Hacker Advice, Vol. 2 — Don't Trust, But Verify to the Maximum
By nature, all technology users are 100% vulnerable. Or in the words of the gaming industry, their XP is 0, making them an easy target for just about anyone.
But that’s a very pessimistic outlook, and we all know that some have managed to get out of this mess. But how did they do it? How did they manage to gain XP or reduce their IT vulnerability percentage? And is it even worth it?
These are the areas we will focus on in this article. We will share a few tips, why each of us should be interested in it, and how to be inspired in your personal life by the approach of progressive companies called zero-trust.
Change Is Salvation 🌱
It’s no longer the case that change is life. If we don’t change our approach to personal cybersecurity, then there is neither life nor salvation for us. And changing doesn’t hurt that much.
When end users are not responsible in their approach to security and adherence to basic procedures and processes, it can create other problems like a domino.
Let’s give an example. The basic pillar of user responsibility is the timely installation of upgrades and updates. But few people adhere to this, so companies have taken drastic steps — we will protect you by force. Some providers have started to forcefully install new versions and patches. But then it can simply happen that a bug has crept in somewhere and the update or upgrade is not working.
If users paid attention to these steps, these inconveniences could be largely avoided.
90% of regular end users use Windows and their responsibility is not at the highest level — that's why, for example, Windows enforces updates and Linux doesn't.
But how does this change in mindset and attitude translate into user behavior? How should it translate into your life? Let’s start by making sure that you always have updated devices.
Yes, it can happen that an update or upgrade appears at an inconvenient time, but don’t postpone it more than twice. Some systems make it easier for us today, by reminding us in the evening, for example — take advantage of that. Bonus points for those who proactively check once in a while if an update is hanging in the air (this also applies to applications, not just the operating system).
The next step occurs when choosing a new device. You may have already noticed this. Android devices from different providers do not have the same conditions with regard to security. Each manufacturer specifies which version will be installed on the device, how long the device will have support and security updates.
Just for fun. One manufacturer of non-traditional phones (that is, non-traditional for today) is covering holes in the market. They make ultra-small smartphones or QWERTY phones. A great idea, before you look at the fact that these devices run on OS versions that are several years older than the current one. If your phone is your main device, you’d better forget about the appearance and put security first.
At the same time, keep in mind that vulnerabilities and holes in the system do not only affect user devices. They can appear on network elements and IoT devices, including today’s cars. So don’t forget to ask someone who knows about this for help to check the security of what your knowledge and experience are no longer enough for.
If you don’t do this, you can lock your house with all your valuables as much as you like, but in the meantime someone will whitewash your bank account.
Why? 🤔
Why should I care? What’s the point? I don’t need it. I’m safe enough. Such opinions are like something made for a big mess. Although security measures are extra work, this is an area where hard work really pays off.
There are groups of people all over the world who actively search for holes and vulnerabilities, and not all of them have good intentions.
- White-hat hacker ▶️ is someone who breaks through a vulnerability but doesn’t exploit it. If they have the opportunity, they’ll fix the hole and let you and the provider know that a problem has occurred.
- A grey-hat hacker ▶️ is someone who hacks to educate themselves in this area. They’ll report the bugs they find but won’t exploit them. They’re basically a bug bounty hunter, but there’s no bug bounty waiting for them.
- A black-hat hacker ▶️ is someone you’d be happy to avoid. Once they find a vulnerability, they’ll exploit it to the fullest. Moreover, they publish or make this vulnerability available so that others can exploit it.
And now we will connect the bad intentions of some hackers with the types of vulnerabilities so that you can see why the activity of each of us is so important.
Zero-day ▶️ A vulnerability that has not yet been discovered and no one knows that it exists.
Unpatched ▶️ A vulnerability that has already been discovered, but there is no patch to fix it.
Patched ▶️ A vulnerability that the provider knows about and has already released a fix for it. It is, for example, part of updates.
Hackers not only look for vulnerabilities, but also trade them. And the one that is cheapest for them, but at the same time they make a lot of profit from it, belongs to the third category. And their success depends on how active we, as users, are in updating our devices.
When we do not use updates, we actually serve the hackers the easiest target. And they will not shy away.
Zero-trust 🔒
As the name suggests, this approach involves absolutely no trust in devices, systems, users, or other elements that our devices come into contact with, for example, over the Internet.
As a matter of principle, we should not trust any software, but we should first thoroughly check it. For example, it is a good idea to check that its provider is trustworthy and that the source from which you are downloading it is also trustworthy.
For example, mobile app stores try to have a screening process to help us with this. However, malware is not always caught. So don’t rely on someone to do the work for you.
If you learn to apply the zero-trust approach in your life and teach it to those around you, you can prevent any of you from becoming a victim of scams. The key is to think and not rush.
Cybersecurity Is No Small Matter 🛡️
In today’s online world, the stakes are high. Don’t be surprised by attacks, but be prepared. It will come in handy as cybercriminals will use even more sophisticated tools, some of which will be enhanced with AI elements.
Your cybersecurity is in your hands, don’t leave it to chance.
