By far my favorite podcast of the year has been Darknet Diaries. I first heard about it at a Defcon meetup. It’s researched and produced by Jack Rhysrider. He does an excellent job with it.
Every episode is a story about hacking, security vulnerabilities or other similar things. It is completely fascinating and also very frightening. I can’t recommend this podcast highly enough- both for the intrigue of good stories and for the insight into various aspects of technology and it’s vulnerabilities. There are episodes on hacking games, hacking the IRS, online bank robberies, stealing bitcoin and more. They all have good stories and interesting take-aways and reflections.
It makes me so aware of how much I kind of try to turn a blind eye to security issues just because it feels so completely overwhelming. On the flip side, so many of the hacks that I hear about come back to well-known security issues that aren’t that hard to solve.
So often the advice after a large company is hacked is to use different passwords for different services and to change them often. How is this supposed to help when companies like Equifax don’t keep our information secure? That breach was particularly frustrating because we don’t even have a choice whether or not they get our most sensitive financial data. As a general consumer, it’s easy to feel powerless. Of course, it’s still a good idea to be smart about your passwords.
Why don’t big companies have better security? The Equifax breach was due to a known problem that they could have patched. There is no excuse for things like that. Worse, after breaches like that, companies offer free credit monitoring for a year. The thing is that once your data is stolen, it’s out there forever.
There is an aspect that we are all powerless over this. Roughly half of all Americans had their social security number and other data stolen in the Equifax breach. Which begs another question: Why do we even pretend like it’s a secret number?
Despite all of this, I have a renewed desire to protect my own digital security.
Today, I figured out how to switch Live Hoppy over to being a secure site. For a long time, I never worried too much about it because I don’t collect user information like logins and passwords or process credit cards. When I setup the site, my goal was just to see my posts online. None of the ‘How to start a blog’ articles that I read mentioned SSL certificates.
However, my own login page to add or edit posts wasn’t setup over a secure connection and Firefox would give me a warning every time that I was entering my password in a site that wasn’t secure. This has always bothered me, but then when I’m logging in, it’s because I have this idea for a blog post and not because I want to spend time tweeking the settings on my site.
The worst that could have happened would have been for somebody to jack my login credentials and screw up my site. This would have been very upsetting for me, but is nothing like losing social security numbers of a massive number of other people.
Now it’s all fixed and for good measure, I updated my login info too.
I still have a few things on my security to-do list: learning about VPNs for secure browsing from insecure internet connections, learning about options for password managers or coming up with a better password strategy, learning more about detecting viruses and malware, figuring out how to freeze my credit records and registering for an IP PIN number from the IRS to prevent others from filing tax returns in my name.
(The last item on that list was added after listening to this episode of Darknet Diaries.) Apparently it will be a few weeks until I can cross this off my list though. Unfortunately there is a message on the IRS website that says
Planned Outage until Jan. 2019. This service will be unavailable until Jan. 2019 for scheduled end-of-year maintenance. We apologize for any inconvenience.
Sometimes, I think people shy away from tech security issues because it feels complicated, or we think that it’s not our problem, or it feels out of our control. It does take time to learn about these things, but most of us are smart enough to understand the basics if we’re willing to invest a little time to learn. For the amount of technology in our lives, it makes sense for all of us to make it a priority to learn as much as we can about security issues and how to protect ourselves.
We can’t assume that the companies or our governments are going to protect us. It’s much easier to be proactive and setup security measures than it is to clean up after something goes wrong. The same goes for backing up data that is important to us.
Each episode of Darknet Diaries that I listen to, the more I realize how security is often not even on the list of concerns of companies that are making our software and hardware. They often don’t address issues until they are pointed out in the media, if then.
So my goal is to learn a little more and be just a little more active in doing what I can to keep my data and devices safe.