idk if you’ve drawn this before but!!! tiny fae token w big mushrooms pretty pls 🥺🙏

Tips To Secure Your Information From Cyber-Criminals

Cyber-Criminals are nasty worms of the society and they may be working as a part of an organization or like for an individual agenda. However, they’ve had the power and knowledge to access your most precious data. If Cyber-Criminals want to target a particular company, for example, they can find vast amounts of information on that company just by searching the web. The Cyber-Criminals can then employ that information to exploit soft spots in the company’s security, which puts the data you’ve entrusted to that company in danger of getting compromised.

Think of your home computer as a company. What can you do to protect it against cybercriminals? Instead of sitting back and waiting to get infected, why not equip your-self and fight back?

In this article we have covered some tips that can help you to deal with such scenarios

Keep your OS and security programs up-to-date

This keeps Cyber-Criminals from accessing your computer through vulnerabilities in outdated programs. Most of the anti-malware software are specially designed with multiple technologies to provide protection against spyware, ransomware, and viruses. Without proper malware protection, your system can attract malware and that same malware can exploit the firewall of your system. One has to also check whether their operating system has both built-in Anti-Virus and firewall by default whether those programs are compatible with the additional cyber-protection software. If not then get yourself an antivirus as soon as possible. For extra security, one can enable Microsoft product updates so that the Office Suite can be updated at the same time.

Avoid using open Wi-Fi on your router

One must always protect their Wi-Fi with a unique and encrypted password, and do refreshyour equipment at least once in a year.

This makes it too easy for threat actors to steal your connection and download illegal files. Some routers are extremely vulnerable and they have not been patched property. Newer routers allow you to provide guests with segregated wireless access. In addition to that, they make extremely convenient to change password frequently.

Use strong passwords

Password is a significant tool that protects all of your devices, including your desktop, laptop, phone, smart-watch, tablet, camera, lawnmower…you get the idea. The ubiquity of mobile devices makes them especially vulnerable. Lock your phone and employ a finger scan lock for iPhone and passcode or pattern lock for Android. Most people forget that smartphones are essentially microcomputers that fit right into your pocket. Your smartphone contains an immense amount of hidden treasure in form of personal information and if the Cyber-Criminal gets a hold of that information, then it can have devastating consequences on your personal life.

One must always produce complex passwords full of symbols and never use similar passwords across multiple services. If that’s as painful as a stake to a vampire’s heart, use a password manager like Last Pass or 1Password. For extra protection, ask about two-step authentication. Several services have only recently started to offer 2FA, and they require the user to initiate the process. Believe me; the extra friction can come in handy. Even for a Cyber-Criminal, it is extremely difficult to get an access of your device with Two-factor authentication, as without the unique one-time passcode by the service provider no one can get inside your private space.

Always try to produce creative answers for your security questions

By doing a simple Google search everyone can figure out your mother’s maiden name or where you graduated from high school. Consider answering like a crazy person. If JP Morgan Chase Bank asks, “What was the name of your first girlfriend?” reply, “You’re Wife.” Just don’t forget that’s how you answered when they ask you again.

Eradicate all traces of your personal information on Gadgets you plan on selling

You are free to use any reliable erasing software, but make a clean slate when you are planning on selling your old systems. For those looking to pillage your recycled devices, this makes information much more difficult to recover. One must always remove the platters where the information is stored then destroying them is the way to go, if the information you want to protect is extremely critical.

Practice smart emailing

Phishing campaigns still exist, but cybercriminals have become much cleverer than that Nigerian prince who needs your money. Hover over links to see their actual URLs (as opposed to just seeing words in hyperlink text). Also, check to see if the email is really from the person or company claiming to have sent it. Always try to pay attention to awkward sentence construction or formatting, as these types of scammers are not well educated. If something still seems dicey, then perform a quick research on the Internet with the subject line. Others may have been scammed and posted about it online.

Avoid uploading sensitive data on cloud

It doesn’t matters which way you cut it, data stored on the cloud doesn’t belong to you and there are very few cloud storage solutions that offer encryption for data at rest.

Original Post from Rapid7 Author: Josh Frantz

When you have old computers, flash drives, phones, or hard drives that you no longer use, you might take them to a resale shop, thrift store, or recycling center. However, have you ever wondered what happens to these devices and the data within them? Does your data get destroyed, or are your items resold with all your memories and personal data perfectly packaged up for the new owner to access? And, if that data is still available, what happens when someone like me starts shopping at all the thrift stores and resale shops in my area with the sole purpose of seeing how much personal data I can get my hands on?

To find out, I spent six months extracting all the data I could from devices available at businesses that sell refurbished computers or accept donated items to sell after supposedly wiping them. By the end of this experiment, this research revealed that many businesses do not follow through on their guarantee to wipe the data from the devices people hand over to them.

Let’s take a look at how I conducted this experiment, the types of data I discovered, and some methods to ensure all data is safely removed from all your old devices before they leave your possession.

The process

My first step was probably the least interesting part of this experiment: I researched all the businesses that sold refurbished, donated, or used computers around my home in Wisconsin. I visited a total of 31 businesses and bought whatever I could get my hands on for a grand total of around $600. Here is a breakdown of all the devices I purchased:

Device Type Number of Devices Bought Desktop or laptop computer 41 Removable media (such as flash drives and memory cards) 27 Hard disk 11 Cell phone 6

After buying the devices, I took them to my command center (a cool name for my basement) and began the data extraction process. Whenever I brought a computer back, I booted it up to see whether it was bootable and whether it required a password to log in. I wrote a script in PowerShell that would run through and index all the images, documents, saved emails, and conversation histories through instant messengers. It would then zip it up nice and organized on the desktop, and I would pull it off with a USB drive (I know, you were expecting something much fancier). Only one Dell laptop had been erased properly.

With hard disks, most of them were IDE, so I used this IDE toaster to quickly download everything I could—this time, using a Python script to go through all the data and organize it. What I found was that none of the drives were encrypted, and all seemed to function properly (with the exception of one old Hitachi 20GB hard drive that had been wiped).

The cell phones I bought were very old and required three proprietary chargers I had to buy on eBay, putting my total cost around $650 (without factoring in gas, coffee, or my family’s road trip misery). The cell phones didn’t require PINs, and for a few of them, I couldn’t find software to interface with my computer to pull anything off.

I simply plugged in flash drives and memory cards and used that Python script again to organize the data.

Overall, what I found was astounding: Out of the 85 devices I purchased, only two (the Dell laptop and Hitachi hard drive) were erased properly. Additionally, only three of the devices were encrypted.

The data

Armed with a bunch of data and a basement littered with technology older than myself, I developed a plan to sift through all this data for potentially private information. I used pyocr to try to identify Social Security numbers, dates of birth, credit card numbers, and phone numbers on images and PDFs. I then used PowerShell to go through all documents, emails, and text files for the same information. You can find the regular expressions I used to identify the personal information here.

Despite the fact that OCR is not 100% accurate and there could have been data I couldn’t extract from images by themselves or within PDFs, I can verify that the regular expressions used for Social Security numbers, credit cards, dates of birth, and driver’s license numbers were fairly comprehensive.

Below are the final counts on processed data (not including several instances of MSN/AIM conversation history) and which file formats were used to calculate this. I also excluded a few file extensions (such as XML, HTML, and CSS) for brevity and relevance.

Images (JPEG, TIFF, GIF, BMP, PNG, BPG, SVG) Documents (DOC, DOCX, PDF, CSV, TXT, RTF, ODT) Emails (PST, MSG, DBX, EMLX) 214,019 3,406 148,903

As you can see, many files were found. The best (or worst) part about this is that I extracted a lot of personally identifiable information (PII). Here is the breakdown of unique values for every set:

Type of PII Unique Value Email address 611 Date of birth 50 SSN 41 Credit card number 19 Driver’s license number 6 Passport number 2

Surprisingly, most of the credit card numbers were from scans or images of the front and/or back of the card. The two passport numbers were also scanned into the computer.

The price

Researching further, I realized just how cheap it is to buy people’s information on the Darknet. Social Security numbers only fetch around $1 apiece, while full documents (dox) fetch around $3 each. No matter how we calculate the value of the data gathered, we would never recoup our initial investment of around $600.

This raises a fascinating point: Data leakage/extraction is so common that it has driven down the cost of the data itself. I saw several dumps of Social Security numbers on the Darknet for even less than $1 each.

How to safely dispose of your technology

When donating or selling your technology, you should be sure to wipe it yourself rather than relying on the seller to do it for you. There are several great guides available for wiping your computers, phones, and tablets, so we won’t dive too deep into that topic here.

However, if you are planning on recycling your technology, the following are some ways to make sure your data is irretrievable by destroying the device (or storage disk) irrevocably:

Hammer

Incineration (be careful of toxic by-products)

Industrial shredding

Drill/drill press

Acid

Electrolysis

Microwaves

Thermite

If using any of these methods, you’re going to need to secure your location and wear reasonable safety gear (at a minimum, appropriate goggles and gloves). Once your safety situation is handled, secure destruction can be loads of fun.

Below is one video that shows how to use thermite to destroy a desktop PC:

Realistically, unless you physically destroy a device, forensic experts can potentially extract data from it. If you’re worried about potential data exfiltration, it’s best to err on the side of caution and destroy it. However, wiping your device is usually enough, and can be a very easy and relatively painless process using the guides above.

All kidding aside, if you’re looking to wipe a hard disk drive, DBAN is your best option, and there is a very handy guide here on how to do that. Please note that this will not work for solid-state drives for RAID arrays. If you’re looking to wipe solid-state drives or multiple disks in a RAID, PartedMagic works really well, and there is an easy-to-follow guide here.

In conclusion

If you’re worried about your data ending up in the wrong person’s hands, destroy the data. If you wish to do a good deed and donate your technology so others can benefit, make sure it’s at least wiped to an acceptable standard. Even if you get it in writing that your data will be erased, there’s no good way to know whether that’s actually true unless you perform the wipe yourself. If this research was any indication, it likely isn’t being wiped in a reasonably secure way.

Thanks for reading, and be sure to leave any feedback below in the comments!

#gallery-0-5 { margin: auto; } #gallery-0-5 .gallery-item { float: left; margin-top: 10px; text-align: center; width: 33%; } #gallery-0-5 img { border: 2px solid #cfcfcf; } #gallery-0-5 .gallery-caption { margin-left: 0; } /* see gallery_shortcode() in wp-includes/media.php */

Go to Source Author: Josh Frantz Buy One Device, Get Data Free: Private Information Remains on Donated Tech Original Post from Rapid7 Author: Josh Frantz When you have old computers, flash drives, phones, or hard drives that you no longer use, you might take them to a resale shop, thrift store, or recycling center.