remove it were work to reduce and eliminate it fully. Right? So again, let's say your student and you're going into medical school. Let's say you would, you may find And I had a friend like this who found that social media was very distracting . In fact, it was blocking him from his vision. So he eliminated it right, And then the other thing that I say here and this is a principle of whether it's Ramadan or lend or in various religions practices a lot. But the idea of seasons of removal, even if something adds value to your life, it's still good to sometimes go without it. I like the idea of Ramadan and indolent. I think those heir to one of those Ramadan is for Islam and lent us for ah sect within Christianity. But the idea behind those is that you kind of go through a period of going without something, even if that something is necessary so that you get kind of more in touch with you know who you are as well as June gently with religions, it's gonna be with it with a higher power that they believe in. So for the homework assignment here, what's a recent example where you felt or you were told that you need to do something? So somebody else told you that you need to do something that wasn't coming from you. There was somebody else telling you that. Okay. And how would you How would doing so have moved you forward to your vision, right? So think about that. When something like, well, you need to do this. Ask yourself. Does that move me closer to my vision now? If it does, by all means, that's good feedback from that person. But if it doesn't, it's not right So ask yourself what's your vision and doesn't move you closer to your vision. And again, I apply that to this course like again with with individuals like the Amish or individuals who live on a farm and have no digital anything, this course would be meaningless to them, right? But if you live in a digital world, this course may have meaning to you. So you shouldn't be distracting yourself with things that don't have value to your life in any way, right if it if it meets your vision, if any type of digital communication or digital information whatsoever. Digital wealth, it's part of your vision, by all means. And then as a bonus, I definitely suggested all of all of the students read, and you can get it free. Online, by the way, is the power of the powerless by Vaclav Havel, and you could find a free copy of that online. And that's because he talks about definitely a situation in which people felt very powerless. But he talked about the power that they had in those circumstances, and one of the reasons is it's difficult when you're in those situations, sometimes to feel like you're living for your own vision. But as he points out, you are living for your own vision, right? There's definitely security in the elimination of things that are unnecessary and getting back to what is basically required for a vision. 8. Security Principle 4: all right, we are in principle number four, and we are going to be discussing security through limitation. So one of the best practices in the technical community in terms of security isn't when we create a user, we give the user as little permission as possible. So let me give you an example. If you have any type of Windows or Lennox machine or Mac OS machine, you will have an administrator account that you are going to use for updates and things where you may need to get to provide more information. I should say for those rare cases, but you're surfing, User in general is always gonna be a local user. So, for instance, with Windows 10 1 of things that I'll have to have a local account. I call it a child account and has very little position. It would have to have administrative permission. That's the account. Always run it under back in the day with Windows seven and Windows eight, you could even limit the user to where you gave it, like, 10 minutes to be online, and so that really limits the amount of damage. If everything or if I should say the account is compromised. Well, the same is true with communications and everything else in case we're talking about the security principle of limiting whatever it is that we're using. So we could be limiting the technology like a device. We don't want to ever be giving a device too much permission, right? We could be limiting the user That's on the device. That could be like a computer that could be limiting toe. What? The device we have. You might remember in earlier lessons, we talked about elimination. So, like, for instance, we don't want to have Maybe that's a the Facebook account. Maybe we don't want to have a Facebook account at all. Well, we're still gonna have to have some type of setups that we're going to use. And what we want to do is we want to limit those even with those set ups. So, in terms of communication with other people, we all do have a tendency to meet the tendency of others. Right. So we tend to to follow whatever the pattern is of others. If we think of a bell curve for those of you who are familiar with statistics, you can think of where the majority of the bell curve is in that center, that is the normal right. Abnormal would be details, but the normal would be kind of in the center of that bell curve. So, for instance, friends or family want us to join Facebook. Instagram download an app, responded. Their texture calls, etcetera. We tend to get as much information from people, or we tend to give as much information from people as a case in point. Let me give you I'm gonna pick on myself with emails. For many years. I would receive emails that received What was it HTML. And I've gotten where I don't do that because one of the things that they could do is they can put images in the in the HTML that detect whether you read the email or not. And so now I just get the If somebody sends in a team out email. I mean, I get all the code and it's really ugly. For one, it it destroys the effectiveness of their cells pitches, but the other thing as well is it. It's there's more security. They don't actually know if it was read or not, and so it's because I'm just getting plain text emails, so I'm picking on myself. But that email story there is is one where I didn't do that for a long time, and and it was a way in which they could track you. And I'll tell you one thing about a former hacker that I knew who got in trouble and then eventually turned into, ah, good individual. One of things that he told me was that they hackers tend to use the same techniques that they see and copyrighting. So copywriters, you know, want to know if you're engaging with them. Well, hackers are going to do those things as well, So conversations or topics that draw interest in focus right now is April 2020. Some of you, if you look just let's say you're a couple of years ahead of time. If you look at the stories right now, there is a topic that everyone is talking about. This conversation is just dominating everything and learning to learning the discipline of not talking about it right. Everybody else wants to talk about it, learning how not to talk about it, learning how to have a separate conversations, religion and politics. My grandparents used to say You never talk about those topics A lot of people do right. They can't stay, They can't stay quiet on those topics and that's one of the things that day would advise us to My grandparents would advise is to is to stay away from those. Also, we make ourselves available as possible. In some cases, sometimes we don't, but we tend to be more available even sometimes when we present. And then I like to say this right here. But remember external risks. It's not just us, right. It's not just the fact that in this, by the way, this applies to, uh, computers well. But it's not just the fact that I'm texting you or you're texting me. It's the fact that let's say I am, Let's say you're not compromised. If you're texting me, if I'm compromised, then the person knows things about you threw me right? Well, think about communication in terms of the the Internet. Like technically, when you access a website, you're communicating to that website, right? Well, if that website is compromised even if you're not compromised, that website is right. So there is behavior of yours that is compromised so this communication could be between individuals. It could be between devices. It could be between machines could be through the Web, etcetera. So restriction freeze, Right? So we're not talking about elimination again. We it's only we can eliminate everything from our life. We may eliminate things that are unnecessary back to the earlier lessons or the earlier principles. I should say that we've learned that we may eliminate things like Facebook or Instagram if we don't. If we see that they don't add value. But if there's things that they that do add value to our life, for instance, having a computer and accessing our bank account, so then what we want to do with that is we want to just restrict that, right? So let's think about some of this in terms of these, these factors here that some of the errors here that we tend to engage in MAWR information may put us at risk or others at risk. So counter party risk, as I mentioned images as compromise right, an image that detects if you've read an email that may be a point of compromise, right? A hacker can use that in just like a copywriter can use that. Another example here would be managing multiple forms of interaction, results in higher risks of attacks and a loss of energy. Right to think about it this way. So if we text people and we call people and we message people on Facebook and we message people on instagram, those are multiple forms of interactions. Those open up a variety of ways for a hacker to get us. Maybe hacker can't go after us on Instagram. Maybe we're pretty tied down there, but the hacker may be able to get us through one of those other routes, right? So having those multiple forms of interactions is going to result in a higher risk of attack of loss of energy, responding to enticing conversation exposes our weaknesses. My parents were really good at this, By the way, if you if you want to think about it, parents tend to know where we're what tends to draw our attention. So just consider that when you're thinking about what in my weekend, like what topics of conversation do you struggle to avoid talking about, right, So just keep that in mind. Just be aware of that when it happens, so that you aware of this is kind of a weakness of mine again Might My grandparents would emphasize what? What is it? Religion and politics. And the reason why they would emphasize that is because those tended draw very passionate responses from people and then always being available gives away key metadata two Attackers they can exploit Urgency. Keep in mind that if you have your cell phone with you wherever you go, they can exploit urgency. But if you don't let suppose you do evening activities and you leave your cell phone at home and you go do your evening activities, hackers can't exploit urgency. Right? Because you're not you're not. You're not around your cell phone all the time, right? So they can't exploit that. So keep that in mind about your availability and how you're giving that away. Whether you're available may be true, but maybe you don't want people to know that you're always available. Always think of that girl that I dated in college who said, you know, like the reason why I don't have a cell phone is I don't want people to be able to get a hold of me at any time. So the principle here of restriction or limitation is we need to receive as little information as possible. And I would say that we should provide as little information as possible as well, as long as it answers questions that we don't want to be so short with our friends. That we come off is unfriendly, of course, but we don't want to be providing more information than unnecessary. By the way, one of my favorite stories of this you can see this in the documentary if you ever watch zero days, is they were able to compromise whoever they were. Whoever developed Stuxnet was able to calm prize the Iranian facility because of a picture . There were pictures that they had posted from the facility that gave away positions. So just a little picture help compromise that facility. So keep that in mind, giving away too much information, even something as simple as an image ended up helping whoever develops Stuxnet to attack that facility, um, and then make people meet on our turf. So what do I mean by that? We don't want to join every single possible site or download every single possible app. Now there may be a few exceptions. Maybe you're the kind of person who will. But for the most part it's gonna be exhausting if we try to manage it that way. So we want to stick to some basic lines of communication. Or maybe we want to stick to some custom lines of communication. If let's say you're like, No, this is the standard. They're gonna have to meet me on my turf. But let's suppose you let's say pros. You prefer Facebook Messenger didn't stick with that right? You don't have to dance through everybody else's hoop. They're like, Well, I want you to join Instagram and you're like, No, I mean, I'm a piper for Facebook Messenger. You have your reasons why you prefer what your turf is. Make people meet you on that turf. And I know when it comes to dating, this is for me in general. But there was activities that I enjoy doing, and those were the only activities I'm open to doing. I'm not open to doing other activities. I know who I am. And and so people conjoined me in those activities or they don't right. And if if you're one of those individuals whose like, well, I'm gonna do whatever they want. There's nothing wrong with that, but keep in mind that can get pretty exhausting after a while. Number three here respond when appropriate. Right? So appropriate doesn't necessarily mean when the other person wants you to respond. It's when it's in your best interest to respond in terms of your life, what's what you're doing as long as, well, as, I mean as as well as what is the most secure method, right? And then avoid being drawn in. And this is one that I'll have the homework assignment around, because this one is very difficult, and that's becoming aware of when we're being drawn in to either topics of conversation or just things that were things where we're weak, basically. So how do you tend to violate these principles of restriction or limitation? And how can you strengthen this? That's the basic homework assignment here, and then the bonus assignment, and this is this is a very reflective activity, so it does take some work, but following any communication, this could be text email call etcetera. Grade yourself how well you think you did and how you think you can improve, so give yourself like a letter grade. You know f or D or C or B. You're a So you know how well did I dio? And was I drawn into something I didn't want to be drawn into right? And that's because that's where and I've seen give a story in a second. That's where I've seen people be compromised is they were very passionate about a topic. But the problem is, they didn't realize when they were expressing their passion about that topic. The person who was asking information did not have the best interest in mind. One of my good friends, she is very passionate about a social topic. I'll leave it at that. And one of the things that happened with her in Hacker was a hacker got her to give away a lot of information about the social topic related to her personal, identifiable information. By kind of drawing her into one of the things like the hacker did with her was like, Well, you just don't know what it's like to have kids, And she was like, Yes, I do. I have three kids and then the hacker would say well, but if you had daughters, you would understand. She was like, Oh, yeah, I do all three of my kids or daughters You see how she is revealing more and more information about herself and what the hacker was doing, which was very clever, was knowing that she was passionate about this topic. She was drawing her into this long conversation where she would reveal more and more information about herself. And pretty soon she had compromised ah lot of her information without realizing it, because she was so passionate about that topic. So it's a great example of where just reflecting over where am I being drawn in at that can expose a weakness that you can identify very quickly when somebody tries to draw you into that in your life appointment. This person's a stranger persons, a stranger on the Internet doesn't matter what they think or what they think about what I think, right? And so that was one of those situations where you can see in that in that bonus homework assignment that would really have helped is being aware of the things you're passionate about and being drawn into those could be a huge, huge risk 9. Security Principle 5: final security technique that we're going to learn principle of security is, though you're as a security technique now. This may seem counterintuitive, but it is something that is unavoidable. And so failure is one of the ways in which we can increase our security. So let's start out by telling a story about three examples. Which and two of them go together, Specter and melt down. And then we had exactness exact. This was a behavioral compromise that very few people knew even existed. They didn't know this marketing company existed, but it was one of the major attacks in the last 10 years. The other major attacks were specter and meltdown. Now, Specter and meltdown were to compromises that affected pretty much. One of one of the two basically affected any platform. So regardless of who you were, basically you were affected by this and what was awful about Spector and meltdown, and you can definitely look in research more details about these. But they had gone on for over a decade. In other words, this compromise had been in place with computers for a long period of time, and nobody had known about it. Not only that, when the community discovered it, and this was recently they tried to secretly patch it, but that ended up exposing what they were. And so, of course, hackers had an insight. But it is very clear when we look through the history of some of the hacks that have occurred that more than likely, there were hackers that were aware of these two issues and they were exploiting these many people were not aware of. Now, the biggest take away from this is that you will hear people that will say this is a way to protect yourself 100% that does not exist. It is a complete lie. There is no such thing as protecting yourself. 100% fill your will happen right as specter and meltdown prove. You had people who were experts in the community that did not see this for years, and when it was exposed, it was very embarrassing. For all the people who said this technology will always work. You're always safe. You can never guarantee that. Okay, So even if on our part we did everything right, we're still dependent on others and their technology on some level. Okay, So counter party risk means future attacks for inspector and meltdown. That wasn't anybody into any individual's fault. If you think about it, if you just don't a computer and you're using your computer for banking, specter and meltdown You weren't part of the hardware design. You weren't part of the software design, right? You had nothing to do with those. But you were using platforms which were susceptible to those right. Our lack of knowledge also will lead to attacks. But it's not possible for us to know every single thing, right? So even if we know as much as we know and we're good at what we know, we still don't know everything. So our lack of knowledge consulted lead to attacks. And then our contingency to communicate opens us to attacks. As as humans, we want to communicate. We want to interact with others. But every time we interact with others, and since a lot of interaction now is digital, the problem is that does open to attack. Well, we have to accept the fact that we can't just completely isolate ourselves, never talk to people, right? We're gonna have to talk to people, and we're gonna have to accept the fact that some of what we reveal maybe compromising points so failure will happen. OK, we will sometimes revealed too much digitally, right. We may reveal too much information digitally that we shouldn't. We will experience our digital money being hacked. This one is kind of a point that I have to check a little bit about because anyone who has been in the Bitcoin community for a long period of time and by long I mean over seven or eight years, I know how long I've been in the community. You are going to experience your Bitcoins getting hacked at some point. It's just going to happen. If you haven't, you've gotten lucky. But it will happen. And if it hasn't happened out, will happen in the future. People who are in the crypt of token community, you're just gonna experience an attack. It's going to happen if it hasn't happened to you. Keep bragging. It will eventually happen to you. And the people who brag the most are generally the ones who end up getting humble later on . So you just have to expect that this is going to happen at some point and prepare yourself for it. We will lose digital information again. We may rely on a website or we may rely on some digital information that someday disappears . We didn't expect it right, and all of a sudden it's gone. This this happens quite a bit. We might accidentally lose that digital information. Okay, so there will be a failure if we're reliant on that. And suddenly that disappears. What we depend on then, right, we will experience a digital platform being compromised. Spectrum meltdown. Great example of that, right? We were We were using these platforms, but we didn't realize there was a weakness in these platforms. And again, it's It's not on us, right? But yet it still happened. Exact. This was another one. A lot of people had no idea that their behavioral data was being collected by a firm like exactness. It's amazing that that's even allowed, but it was right. And so, even though it's not on us, that's what something that happened. Okay, we feel digitally betrayed by others, right? People or companies. Even if we're careful, right? You might say, OK, well, I've only revealed some information to keep people, and then those key people end up stating things that you never gave approval for. For those of you who have been married, you probably know this very well. Like one of the really annoying things about being married is when your spouse reveals things about you to other people that you're like, Wait a minute, that was just between you and me, right? And so let's that could be a very big source of frustration. For people who are married is the fact that, unfortunately, somebody gets comfortable with you. Are there super comfortable with their friends? And so they go around revealing things like, Oh, yeah, we bank at this place. You know? I remember telling my wife one time like we're never we're never, ever going to reveal where we bank Well, she violated that immediately with her family, and it was like, This is not acceptable. You do not say where we bank. You do not say these things, and it's it's one of those things. Even if we're careful, right? Other people in our lives aren't careful because people love to brag, especially, it's it's it's amazing they love to get attention. So the principle of failure, especially as it relates to security is number one. Failure will happen even if we're careful. Right? So you're still gonna happen? Ah, failure exposes weaknesses. For instance, let me just point out in the story with my wife in terms of her revealing the bank account to the family or her revealing which bank we did that immediately taught me. I have to set up my own bake. She's not gonna be on it. She's not gonna know about it. Why? Because she can't keep her mouth shut, right? There's just certain information you don't share with people, cause it's like if you can keep your mouth shut, you violated that. Well, you know their spouse doesn't matter. He got to learn to be quiet and had something about people in relationships. They can just They can't say too much. Right on. Then, of course, tell your strengthens when accepted. Now, I point this out on the wind accepted because to the example of Bitcoin people, let's say they get their Bitcoins act or whatnot. And I'm gonna pick on this one because I think this is a good example. They will often learn from it if if they accept it, if they try to blame others. And they're like, Well, this is the fault of the exchange of this is the fault of if they try to always blame other people, they don't get strengthened from this situation. That the same thing with credit cards. I'll give you one of the best techniques you could do with credit cards, which is a principal off, ah, limitation, which we talked about earlier. But one of those is to keep your credit card limits your available credit very low, right? So, like $2000 is available credit or $1000 right? Why? Because even if a hacker get your credit card, they're not gonna be ableto rack up very many. Ah, lot of charges, right? That's a principle of limitation. If you think about it, replied principle of limitation. Well, so let's approach. Your credit card is hacked or that's so somebody gets access to it and the bank doesn't reimburse you for whatever reason. And guys, I've been in this situation where the bank didn't even though there was a hack on it, you have to decide how you're gonna proceed. If I were to blame the bank in that case, Well, it's their fault in Baba, but the problem is I'm not gonna learn anything from that. And so what I had to do in that case, by the way, I closed down the credit card. I terminated the relationship of that bank and it didn't matter, even though they finally apologized like a will reimburse you was like, No, you guys burned a bridge here and and you know that I did not do that. You know, you could reimburse me for this, but that was where I learned the principle of limitation. Right, Which was Keep your credit card at a very low limit. And for those of you who have credit card, you'll know credit cards are always trying to get the limit higher, right? And part of that is when push comes to shove, they may say, Oh, we're not gonna reimburse you for that hack, right? You just don't know until you're in that situation. And there's, you know, let's say $50,000 charge on your credit card and they're like, Oh, we're not gonna reimburse you for that even though we know you didn't do that and you can go take, take the company to court. Assume maybe it'll work out for you. But the fact is is, if you learn in a painful experience like that, what you can do is you could become stronger in the future by putting more limits on things or buy whatever it is that you should learn from that situation. So that failure did strengthen me because I accepted the fact that Number one I shouldn't do business with that bank anymore. In Number two, I need to not have a very high limit on a credit card. It's not convenient at all. Despite what we think on again, convenience is seldom secure, and the bigger thing is it's it's definitely not secure. So this last point failure strengthens when accepted is that we are 100% responsible for what happens to us. Even when we feel like we're not responsible. We take responsibility so that we learn and we grow and that's very hard. So even though that looks like an easy statement to say, that's very difficult, right, because our natural tendency is it's everybody else's fault. It's everybody else's fault. But the principle of failure means that we are 100% responsible for what happens to us. So even though it's not our fault, we have to learn from whatever happened to us. So for the homework, more than likely. And I know myself included in this I've learned one failure as I'm gone through this course , right In terms of teaching it, I can identify all kinds of failures. But I mean, everybody can look through this lesson like it may be the principle limitation. It may be the principle of elimination and maybe the principle of failure. Like, for instance, when you fail, do you not take responsibility? Do you point to others? Right. So what is one failure you've learned that you've done as you've gone through this course? Okay, And how can you stop this or avoid it in the future? So again, let's let's just say it was the principle here of failure that supposed that you do have a tendency to point to others or blame others. How can you stop that were avoided in the future? How can you immediately take responsibility? How can you train yourself to do that? Let's suppose it's the principle of limitation. Where do you feel in technology that you're not limiting it in your life, right? And how can you improve that? How can you stop allowing it everywhere and avoid it from penetrating every part of your life and limited right and then, just as a bonus, review each lesson again and identify failures you've made in each area and how you can avoid them? I know for a fact that if I look at every one of these principles, I have been in violation of them in the past, and I may still be in violation in some areas, and I have to continuously improve. The good thing is, as you improve, then you'll identify other weaknesses, and they will be able to improve in those weaknesses and then improve and so on and so forth. But each lesson in these principles think about these principles and how you can avoid them in the future and how you are and where you've been in violation of them in the past. And so that's kind of the bonus that does take a lot more work, but at least in the minimum, identify just one that you've learned in this course. What is a principle that you've been in violation of, and how can you approve that in the future? 10. Specific Security Tactics: Now that we've discussed the Five principles of Security, we're going to cover 19 security tactics. Every one of these tactics are basically applied techniques of those security principles. And these tactics should also give you ideas for other security tactics that you can use and those would be tactics that you want to keep secret just for yourself. So these are some tactics that you can use or that you can build on or that you can get other ideas from. And some of these are gonna come with stories because it will make more sense when you hear this story. So number one never use your cell phone for identity purposes. People love to use her cell phone for identity purposes. Don't do that. Sim swapping has made cell phones very dangerous. Tools number two never give out multiple forms of P II data. I had a friend of mine who just with two pieces of information, and I'm not going to say what they were, but with just two pieces of information, she experienced, Ah, horrible hack. Where there was identity theft along with theft. It was it was just insanely bad, but all it was was two forms of P II data, and what was amazing is it was a non profit organization that got her information. So there are very few exceptions to this rule. Maybe employment would be one. But whether it's auto insurance or whether it's homeowners insurance or whether it's a nonprofit, just don't do it. Okay, so understand what P I I date is now. This is private, identifiable information and our personal, identifiable information, depending on who you talk to. And I would say stay away from giving out multiple forms of it right outside of your name. And I even know some people who go by their middle name instead of their first name. For that reason, Number three keep your device is up to date, especially security updates. Pay attention when you see security updates and immediately updated Number four. Avoid having devices on when you're not using them. There are some exceptions to this. For instance, I know people will keep their cellphones on because they use it for multiple purposes. But when it comes to like computers or what not to keep him off, keep him unplugged. Number five. Cover the webcam and microphone with the duct tape publish. You need to use either a story. This one was funny. I had a friend of mine who sent me an email and in the email body. It said I caught you on this website looking at this videos or what not? And I'm about to send it to all of your friends unless you pay me Bitcoins and yada, yada, yada, yada, yada. Well, this person happens to be the kind of person who covers her microphone and their webcam on a regular basis. So they were chuckling, right? Because they were like, Yeah, you didn't catch me doing any of that And you could tell that these people are sending this email cause it's effective. The mood majority of people are not covering their webcam or they're covering their microphone, right? And so it's something that they don't think about, like when they're on their cell phone or when they're on their computer when they're on their tablet that if somebody remote into that computer, they can turn that on secretly. And by the way, there are software tools for phones as well as computers as well tablets that you can install secretly on someone's device. And, yes, you can actually access them or you can you can see through there. What is that? Their microphone in the webcam? It's It's crazy. So it's one of those things that he just laughed with email, and it is true. It's funny for somebody who covers it up. But for somebody who doesn't, they might be panicking when they get that email like, Oh, no, all my friends and family are going to see when in reality they probably don't even have that. Its just a fake email. But it is. It is something that hackers are capable of. So it might be really You never know. But the fact is, if you have it covered up, you have to worry about that. Number six. Avoid mobile banking banking as much as possible. Not gonna go really into a lot of detail on this, except that's a great example of violating the principle of limitation, because what's happening is the mobile devices. Number one are not secure, and if they compromise that mobile, the wife's they're gonna have all kinds of power. Number seven on Lee have APS installed on your device that you use not that you may use If you're not using it, don't install it until you actually use it, right? So avoid ever installing APS that you don't use right? How is just all I need this app But I need this app. Don't uninstall all of the games that you don't play right. Don't keep things on your device that you may not use. The reason is anytime you install things on your device, it comes with a lot of libraries. Those can potentially be risk factors. Number eight Test Trust story here. I've already mentioned this with with my wife and that was just the violation of trust in terms of their certain things that you don't share with other people. And she would share information like where we banked on all of that. And there was a family member who tried to get access to that information. And it's because they had her information right, so they could pretend to be her right, depending on the family member. And so that was a great example of I don't want people sharing in that type of relationship . I don't want people sharing it with other people, like where we bank is private and as far as like, was it Whoa. If you write a check or whatnot, well, I don't write a check, right, and there's We'll discuss this in a second. But layering there's a method of layering that can protect a bank account. So, um, it just you just never know. And by the way, I can tell you I worked at a bank for a while and a lot of fraud happens in families. It's It's sad but true. Number nine Use multi factor authentication, but not with your phone. So the story I have here is a well known Bitcoin. Er used his cell phone for identity purposes in multi factor authentication, and a hacker did a SIM swap on his phone, got his phone and was able to reverse engineer Loggins. Still all his Bitcoins and I was back in the day when Bitcoin was a lot faster. To be fair, he only lost about $2000 because Bitcoin was like 300 at the time, though he didn't lose the upward potential. But the fact is, is everything can happen very quickly, and he was using his phone for multi factor authentication. Don't ever do that with your phone. Your phone in your cell phone, especially, is not a secure device is a very, very dangerous device. Number 10 layer authentication and spending. Though this is not layering, that's illegal. This is layering as faras having a security layer, right? So let's say that you have a bank account where you receive your money. Layering would mean that you would have a credit card that's independent of that. Now you might pay the credit card right through like some type of bill pay service, or sometimes check service so that credit card institution gets the payment. But that credit card is not directly linked to your bank, right? So if you think about it, there's a layer on top of that account right there is that credit card that's on top of it , and that is not illegal. You can look it up. You can have a credit card, and you can pay your credit card with a checking account. Authentication is the same way, right? Layer your authentication. Meaning don't have all of your emails backed up by one email. What do you think the hackers gonna do if they're gonna CAC the backup email. So have each of your emails. There should be a backup email to that email, right? So let's say I have email one email to an email. Three. Will I'm gonna have email. One. A backs a female one email. One Be backs up. I'm sorry. No one email to a backs up email to email. Three. A Backs up email. Three. Right? I don't I don't want to have email. Let's say one. A backing up in a 12 and three. Why? Well, because if the hacker hacks email one A, he can compromise all three other emails, right? So it puts a barrier of entry and again with hackers. We can't stop them 100% but what we can do is weaken. Delay them. So layer authentication. Think about that. Number 11. Keep stroke limits on credit lines in credit cards. Okay, so again, this is principal of limitation here as well. Credit lines, credit cards. If you keep a strict line that they that they hacked, that they're still there doing very minimal damage. Right Number 12 this is related to that depends on the person. Use your credit course credit score for security. Some people do not believe in debt. Ah, lot of Dave Ramsey followers don't believe in debt, and for that reason they can screw their credit up intentionally just so that it can't be used. It's true. There's not much a hacker can do. If you have bad credit is the reality of it. If you have a 500 credit score, what are they gonna be able to dio? I mean, even if they get approved for a loan, is gonna be very low one, right? So again, that's not appropriate for everyone. But for some people, use your credit score for security. Think about other things you could do with that as well. That prevents people from using it. There's credit freezes, an alternative to people who just don't like to use debt Number 13. Never click on links and email. Look at the company and call them for the number that you have listed. Okay, and I also put here I put that never there, so always have a company's number that you do business with. What does that mean? It means let's say who you have your mortgage with. You need to have that companies number independent of anything they would ever send you by email. So never ever, ever, because when people say go to the website, well, websites can be hacked to. But if you have the number, I mean, if you're doing regular business with the mortgage company or a homeowner, homeowners insurance company or where health insurance company should have that number Number 14 never accept text messages with images unless you know the person. And even then be careful. A lot of people trust people who send messages, and again, some of these messages can have tracking things in them. So be very careful about accepting text messages with images. Okay, if it's ah, number that you've never seen before, I'd be very careful. I would stay away from that number 15. Never trust someone trying to get you into an emotional state when they don't know you. Big one online. I see this, and I've mentioned this in the April 2020 video. I highly recommend you watch it. There are a lot of people who are emotional right now, especially online, and it is amazing how these emotional states get people to reveal all kinds of things about themselves. Okay, So related to this, a good homework assignment related. This would be to learn emotional states like sadness, happiness, disappointment, anger, fear, frustration, etcetera. Be aware. Any time you're in an emotional state, any time you feel emotional, think about that. Right. And really reflect because you're weak in that moment and you you can lash out. You can. You can say things that you shouldn't say the other thing, too, as you may reveal information that you shouldn't reveal. Okay, practice security every day. We are behavioral creatures were not logical. Behavior is practice. That's what behaviour is. It's consistent. We do not do things because urological we are creatures and behavior, okay? And a lot of people we like to all things that were logical. But we're not Okay. 17 treat experiences as penetration tests. Okay, so play a game in your experiences. What does this mean? Let's say you're setting up a bank account. Okay? Treat the experience with the banker as a penetration test. Play a game where you try to reveal as little information as possible to set up the account , right? And so it's like a practice. You like, simulate this practice evident. You go to a coffee shop treat that experiences a penetration test. The person at the counter is trying to find out things about you and see what little you can give up. All still being friendly. Be friendly, but don't give up things right. Learn how to engage in deflection. Now, don't don't be rude, but deflect things like, Oh, how are you today? That's a great question. You know, I have to say, you know, the way you ask. It has a lot of energy. So I didn't even answer the question. Uh, treat experiences like that, right? Treat experiences as penetration test and it's it's fun. It's a It's a way in which you could make your reality a lot more fun as well, because what you're doing is you're learning to reveal very little about yourself. Number 18. Be careful with consolidation tools. I'm not against them. So password managers or consolidation tools they consolidate everything into one. There is a story hero with a company that I worked at, and they used a password manager. Unfortunately, it was compromised, and that gave the person who compromised it unlimited access to their environments. Not luckily it was a start up, so that wasn't the end of the world. But if you use a consolidation toe, I would be very careful with how you let's give access to that. So, for instance, let's say a company uses a password manager on Lee. Give people as much pit permission as they should, so that even if that person's account is compromised in any way, they don't have access to everything in production. They may, when we have access to, like one server that they work with kids and just be very careful with consolidation tools . Ah, lot of times, especially password managers, people think, Oh, it's safe, it's secure. Therefore, it can never be hacked and that that is just lazy thinking. And unfortunately, that's just the way it works on the number 19. Avoid the wrong crowds. Good principle of elimination here. Some people and you'll find this out in time are not. They are portraying themselves in one way to get you to compromise yourself in another way . They're not who they say that they are. And if you if you just watch any video in general on YouTube, especially several videos on cybersecurity just in general, you will eventually see things like hackers who become informants or hackers who try to get other people the hack so that they don't get in trouble, etcetera. And unfortunately, in the security community, there are people that are attracted to it because they're the wrong type of people. You just have to learn that in time. So I'll give you Ah story of this. I was at a meeting, but I don't want to go into detail on the media, but it was It was a good discussion. Unfortunately, I realized, and I stopped attending these meet ups, it tended to attract some of the wrong crowd. Most people that what we're good, but about 30% of the people that went we're not good. Well, this one guy was complaining one time because he was in a certain business and two agents from the Department of Homeland Security came and visited him, and he was ranting about this and I told him, Look, dude, here's a deal now. This is to be fair. I joined the LDS Church at 18 so this is probably a very LDS thing to say, but it was like if the Department of Homeland Security is coming and visiting you, then you've done something that you shouldn't be doing. Your attracting the wrong kind of attention, right? And that's not a foe. Pawn them. It's like, What were you doing to get them to come visit you? Right? Uh, and it's because the average person has never had the Department of Homeland Security visit them right, because they're not engaging in things they shouldn't be. And if if you knew this guy's business, you would know again, it was the wrong crowd. Over 60 to 70% of his customers would have been the wrong crowd, and it was one of those things where it's like you just have to think about that before you do think so. If you're ever in, like a meet up, maybe you're trying to learn something or what not? And you realize you know this is everybody here is in the wrong crowd. That would be something to consider not going, or if you could just identify the people who are part of the wrong crowd, just avoid them in general. But it's something that and I will say they're they're just communities that are like that and you'll. You'll kind of get the vibe. Like who? This isn't where I should be and just avoid it. But there's a great quote by Solomon from Proverbs 13 20. He who walks with wise girls Wise, a companion of fools, suffers harm, so that's a good principle of elimination. When you detected, it's the wrong crowd. Definitely get rid of it. So those Air 19 security tactics every one of these tactics. If you go back and look at the principles of security, you'll realize they're applied principles of security, right? And so this is going to give many of you other ideas about tactics you can use in your life based on those principles. So that's one of the reasons why I discussed the principles first is because from the principles you can start to apply it by looking at various tactics you can use from those principles to build a better secure 11. File Attack Example: in this video, we're going to actually looking at and doing a demo that involves and one of the concerns that I point out with cell phones. Now we are going to do an innocent demo. So while we are going to use a technique that unfortunately hackers use, we're gonna be doing the innocent version of that where we're going to be putting in a secret message into an image. And so this is something that you can, you know, have fun with your friends on. So it's not bad. But it does demonstrate how people can ad files to images that may be something that compromises us. So just as a quick story before we get started, I had a friend of mine who would get messages from, let's say, a family family member of hers, and she would open these images and, you know, they were images that she enjoyed. But what those images were actually doing is they had little malware applications in them that would be tracking her. And so the Stanley member of hers was just a very controlling person, and they were using images to basically infect her. Ah, phone. Well, the reason why she was able to discover this by accident when I investigated it is her phone started acting funny one day when I believe it was. She was trying to switch on Internet connection from WiFi to her network and things started crashing on her phone and what it turned out as these little malware fouls in the images were trying to connect to the Net to to do things that would track her behavior and then send information. And so, in their attempt to connect, when she shifted networks, she was able to spot some fishing behavior. And that's when I looked at it and we didn't know off the bat. Keep in mind this is always a concern. We didn't know if the family member was intentionally doing this or just accidentally downloading images from the Internet, and they had malware in him. But what happened was when her family members sent her another message in job. Oh, really think about this, By the way, if you ever spot someone may be trying to infect you intentionally, one of the things you could do is say, Hey, um, I'm not going to be opening that that image or What not Ah, something happened with my phone. So hey, just show me that image when you see me and her mom insisted and insisted that she opened the image. And of course, that's when we started to to realize that her bomb had been sending her malware. So a Z, you can see here is an image that we got I just or I grabbed off of picks. Obey. There is nothing wrong with this image. It's a great image or a like flower that's kind of shedding flower pieces. And so what we're going to do is we're gonna put a secret image in this secret message in this image. Okay, So what we do is we have this secret file here of the secret dot text and all it hasn't. It is. This is a secret message, and we have the image file right here so we can see the image fall. We can see the secret message and you'll see the saved image. I'll show Highlight that in a second. But we have these two fouls in the same directory in case I notice that Simon see import images and you can demo this along. What we want is we want this secret message to be in this image right to this secret message to be in here. What we're going to do is we're in the command proper going to use the copy binary command , and we're going to combine two files were gonna combine this image following the secret text into one image, which is this saved image. That's gonna be the output. Right? Okay, So what do you see here is that is exactly what I'm doing. I'm doing copy, and then I'm doing slash b and then I'm doing image Jay Dodge a peg plus secret dot text. And it's out putting this saved image on day pick. So these two are being combined. And this right here is this This saved image is the outpitch output saved image on Jay Peak . And so we see the two fouls that air combined, and then one file copied, which is this created foul right here of the same damage. So if you run this, you will get this this saving saved image. So we see the final result, of course, is and let me show just the image. It is exactly the same right. We don't see any image are very secret text in this image at all. We don't realize that this is different. It's the same as theory journal, right? Doesn't look different at all. But what we have. In fact, if I open this binary editor, you'll notice that here's this all of this this binary code, basically, that makes up this image. And at the very end of this image we have, this is a secret message, right? So we see that that's what week we got from this right here. Okay, so this right here what we're seeing combining two fouls is a technique that hackers Unfortunately, in this case, in this friend of mine her mom was doing with images, she was combining these with our right now I'm not doing that because I don't want to do that. I don't want to show students how to do that, but this is a similar technique, unfortunately to what her mom was doing. And so I want to show students that this is something that you could do with images. And this is why I say to be very careful with cell phone, cell phones or not, security devices, especially considering how most people use them. So we have to be extremely cautious. And we see that now it's true that we can have a lot of fun, right? We can send images to friends with secret messages and and get him in an exchange back and forth. So as I told you all the story, um, when it relates to mobile phones and messages, I would be extra cautious with security when it comes to images, video links, MM s or text combinations. These also could be a concern. OK, should be very careful. These right here I would recommend not opening like not following a link, not opening a video and not opening an image. I realize that and I should include songs. In fact, I forgot to clued songs on here because that that happens as well. People will send a little clip of a song. I realize that that's probably not the most popular piece of advice to give a lot of you probably like Well, but I like doing this, you know, back and forth of my friends. And I understand that, But just keep in mind, these can be compromised. Okay? So unless you really know what you're doing, be extremely careful. It's a bad habit to get into, And it can definitely open you up to some tack that to some attacks, so you might ask. Okay, Well, how do I with my family or friends? How do I get around that? And so, like that story that I gave you with my friend and her mom, I would say, I mean, there's two different templates you could suggest. One of them will just do the standard security is Hey, you know, for security purposes, I don't actually open attachments or images or video. I appreciate that, but I just I just don't do that for security purposes. But when I see you next, remind me and so that you consume me that image, that's one. It's a very security approach, but you don't have to tell a person that if you don't want to, some of you may prefer the more social technique right, which is use it as an excuse. If you're like me and you're very extroverted, use it as an excuse to see the person, right? Okay. Why don't you send me that video showed me that video. We get together next time. You don't even have to include anything about security, right? You can just use that as an excuse to see the person again. And so this is what I prefer to do is more of the just the socially extroverted thing. That's okay, Let's get together again or what? Not in general, I will say. And everybody is a little bit different. But if you're if you're probably if you're more extroverted, you're probably like this is because you probably spend more time in person than you do over text, and that is training individuals that no you to spend more time with you. What is it by by meeting you in person? Right? And so that is something. I had a girlfriend one time. Make fun of me. She's like You're not much of a texture. But then she pointed out, of course, you're also very extroverted in person, so she's like You tend to be more social and want to hang out with people and be in groups and, you know, throw pool parties and during the summer, have fun. And that's the thing. Like, I'm just not on my phone very much. And so those individuals you're gonna find they might send you an image or two. But they're going to realize eventually that you're really not that. But if you do need to use a template again, these are not templates that are, like copyrighted at all. Of course not. You could just use him if this standard security one is hate for security purposes, I don't open up any images or video, but next time you see me, show me that I want to see that. And then, of course, if you're just very extroverted and this will just mesh well with you, just just tell him, Hey, next time we see me, go ahead and show me that and it's because it goes well and you're probably going to see them very shortly. So this is just a fun little experiment that you can try. I suggest that you all, uh, try this as well and seeing, you know, put little secret messages and images, and you can have some fun with friends. This is innocents. So none of this is anything that could potentially harm anyone. Be very careful, though, If you're gonna go search the Internet for other things, but I wanted to show you that you can see that if you opened up this image, many of you would never have had any idea that this out of secret message in it. Right? And so that's my point and something that I would caution you about the same thing with whether it's video, whether it's links could just be redirected. But video or images. These things can be combined with other corrupt files that you never know are looking. So just be extremely careful with your cell phone. And that's one of the reasons why I wanted to include this with a little demo that we saw the result off. 12. Time Relevant - April 2020: These are the final videos in the course. And as you can see all of these videos that follow after this, our time relevant, so security does not go away. Thes will be discussing specific techniques of security. So while the principles of security are the same, and every situation or what I mean by that is, we apply those secure or those principles and at any situation, time relevant content is certain things that maybe at risk at a present time. So as a case in 0.1 of the earlier examples I mentioned was Sim Swaps 5 to 6 years ago were starting to become a risk. Yet nobody wanted to discuss them. And even though I wrote for technical publications at the time, those technical publications didn't want to publish any information about them because they didn't really know very much about them. And so they chose Well, we'll just keep people in the dark about them. And I thought that was a really bad idea. And that's part of the reason why I created this course was I no longer have editorial control over content that's gonna be useful for those of you who are viewers So I'm just gonna put up the principles of security as a review that behavior demarcation, a limit elimination, limitation and failure, and this is just to review these principles and how we can apply them to every situation. But one of the things to point out with thes thes principles is how we're gonna apply these to any type of new situation. So currently, and your composites video and look at the slides if you want to review them. But currently, what's happening in April 2010 20 is that the media, how people in an emotional state and this state is causing people to expose themselves? Okay, now, if you've read the Book of the Art of War by Sun zero You know, one of the things that Sandhu says is Do not use arms because of your emotions, right? So, sons, who would point out that we should always be emotionally aware of what we're doing? So if you think about what we've learned in security thus far, hackers have a huge advantage over us if they can get us to expose ourselves. So if you think about the very preliminary lesson we learned that silence is one of the most powerful techniques and security. But hackers right now are they're able to get people to expose themselves without them even doing anything because the media are doing. This is a case in point. One of the examples of one of my friends highlighted the other day was there was apparently some article that was written in the news, and people on various social media platforms were reacting to this by talking about what they were going to dio. That's very dangerous because sitting there and ever saying, This is what I'm going to do digitally is it's like you're telegraphing your next moves to people who are total strangers on the Internet. You should never be doing this. And it's a great example of where, because the article had gotten people in this emotional state, as she was highlighting these individuals were literally It's like they were telling, you know, people all around the world where they were going to move their chess pieces next. So if you look, you're going to see many people exposing their emotional state as well as revealing behavior and personal details because of this, I mean, think about it. This way. I was trying to remember the article, but the article was talking about how they were going to use cell phones to track behavior or something like that. And so there were people who were like, Well, I'll just take out the battery of my cell phone or all this Baba block And it's like they're not stopping and thinking, Wait a minute. If I say this online, first of all, they're gonna be able to track that. Now they contract when you turn your cellphone off right? So it's like, Why are you saying this right? It's like they just want to be rebellious and they want to say something instead of wait a minute. I'm revealing key details about myself, and it's like they could just be doing those things and not say anything but notice they can't stay silent. Sorry, in violation of the preliminary lesson that we learned. But the other thing is, well is like in their emotional state. They're giving up their behavior right, and they're also revealing something, which is they don't have a lot of self control. So for students in this course, the thing that I will say is for the next 30 days, and this could be anything. If you're watching this video, by the way, and let's say the year 2023 still apply this because it's it's a good challenge for the next 30 days. Stay completely off of all social media. No Facebook, no Twitter, no instagram, no any. But whatever whatever is popular in the future and stay away from all media in general, do a 30 day fast, completely go off of it, right? This is really good mandatory practice of getting away from revealing anything about yourself digitally, right? Because you can't you're literally going 30 days without it, and this practice will help you get away from what's going on. But right now, one of the latest I should say compromisers or risk factors is this this heightened emotional state that everyone's in their revealing things about themselves and people aren't stopping and reflecting on. Whoa, because I'm in this emotional state, I'm actually giving up information, and there's already been an increase in hacks, and some of those hacks are The hackers are exploiting this sense of urgency because people are in this heightened emotional state when people are in a heightened an emotional state. They're more likely to be in an urgent state as well. And hackers are exploiting that. So for students in this course, this is a challenge so that you can get away from that heightened emotional state that you can get away from that urgent state and that you become more aware of your own behavior. So when you're in that state, you know Hey, I need to take 30 days away from this before I can kind of become reasonable again to again follow son zoos. Point of we should not be using anything because of our own emotions. 13. Time Relevant - May 2020: welcome to the month of May 2020. I am going to be releasing this video in the middle of April 2020 because one piece of information is going to be happening upcoming in May. And I want to give students those of you in this course, the earliest alert that I can. So the first thing to note in the first image we see add emergency information, help first responders find important information. This is information that your phone requests and this is true regardless of what phone you use, though, they may have different ways of asking for this information. This is incredibly stupid to add into your phone. Your phone, if you add this information is not secure at all. As we've already discussed in this course, it is one of the most dangerous instruments many of you have. And I'm gonna be very blunt if you add emergency details. This is giving away pieces of your identity that if a hacker were to compromise your phone , they would have access to. So this is something that you never add into your phone. Now, the good news is we can come up with a very easy alternative, and that easy alternative is you can create a laminated card or card of some type that has thes details, is a physical copy and you could like a laminate it. You could do something that protects it, and you could simply wear it on you. Or you could take it with you with your phone. For instance, if you have a phone cover one of the ways that you could do that if you could put it inside of your phone cover and then put your phone over neath it. So if you think about how most phone covers now granted, there are some people that have, you know, what is a double double sided foam covers, so it it opens up. But I'm thinking if you have the one that usually covers the back, you put the card on the back and then you snap your phone in and then it's with your phone . But the thing is, is that it's It's on a physical. It's a physical piece of information. It's not a digital piece of information. That means if a hacker get your phone, they won't have any access to this emergency information. Whereas if you add it into your phone and they hack your phone, they will have access to your emergency information. And that will generally tell them very interesting details about who you are as an individual. So you definitely do not want to ever be adding this information into your phone. I don't say that you shouldn't have emergency information with you, but if you're gonna have emergency information with you, it needs to be physical, and that needs to be clear. Okay. Also, I want to point out that if your phone, if you have a lock on your phone, what this actually tells you, add emergency information. Help first responders find important information that if you have a lock on your phone and first responders, let's say you're in a situation where you cannot respond to people who are trying to help you. You do realize that what this means is that there is clearly a baton or that people can get into your phone, right? I mean, that is exactly what this is. Indicating is if first responders could get access to this information. How are you as an individual gonna be protected if you leave your phone out and somebody pretends to be a first responder and let's say they're a hacker. So keep that in mind. This is actually very disturbing right here. The fact that this is even possible means that there must be some way in which people can bypass something in our phones. Now. It may be that they only have access to that. What is it? Important information. But the fact is that important information is something we probably don't want the average person to know. We only want the appropriate people to know. So you've been warned. Okay, Michael said the easy work around here is just to create, like, a physical card or some type of physical copy of that information and put it where it's secure on you at all times. All right, now, coming in May 2020. You see, on the left hand side of the screen, there is an article about two very popular pat platforms for cell phones, and this is being stated as potentially a huge step forward in the fight against, Of course, he who cannot be named, which is currently what I'm calling it, okay, and this is very fascinating because there's there several disturbing things that are going on here. But one of those disturbing things is the fact that this is an emergency situation, supposedly, and because it's an emergency situation, you are noticing that what they're doing. If you read this article, is there basically violating a lot of principles, good principles of security? And they are They're doing this in the guise or under the guise of this is to keep people safe. It's to keep people safe, but it actually is opening back doors that hackers will be able to use. And I can assure you that for every back door that you open to keep people safe, hackers are gonna be able to exploit that, and they have in the past, and they will continue in the future. So the game being played around all of us is emergencies and securities. Any time there is an emergency notice how people act when there's an emergency and notice what people want. They want more security, but ironically, their demand for more security is not going to make them more secure, right? In other words, people are panicking about this the situation. But in their panic about the situation. They are not considering the context of security in the future. Right? This is another thing that a friend of mine who is a doctor and does research pointed out. But there is a There's a study that's being done and has been done for the past almost decade. Now, where she is finding that people who use what is it this hand sanitizer? She was telling me this, um, they may be at risk for what is it cancer? Because hand sanitizer might be a carcinogenic compound. Yet people are putting on it on themselves right now like crazy. And I think it's very interesting because, like this right here that we're seeing people are so focused on the current problems that they're not thinking about the bigger picture. Right? And the bigger picture is Wait a minute. Could this potentially open me up to hacks in the future? Right. And for the record, this is not gonna be optional. For those of you read this article, this is gonna be something that's mandatory. So what? What is one of the workarounds here for for those of us in this course is regardless, your phone is going to track you so you should just not use your phone for certain things. Finances one of them, right? That's a very dangerous thing to do. But you realize that they are putting compromises into your operating system in the name of security that hackers are going to be able to exploit and mark my words just like the sim swapping, which was an unintended consequence of a law that was passed way back in the day. There will be unintended consequences to this that will be very devastating that will lead to major hacks. So you've been warned ahead of time. The good news is you're in this course of your warned ahead of time. Whatever you do, do not use your phone for any financial thing whatsoever. Do not use it for two Factor authentication. Do not use it as a phone number when you call in to Let's see your banks. Do not use it for any type of identity purpose especially related to your money, because this right here I can assure you hackers we're gonna have a field day with this. There's there's no way you can put in a back door a tracking system like this and not open yourself up to all kinds of hacks. Okay, So the most important principle is silence. Okay, related to this and what I mean by silences and the principle of limitation, I should say silence and limitations silence in the fact that we're not gonna be using our phones for everything. That's one of the principles to be learning the other thing as well as limitation. We're gonna limit the use of Java phones since they're using phones to track us, which is fine. And they have the right to do that. I mean, technically, this is their operating systems. We're gonna be very stringent. How we use our phones were not gonna be using it for purposes that could put put potentially put us in danger later on, such as getting our you know, our financial contact. By the way, I know a lot of people that use banking APS. They deposit things by their phone. They get bank statements by phone. All of this is so dangerous, so dangerous, it's just not smart at all. And then what can we determine about the future from this information? Well, think about people in the way that they're acting in relation to an emergency, right? If people act this way in relation to an emergency, what are they going to do in the future when there's future emergencies? Let's just suppose, let's suppose hypothetically, I don't know if this is predicting the future or not. We'll see if this happens. Let's say, 10 years from now, the next major emergency isn't a health care crisis. But the next major emergency is a major hack that occurred because of all these unintended consequences here. Okay, How are people gonna act with that? Okay, based on how we know they're acting today, they're going to give up even more of their security, right? So they're giving up future security for whatever makes them feel secure in the moment, even though it's it's spelling more danger in the future, right? We can rest assured that any type of future event people are gonna follow the same pattern of behavior. Okay, so we have to take full responsibility for our own security. Other people are outsourcing their security to apple, to Google, to the government, everybody. The fact is, this is not gonna make a secure in the long run and these are opening up bag backdoors. They're gonna have unintended consequences. Okay, now, finally, with both of these noticed a security context behind all of this. Both of these are giving hackers mawr tools that they can use in the future. Right? So they're empowering hackers, but they're doing it in the name of what? Oh, this is this is for emergencies, right? Like we're doing this because we we have to do this as an emergency. Same thing, emergency information. It's all about creating this this urgency. We have to do this. Now. We have to do this now, right? OK, but what is something that should be obvious to all of us? Well, it kind of foreshadows the future. If this is how people act now about there about any type of risks or whatnot or any type of urgency, they're gonna act this way in the future, right? And the other thing is, Well, that should be obvious to all of us is, these are not going to be secure in the long run, right? That these things could potentially open us up to big time hacks. Right? So what is this fundamentally mean in relation to these type of things. Well, when we see this information, we should ask herself, is the unintended consequences of what the's are discussed it all. And the answer is no. Okay, so one of the things that you learn in economics and there's no reason to take an economics course. So I guess it could help you if you do. But one of the things that you can learn from economics is just that there's opportunity cost with everything, right, so nothing is free in life. So if we're going to, let's say, have our emergency information in our phone, which is very convenient, right? Well, but there's an opportunity cost to that. What is that Opportunity cost? Well, if we can get access to it, other people could get access to it. Not so secure, right? And likewise, Er's an opportunity costs to have all of this tracking done right. That opportunity cost is we're opening up a back door for hackers to exploit, so that may be an opportunity cost we're willing to experience. But we have to be clear to ourself upfront. Are we willing to go through those costs? And if we're not, we're not gonna be able to stop Apple and Google from doing what they're doing. And I'm not saying that we should know. I mean, let them do what they want. They are private companies. I am advising students to consider how you're using your phone. And considering the fact that there's gonna be new back doors added to your phone, you might want to consider not using it so much. You might want to consider reducing your use of debit. You might want to be very careful how you're managing. Let's say your money or what Not now, with your phone, you might be careful what you do with that. You might be much more limited about it because these tools air coming out and these tools are things that hackers were going to be able to use and access 14. Bonus Content - December 2020: In this video, we are going to be looking at one of the concerns that I raised quite a few years ago when I was talking to a friend. And he said that hardware wallets and this was for crypto, tokens are absolutely secure and there will never be a compromised for them. There's no way hackers can do anything. And I said that's not going to be true because what that is based on is the person who is saying this did not know of how they could be hacked. Therefore, they assumed that that would never be the case. Well, unfortunately, as we see, that is not actually the case. And security researchers have found some flaws in these and found ways to exploit these. So I'm not going to read all of this because some of this is very straightforward. But for those of you who already know about these, but I highly suggest, and this is from, as you can see, the full URL Hill from, because firstly, we're gonna go over some things in a second. But I'm not going to explain, for instance, what does it, how hardware wallets work? I think most people understand how they work and what they're for. But if you don't, then definitely read this article, but this is how to hack hardware cryptocurrency well, from Casper ski. So it explains how they work and then explains that there's two they did discuss two types of compromises. One for ledger and then one for a treasure. Keep in mind what they're doing here if we think about what we've learned so far in this security courses, or just understanding how they work, they're looking at their work, how they work or how they function, and then thinking about what flaws they would exploit, right? And so you can see that for instance, in ledgers case, they're looking at the chips. I will remind people of the what is it? There was two compromises, spectra and melt down and those involved definitely vulnerabilities that existed for a long time that people didn't know about. So keep this in mind because it's applies to hardware wallets. Just because people don't know about something doesn't mean it's not susceptible to an attack or that there was a period of time that is susceptible to an attack. So what we see here, you'd discuss, however, even storing cryptographic seeds in a protected chip doesn't make ledgers device entirely impenetrable. For one thing, although it is very hard to hack into the secure element that's the chip directly and steal a cryptographic seed, it's relatively easy to compromise a general-purpose microcontroller and therefore deceive a hardware wallet to confirm an outsider's transaction. So what I love about this is what they're pointing out here and this is why I want to highlight this. You don't necessarily have to hack the wallet. You might be able to fool it, right? And so if you can fool it and get it to confirm transactions that you don't want it too, then that's one way. And so I definitely suggest that you all read more information about that. I am doing kind of a scroll here so that just in case for whatever reason they takedown article you can read what they're talking about. But in Treasures was also very interesting. I thought how they went after this one was very clever. So as we can see, treasures approaches the cryptographic seed is stored in the general-purpose microcontrollers flash memory. Now let's pay attention. This is very, very interesting. So trismus devices work a bit differently. They don't use secure element chip, so everything in the device is controlled by a single chip, a general-purpose microcontroller based on ARM architecture. This chip is responsible for both the cryptographic data storage and processing and for managing the USB connection display about sums and so on. Theoretically, this design approach. Make it easier to hack the devices firmware and thus get access to the cryptographic Steve's stored in microcontrollers flash memory. However, as researchers said, Chester did a really good job with hardening the firmware. So researchers had to go for hardware hacking where they found success actually went after the hardware here. Now using a hacking technique called the voltage glitching. So this is applying lowered voltage to a microcontroller, which causes funny effects. And the chips, they switched treasures one chip state from no access to partial access, which allowed them to read the chips RAM, but not the flash storage. After that, they found OUT when that When, I'm sorry, the firmware upgraded processes started that ship places the cryptographic seed in RAM to retain it while the flash is being overwritten. In this manner, they managed to get all the memory contents of contents, finding the cryptographic seed and this dump at turned out to be no problem. It was stored in RAM unencrypted. And there you go. I think that's very fascinating because again, it goes to show if, if they couldn't do it one way, they'll just go after the hardware. So they couldn't go after the firmware. He went up to the hardware, bubbly, I believe there was a compromise with Leger recently. And the compromise with Leger resulted in a lot of email addresses being exposed and hackers, what they've done is they tried to spoof being ledger. This is what some of my friends were saying. So, you know, then there's social engineering as well. So this isn't listed in this article, but now you have social engineering going on and it's very interesting by the way, there's a video that you can see. So let's talk about it in the second discourse. So three questions I have. How can we use dentally delineation knowing that these may be compromised or maybe easier to compromise if we don't. What does the best strategy overall for having hardware wallet? And then what is one technique regarding used that we should consider regularly? And I'm going to have a fourth bonus on here. And now that I think about it, which is exposure in general. And because I think that's good, that's a good thing for, for students who, who marched the full thing. Okay, so first of all, how can we use delineation knowing that these may be compromised or maybe easier to compromise. We don't keep in mind not all of you have hardware wallets. Some of you may be considering them, and of course some of you may be reconsidering them after watching this video, which is very good by the way, you really want to think about that because these do some of them cost quite a bit. Some of them are relatively cheap, but still you're spending money on something which may not actually be living up to its promises. It may not be nearly as secure as they sing. And in the long run, we haven't seen some of the other hacks. These are just some of the ones. And so the initial promise, and this was when I was at least five years ago. And for me it was four years ago, four or five years ago, people were saying that these are absolutely secure. Nobody's ever going to be able to get into them. And I knew that was wrong, of course. But the idea is that this was kinda the promise. I can see how some people feel maybe ripped off if they feel like, well, wait a minute, this isn't quite as secure as I thought. So the first one I would say is on the question number one is if you're going to use these, I would have a separate laptop where you do everything on these. And that is just in case you have any of the firmware that's compromised. The problem with doing it on a main laptop is there's numerous ways in which an attacker can go after you. So having at least a separately, separate laptop for these. And the problem with that is, and I know some students may say, Well, that just increases the cost. I agree. And that's the problem cuz you have to have a give it a separate laptop plus you have to have. Actual wallet. So that's definitely a principle of doom delineation that we can use. As you many of you know, in this course, I've already recommended this, but you should have a separate laptop for your finances. Your main laptop that you do. Money transactions should not be the laptop that you do. Anything else. You should not be surfing the web with your financial transaction laptop and never, ever do that. That's very dangerous. I don't care if you have to add that factor authentication. Yet, it doesn't matter. You should not be surfing the internet with your financial laptop. Okay, so that's strategy number one. If we're gonna be using hardware wallets, we wanted a separate laptop. There are some very cheap laptops out there. We just need to make sure they're compatible. But as long as they're cheap enough, that seems to be a hundred and seven hundred fifty dollars. And then we have that alongside of a hardware wallet. If you're going to do a hardware wallet. Again, after reading this article, I'd be really reconsidering that. Okay? And number two, what is the best overall strategy for having a hardware wallet? Number two, and this is a big one. And I've been saying this for a while with the cryptocurrency community, but this is very important. If you have a hardware wallet, you have to do this. That is, shut up. Be silent, Be quiet. You do not talk about the cryptocurrency community, right? You do not talk about your crypto tokens. If you're going to have crypto tokens, you just pretend like you don't write. It just blows my mind when people take screenshots at their ledger and they're screenshots, are there nano or screenshots of there? What's the other one, the treasurer one or whatever it is. And look at how many bitcoins I have a look at how many this I have. Why in the world are people saying this? And I've, I've already said this story many times, but there have been many people in the crypto token industry that have been hacked because they were posting screenshots with a hacker can figure out very quickly what you're using when you're posting screenshots, right? If you are going to be involved in the crypto token community and the fourth bonuses, I'm going to tell you how you don't have to be anymore. But if you are going to be involved in the crypto token community, shut up, right? Or you're getting a better, you're getting an exceptional return, right? So just leave it at that and always think about this. If, if the goal is just to get attention and not to get a good return, well then just pretend like you're in the community when you're not. Like, do you value the return or do you value the attention? If you value the attention than just get attention without being in the community, then you don't have to worry about being hacked because you're pretending that you're part of the community. But if you're part of the community and your value, the return, that just don't talk about it because the return is what matters to you, right? I do not understand why people cannot stay quiet, but I will say this is a great thing about social media, is that each training people, that great thing as a bad thing about social media is training people to talk when they shouldn't be doing that. You should be keeping their mouth shut. And so many people cannot do that. So that is the best overall strategy. Silence, silence, silence. You don't have a hardware wallet, you're not in the crypto token immediate community. You don't talk about it. And in fact, asking questions like, what is Bitcoin? That's great. When you're in a group of people. What is Bitcoin? It's also good because you see how many people could actually explain it. Well, if you like Bitcoin or if you like a theorem or whatever it is that you like or don't like. You can see how well other people could explain it. But in groups of people pretend as if you're not part of the community, right? And that's the thing, it's the same thing with this course and the students, and I keep saying this to 1% of the 1% of students are the ones that keep this material quiet because you have a huge advantage over other people who cannot help but talk. People who talk are weak. They lack discipline. It's the easiest thing you can do is stay silent yet for some people, this is just rocket science. Okay? And then number three, what is one technique regarding use of we can consider regularly as already settled separate laptop. But number three. The answer to this one is don't overuse. Why do you think people would constantly login and check the hardware wallet? Because they're using it for transactions that they do. They should be keeping the crypto tokens on like an exchange for like regular transactions or in like some type of a mobile wallet for that type of stuff. For hardware wallet, when it comes to use, this should be long-term savings. You should, you should treat it like a savings account. And if you know anything about rules of savings accounts, usually they restrict the number of withdrawals you can do. That's how you should treat these hardware wallets if you're going to have them, what that means is you shouldn't access them except very rarely, right? And this this constant like logging into accounts and looking at your accounts, that's just exposes you to more and more risk, okay? As I said, a fourth bonus here. One of the questions I don't ask on the screen here is we're talking about exposure. A lot of people are buying Bitcoin or buying a theory and we're buying whatever dash, whatever, Z cash with c as one light coin or, or SRP, that's right for exposure. I'm gonna tell you right now, there's other ways to get exposure and there's probably more ways worldwide, at least where I am in the US, they're starting to become ETFs. These were OTC ETFs. And that's one thing I don't I do not recommend them at all as investments. But what I am letting people know is that if a person just has to get involved in the Bitcoin community right now as a case in point, I'm using Bitcoin as an example. Right now I would be like, well, you don't necessarily have to buy a Bitcoin. There are now these ETFs out there that you could consider those as well and they're within your brokerage. And it is true that many of you would correctly point out, well, aren't you kinda outsourcing their security to other people? What happens if they get hacked? That's true. And that's why you have to do your due diligence. If you're going to get in involved, you have to do your due diligence as to how any insurance is protecting any of these things. I, my viewpoint of the crypto token community and this is digital money in general is it's just, it's highly, highly, highly, highly risky. People are not understanding the risks. If there was a cyber attack and everything was taken offline, that would be a problem. You can potentially get hacked. That's a problem. People would just pretending like the cyber world is always going to be around and there's no evidence of that. And we know how insecurities and it's a potentially very dangerous. And by the way, this last year in 2020, I think about how many people expected lock downs to occur and the economy to be turned off, right? Well, what are people not imagining right now? Well, they're not imagining the entire cyber world being just disabled for three months, right? What happens if that occurs? I mean, every every bit of your digital money is not able to be accessed. Now again, for those of you who've been following along in this course, you're probably in a better shape than most people. They they handle that because what I was saying early on as far as insurance, right. You know, you have a good idea. But the bottom line is, is that this is one thing that I cannot warn people enough is like there's risks to these digital assets and generals, whether it's ETFs or whether it's, you're buying it directly. There's definitely risks to these. But I will say that if somebody doesn't want to go through all of these security principles, right? Like if they don't want a hardware wallet, they wanna get involved in Bitcoin and I'm using this as an example, but let's say they want to get involved in Bitcoin, but they don't want a hardware wallet. They don't want to buy it on an exchange. They don't want to have a mobile wallet. They just want to potentially expose themselves to it. Because I think people are saying it's an uncorrelated asset or whatnot, there is a possibility that they can look at. There's at least two ETFs that I'm aware, at least in the US markets and probably in other markets as others. And so that is an option as well, but that's not something that I would recommend. I wouldn't recommend this community for people who don't have a really strong stomach because of all the security that people are just completely overlooking. But either way, the good thing is I highly suggest you check out this article. I think it's a really great article called me. Many of you will get a lot out of it. But this is a great example where everybody was saying a few years ago that there was no risks involved in all of this stuff. And I remember very vividly people saying this and what I knew at the time is they just hadn't discovered a weakness. But there's going to be more of this. And trust me, this is only the beginning. There's only a couple of things listed here you can see and this isn't 2019. But I can assure you we're gonna end up finding out a lot more in the long run.