Dr. Bill.TV #461 – Video – The Don’t Hack Me, Please Edition!

Dr. Bill shares some good, general computer security info; voice cloning, Twitter questions answered by a ‘security expert,’ common security protocols, understanding threats, risks, and vulnerabilities, Disney+ user accounts are already on the Dark Web!

Links that pertain to this Netcast:

TechPodcasts Network

International Association of Internet Broadcasters

Blubrry Network

Dr. Bill Bailey.NET

BitChute Referral

www.DrBill.TV/VPN


Start the Video Netcast in the Blubrry Video Player above by
clicking on the “Play” Button in the center of the screen.

(Click on the buttons below to Stream the Netcast in your “format of choice”)








Streaming MP3 Audio

Streaming Ogg Audio

Download mp4 Download WebM Download MP3 Download Ogg
(Right-Click on any link above, and select “Save As…” to save the Netcast on your PC.)

You may also watch the Dr. Bill.TV Show on these services!

 

Dr. Bill.TV on YouTube Dr. Bill.TV on Vimeo

 


Dr. Bill.TV #461 – Audio – The Don’t Hack Me, Please Edition!

Dr. Bill shares some good, general computer security info; voice cloning, Twitter questions answered by a ‘security expert,’ common security protocols, understanding threats, risks, and vulnerabilities, Disney+ user accounts are already on the Dark Web!

Links that pertain to this Netcast:

TechPodcasts Network

International Association of Internet Broadcasters

Blubrry Network

Dr. Bill Bailey.NET

BitChute Referral

www.DrBill.TV/VPN


Start the Video Netcast in the Blubrry Video Player above by
clicking on the “Play” Button in the center of the screen.

(Click on the buttons below to Stream the Netcast in your “format of choice”)








Streaming MP3 Audio

Streaming Ogg Audio

Download mp4 Download WebM Download MP3 Download Ogg
(Right-Click on any link above, and select “Save As…” to save the Netcast on your PC.)

You may also watch the Dr. Bill.TV Show on these services!

 

Dr. Bill.TV on YouTube Dr. Bill.TV on Vimeo

 


Disney + User Account Info For Sale Already!

Disney PlusI just recently signed up for Disney +, and probably, so did you! Sigh. Watch out!

Thousands Of Disney+ Accounts Are Up For Sale On Hacking Forums

Forbes – By: Lee Mathews – “Disney’s hotly-anticipated streaming service Disney+ finally launched this week. Despite being open to the public for just a few days, hackers have already hijacked thousands of accounts and put them up for sale on the Dark Web.

Reporting for ZDNet, Catalin Cimpanu discovered several listings for Disney+ accounts on different underground hacking forums. The going rate for a hacked account appears to be somewhere between $3 and $5.

That’s three to four times more than the asking price for a hacked Netflix account. Logical enough, given the excitement around the Disney+ launch.

So how is it possible that these accounts – many of which are just a few days old – have already been taken over by hackers? I haven’t seen any reports confirming the root cause, but it seems likely that bad habits are to blame.

One bad habit in particular: password re-use.

You should never, ever use the same password for multiple websites or online services. Security professionals have been repeating this refrain for years.

One bad habit in particular: password re-use.

Their warnings often fall on deaf ears, unfortunately. To users creating yet another account, it can feel like too much trouble to come up with a unique password to protect it.

When you’re creating a new account – whether for a hot new service like Disney+ or any other – remind yourself that hackers are always lurking in the shadows and ready to attack.

They’re armed with billions of email addresses (likely including yours) and billions of previously-used passwords. Using automated brute-forcing tools they can quickly break into accounts en masse.

Recovering a compromised account can be tricky, too. Once a hacker has gained access they tend to move quickly. They revoke access to authorized devices and then change passwords to prevent users from logging back in. They’ll change the email address associated with an account, too, which stops users from using automated password reset tools to regain access.

If you’re getting ready to sign up for Disney+ – or any other service, for that matter – get yourself a password manager first. Use it to create a unique password and let it remember that password for you.

Otherwise you may find yourself fighting to regain access to your account before you even have a chance to enjoy what you’ve signed up for.”

Understanding the Difference Between Risk, Threat, and Vulnerability

Cyware.com: Understanding the difference between risk, threat, and vulnerability

  • Vulnerabilities refer to weaknesses in a system or program that can be exploited by threats to gain unauthorized access to an asset.
  • Cyber threats refer to cybersecurity circumstances or events that can result in harm to the target organization.
  • Terms like threats, vulnerabilities, and risks are often confused with each other when it comes to cybersecurity and cyber attacks.

    The post aims to define each term while highlighting the difference between them.

    Vulnerabilities

  • Vulnerabilities refer to weaknesses in a system or program that can be exploited by threats to gain unauthorized access to an asset.
  • They make threat outcomes possible and potentially even more dangerous.
  • Examples of common vulnerabilities are SQL Injection, Cross-Site Scripting, server misconfiguration, sensitive data transmit in plain text and more.
  • Cyber threats

  • Cyber threats refer to cybersecurity circumstances or events that can result in harm to the target organization.
  • For example, threat actors can exploit a vulnerability, intentionally, or accidentally and obtain, damage or destroy an asset.
  • Threats include organized crime, spyware, malware, adware, and disgruntled internal employees who start attacking the employers of the target organization.
  • Common threats are social engineering or phishing attack that leads to an attacker installing a trojan or stealing information from your applications or overloading the ISP of a data center with unwanted traffic.
  • Risks

  • Risk is a metric used to understand the loss (both in terms of finance and physical) caused due to loss, damage or destruction of an asset.
  • Usually, it is translated as Risk = threat probability * potential loss/impact.
  • To get a clear understanding, let’s take the example of a scenario involving SQL injection vulnerability:

  • SQL Injection is a vulnerability that can be exploited to steal sensitive data theft.
  • Financially motivated attackers are one of the threat actors that usually leverage the vulnerability.
  • The impact of sensitive data getting stolen will bear a significant financial cost to the business. It will also hamper the reputation of the business.
  • The probability of such an attack is high, given that SQL injection is an easy-access, widely exploited vulnerability and the site is externally facing.
  • Therefore the SQL injection vulnerability in this scenario is treated as a high-risk vulnerability.
  • Three Security Protocols and What They Mean

    Cyware.com: HTTPS, SSL, and TLS: How are they different from each other?

  • HTTPS is the ‘Secured’ version of HTTP which stands for ‘Hypertext Transfer Protocol’.
  • Secure Socket Layer (SSL) was created by Netscape Communications Corporation in 1994.
  • These above-mentioned three protocols are used between browsers and web servers for the safe exchange of data but the main difference lies in their functionalities. Let’s take a dive into what each one of them stands for and how they differ.

    HTTPS

  • HTTPS is the ‘Secured’ version of HTTP which stands for ‘Hypertext Transfer Protocol’.
  • It is used by different browsers and web servers to communicate and exchange information.
  • In other words, the exchanged data is encrypted with SSL/TLS; hence called HTTPS.
  • HTTPS-based websites are less vulnerable to cybercrimes. For example: If your online site is not secured with HTTPS, then bad actors can intercept the content of the website and then easily create the exact replica of the payment page to capture your credit card numbers and other personal details.
  • By default, HTTP uses port 80 and HTTPS uses port 443.
  • SSL

  • Secure Socket Layer (SSL) was created by Netscape Communications Corporation in 1994.
  • It was designed to create a secure internet communication via the Web.
  • It is a standard protocol that encrypts communication between the browser and the server, thus allowing easy and safe transfer of sensitive information like social security numbers, credit card details and login credentials.
  • It utilizes two types of keys: (1) Public keys – that are known to everyone; (2) Private keys – that is known only to the person receiving the message.
  • TLS

  • Transport Layer Security (TLS) – a renamed version of SSL 3.1 – came into existence in 1999.
  • TLS 1.3, released in March 2018, is the latest version of TLS.
  • It is a protocol that allows communication between the internet and client-server applications. It forms a secure communication via the Web for email, data transfer and faxing.
  • TLS has two distinct layers: TLS Record Protocol and TLS Handshake Protocol.
  • TLS Record Protocol establishes a secure connection with encryption methods like data encryption standard. On the other hand, the TLS Handshake Protocol allows authentication for servers and clients together.