The first AMA interview via Mark Cuban’s Cyberdust Messaging App

Cyberdust has been growing quite rapidly for sometime now, and it doesn’t take a genius to figure out why. The Cyberdust team has brilliant engineers, great leadership, as well has having an excellent product that is easy to use. Not many apps get designed from the ground up with end user privacy and security in mind. Even fewer have the Mark Cuban brand name associated with it.

Yesterday was an exciting day, as Cyberdust had its first official AMA style interview where users of Cyberdust could ask questions to a selected person on the platform on the +AskMeAnything account. Since I had just released my first book the day prior and had been an early adopter / user of Cyberdust, it made sense to do an AMA to talk about cyber security, hacking and anything else people wanted to know.

Most websites that host ama style interviews will show all the questions and answers (like Reddit) and this can be a great way to answer questions publicly. I am all for having an open forum, but there was something unique about being able to respond to people candidly and without fear of having your answers seen by the entire world.

Let me walk you through the experience.

The community manager, Grace, gave me the login and password for the Cyberdust +Askmeanything account the night before. Grace then announced the AMA event about an hour before it started, and I logged in at 10am PST and sent out a blast notifying users that I was ready for whatever questions they wanted answers to.  I did provide my name, bio information, and what I do for a living, as well as announcing the launch of my book on Amazon.com the day prior.

People that followed that account (about 400,000) then received that blast message and many started sending questions to me. This is where things got interesting. I had no idea how many people were going to be interested in chatting, and before i knew it, I had been typing for 5, almost 6 hours straight without so much as leaving my chair.  If I had to guess, there were over 800 people who asked questions, many of whom asked more than one.

I wanted to share with you some of the questions that were asked, as well as my answers, so that people who missed the event can potentially get answers to questions they might have as well. I’ll start with the most common questions that were asked.

Question 1. Who killed JFK – More than 20 people asked this question. You all thought you were the only ones, didn’t you.
Answer: My default answer was usually something sarcastic, like Jack Bauer or Sterling Archer.

Question 2. Are we really being hacked by China? 
Answer: Since I don’t work for the federal government, I can’t comment with 100% certainty that they perpetrated one hack in particular. Sources in nearly every story regarding the OPM breach say yes, it was China.  You can watch a real time hacking map of the world at Norse.com

Question 3. Where is Jimmy Hoffa buried? – Again, 10+ people asked this. I was surprised that so many people asked the same obscure question.
Answer: I answered, under Yankee Stadium.

Question 4. What are your best tips to avoid being hacked?
Answer:

  1. Strong Passphrases, not passwords. These are easier to remember so you don’t have to write them down on a sticky note. Think “Icantdancetosavemylife!!!” or “Canjetfuelmeltsteelbeams?”  not 7&6^5%ridiculous@#$6(*.   No way you are gonna remember the complicated one, and writing passwords down is the worst thing you can do.
  2. Get a VPN for all surfing outside of your home. Many people bring laptops to coffee shops, and if so, USE A VPN. They are roughly 7-10$ a month. Here is a link to many of the best rated ones. Pick one. They are simple to install.
  3. Use full disk encryption. TrueCrypt is still better than nothing, and there are alternatives. 

Question 5. What is your book about? / Why did you wiretap the Secret Service?
Answer: Here is a short interview I did on King 5 news here in Seattle that discusses the book I just wrote and the reason why I did what I did.

Question 6. Where do I start to learn how to be an ethical hacker? 
Answer: You can find Certified Ethical Hacking videos on youtube, or videos to prep you for the CISSP exam. Both of those certifications are highly desirable, and you will learn a lot by watching boot camp / tutorials.

There were many other questions, and I will try to remember more if people want. You don’t have to feel like you missed out however, you can always add me on cyberdust at +bryanthemapsguy and ask me a question anytime, or email me. I’m on Linkedin.com, twitter, so there really is no excuse for not being able to reach me.

It was a lot of fun answering questions on Cyberdust, and I was still answering questions until 10-11pm although very few people were asking by that point. It was an honor to be able to do the first official AMA for Cyberdust, and help with outlining the process and coming up with ways to make it easier on the interview. My first recommendation is get a bluetooth keyboard for your iphone or ipad, so you can type faster. I was still behind by 100-200 messages nearly the entire first half of the day.

 

Now Available on Kindle! Cyber Fraud: The Web of Lies

Now Available on Kindle! Cyber Fraud: The Web of Lies

I am very pleased to announce that Cyber Fraud: The Web of Lies is now available on Kindle!

Tomorrow, July 15th, is the official release of the paperback version, and I will be starting out the day at NBC King-5 to discuss the book on the morning show at 7:15am.

If you bought a print copy of the book you should be able to purchase the kindle version for 2.99.

Tomorrow is Amazon Prime Day, which was very nice of Amazon to schedule their biggest online deals day for the day that I launched my book 😉

Thanks to everyone for the support and encouragement throughout the writing process.

Hackers Stole ALL Federal Employee’s SSN’s

Hackers Stole ALL Federal Employee’s SSN’s

If you know someone who works for the federal government or used to, send them the link to this article immediately.

Sources at the Office of Personnel Management claims that the hack that was reported last week was even larger than anyone imagined.

According to a federal worker union, hackers gained access to Social Security Numbers of

  • All current federal employees
  • All federal retired employees
  • 1 million former federal employees

According to a letter given to the Associated Press, the hackers also got access to military records, veterans status information, addresses, birth dates, job and pay history, health insurance, life insurance, pension information, age, gender and race data.

The Wall Street Journal is reporting that the hackers were inside for more than a year before a sales demo by a tech firm found the malware. Basically it was only discovered by blind luck. I hope that company ended up getting whatever contract they were trying to get.

To think that the largest breach in the history of the U.S. Government was discovered by sheer luck does not give me a lot of faith in our system.

I will be detailing various steps in a post tomorrow regarding things that can be done to protect yourself.

If you have any questions, comments or concerns feel free to reach out to me via email at bryan@seelysecurity.com
Follow me on Twitter
Connect with me on Linkedin.com 

Giant Security & Antivirus Company Kaspersky Lab Admits Being Hacked

Giant Security & Antivirus Company Kaspersky Lab Admits Being Hacked

The Russian security giant Kaspersky Lab admitted to being hacked. Kaspersky Lab CEO and founder Eugene Kaspersky wrote on their corporate blog 

“We discovered an advanced attack on our own internal networks. It was complex, stealthy, it exploded several zero-day vulnerabilities, and we’re quite confident that there’s a nation state behind it.”

Kaspersky is one of the largest provider of consumer antivirus software, not to mention being an industry leader in the world of cyber security. The attack was named Duqu 2.0, which is a reference to the specific piece of malware called Duqu that was widely considered to be closely linked to the Stuxnet attack that targeted Iran, India, France and the Ukraine in 2011.

The intention behind the attack was to gain access to Kaspersky’s corporate networks to learn more about its products, and that Kaspersky Lab was not the only target.

This attack was actually kind of stupid on the part of the hackers, particularly because security firms like Kaspersky Lab generally sell exploits and other security products on the open market, so the hackers could have paid for the information that they were after in the first place. By hacking Kaspersky Lab, they took the risk of getting caught, which they did, and ultimately revealed their own capabilities. Think of this discovery as Kaspersky Lab being able to see the cards that these attackers had in their hand.

With the brazen attack on Kaspersky, consumers everywhere will likely have concerns about their antivirus solutions. This is understandable from a consumer perspective, as the company you were counting on to protect you from malware could not protect itself from malware.  Eugene Kaspersky took to twitter to reassure enterprise customers and consumers that there is no risk to them. Kaspersky has always created great products and this reassurance is helpful, but if there was a risk to their customers, would they be as forth coming with a warning as they are with their reassurance.

TIPS:
Change your Password – Read about how important this is here.

If you have any concerns about antivirus software, the risk that hackers pose to you or your company, feel free to reach out to me via email at bryan@seelysecurity.com
Follow me on Twitter
Connect with me on Linkedin.com