October 26, 2020 • 51 mins
Chances are that you bought something recently, or maybe you paid a friend- but you likely didn’t do that with physical cash, you probably did it via a digital payment online or with an app like Venmo or the Cash app. Everything is going digital these days and this presents a whole host of issues: we know how to keep people from stealing money out of our wallets and purses, but what about the money we have in our accounts online? Our guest today is Carole Theriault and she knows a thing or two about internet security. Carole founded the Sophos Naked Security site years ago and now co-hosts the podcast “Smashing Security”. She lives and breathes cybersecurity and we are so glad she’s with us today to talk about protecting our identity and ultimately, our money!
During this episode we enjoyed a Duh! Snake Blood by Dssolvr. And as we have ramped up the podcast with an additional Friday episode every week, we could really use your help to spread the word- let friends and family know about How to Money! Hit the share button, subscribe if you’re not already a regular, and give us a quick review in Apple Podcasts or wherever you get your podcasts. Help us to spread the word to get more people doing smart things with their money in these difficult times!
Best friends out!
Learn more about your ad-choices at https://www.iheartpodcastnetwork.com
See omnystudio.com/listener for privacy information.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Welcome to How the Money. I'm Joel and I am Matt,
and today we're talking online privacy, creepy social media, and
cyber security with Carol Tario. Chances are you pay for
(00:30):
something recently, or maybe you gave some money to a friend,
But you likely didn't do that with physical cash, right.
You probably did it via a digital payments online or
maybe with an app like Venmo or the cash app.
And this presents a whole host of issues. We know
how to keep people from stealing our money right al
of our wallets and out of our purses, but what
about the money that we have in our accounts online? Uh?
(00:54):
And So our guest today is Carol Tario. Carol knows
a thing or two about internet security. She founded the
so FoST Naked security site years ago and she now
co hosts the podcast Smashing Security. She lives and breathes
all things cybersecurity, and we are so glad that she's
here with us today to talk about protecting our identity
(01:15):
and ultimately protecting our money. So, Carol, thank you for
joining us today on the podcast. Oh guys, I'm so
honored to be here. Thank you so much for having me.
We're so happy to have you, Carol and Um, Matt
and I we always drink it craftier on every episode.
Today on the show, we're drinking a raspberry chocolate stout.
They're really excited about. I know you have a beer
over there as well, correct, I do. I'm drinking the
(01:37):
Wild Beer's a company a Quantic. It's a session I
p a with citrus, fresh pine and extra pale. So
you already you already getting a plus for participation in
the show. So I'm not a beer drinker, but I
really wanted to play ball taking one for the team.
I appreciate it. Well, the sacrifices we may exactly exactly
(01:57):
to to create a good podcast. Uh well, here all
the first question we ask anyone who comes on the show.
Because Matt and I do really like craft beer, and
we're willing to spend a little bit more money right
now on beer while we're saving well and investing for
the future. What is your craft beer equivalent? What's the
thing you're willing to splore John in the here and now. Well,
unlike your entry, I do have a few extra hobbies
(02:18):
outside cyber Um. Probably podcast is probably my biggest thing
that I spend my time on. But um, I I art, right,
I don't like to call myself an artist, but I
try and do art every day. Like I paint, I draw,
I do ink stuff and I love. I'm loving the
whole journey to getting better. So my pleasure is art
supplies gorgeous stuff at that professional quality paints, watercolors, oils,
(02:45):
you know, papers from arches, inks, charcoals, brushes, all that stuff.
I just bought this monster paint brush Slize twenty two,
which will me nothing to know painters. But you guys
know what I'm talking about is that as big as
my hand or small borrow. It's probably like probably an
inch and diam and it's kind of like a tear
drop and the whole thing is just full of it.
You can just really slap the paint on and it
(03:06):
like set me back hunter of bucks, which is a
lot of for one brush, right, Yeah it is. Yeah,
it is the premium brush. That's that's brush you're gonna
pass down through the generation unicorn hairs or something like that.
But you know, I don't do that often, and I
can take you know, I think about it for months
before and it sits my in box and then I
just go for it when I'm right, when I'm really sure,
and I'm loving it, So it's all good. That's great. Yeah,
(03:27):
when you find a deal as well a discount. Uh well, Carol,
let's kind of dive into this right. Over the past
couple of decades, we've seen more aspects of our lives
shifting online and going digital, right, like banking and investing. Obviously,
we're huge fans of the convenience and benefits this offers.
But how concerned should we be with the digital security
(03:49):
you know, of the apps and of the websites that
we're using. Not at all, it's just a big hoax.
It's just a joke. No, Seriously, You've got to be really, really,
really concerned. I hate to say that, right, it is
really kind of a failing of the you know, the
the environment and technology working together. There's lots of solutions
that those lots of ways you can be better, but
(04:12):
it's not easy. So it means we have to think. Um,
if you think about it, you know, when we all
look for the same kind of information, right, like like
a Brexit or pandemic or elections all that stuff, we're
all more vulnerable because we're we're looking for information. We're
all looking for the same information. So it tells like
bad guys to say, this is what they're looking for.
(04:33):
So if we can somehow dupe them into thinking we're
going to give them the information they want. And we're
all looking for the same thing, we're kind of like
sitting like we're fishing, you know, we're goldfish and the
fish bowl basically. So that's why it's important to think
about security. So so in particular, um, right when we're searching,
there are there are spamming results that can come up,
and and that can you know, there's malware and all
(04:54):
sorts of things that can happen if we're doing that.
Let's say there's a company that we have a relationship with,
right like a bank or in an investment company, an
investment house, and you know, we we log into there consistently,
you know, maybe once a month, maybe once a week
to check our balance to see how things are going.
What are the potential risks in logging into a website
with a company that we do business with on the regular,
(05:16):
and how can we avoid some of the potential pitfalls? Okay,
so one of the ways you can avoid the pitfalls
is by having bona fide apps from those providers. So
let's say you bank with ABC Bank, and ABC Banks say, hey,
this is our portal, this is our app, right, and
banks are pretty good at security pretty generally across the board.
(05:38):
You know, there's like certain regulations they need to meet,
so they tend to be much more trustworthy than your
typical retail shop. So my my, my trick with those
things is use apps. Then what can happen the things
you're trying to avoid, for example, is you may get
a text message. In fact, I got one on this
weekend but said hey, my Halifax, which is a bank
in the UK, my Halifax account has been h and
(06:00):
to call Halifax on this number immediately. Now I don't
have a Halifax account, but if I did, what would
I have done? Right? So, what some people will do,
and what we're warning people against, and what they're trying
to get you to do, is to click on that
number because it's so easy, right, it's right for you exactly.
So what in those situations, if ever you're concerned, do
(06:22):
not click on those links. Do not click on that
phone number. Go to the bona Fide website or the app,
find the phone number that they advertise for everyone, and
call them and say that you're a customer and then
explain what happened, because what happens they route you into
someone who pretends to be a bank and they say
to you, hello, mr, can you just confirm your password
(06:43):
and your user name? And you give them all the
information to verify who you are and then guess what
they do with that information go to your account and
empty yet clean you out. And so let's talk about
passwords too. You know, I'm sure you're gonna tell us
that strong passwords are clutched, right like ABC one tooth thread,
Like that's not going to cut it at today's lingo clutch.
I like that outcast. I think we use that word. Yeah,
(07:06):
we get called out for using that. I don't know
if it's more of a Southern kind of dial you know,
I don't I'm not totally sure if it's like a
millennial guy thing using okay, yeah so yeah yeah, so
like yeah, when you're creating a new password though, you know,
like a lot of sites will gauge the strength of
it as you're typing it out. But you know, like
how long should passwords actually be and should we like
(07:28):
include you know the special characters and the numbers. What's
what's a good sort of routine that we should go
through when we're creating these new passwords. I know. Okay,
passwords are everyone the bane of our lives, aren't They
have worked? Now, let me tell you something. So there's
these great research. There's some great research into passwords. So
twenty three million account holders, let's take your company, their
(07:49):
passwords were one, two, three, five, six. Okay, yeah, fifty
one of people use the same password for both work
and home personal accounts, right, so they use it across
all their accounts, same password because they've developed a good one, right,
they may have a good one, and they use it
across all their accounts. The problem with that is if
someone gets in somewhere, they can then just go around
(08:13):
to every single popular app and try the password. Right,
So rather than you just being hacked on one place,
save Facebook, you're hacked across every single social media account
you've got. And oh maybe if you're using it with
your bank as well, then the banks are a bit
more a bit more, you know, they have a few
more hurdles to get through. But ultimately that's what criminals want,
(08:34):
is your mullah right, and they're going to get it
by either trying to sell your data, your information, or
by actually just going to your account trying to get
into it. So there's these things in our my world
called like targeted social engineering, and this is where someone
basically dupes you, scams you, right. And the problem is,
like six of us adults have this habit of incorporating
(08:58):
pieces of information in their past word that can be
found out on their social media account. So a third
use a pet's name, a fifth use their own name, right,
fifteen percent put down the name of their partner in it,
like I slept with John last time, right, right, and
and and the thing is is those those those are
(09:19):
all clues to someone who's trying to get into your account.
And these are people. This is I think in a
lot of people's heads. You're thinking, oh, why would anyone
target me? Well, they're not targeting you, you're just maybe
in the spitfire. Like. Yes, some attacks are very targeted,
but they tend to go after people with the big bucks, right,
like with a lot of money or a lot of celebiness,
or they have a political difference or something like that.
(09:42):
For people, you know, the average Joe, what you're worrying
about is being lazy, and the job is to just
be safer than your neighbor. It sounds harsh, but it's
really the way to go. So it's like when the
bears chasing, you just gotta run faster than the other person, right, Yeah,
I think there was some actual and there's some actual
doctoral research on that. Basically you shouldn't do because it
makes you bad. Yeah. Basically, it's like if you have
(10:03):
a house, um, and there's a burglar on the street,
he's going to case the whole street, right, and he's
going to look for the one that's easiest to get
into because they want to get in get out, right,
So don't be Yeah, don't be easiest. You make it a
a little bit harder. Have a dog, have a stick,
have floodlights, have locked doors. So that's the same kind
of concept. You've got to think about it when you're
in the digital world. So the reason I think care
(10:24):
all that that so many people will use the same
password across so many different platforms, and like you said, um,
they shouldn't be doing that is just because it is
a heavy lift to remember all these different passwords, and
so there are now password managers that you claim to
help you with that, and um, they will. Essentially they'll
do the thinking and remembering of those passwords for you.
(10:45):
So what's your take on you know, things like one
password bit Warden the companies that will do that for you,
sometimes for a price and sometimes for free. I'm a huge,
huge fan of password managers. I do recommend them, and
I'm glad you brought them up because so I use personally,
I use last Us. There are loads of good ones
out there and the same idea happened. So the way
they work is it's basically an online diary and you
(11:08):
need to remember the password to get into the diary.
That's the only password you as a user need to remember.
And inside this diary, this vault, all your other passwords
are lists, are listed and and encrypted. So the way
it's the way it works is to say you're on
your browser and you go to a particular website, like
say you went to I don't know Facebook, Um, it
(11:30):
would automatically recognize that you're on the bona fide Facebook
page and fill it in. Now, that's the super cool
thing about password managers is say you got you you
got duped by someone by through an email and you
clicked on a link and the whole page looked exactly
like Facebook, but you actually weren't on the Facebook page,
and it just had some tiny like maybe they put
in the Facebook zero instead of the letter zero, the
(11:51):
letter oh, something's tiny that you wouldn't want to see.
Your password manager would see it, right, they go, this
is not the right page, this is not what you
should be I'm not filling it in. And that's the
real trick of them. So I love them, and they're
I mean, there's lots of them that are free for
home use, that are recommended. You can get them to
talk amongst between devices if you pay some and not
(12:13):
a lot of money. We're not talking a ton of money.
But if there was one big security thing I would
say to everyone to do, it's watch your passwords. Unique long,
complicated passwords that you could not remember yourself. If someone
held you at night point said tell me your password,
you go, I don't know. I don't know. It's like
my my passwords are mostly fifty characters. Wow, and not
(12:34):
because I wouldn't remember that in a million years. But
I've got tons of them, right, I've got probably a
thousand passwords, but you do know the one password to
that rules them all, that rules them all exactly exactly. Well,
so kind of all that note, right, in addition to
password management software, what about anti virus software? You know,
is that something that that everyone should have? I feel
(12:54):
like it's something that we saw more like, I don't know,
in the nineties. Like when I think of like like
the basic uh antivirus software, it seems dated and I personally,
I honestly don't know if it's something that I should
be looking at or not. Yeah, well, you know what
you're talking like an Apple user, aren't you? Oh yeah,
so so so the Apple ecosystem is slightly different from
(13:16):
the Windows versions, right, So so I can understand I
don't know if I agree, but I can understand why
Apple users might be more like, hey, do I really
need this? Um? And that's because Apple has a very
good ecosystems of apps like it. It's the app environment
within Apple is pretty safe. They vet the apps that
go in there, and if there's a problem, they go
(13:37):
after it. Right. They have this kind of reputation of
doing it, and they've been doing it for over a decade.
Others don't tend to have that same environment. So in
sort of the Android world or Google world, right, there's
tons of different phones. All those phones have different uise,
every single provider of apps is acts differently and all
this kind of stuff. So so in the you know,
(13:57):
in the kind of Microsoft and all those different worlds,
there's lots of different software available. And I in those
environments where you can just download apps from the internet
and slapped them on your machine, willy nilly, I'm a
little bit more like, yeah, you should have a V
on your computer, antivirus on your computer. The reason is
is that's the thing that's protecting your desktop. Now, you're right,
(14:19):
it is getting maybe less important as we move everything
to the cloud. Maybe in ten years time, our whole
lives are going to be like iPads, right, we will
just have this system and then everything we interact on
is actually its own little app. And that's a different
environment from a computer where you can have a desktop,
you have your own data on your system, you've got
things that work on the computer, and you're using the cloud.
(14:41):
So a V on a computer, I think it's a
good idea. A V on your phone. I don't know
if I would do it. I don't one other thing too.
You know, we talk about using WiFi like you started
to talk about cell phones there. But you know, when
we're using our our phones, we recommend for folks often
to use WiFi in order to save money, right, in
order to limit their their data usage. But what about
public WiFi? You know, like how safe is that? Is
(15:03):
that something we want to avoid altogether? Or are some
networks maybe a little bit safer than others? Yeah? You
all every answer I want to say. It depends, right,
salesman depends Um? So okay, So the way to think
of WiFi is that's like a middleman, right. It's the
middleman that takes the question from your phone or the
search you're making on your phone and delivers it to
(15:24):
wherever you need it to be delivered to. And they're
just basically batting the ball back and forth, and the
ball the tennis ball that goes back and forth. Um.
So if you're using encrypted services, so once I could
come off top of my head, there's like what'sapp or signal?
These are apps that offer encryption within the app. The
middleman can't see what you're doing. You're giving him the
ball inside a box, right, they don't know what's inside
(15:45):
the box. It could be anything and they're just bringing
it back and forth. Um, but when you're using your
device and on something that isn't encrypted, then the WiFi
agent that little you know, sees everything. So your local
coffee shop, for example, their WiFi, they probably don't care
and aren't looking at what you're searching for. But what
if someone's in the coffee shop that sets up a
(16:06):
fake WiFi hot spot that looks super super similar to
the real hot spots. So you get in there and
you go, oh, there's two of them. Maybe this won't
be faster, and you know it may have a legit
sounding name, and then you know you might you know,
I don't know if I would spot that. So so
(16:26):
the tricks to this, right, if this happens, it is
two things you want to protect when what you're worried
about in that situation is protecting the data on your phone.
And there's there's a few ways you can do that.
You can use VPNs. Right that the VPN on your
phone and you turn it on when you're using any
WiFi that you're not like, this is not mine or
my mom's or my best friends. Right, use the VPN.
(16:46):
People don't like it because it does slow things down
a little bit because it's scrambling everything up as it
does the transfer. But it means what you're doing is
going to be encrypted. Now again, you've got to trust
the VPN guy, right, because if you don't trust the
VPN guy, they're seeing everything you're sending them. So it'll
be quiet until it gets to them. You know, the
VPN guys can see it. So this is again you
(17:09):
want to go for bona fide names. If you're new
to VPNs, go for the big guys. There's a lot
of suspicious VPN companies out there, let's put it that way,
So trust your VPN provider before you decide. And so
many more ads for VPNs lately to money. Yeah, it
seems like it's like something that's proliferating as people are
more concerned about their privacy online. A lot of people
(17:30):
are really looking into into the VPN thing. So yeah,
is that something that more people should be considering you think?
I mean, if you're at home a lot and you
tend to just use your home WiFi or trusted WiFi
at people's houses or at places you trust, and when
you're out you tend to use sell data. I think
you probably wouldn't need it, so I would never I
(17:50):
wouldn't bother using us a VPN at home, for example.
But if ever you're in a coffee shop or an
airport or in places like that when you're bored, you know,
like think about the places where you're bor I'm gonna
plan my phone for a bit, right, and I don't
want to really hammer my my own you know, my
own dicell data coverage, so I'll just go I'll just
go on the WiFi. Totally cool. Think about either using
a VPN in that state, or if you're doing something
(18:13):
that's like if you're just streaming a movie, you know,
maybe that's okay, right, like that the VPN might interfere
with that. So that's where the problem is always cost
benefit with security, right, Phones and all these devices are
there to make your life sexier and faster and more
fun and you know, slicker, and then on the other
side you got this thing go oh, but be careful, right,
(18:33):
So so it's about like the bells and whistles, and
also about responsibility. Cars are really cool, Porsches are gray,
Lamborghins are great, but you need a seat belt in
air bag. So that's the way to think about it. Okay, No,
that's really helpful. All right, we'll care all we have.
We have a lot more questions for you. Beer, start drinking,
(18:54):
and we'll take a break, and then when we get back,
we'll start talking about social media and how creepy can
me Alright, we're back from the break. We're speaking with
Carol about cybersecurity, and Carol, let's let's talk about social media.
(19:16):
You know, we we teased to it before the break,
So let's talk about technology creeping me out? You know,
what's the deal with being fed ads for a product
or a company after mentioning it in real life? You know,
like there have been times where when I know that
I haven't searched for something online and where I've only
talked about it in real life, and then the next
time I hop on Instagram, right there's an advertisement right
(19:37):
there that's just waiting on me, that is the exact product,
even though it's not something I would ever uh normally
search for. How does that happen? Okay? Well, okay, so
so so I don't know, but I'm with you, Okay,
I've got I'm with you because I feel the same
thing was happening, right. I kept seeing that I'd be
talking to someone where I would send Like I would
be on the phone with my brother, I would send
(19:58):
him a link and suddenly in of my feeds would
be that thing. And you're like, how did that happen?
What it turned out to be And this is thanks
to Apple's latest update when they did Abida. They started
showing what information was being transferred over from app to app,
and it turned out that when you copy and paste,
like say a link to put it into a text message,
(20:20):
sometimes the apps would pick those up right. And so
loads like New York Times for example, did it read
it was doing it. Loads of like bona fide good
apps were doing it, and it was just this kind
of hidden thing. So they just go and hoover your
whatever is in your clipboard when the when you open
the app, for example, and people started shouting. But that's
why I think it was happening, right, Because if you're
(20:41):
on Facebook and you're like, oh, I saw this really
cool thing. I'm gonna send it to my friend via
whatever another app, you're copying it, aren't you You're copying
and pasting, and you're leaving the app and you're coming
back in. So that's what I think was happening, and
maybe on iPhones it will stop now because a lot
of people pulled out because I you know, iPhone made
a big people that saw it made a big stay
to Apple about it and to the apps. That begs
(21:02):
the question then about the requests that apps make when
you do download them, Like they want microphone access or
camera access, and so they're asking for for access to
all these different privileges on your phone. And how should
we think about that? I mean, should we just have
fewer apps, a few or more trusted apps? I mean,
like how do I decide which apps we're going to
(21:23):
download which ones we aren't? Yeah, so less apps is
a good thing. I think a lot of us need
to do a bit of you know, iPhone or phone hygiene. Right.
So there are a lot of game apps or stuff
you downloaded because you're babysitting your nephew, you are playing
with your kids, are doing something right, and it's just
sitting there and you got it because it was free. Well,
free apps are trying to get something out of you
(21:45):
as well. Maybe it's information, maybe it's at buyings inside.
Once you've downloaded the app. So my advice on this
is check your apps, right, the ones you don't use,
get rid of, and I don't just mean delete them,
try and close the account before you delete it, but
get it off your phone. Keep the apps you like.
In the apps you like, go check the configuration options
(22:05):
just to make sure you're comfy. They're not very complicated, right.
And what I do, because I'm a big geek on
this is I check their privacy stuff because, for example,
how much information do you put on Facebook or on
your social media's and you know, do you care that
they might just share that with any third party they deem? Okay,
be that anyone, right, it's not to you who they
(22:26):
share it with. So sometimes you want to go read
these things and decide, actually, I'm gonna be using it
for this specific person purpose and I don't actually trust
this particular company or this app with that information. So
again you got to use your nose. Right. The same
as a car, you know, if I said, hey, I'll
come pick you up, and you saw my old beater
right with three wheels and no and no winshield, no seatbelts,
(22:47):
you might go, actually it might take the bus, thanks, Right,
So that's the kind of thing you got to do
with apps just because they got pretty pictures. Don't think
they're all built the same, right, Yeah, I feel like
so many apps are are kind of guilty of this,
you know. But I don't like the idea of these
different tech companies leaning and harvesting my, like my data.
I'm personally less worried about their ability to to target
me with you know, customized ads um and I'm more
(23:07):
concerned with, you know, with hackers trying to break into
my accounts, you know, and say you drain my savings account,
like you mentioned earlier. And so how can the information
that we post on social media put our our money
at risk? Well, like we were talking about earlier, people
tend to give lots of stuff away on social media.
Pictures of their kids, maybe the front of their house.
They might name the town or the street they live on.
(23:30):
They might all these little glimpses of information, these little
tiny piece of information can be just hoovered up and
to build up a profile of who you are. And
that is what right now is kind of traded amongst
the ad companies, right the Google sell this to add companies.
They say, this is the profile of this person. So
then they can target those ads at you. Now. Just today,
(23:50):
I recorded Smashing Securely earlier today and we had a
guy on Tim Hwang who's just written a book saying, actually,
that bubble is crazy. They they're hoovering all that information
from you, but they they're using it isn't actually working
for them. It's not actually ending up in money in
the pockets of the advertisers. It's ending on the pockets
of people like Google. Right. So, so he's kind of
referring to almost like he calls the book is called
(24:12):
like some prime. So it's like a big ad bubble,
same as the housing bubble that existed, which would be
perfect for this podcast. Ads are a crazy, crazy environment
right now. The digital ads you see on websites are
all digitally placed and not handcrafted by people that care. Um.
They're there to try and get you to click on them,
and everyone's trying to get a piece of the money
out of it, and not all of Some of them
have are malicious, right, Some of the ads might look
(24:34):
bona fide, but actually click on it and you're going
to a site that looks exactly like the place you
wanted to go, but it's actually a fake site, so
you got to check your links. So don't click on
ads is basically the answer. And use ad blockers. That's
what I suggest. Use an ad blocker. Using that blocker,
just get them out of your face. Your web experience
is so much nicer with an ad blocker, and they'll
figure out a new way to monetize the web. Don't
(24:55):
worry about them. Well, as we're talking about to like
it's something we haven't covered yet. We're talking about social
media and oftentimes, like you can log in with your
Facebook account or with your Google account. Um, good point
on like hundreds of websites. Now, is there anything inherently
risky about logging in with you know that one log
in on like just tons of different websites that you
(25:17):
do business with, whether it's an online retailer or whoever.
So let's say it was your Facebook account and your
password was Bob the Dog. It's great, and that password
somehow got guessed by someone because there's lots of pictures
of Bob the Dog on your social media and they
find it, so then they can go around and find
(25:38):
every other website that might be using that same interest.
So I'm not a fan of those I'm similar to
using the same password across all platforms. Yeah, so I'm
a big fan of the whole password manager every store.
Just again, you have to trust the password manager, right,
So don't go with someone you don't trust. Do your
research on that. That's the most important bit. And then
that is your vault, and it gives you unique places everywhere.
(26:01):
So if someone hacks one thing, they're hacking only that
one thing. Which you know, how many websites do most
people have at least fifty probably with Lawkins, I mean
about thousands. But you know I'm I'm on the other
side of that. I'm the digital sphere, right, So, yeah,
that that's what I would advise on that. Right. So
we're talking about Facebook, let's shoft gears a little bit.
What about cameras? You know, should we should we take
(26:22):
our cues from Mark Zuckerberg. Uh, there's this photo of
him sitting at his laptop working and he's got some
tape over his camera on his laptop. Should we be
taking keys from him and kind of be doing something
like that? Do you know? I want to ten years ago,
maybe when they first started coming out, you know, cameras
that we had to do video calls in my in
the business world, and I would have a camera over
mind all the time that piece of tape over mind
(26:43):
that it was actually a three M three M sticky note, right,
And all my colleagues were all geek here than me,
laughed at me, laughed at me about doing that, thinking
I was so paranoid, And five years later they're all
doing it. So I have a cover on all my phones.
I actually have electrical tape my mobile phone case because
it wouldn't take my little snippity thing. I think the
(27:04):
digital ecosystem is basically the wild West right now, and
it's full of flux. It's super exciting, like every year
we're hearing something crazy new. But it's because it's the
wild West. It's not necessarily safe out there, right it's
a little bit crazy. If you're going to go into it,
you've got to just keep your nerves. And everyone's addicted
to it. People have got Alexis in their house and
all these kind of things, Like everyone's constantly connected to
(27:27):
the Internet, and so in the same way that you
would teach your kid out across the road, that is
what we need to do when we're using these things.
Even though it seems easy, there's some hidden pitfalls you
want to you don't want to fall down? Right all right?
You mentioned smart speakers alexas, Like, how nervous should I
be that I have one of those in my house?
And um, usually you know, all we're doing on it
(27:47):
is asking Alexa to play music for us so we
can have awesome dance parties. But like, should I should
I be concerned about having that in my house and
the fact that it's like listening to everything we're saying? Apparently, well,
you have it presumably on connected all the time and
you use it occasionally, right pretty much? Yeah, I mean
maybe we should unplug it more, That's what I think. Right,
(28:09):
So I don't have very much. I I would tea
in my house. And the reason I don't have it's
not because it's not sexy. I get it. It's so sexy.
Go hey, Lex, play Hello from Little Ritchie? Right. If
it works, it works right, and it's easy. You don't
even have to get up. It's like the lazy man's dream.
But all these devices are not being made by security experts.
They're being made by companies that are trying to outbid
(28:31):
their competitors and get a sale, and they're adding features
in whiz Bang and if they're racing to get these
things out the market because it is a hot market,
the IoT market, how many of these hundreds of different
companies are actually investing the time into baking insecurity. That's
what we call it, right Like, so from the get
go of developing something we want kind of like, what's
(28:52):
the security implications of this? What's the security implications of this?
Every step of the way and right now, Because it's
the wild West, that's not always happening, which is why
we have those situations of like Alexa recording private conversations
or private events that happened between family members, or baby
monitors scaring the poo out of moms, you know because
they've been hacked, or TVs that watch you back, or
(29:14):
you've got room bas that actually can map your house
and then load that up into the cloud, and you've
got door systems that lock you out of your own house.
Like these are all the things that are happening right
now that are in the press day after day. So
the question you need to ask yourself is is this
IoT needed in my house? Will it make my life
measurably better? To incur the risk that I'm in producing
(29:36):
into my environment. Right, So if Hello by Little Richie
is what you need to hear every night, then you
need an Alexa, right? And then maybe do you need
it on all the time? Right? So do you need
it to be plugged in and sitting there humming constantly?
Because all of these things are built by human beings.
All human beings make mistakes, and you're basically putting microphones
(29:56):
and video cameras around your house, inside where you live,
where you're trying and then you're trying to protect privacy.
So it's it's a really hard it's a hard environment. Yeah.
So I saw a story recently about a coffee maker
that some you know, some security experts. They basically we're
trying to figure out like where are the security issues.
They were able to reverse engineering and basically make it
(30:18):
to where like something like where the coffee maker could
demand a ransom, Like did you see something about that? Yeah? Yeah,
so so that has kind of been blown out of proportion.
So they did, they were you know, just you know
so that so but that was something. So it's true
that there were bugs inside the software, um, but they
would be so hard to hack, like you'd have to
have access to the coffee maker, to the person's phone
(30:40):
in order to make that hack that this researcher found work. Right.
So so that's one of the things where we're useful.
People like us, like smashing security and stuff are useful
because we'll be able to say, look, I know you
heard about that in the mainstream press because everyone got excited. Right,
But that's not when we need to worry about what
the real things we need to worry about are. Because
some of them are exciting, you know, joint jurnalist get
bored to remember that, right, Journalists get bored, and they
(31:03):
like nice sexy titles and hack coffee machine. Who doesn't
want to react, right, right, But but it is true
that IoT is often more easily hacked than not. And
again it will get better. But right now, you're kind
of a trail brazer if you're bringing this stuff in
your house. Even though people say, oh my god, I've
already got version three, you're still in the big grand
(31:24):
scheme of things, a trailblazer and bringing these things into
your house. So do your due diligence, check your privacies.
You know you're paying for this, right, Remember that you're
paying for these pieces of kit. So if the privacy says, oh,
we're gonna share your data with everybody and it's totally
cool and we're gonna track you everywhere you go, is
that okay with you? It sounds like being a luddite
is better for our security and better for our wallets too.
(31:45):
Right there you go. I'm certainly still when I'm clinging,
clinging to my wooden desk desperately. All right, well, coirl,
We've got a couple more questions for you, including kind
of cybersecurity and the upcoming presidential election. Um, so we'll
get a couple of those questions with you right after
this break. All right, we're back from the break talking
(32:14):
with Carol. And Carol you're you're a Canadian the UK,
so I'm not sure if you've heard, but here in
the US we're actually in the middle of an election,
are you. Yeah, it's been really civil and fun. Yeah,
it's been. It's looked so fun, really really felt. I've
really been so jealous of all of you, just all
the normal times that we're having over here. However, you know,
(32:36):
are there individual security concerns surrounding the presidential election? I
would like to hear. Yeah, it's just some of the
stories that you've been researching in regards to that. Well,
this is this is a perfect kind of almost like
a segue to what we were talking about at the beginning, right. So,
so we're in the era right now of fake news
and misinformation, right so, and we know that this is happening.
(32:59):
Everyone is telling that's happening, and lots of parties are
trying to convince this and change our ideologies to you know,
to to really strengthen our views in certain ways. And
it's again, it's about us to be able to read
what you carefully what we're sending before we send it on.
So that's the biggest thing on that front. That's how
you can help. Don't send stuff because the title was nice, right,
(33:20):
check it out first and make sure you want to
send it to people. So we have this election going on,
and remember at the beginning of this we were talking
about how everyone is focused on the same thing. Well,
guess what, you guys are like little goldfish in a
fish bowl for hackers, because all of you care about
the elections no matter what side anyone's on, you care
about the outcome. You care about it in your state,
you care about it, in your cities, you care about
(33:41):
in your country, and so you may be looking for
information online to try and maybe check out an opinion
validate your own opinions. And people know that, and they're
going to try and lead you down roots that you
don't necessarily want to go down, by pretending to be
a news article about exactly what you want to read about,
and inside that news article might be hey, get this free,
(34:02):
uh you know, e book all about this, and that
might be malicious. So again you have to keep your
wits about you. The other way they get through to you.
So the big things you want to watch out for
is electoral ads, So don't click on the ads. Watch
out for emails in your system, like especially if it
comes like safe from your anti Hilda and it says, how,
oh my god, news about the elections. You've got to
(34:23):
read this and you think anti Hilda hasn't written to
me in six months? What? Okay, she may have been hacked, right,
And so the name of the person that has emailed
you is not the soul way you should validate and
emails you know to be good, Okay, you have to
look at if it doesn't feel right trusted. Now, what's
good is lots of email. If you guys have been
(34:45):
keeping up to date with all your security patches, you
know how your computers will say, oh, you have an
update waiting right, don't don't delay on those things right
update right away. That's really important. Those are like new
found vulnerabilities that hackers are going after because trying to
race you from updating it. Try and get that whole.
So always do your updates. Don't click on emails and
(35:08):
links and emails go to the website. So if you
read something that sounds really interesting, then go to the
web and go search for that thing. Don't click on
the link from it and watch your emails, because that
is where it's going to happen. You may get a
government or a you know what, a local local election
information that the you know, the place is closed, for example.
You might panic, and you might that's what they want
(35:28):
you to do. They want you to panic and click
and you feel that panic rise. Just take a breath,
calm down and read it again and then decide what
you want to do. And if you don't know what
to do, don't do anything. Call someone who knows more
about it. Right, Just stop right, right, Yeah, basically, I
mean it sounds like they're looking. I mean they see
an opportunity sort of like you're saying, like, this is
what people are talking about. This is on people's minds,
(35:48):
and because of that, they're looking to exploit that emotion,
take advantage of people looking for more that information that's
out there. They're pouncing on that opportunity. And think about it.
There's a lot of people right now out of work,
all right, there's a lot of people facing out of work,
and there's a lot of people they're going to be
facing a lot of difficult decisions and difficult bills. You know,
no one wants to be scammed, no one wants to
(36:09):
be hacked. So so just be very wary of of
you know, people need to make money and this is
a great way. This is attracting more and more people.
So this is not just Russian organized criminals that are
doing these kind of things, right, It's also people that
could live down the street from you and because they're
they're you know, they know a bit about computers and
they're in a tight way, right, they need some cash.
(36:30):
So what you want to watch out through these things
because ransomware is another thing you want to work worry about, right,
So these are the downsides to all these things. If
you actually click on the phishing emails, is like suddenly
all your content on your computer is locked and you
can't get access to it unless you give him a
grand right. And and that can be a very difficult
situation because do you want to pay the bad guy
for your information or do you want it to be
splashed all over the internet. So there are difficult things, right,
(36:54):
And we use these computers and often we try to
be like ostriches. We just don't which close aurizes that
they won't happen to me, and what happened to me
happen to me, but it literally and this is where
the silver lining to all this. If you use a
password manager, you have different passports for every single website
that you use, and you use that manager to manage
that you employed if where you can you know multi
factor of authentication or two factor authentication, that's when they
(37:15):
send you an SMS code or they send you an
authenticator on your phone. Those things are really good. It's
like a second kind of hurdle to make sure you
are you, and it makes it that much harder for
bad guys. They get over the first hurtle, they it's
very rare to get over the second one. Speaking about
not letting our information get in other people's hands, get
splashed all over the internet. Sometimes on the show Matt
(37:36):
and I, we talked about ways to to make some
quick money by decluttering, get getting rid of any valuables
laying around the house. Oftentimes those are you know, old
computers that you have, um or or old cell phones
and some of your personal information is on there. So
before you're selling a phone or a laptop or or
a personal computer, like, what should you do? What steps
that should you take to know that somebody's not gonna
(37:58):
have access to your personal information and um, once it's
in their possession. I think put it in a blender
is the only way. Well, in the old days, In
the old days, right, you used to be able to
use a magnet and it would just wipe all the
information off the phone, like off the tapes, right, but
now lives out video tape, right, Yeah, but now it's
all flash drive. So like magnet's don't work. Okay, So
(38:20):
what do you do the first thing you want to
do is you want to first get your new device
up and running. Okay, you do not wipe your phone
before your new devices up and running. Please to then
wipe your device and you want to do a factory
default reset, and my advice don't do it just once,
(38:40):
do it three or four times because that's rewriting the information.
And it's kind of like, um, it's kind of like
a cake layer. So imagine put I get I had
a thousand dollars at the bottom of a cake, and
then I just put icing in a cake layer, another
ic and cake lay, another icing and cake laire. You
might not get there if you're eating your way through
to get to it. So so that's the same idea
as wiping a phone. You just each layer is something
(39:01):
more difficult for someone to get to. Um. Decouple your
phone from all the systems that's connected to. So if
you're an Apple gal like me, your maybe your laptop
is connected to your desktop, is connected to your iPad
or to your phone or whatever. Right, so before you
you want to make sure that's all disconnected from your
(39:21):
systems as well. You don't want to have any trace
of you still connecting to anything and make sure um
yeah again, make sure your new device is running very
smoothly before you start this process. For example, if you're
using multi factor authentication where someone sends you a code
to your phone rather than an SMS and it doesn't
erected bide the phone, you don't get the code right.
(39:44):
So you want to make sure that all the really
important services, your banks, your passwords, your security stuff, knows
that this new device is the new device that you
want to you know, use to do your business. Yeah,
that could be a huge pain in the butt up
and then you feel like things are going to go.
You've wiped your old one, sold it, maybe already on eBay,
(40:04):
and then you can't log into Yeah, you're not receiving
the code. I'll be able to log into your savings
account or your checking account. See yeah, on the iPhone,
at least on the iPhone, at least I know. There's
two different types of restores. So, for example, on my
old iPhone, the screen kept being really dark, you know,
even when it was full brightness, it was still dark.
So I had to do a factory reset. But I
was able to do what they call a soft factory reset,
(40:25):
where it reset the OS, the operating system of the phone,
but didn't change any of my information, so I still
was logged into all my apps that I had. Where
you want to do a full factory reset, right, So
you want to go check that. You want to make
sure the apps have been removed from your phone that
you can't open. They're not even present, right, it's like
a completely new phone. You want to do that three
or four times and make sure and go in and
(40:46):
say I can't see anything with me here. Yeah, So
on the note, you know, you're talking about taking care
of your here mobile device. Like I've heard that it's
a good idea to reboot your your cell phone every
morning when you get up. Is that true? I don't know,
I have not heard that. Well, no I'm not. I'm
not saying it's not a good idea. I mean I'm
very bad with that though. I tend to leave things
running a lot, like even sometimes I'm like on my computer,
(41:06):
I don't know, I tend to leave it on standby,
off WiFi, but I leave it on standby, you know,
sam here. Well, okay, so what are like a few
other like best practices then that we could easily implement,
you know, on our phones or on our computers. That
would go like a really long way when it comes
to cybersecurity. You already mentioned the password managers managers, you know,
like that definitely seems like one that you've come to
(41:27):
multiple times here, So I'm gonna say that that's probably
the first thing that you would recommend. But yeah, well, like,
what are a few other things that we should know
hanging fruit? Yeah, I would go around your house and
have a list of all the smart devices that you
have in your house, right, so list them out and
list out what the version of numbers are of that.
I know it sounds ridiculous, but you will be shocked
at how many devices you have in your house that
(41:48):
have microphones and cameras and GPS functionality. You will be shocked.
I bet it's brown ten or twenty for most of
your listeners, Okay, which will blow your mind. So all
those things you've got to think about, are they up today? Eight?
Have I been looking after them? So if you've got
like really old, you know, do you have old, old
equipment that you have an updated Old computers that are
still connected that haven't been updated in ages, they're a problem. Okay,
(42:11):
just because you don't use and it's still on, that's
a problem. So you want to get that off your
kind of home network, if you will. You want to
get it off your system, You want it out of
your house. You don't want those kind of things because
basically as as those things are laying around their vulnerabilities right,
and they're not getting update and if they're on exactly right,
So so there's a really So this is where it's
really hard because people are like, well, works fine, why
(42:31):
should I change it? I don't want to update every
time I update. It doesn't work very well, right, And
so I can understand that, but these this is again
where I'm kind of preaching to a simpler life, Like
I understand technology is really integral to our lives, but
maybe not as much as we all think. And maybe
we just need to think about what technologies we really
want in our homes where we have our families and
(42:51):
all the private moments we have. I think that's a
great point and an incredible note to wrap up on, Carol.
This has been a great convertation. I've learned so much personally, um,
and so thank you so much for taking the time
to join us and work and our listeners find out
more about you and what you're up to. You can
find me at Smashing Security. This is a podcast I
do every week. And there's another podcast I've just launched
(43:14):
which is called Sticky Pickles and you can find me there.
It's it's a little bit rude, so it's for the
adulter audience. Good to know. You want to give like
a brief synopsis or a brief summary of what that
that shows. That's an interesting stick pickle. That's not something
you hear every day. Yeah, yes, okay, So Sticky Pickles
is all about being knee deep in a dilemma. Right,
we've all been there. What do you do now? So
(43:35):
we've created I have a co host, the gorgeous Anna Braiding,
who I do it with, and I try and present
her with a sticky pickle, a dilemma that I think
she wouldn't be able to get herself out of. It's
just too sticky, too cringe e, too awful, and then
she has to try and get herself out of it
without losing faces. She does to. These are social situations. Yes,
there's social scism technology related, No, not at all, thank god.
(43:58):
You see another breath of fresh air and that's a
press for share. Yeah. No, it's all about relationships like
me with boss, mother in law, boyfriends like so we
go across the spectrum. It's really fun to do. It's
been a pandemic special. That's great. That's great. We will
be sure to link to both of those in our
show notes. Uh and Carol, we really appreciate Thank you
for for taking the time to talk to us today.
It was an absolute pleasure, guys. And thank you for
(44:19):
teaching me the word clutch. Carol, you are welcome. Joel,
I hope that's not not a term that we overuse,
you know. I feel it might be one of those
words I go to too often. I I tend to
do it as well. But what a great interview though
that we just had here with Carol. I feel like
this is the perfect topic to bring somebody on for right.
It's it's something where it's related to our money, but
it's not so on the nose, and it's not something
(44:41):
that we are too terribly familiar with, but it is
so important, you know. She we talked through all the
many different ways that we need to make sure that
we're being smart, you know, with with with the devices
that we're using, with our different accounts, with our passwords.
So yeah, for you man, what was your your big takeaway.
What's the one thing that you're gonna start doing now
in order to make sure that you're being uh smarter
and safer online? All right, Well, I learned a lot,
(45:03):
and there are probably a few changes I'll make, but
I think that the biggest thing that stuck out to me,
the biggest takeaway I had was will a smart device?
Will it make your life measurably better? That's what Carol said,
And you said, if not, skip it or take it
out of your home if it's not making a big
difference in your life. And so for us, we do
have UM a couple of Alexa speakers, and the girls
(45:24):
love to like play Frozen two or whatever it does.
They want to listen to on the device. And I
like at night just to be able to yell at
my speaker and tell it to play me whatever I
want to listen to. UM to not have to get up,
because yeah, it is kind of for the lazy man
like myself, that's what she said, the lazy man. We
don't even have to get up. It works. It's even
swipe or type with your thumb. Yeah. But but you
know what, maybe during certain parts of the day, I'll
(45:46):
turn it completely off. Um, I'll unplug the device so
that it's not listening to me, because that's the problem
with those smart devices. And I'm not one of those
people that that has a lot of connected Internet of
Things stuff going on in my house. But I'm going
to take another look, like what is it that I
do have here and and what can I get rid
of that isn't making a big difference that I don't
need that could potentially be a problem in my life
(46:08):
leading to someone knowing more about me than they need
to know. So I think that's my big takeaway from
from this conversation. Matt, what's yours? Yeah, I think I've
got a couple takeaways here and and but they all
have to call the big takeaway yet you choose multiples. Uh.
They both have to do with your cell phone though.
How about that? Uh? You know she mentioned how going
with the bona fide apps for a specific banking institutions,
(46:30):
how that's just a slam dunk way to make sure that,
uh that your data is encrypted. You know she's talking
about how, Uh, there's basically a higher standard that those
companies have to adhere to. And it makes sense, right,
You know, when you have thousands and hundreds of thousands
of of individuals dollars maybe in a specific account, you
need to make sure that it's difficult for folks to
get into those accounts. Uh So that was encouraging to hear.
(46:51):
And the other thing has to do with saving money.
I often will jump on Wi Fi no matter where
I am in order to to keep my data usage low,
even when I'm not necessarily aware as to who is
running that WiFi network, right, And so I was encouraged
maybe to not do that, you know, if I didn't
know who is running that network. But then also if
I do decide, it's kind of like a frugal or
(47:12):
cheap thing, right Yeah, yeah, seriously, five bucks in Daddy
used to you're gonna span might be worth it compared
to someone you know getting access to your information. Right,
But if you are gonna be frugal or maybe borderline
cheap to consider, you know, some of those virtual private
network systems, you know, the VPN. If you are going
to be on someone else's WiFi and you're not totally
sure if the security there, that is when a VPN
(47:33):
makes sense. It's not something that you need to be
concerned about when you're on your own WiFi, but when
you're out and about, those are the kind of situations
where a VPN might make sense for you. So yeah,
if if you're on the road more, if you travel
a lot, like, yeah, VPN might be something that you
need to look into. But you know, if you're more
of a homebody like me and only rarely make it
out to the outside world where you're gonna hop on
someone else's WiFi, that's not something that I need to
(47:55):
worry about. Well, I hear too that if you have
a VPN, you can watch like Netflix content it in
Canada or Scandinavia or whatever like, because well, he doesn't
know where you're at locationalize and so you have access
to some of the streaming content from Netflix around the world,
which you know, they've got different contracts negotiated with different
providers in in every single country, and so yeah, what's
(48:16):
available in India is different than what's available in the
United States. Um, that's a little park something I heard
on the street. But um, yeah, alright, So Matt, let's
go back to the beer that we had on the
show today. While we were chatting with Carol, she had
a beer herself. But the beer that we had is
called Duh Snake Blood by Dissolver Brewing. This is a
beer you picked up for us UM recently and it's
(48:38):
a raspberry chocolate Imperial stout. So yeah, what was your
take on this beer? Man? Yeah, this is one of
the breweries that Kat and I poked our head into
and got a couple of beers while we were there visiting.
This was, uh, like you said, a raspberry chocolate imperial
stuff that has raspberry vanilla, French broad cocoa, nibs and husks.
I'm not totally sure what husks are like, like corn husks.
I don't know, Man, that's weird. This was a really
(49:00):
tasty stout, and this is one that's perfect for you know,
these cooling temperatures. I love having beers that fit with
the season. Um. But man, I will say this particular beer.
I gave your cup the first pour, like the first
half of the of the beer, and I got the
second half. I'll be honest, it got a little thick
there towards the bottom of my glass. I don't know
if that's a quality control issue per se, or if
that's just how they Maybe that's the husks. Actually it
(49:23):
could be. Well, I just looked it up. Coco husks
are the outer shell of the cocoa bean um and
like the being, they're also edible. So yeah, it's just
two different parts of the cocoa bean that we're used
in the making of this beer. But interestingly enough, I
agree like this this beer probably should have been filtered,
and it's okay when some beers are unfiltered. In fact,
I like many of my beers in particular, I p
a s unfiltered. I feel like there's more flavor sometimes,
(49:45):
but when you're using bigger ingredients like that, maybe um,
a more intense filtering process is helpful. I really like
the beer. I like the flavors like dark chocolate and raspberry.
But at the same time, the mouth feel was a
little bit off just because of the lack of filtering.
I think, little tooth thick, little too chunky my mouth. Right, Uh, yeah,
I'm with you, and I will say, man, of course
I got this beer for you. Right. It's a big
(50:05):
old style, but it's got raspberry in it. It's too
kind of I appreciate that. Try to be thoughtful where
I can. Yeah, well, it's a fun one. Glad we
got to have this one together. And I can see
why they called it snake blood, because snak blow would
be like dark with like a hint of raspberry color.
I would think, right, yeah, I would agree. I'm guessing
I haven't ever killed the snake, but that's my assumption,
or enjoyed his blood exactly. Gross. All right, well, um,
(50:27):
that's gonna do it for this episode. For folks who
want the show notes, including links to some of the
things that Carol mentioned in our conversation, will have those
available for you at how to money dot com. And
if you listen to this episode you found it helpful
and enjoyable, we would ask for you to leave us
a review over at Apple Podcast. And if you've already
done that, we would ask for you to to tell
a friend or a family member about the show. That
(50:48):
helps us to get the word out and it helps
them to start doing smarter things with their money as well.
So Joel, that's gonna be a buddy. Until next time,
Best Friends Out, Best Friends Out.
Welcome to How the Money. I'm Joel and I am Matt,
and today we're talking online privacy, creepy social media, and
cyber security with Carol Tario. Chances are you pay for
(00:30):
something recently, or maybe you gave some money to a friend,
But you likely didn't do that with physical cash, right.
You probably did it via a digital payments online or
maybe with an app like Venmo or the cash app.
And this presents a whole host of issues. We know
how to keep people from stealing our money right al
of our wallets and out of our purses, but what
about the money that we have in our accounts online? Uh?
(00:54):
And So our guest today is Carol Tario. Carol knows
a thing or two about internet security. She founded the
so FoST Naked security site years ago and she now
co hosts the podcast Smashing Security. She lives and breathes
all things cybersecurity, and we are so glad that she's
here with us today to talk about protecting our identity
(01:15):
and ultimately protecting our money. So, Carol, thank you for
joining us today on the podcast. Oh guys, I'm so
honored to be here. Thank you so much for having me.
We're so happy to have you, Carol and Um, Matt
and I we always drink it craftier on every episode.
Today on the show, we're drinking a raspberry chocolate stout.
They're really excited about. I know you have a beer
over there as well, correct, I do. I'm drinking the
(01:37):
Wild Beer's a company a Quantic. It's a session I
p a with citrus, fresh pine and extra pale. So
you already you already getting a plus for participation in
the show. So I'm not a beer drinker, but I
really wanted to play ball taking one for the team.
I appreciate it. Well, the sacrifices we may exactly exactly
(01:57):
to to create a good podcast. Uh well, here all
the first question we ask anyone who comes on the show.
Because Matt and I do really like craft beer, and
we're willing to spend a little bit more money right
now on beer while we're saving well and investing for
the future. What is your craft beer equivalent? What's the
thing you're willing to splore John in the here and now. Well,
unlike your entry, I do have a few extra hobbies
(02:18):
outside cyber Um. Probably podcast is probably my biggest thing
that I spend my time on. But um, I I art, right,
I don't like to call myself an artist, but I
try and do art every day. Like I paint, I draw,
I do ink stuff and I love. I'm loving the
whole journey to getting better. So my pleasure is art
supplies gorgeous stuff at that professional quality paints, watercolors, oils,
(02:45):
you know, papers from arches, inks, charcoals, brushes, all that stuff.
I just bought this monster paint brush Slize twenty two,
which will me nothing to know painters. But you guys
know what I'm talking about is that as big as
my hand or small borrow. It's probably like probably an
inch and diam and it's kind of like a tear
drop and the whole thing is just full of it.
You can just really slap the paint on and it
(03:06):
like set me back hunter of bucks, which is a
lot of for one brush, right, Yeah it is. Yeah,
it is the premium brush. That's that's brush you're gonna
pass down through the generation unicorn hairs or something like that.
But you know, I don't do that often, and I
can take you know, I think about it for months
before and it sits my in box and then I
just go for it when I'm right, when I'm really sure,
and I'm loving it, So it's all good. That's great. Yeah,
(03:27):
when you find a deal as well a discount. Uh well, Carol,
let's kind of dive into this right. Over the past
couple of decades, we've seen more aspects of our lives
shifting online and going digital, right, like banking and investing. Obviously,
we're huge fans of the convenience and benefits this offers.
But how concerned should we be with the digital security
(03:49):
you know, of the apps and of the websites that
we're using. Not at all, it's just a big hoax.
It's just a joke. No, Seriously, You've got to be really, really,
really concerned. I hate to say that, right, it is
really kind of a failing of the you know, the
the environment and technology working together. There's lots of solutions
that those lots of ways you can be better, but
(04:12):
it's not easy. So it means we have to think. Um,
if you think about it, you know, when we all
look for the same kind of information, right, like like
a Brexit or pandemic or elections all that stuff, we're
all more vulnerable because we're we're looking for information. We're
all looking for the same information. So it tells like
bad guys to say, this is what they're looking for.
(04:33):
So if we can somehow dupe them into thinking we're
going to give them the information they want. And we're
all looking for the same thing, we're kind of like
sitting like we're fishing, you know, we're goldfish and the
fish bowl basically. So that's why it's important to think
about security. So so in particular, um, right when we're searching,
there are there are spamming results that can come up,
and and that can you know, there's malware and all
(04:54):
sorts of things that can happen if we're doing that.
Let's say there's a company that we have a relationship with,
right like a bank or in an investment company, an
investment house, and you know, we we log into there consistently,
you know, maybe once a month, maybe once a week
to check our balance to see how things are going.
What are the potential risks in logging into a website
with a company that we do business with on the regular,
(05:16):
and how can we avoid some of the potential pitfalls? Okay,
so one of the ways you can avoid the pitfalls
is by having bona fide apps from those providers. So
let's say you bank with ABC Bank, and ABC Banks say, hey,
this is our portal, this is our app, right, and
banks are pretty good at security pretty generally across the board.
(05:38):
You know, there's like certain regulations they need to meet,
so they tend to be much more trustworthy than your
typical retail shop. So my my, my trick with those
things is use apps. Then what can happen the things
you're trying to avoid, for example, is you may get
a text message. In fact, I got one on this
weekend but said hey, my Halifax, which is a bank
in the UK, my Halifax account has been h and
(06:00):
to call Halifax on this number immediately. Now I don't
have a Halifax account, but if I did, what would
I have done? Right? So, what some people will do,
and what we're warning people against, and what they're trying
to get you to do, is to click on that
number because it's so easy, right, it's right for you exactly.
So what in those situations, if ever you're concerned, do
(06:22):
not click on those links. Do not click on that
phone number. Go to the bona Fide website or the app,
find the phone number that they advertise for everyone, and
call them and say that you're a customer and then
explain what happened, because what happens they route you into
someone who pretends to be a bank and they say
to you, hello, mr, can you just confirm your password
(06:43):
and your user name? And you give them all the
information to verify who you are and then guess what
they do with that information go to your account and
empty yet clean you out. And so let's talk about
passwords too. You know, I'm sure you're gonna tell us
that strong passwords are clutched, right like ABC one tooth thread,
Like that's not going to cut it at today's lingo clutch.
I like that outcast. I think we use that word. Yeah,
(07:06):
we get called out for using that. I don't know
if it's more of a Southern kind of dial you know,
I don't I'm not totally sure if it's like a
millennial guy thing using okay, yeah so yeah yeah, so
like yeah, when you're creating a new password though, you know,
like a lot of sites will gauge the strength of
it as you're typing it out. But you know, like
how long should passwords actually be and should we like
(07:28):
include you know the special characters and the numbers. What's
what's a good sort of routine that we should go
through when we're creating these new passwords. I know. Okay,
passwords are everyone the bane of our lives, aren't They
have worked? Now, let me tell you something. So there's
these great research. There's some great research into passwords. So
twenty three million account holders, let's take your company, their
(07:49):
passwords were one, two, three, five, six. Okay, yeah, fifty
one of people use the same password for both work
and home personal accounts, right, so they use it across
all their accounts, same password because they've developed a good one, right,
they may have a good one, and they use it
across all their accounts. The problem with that is if
someone gets in somewhere, they can then just go around
(08:13):
to every single popular app and try the password. Right,
So rather than you just being hacked on one place,
save Facebook, you're hacked across every single social media account
you've got. And oh maybe if you're using it with
your bank as well, then the banks are a bit
more a bit more, you know, they have a few
more hurdles to get through. But ultimately that's what criminals want,
(08:34):
is your mullah right, and they're going to get it
by either trying to sell your data, your information, or
by actually just going to your account trying to get
into it. So there's these things in our my world
called like targeted social engineering, and this is where someone
basically dupes you, scams you, right. And the problem is,
like six of us adults have this habit of incorporating
(08:58):
pieces of information in their past word that can be
found out on their social media account. So a third
use a pet's name, a fifth use their own name, right,
fifteen percent put down the name of their partner in it,
like I slept with John last time, right, right, and
and and the thing is is those those those are
(09:19):
all clues to someone who's trying to get into your account.
And these are people. This is I think in a
lot of people's heads. You're thinking, oh, why would anyone
target me? Well, they're not targeting you, you're just maybe
in the spitfire. Like. Yes, some attacks are very targeted,
but they tend to go after people with the big bucks, right,
like with a lot of money or a lot of celebiness,
or they have a political difference or something like that.
(09:42):
For people, you know, the average Joe, what you're worrying
about is being lazy, and the job is to just
be safer than your neighbor. It sounds harsh, but it's
really the way to go. So it's like when the
bears chasing, you just gotta run faster than the other person, right, Yeah,
I think there was some actual and there's some actual
doctoral research on that. Basically you shouldn't do because it
makes you bad. Yeah. Basically, it's like if you have
(10:03):
a house, um, and there's a burglar on the street,
he's going to case the whole street, right, and he's
going to look for the one that's easiest to get
into because they want to get in get out, right,
So don't be Yeah, don't be easiest. You make it a
a little bit harder. Have a dog, have a stick,
have floodlights, have locked doors. So that's the same kind
of concept. You've got to think about it when you're
in the digital world. So the reason I think care
(10:24):
all that that so many people will use the same
password across so many different platforms, and like you said, um,
they shouldn't be doing that is just because it is
a heavy lift to remember all these different passwords, and
so there are now password managers that you claim to
help you with that, and um, they will. Essentially they'll
do the thinking and remembering of those passwords for you.
(10:45):
So what's your take on you know, things like one
password bit Warden the companies that will do that for you,
sometimes for a price and sometimes for free. I'm a huge,
huge fan of password managers. I do recommend them, and
I'm glad you brought them up because so I use personally,
I use last Us. There are loads of good ones
out there and the same idea happened. So the way
they work is it's basically an online diary and you
(11:08):
need to remember the password to get into the diary.
That's the only password you as a user need to remember.
And inside this diary, this vault, all your other passwords
are lists, are listed and and encrypted. So the way
it's the way it works is to say you're on
your browser and you go to a particular website, like
say you went to I don't know Facebook, Um, it
(11:30):
would automatically recognize that you're on the bona fide Facebook
page and fill it in. Now, that's the super cool
thing about password managers is say you got you you
got duped by someone by through an email and you
clicked on a link and the whole page looked exactly
like Facebook, but you actually weren't on the Facebook page,
and it just had some tiny like maybe they put
in the Facebook zero instead of the letter zero, the
(11:51):
letter oh, something's tiny that you wouldn't want to see.
Your password manager would see it, right, they go, this
is not the right page, this is not what you
should be I'm not filling it in. And that's the
real trick of them. So I love them, and they're
I mean, there's lots of them that are free for
home use, that are recommended. You can get them to
talk amongst between devices if you pay some and not
(12:13):
a lot of money. We're not talking a ton of money.
But if there was one big security thing I would
say to everyone to do, it's watch your passwords. Unique long,
complicated passwords that you could not remember yourself. If someone
held you at night point said tell me your password,
you go, I don't know. I don't know. It's like
my my passwords are mostly fifty characters. Wow, and not
(12:34):
because I wouldn't remember that in a million years. But
I've got tons of them, right, I've got probably a
thousand passwords, but you do know the one password to
that rules them all, that rules them all exactly exactly. Well,
so kind of all that note, right, in addition to
password management software, what about anti virus software? You know,
is that something that that everyone should have? I feel
(12:54):
like it's something that we saw more like, I don't know,
in the nineties. Like when I think of like like
the basic uh antivirus software, it seems dated and I personally,
I honestly don't know if it's something that I should
be looking at or not. Yeah, well, you know what
you're talking like an Apple user, aren't you? Oh yeah,
so so so the Apple ecosystem is slightly different from
(13:16):
the Windows versions, right, So so I can understand I
don't know if I agree, but I can understand why
Apple users might be more like, hey, do I really
need this? Um? And that's because Apple has a very
good ecosystems of apps like it. It's the app environment
within Apple is pretty safe. They vet the apps that
go in there, and if there's a problem, they go
(13:37):
after it. Right. They have this kind of reputation of
doing it, and they've been doing it for over a decade.
Others don't tend to have that same environment. So in
sort of the Android world or Google world, right, there's
tons of different phones. All those phones have different uise,
every single provider of apps is acts differently and all
this kind of stuff. So so in the you know,
(13:57):
in the kind of Microsoft and all those different worlds,
there's lots of different software available. And I in those
environments where you can just download apps from the internet
and slapped them on your machine, willy nilly, I'm a
little bit more like, yeah, you should have a V
on your computer, antivirus on your computer. The reason is
is that's the thing that's protecting your desktop. Now, you're right,
(14:19):
it is getting maybe less important as we move everything
to the cloud. Maybe in ten years time, our whole
lives are going to be like iPads, right, we will
just have this system and then everything we interact on
is actually its own little app. And that's a different
environment from a computer where you can have a desktop,
you have your own data on your system, you've got
things that work on the computer, and you're using the cloud.
(14:41):
So a V on a computer, I think it's a
good idea. A V on your phone. I don't know
if I would do it. I don't one other thing too.
You know, we talk about using WiFi like you started
to talk about cell phones there. But you know, when
we're using our our phones, we recommend for folks often
to use WiFi in order to save money, right, in
order to limit their their data usage. But what about
public WiFi? You know, like how safe is that? Is
(15:03):
that something we want to avoid altogether? Or are some
networks maybe a little bit safer than others? Yeah? You
all every answer I want to say. It depends, right,
salesman depends Um? So okay, So the way to think
of WiFi is that's like a middleman, right. It's the
middleman that takes the question from your phone or the
search you're making on your phone and delivers it to
(15:24):
wherever you need it to be delivered to. And they're
just basically batting the ball back and forth, and the
ball the tennis ball that goes back and forth. Um.
So if you're using encrypted services, so once I could
come off top of my head, there's like what'sapp or signal?
These are apps that offer encryption within the app. The
middleman can't see what you're doing. You're giving him the
ball inside a box, right, they don't know what's inside
(15:45):
the box. It could be anything and they're just bringing
it back and forth. Um, but when you're using your
device and on something that isn't encrypted, then the WiFi
agent that little you know, sees everything. So your local
coffee shop, for example, their WiFi, they probably don't care
and aren't looking at what you're searching for. But what
if someone's in the coffee shop that sets up a
(16:06):
fake WiFi hot spot that looks super super similar to
the real hot spots. So you get in there and
you go, oh, there's two of them. Maybe this won't
be faster, and you know it may have a legit
sounding name, and then you know you might you know,
I don't know if I would spot that. So so
(16:26):
the tricks to this, right, if this happens, it is
two things you want to protect when what you're worried
about in that situation is protecting the data on your phone.
And there's there's a few ways you can do that.
You can use VPNs. Right that the VPN on your
phone and you turn it on when you're using any
WiFi that you're not like, this is not mine or
my mom's or my best friends. Right, use the VPN.
(16:46):
People don't like it because it does slow things down
a little bit because it's scrambling everything up as it
does the transfer. But it means what you're doing is
going to be encrypted. Now again, you've got to trust
the VPN guy, right, because if you don't trust the
VPN guy, they're seeing everything you're sending them. So it'll
be quiet until it gets to them. You know, the
VPN guys can see it. So this is again you
(17:09):
want to go for bona fide names. If you're new
to VPNs, go for the big guys. There's a lot
of suspicious VPN companies out there, let's put it that way,
So trust your VPN provider before you decide. And so
many more ads for VPNs lately to money. Yeah, it
seems like it's like something that's proliferating as people are
more concerned about their privacy online. A lot of people
(17:30):
are really looking into into the VPN thing. So yeah,
is that something that more people should be considering you think?
I mean, if you're at home a lot and you
tend to just use your home WiFi or trusted WiFi
at people's houses or at places you trust, and when
you're out you tend to use sell data. I think
you probably wouldn't need it, so I would never I
(17:50):
wouldn't bother using us a VPN at home, for example.
But if ever you're in a coffee shop or an
airport or in places like that when you're bored, you know,
like think about the places where you're bor I'm gonna
plan my phone for a bit, right, and I don't
want to really hammer my my own you know, my
own dicell data coverage, so I'll just go I'll just
go on the WiFi. Totally cool. Think about either using
a VPN in that state, or if you're doing something
(18:13):
that's like if you're just streaming a movie, you know,
maybe that's okay, right, like that the VPN might interfere
with that. So that's where the problem is always cost
benefit with security, right, Phones and all these devices are
there to make your life sexier and faster and more
fun and you know, slicker, and then on the other
side you got this thing go oh, but be careful, right,
(18:33):
So so it's about like the bells and whistles, and
also about responsibility. Cars are really cool, Porsches are gray,
Lamborghins are great, but you need a seat belt in
air bag. So that's the way to think about it. Okay, No,
that's really helpful. All right, we'll care all we have.
We have a lot more questions for you. Beer, start drinking,
(18:54):
and we'll take a break, and then when we get back,
we'll start talking about social media and how creepy can
me Alright, we're back from the break. We're speaking with
Carol about cybersecurity, and Carol, let's let's talk about social media.
(19:16):
You know, we we teased to it before the break,
So let's talk about technology creeping me out? You know,
what's the deal with being fed ads for a product
or a company after mentioning it in real life? You know,
like there have been times where when I know that
I haven't searched for something online and where I've only
talked about it in real life, and then the next
time I hop on Instagram, right there's an advertisement right
(19:37):
there that's just waiting on me, that is the exact product,
even though it's not something I would ever uh normally
search for. How does that happen? Okay? Well, okay, so
so so I don't know, but I'm with you, Okay,
I've got I'm with you because I feel the same
thing was happening, right. I kept seeing that I'd be
talking to someone where I would send Like I would
be on the phone with my brother, I would send
(19:58):
him a link and suddenly in of my feeds would
be that thing. And you're like, how did that happen?
What it turned out to be And this is thanks
to Apple's latest update when they did Abida. They started
showing what information was being transferred over from app to app,
and it turned out that when you copy and paste,
like say a link to put it into a text message,
(20:20):
sometimes the apps would pick those up right. And so
loads like New York Times for example, did it read
it was doing it. Loads of like bona fide good
apps were doing it, and it was just this kind
of hidden thing. So they just go and hoover your
whatever is in your clipboard when the when you open
the app, for example, and people started shouting. But that's
why I think it was happening, right, Because if you're
(20:41):
on Facebook and you're like, oh, I saw this really
cool thing. I'm gonna send it to my friend via
whatever another app, you're copying it, aren't you You're copying
and pasting, and you're leaving the app and you're coming
back in. So that's what I think was happening, and
maybe on iPhones it will stop now because a lot
of people pulled out because I you know, iPhone made
a big people that saw it made a big stay
to Apple about it and to the apps. That begs
(21:02):
the question then about the requests that apps make when
you do download them, Like they want microphone access or
camera access, and so they're asking for for access to
all these different privileges on your phone. And how should
we think about that? I mean, should we just have
fewer apps, a few or more trusted apps? I mean,
like how do I decide which apps we're going to
(21:23):
download which ones we aren't? Yeah, so less apps is
a good thing. I think a lot of us need
to do a bit of you know, iPhone or phone hygiene. Right.
So there are a lot of game apps or stuff
you downloaded because you're babysitting your nephew, you are playing
with your kids, are doing something right, and it's just
sitting there and you got it because it was free. Well,
free apps are trying to get something out of you
(21:45):
as well. Maybe it's information, maybe it's at buyings inside.
Once you've downloaded the app. So my advice on this
is check your apps, right, the ones you don't use,
get rid of, and I don't just mean delete them,
try and close the account before you delete it, but
get it off your phone. Keep the apps you like.
In the apps you like, go check the configuration options
(22:05):
just to make sure you're comfy. They're not very complicated, right.
And what I do, because I'm a big geek on
this is I check their privacy stuff because, for example,
how much information do you put on Facebook or on
your social media's and you know, do you care that
they might just share that with any third party they deem? Okay,
be that anyone, right, it's not to you who they
(22:26):
share it with. So sometimes you want to go read
these things and decide, actually, I'm gonna be using it
for this specific person purpose and I don't actually trust
this particular company or this app with that information. So
again you got to use your nose. Right. The same
as a car, you know, if I said, hey, I'll
come pick you up, and you saw my old beater
right with three wheels and no and no winshield, no seatbelts,
(22:47):
you might go, actually it might take the bus, thanks, Right,
So that's the kind of thing you got to do
with apps just because they got pretty pictures. Don't think
they're all built the same, right, Yeah, I feel like
so many apps are are kind of guilty of this,
you know. But I don't like the idea of these
different tech companies leaning and harvesting my, like my data.
I'm personally less worried about their ability to to target
me with you know, customized ads um and I'm more
(23:07):
concerned with, you know, with hackers trying to break into
my accounts, you know, and say you drain my savings account,
like you mentioned earlier. And so how can the information
that we post on social media put our our money
at risk? Well, like we were talking about earlier, people
tend to give lots of stuff away on social media.
Pictures of their kids, maybe the front of their house.
They might name the town or the street they live on.
(23:30):
They might all these little glimpses of information, these little
tiny piece of information can be just hoovered up and
to build up a profile of who you are. And
that is what right now is kind of traded amongst
the ad companies, right the Google sell this to add companies.
They say, this is the profile of this person. So
then they can target those ads at you. Now. Just today,
(23:50):
I recorded Smashing Securely earlier today and we had a
guy on Tim Hwang who's just written a book saying, actually,
that bubble is crazy. They they're hoovering all that information
from you, but they they're using it isn't actually working
for them. It's not actually ending up in money in
the pockets of the advertisers. It's ending on the pockets
of people like Google. Right. So, so he's kind of
referring to almost like he calls the book is called
(24:12):
like some prime. So it's like a big ad bubble,
same as the housing bubble that existed, which would be
perfect for this podcast. Ads are a crazy, crazy environment
right now. The digital ads you see on websites are
all digitally placed and not handcrafted by people that care. Um.
They're there to try and get you to click on them,
and everyone's trying to get a piece of the money
out of it, and not all of Some of them
have are malicious, right, Some of the ads might look
(24:34):
bona fide, but actually click on it and you're going
to a site that looks exactly like the place you
wanted to go, but it's actually a fake site, so
you got to check your links. So don't click on
ads is basically the answer. And use ad blockers. That's
what I suggest. Use an ad blocker. Using that blocker,
just get them out of your face. Your web experience
is so much nicer with an ad blocker, and they'll
figure out a new way to monetize the web. Don't
(24:55):
worry about them. Well, as we're talking about to like
it's something we haven't covered yet. We're talking about social
media and oftentimes, like you can log in with your
Facebook account or with your Google account. Um, good point
on like hundreds of websites. Now, is there anything inherently
risky about logging in with you know that one log
in on like just tons of different websites that you
(25:17):
do business with, whether it's an online retailer or whoever.
So let's say it was your Facebook account and your
password was Bob the Dog. It's great, and that password
somehow got guessed by someone because there's lots of pictures
of Bob the Dog on your social media and they
find it, so then they can go around and find
(25:38):
every other website that might be using that same interest.
So I'm not a fan of those I'm similar to
using the same password across all platforms. Yeah, so I'm
a big fan of the whole password manager every store.
Just again, you have to trust the password manager, right,
So don't go with someone you don't trust. Do your
research on that. That's the most important bit. And then
that is your vault, and it gives you unique places everywhere.
(26:01):
So if someone hacks one thing, they're hacking only that
one thing. Which you know, how many websites do most
people have at least fifty probably with Lawkins, I mean
about thousands. But you know I'm I'm on the other
side of that. I'm the digital sphere, right, So, yeah,
that that's what I would advise on that. Right. So
we're talking about Facebook, let's shoft gears a little bit.
What about cameras? You know, should we should we take
(26:22):
our cues from Mark Zuckerberg. Uh, there's this photo of
him sitting at his laptop working and he's got some
tape over his camera on his laptop. Should we be
taking keys from him and kind of be doing something
like that? Do you know? I want to ten years ago,
maybe when they first started coming out, you know, cameras
that we had to do video calls in my in
the business world, and I would have a camera over
mind all the time that piece of tape over mind
(26:43):
that it was actually a three M three M sticky note, right,
And all my colleagues were all geek here than me,
laughed at me, laughed at me about doing that, thinking
I was so paranoid, And five years later they're all
doing it. So I have a cover on all my phones.
I actually have electrical tape my mobile phone case because
it wouldn't take my little snippity thing. I think the
(27:04):
digital ecosystem is basically the wild West right now, and
it's full of flux. It's super exciting, like every year
we're hearing something crazy new. But it's because it's the
wild West. It's not necessarily safe out there, right it's
a little bit crazy. If you're going to go into it,
you've got to just keep your nerves. And everyone's addicted
to it. People have got Alexis in their house and
all these kind of things, Like everyone's constantly connected to
(27:27):
the Internet, and so in the same way that you
would teach your kid out across the road, that is
what we need to do when we're using these things.
Even though it seems easy, there's some hidden pitfalls you
want to you don't want to fall down? Right all right?
You mentioned smart speakers alexas, Like, how nervous should I
be that I have one of those in my house?
And um, usually you know, all we're doing on it
(27:47):
is asking Alexa to play music for us so we
can have awesome dance parties. But like, should I should
I be concerned about having that in my house and
the fact that it's like listening to everything we're saying? Apparently, well,
you have it presumably on connected all the time and
you use it occasionally, right pretty much? Yeah, I mean
maybe we should unplug it more, That's what I think. Right,
(28:09):
So I don't have very much. I I would tea
in my house. And the reason I don't have it's
not because it's not sexy. I get it. It's so sexy.
Go hey, Lex, play Hello from Little Ritchie? Right. If
it works, it works right, and it's easy. You don't
even have to get up. It's like the lazy man's dream.
But all these devices are not being made by security experts.
They're being made by companies that are trying to outbid
(28:31):
their competitors and get a sale, and they're adding features
in whiz Bang and if they're racing to get these
things out the market because it is a hot market,
the IoT market, how many of these hundreds of different
companies are actually investing the time into baking insecurity. That's
what we call it, right Like, so from the get
go of developing something we want kind of like, what's
(28:52):
the security implications of this? What's the security implications of this?
Every step of the way and right now, Because it's
the wild West, that's not always happening, which is why
we have those situations of like Alexa recording private conversations
or private events that happened between family members, or baby
monitors scaring the poo out of moms, you know because
they've been hacked, or TVs that watch you back, or
(29:14):
you've got room bas that actually can map your house
and then load that up into the cloud, and you've
got door systems that lock you out of your own house.
Like these are all the things that are happening right
now that are in the press day after day. So
the question you need to ask yourself is is this
IoT needed in my house? Will it make my life
measurably better? To incur the risk that I'm in producing
(29:36):
into my environment. Right, So if Hello by Little Richie
is what you need to hear every night, then you
need an Alexa, right? And then maybe do you need
it on all the time? Right? So do you need
it to be plugged in and sitting there humming constantly?
Because all of these things are built by human beings.
All human beings make mistakes, and you're basically putting microphones
(29:56):
and video cameras around your house, inside where you live,
where you're trying and then you're trying to protect privacy.
So it's it's a really hard it's a hard environment. Yeah.
So I saw a story recently about a coffee maker
that some you know, some security experts. They basically we're
trying to figure out like where are the security issues.
They were able to reverse engineering and basically make it
(30:18):
to where like something like where the coffee maker could
demand a ransom, Like did you see something about that? Yeah? Yeah,
so so that has kind of been blown out of proportion.
So they did, they were you know, just you know
so that so but that was something. So it's true
that there were bugs inside the software, um, but they
would be so hard to hack, like you'd have to
have access to the coffee maker, to the person's phone
(30:40):
in order to make that hack that this researcher found work. Right.
So so that's one of the things where we're useful.
People like us, like smashing security and stuff are useful
because we'll be able to say, look, I know you
heard about that in the mainstream press because everyone got excited. Right,
But that's not when we need to worry about what
the real things we need to worry about are. Because
some of them are exciting, you know, joint jurnalist get
bored to remember that, right, Journalists get bored, and they
(31:03):
like nice sexy titles and hack coffee machine. Who doesn't
want to react, right, right, But but it is true
that IoT is often more easily hacked than not. And
again it will get better. But right now, you're kind
of a trail brazer if you're bringing this stuff in
your house. Even though people say, oh my god, I've
already got version three, you're still in the big grand
(31:24):
scheme of things, a trailblazer and bringing these things into
your house. So do your due diligence, check your privacies.
You know you're paying for this, right, Remember that you're
paying for these pieces of kit. So if the privacy says, oh,
we're gonna share your data with everybody and it's totally
cool and we're gonna track you everywhere you go, is
that okay with you? It sounds like being a luddite
is better for our security and better for our wallets too.
(31:45):
Right there you go. I'm certainly still when I'm clinging,
clinging to my wooden desk desperately. All right, well, coirl,
We've got a couple more questions for you, including kind
of cybersecurity and the upcoming presidential election. Um, so we'll
get a couple of those questions with you right after
this break. All right, we're back from the break talking
(32:14):
with Carol. And Carol you're you're a Canadian the UK,
so I'm not sure if you've heard, but here in
the US we're actually in the middle of an election,
are you. Yeah, it's been really civil and fun. Yeah,
it's been. It's looked so fun, really really felt. I've
really been so jealous of all of you, just all
the normal times that we're having over here. However, you know,
(32:36):
are there individual security concerns surrounding the presidential election? I
would like to hear. Yeah, it's just some of the
stories that you've been researching in regards to that. Well,
this is this is a perfect kind of almost like
a segue to what we were talking about at the beginning, right. So,
so we're in the era right now of fake news
and misinformation, right so, and we know that this is happening.
(32:59):
Everyone is telling that's happening, and lots of parties are
trying to convince this and change our ideologies to you know,
to to really strengthen our views in certain ways. And
it's again, it's about us to be able to read
what you carefully what we're sending before we send it on.
So that's the biggest thing on that front. That's how
you can help. Don't send stuff because the title was nice, right,
(33:20):
check it out first and make sure you want to
send it to people. So we have this election going on,
and remember at the beginning of this we were talking
about how everyone is focused on the same thing. Well,
guess what, you guys are like little goldfish in a
fish bowl for hackers, because all of you care about
the elections no matter what side anyone's on, you care
about the outcome. You care about it in your state,
you care about it, in your cities, you care about
(33:41):
in your country, and so you may be looking for
information online to try and maybe check out an opinion
validate your own opinions. And people know that, and they're
going to try and lead you down roots that you
don't necessarily want to go down, by pretending to be
a news article about exactly what you want to read about,
and inside that news article might be hey, get this free,
(34:02):
uh you know, e book all about this, and that
might be malicious. So again you have to keep your
wits about you. The other way they get through to you.
So the big things you want to watch out for
is electoral ads, So don't click on the ads. Watch
out for emails in your system, like especially if it
comes like safe from your anti Hilda and it says, how,
oh my god, news about the elections. You've got to
(34:23):
read this and you think anti Hilda hasn't written to
me in six months? What? Okay, she may have been hacked, right,
And so the name of the person that has emailed
you is not the soul way you should validate and
emails you know to be good, Okay, you have to
look at if it doesn't feel right trusted. Now, what's
good is lots of email. If you guys have been
(34:45):
keeping up to date with all your security patches, you
know how your computers will say, oh, you have an
update waiting right, don't don't delay on those things right
update right away. That's really important. Those are like new
found vulnerabilities that hackers are going after because trying to
race you from updating it. Try and get that whole.
So always do your updates. Don't click on emails and
(35:08):
links and emails go to the website. So if you
read something that sounds really interesting, then go to the
web and go search for that thing. Don't click on
the link from it and watch your emails, because that
is where it's going to happen. You may get a
government or a you know what, a local local election
information that the you know, the place is closed, for example.
You might panic, and you might that's what they want
(35:28):
you to do. They want you to panic and click
and you feel that panic rise. Just take a breath,
calm down and read it again and then decide what
you want to do. And if you don't know what
to do, don't do anything. Call someone who knows more
about it. Right, Just stop right, right, Yeah, basically, I
mean it sounds like they're looking. I mean they see
an opportunity sort of like you're saying, like, this is
what people are talking about. This is on people's minds,
(35:48):
and because of that, they're looking to exploit that emotion,
take advantage of people looking for more that information that's
out there. They're pouncing on that opportunity. And think about it.
There's a lot of people right now out of work,
all right, there's a lot of people facing out of work,
and there's a lot of people they're going to be
facing a lot of difficult decisions and difficult bills. You know,
no one wants to be scammed, no one wants to
(36:09):
be hacked. So so just be very wary of of
you know, people need to make money and this is
a great way. This is attracting more and more people.
So this is not just Russian organized criminals that are
doing these kind of things, right, It's also people that
could live down the street from you and because they're
they're you know, they know a bit about computers and
they're in a tight way, right, they need some cash.
(36:30):
So what you want to watch out through these things
because ransomware is another thing you want to work worry about, right,
So these are the downsides to all these things. If
you actually click on the phishing emails, is like suddenly
all your content on your computer is locked and you
can't get access to it unless you give him a
grand right. And and that can be a very difficult
situation because do you want to pay the bad guy
for your information or do you want it to be
splashed all over the internet. So there are difficult things, right,
(36:54):
And we use these computers and often we try to
be like ostriches. We just don't which close aurizes that
they won't happen to me, and what happened to me
happen to me, but it literally and this is where
the silver lining to all this. If you use a
password manager, you have different passports for every single website
that you use, and you use that manager to manage
that you employed if where you can you know multi
factor of authentication or two factor authentication, that's when they
(37:15):
send you an SMS code or they send you an
authenticator on your phone. Those things are really good. It's
like a second kind of hurdle to make sure you
are you, and it makes it that much harder for
bad guys. They get over the first hurtle, they it's
very rare to get over the second one. Speaking about
not letting our information get in other people's hands, get
splashed all over the internet. Sometimes on the show Matt
(37:36):
and I, we talked about ways to to make some
quick money by decluttering, get getting rid of any valuables
laying around the house. Oftentimes those are you know, old
computers that you have, um or or old cell phones
and some of your personal information is on there. So
before you're selling a phone or a laptop or or
a personal computer, like, what should you do? What steps
that should you take to know that somebody's not gonna
(37:58):
have access to your personal information and um, once it's
in their possession. I think put it in a blender
is the only way. Well, in the old days, In
the old days, right, you used to be able to
use a magnet and it would just wipe all the
information off the phone, like off the tapes, right, but
now lives out video tape, right, Yeah, but now it's
all flash drive. So like magnet's don't work. Okay, So
(38:20):
what do you do the first thing you want to
do is you want to first get your new device
up and running. Okay, you do not wipe your phone
before your new devices up and running. Please to then
wipe your device and you want to do a factory
default reset, and my advice don't do it just once,
(38:40):
do it three or four times because that's rewriting the information.
And it's kind of like, um, it's kind of like
a cake layer. So imagine put I get I had
a thousand dollars at the bottom of a cake, and
then I just put icing in a cake layer, another
ic and cake lay, another icing and cake laire. You
might not get there if you're eating your way through
to get to it. So so that's the same idea
as wiping a phone. You just each layer is something
(39:01):
more difficult for someone to get to. Um. Decouple your
phone from all the systems that's connected to. So if
you're an Apple gal like me, your maybe your laptop
is connected to your desktop, is connected to your iPad
or to your phone or whatever. Right, so before you
you want to make sure that's all disconnected from your
(39:21):
systems as well. You don't want to have any trace
of you still connecting to anything and make sure um
yeah again, make sure your new device is running very
smoothly before you start this process. For example, if you're
using multi factor authentication where someone sends you a code
to your phone rather than an SMS and it doesn't
erected bide the phone, you don't get the code right.
(39:44):
So you want to make sure that all the really
important services, your banks, your passwords, your security stuff, knows
that this new device is the new device that you
want to you know, use to do your business. Yeah,
that could be a huge pain in the butt up
and then you feel like things are going to go.
You've wiped your old one, sold it, maybe already on eBay,
(40:04):
and then you can't log into Yeah, you're not receiving
the code. I'll be able to log into your savings
account or your checking account. See yeah, on the iPhone,
at least on the iPhone, at least I know. There's
two different types of restores. So, for example, on my
old iPhone, the screen kept being really dark, you know,
even when it was full brightness, it was still dark.
So I had to do a factory reset. But I
was able to do what they call a soft factory reset,
(40:25):
where it reset the OS, the operating system of the phone,
but didn't change any of my information, so I still
was logged into all my apps that I had. Where
you want to do a full factory reset, right, So
you want to go check that. You want to make
sure the apps have been removed from your phone that
you can't open. They're not even present, right, it's like
a completely new phone. You want to do that three
or four times and make sure and go in and
(40:46):
say I can't see anything with me here. Yeah, So
on the note, you know, you're talking about taking care
of your here mobile device. Like I've heard that it's
a good idea to reboot your your cell phone every
morning when you get up. Is that true? I don't know,
I have not heard that. Well, no I'm not. I'm
not saying it's not a good idea. I mean I'm
very bad with that though. I tend to leave things
running a lot, like even sometimes I'm like on my computer,
(41:06):
I don't know, I tend to leave it on standby,
off WiFi, but I leave it on standby, you know,
sam here. Well, okay, so what are like a few
other like best practices then that we could easily implement,
you know, on our phones or on our computers. That
would go like a really long way when it comes
to cybersecurity. You already mentioned the password managers managers, you know,
like that definitely seems like one that you've come to
(41:27):
multiple times here, So I'm gonna say that that's probably
the first thing that you would recommend. But yeah, well, like,
what are a few other things that we should know
hanging fruit? Yeah, I would go around your house and
have a list of all the smart devices that you
have in your house, right, so list them out and
list out what the version of numbers are of that.
I know it sounds ridiculous, but you will be shocked
at how many devices you have in your house that
(41:48):
have microphones and cameras and GPS functionality. You will be shocked.
I bet it's brown ten or twenty for most of
your listeners, Okay, which will blow your mind. So all
those things you've got to think about, are they up today? Eight?
Have I been looking after them? So if you've got
like really old, you know, do you have old, old
equipment that you have an updated Old computers that are
still connected that haven't been updated in ages, they're a problem. Okay,
(42:11):
just because you don't use and it's still on, that's
a problem. So you want to get that off your
kind of home network, if you will. You want to
get it off your system, You want it out of
your house. You don't want those kind of things because
basically as as those things are laying around their vulnerabilities right,
and they're not getting update and if they're on exactly right,
So so there's a really So this is where it's
really hard because people are like, well, works fine, why
(42:31):
should I change it? I don't want to update every
time I update. It doesn't work very well, right, And
so I can understand that, but these this is again
where I'm kind of preaching to a simpler life, Like
I understand technology is really integral to our lives, but
maybe not as much as we all think. And maybe
we just need to think about what technologies we really
want in our homes where we have our families and
(42:51):
all the private moments we have. I think that's a
great point and an incredible note to wrap up on, Carol.
This has been a great convertation. I've learned so much personally, um,
and so thank you so much for taking the time
to join us and work and our listeners find out
more about you and what you're up to. You can
find me at Smashing Security. This is a podcast I
do every week. And there's another podcast I've just launched
(43:14):
which is called Sticky Pickles and you can find me there.
It's it's a little bit rude, so it's for the
adulter audience. Good to know. You want to give like
a brief synopsis or a brief summary of what that
that shows. That's an interesting stick pickle. That's not something
you hear every day. Yeah, yes, okay, So Sticky Pickles
is all about being knee deep in a dilemma. Right,
we've all been there. What do you do now? So
(43:35):
we've created I have a co host, the gorgeous Anna Braiding,
who I do it with, and I try and present
her with a sticky pickle, a dilemma that I think
she wouldn't be able to get herself out of. It's
just too sticky, too cringe e, too awful, and then
she has to try and get herself out of it
without losing faces. She does to. These are social situations. Yes,
there's social scism technology related, No, not at all, thank god.
(43:58):
You see another breath of fresh air and that's a
press for share. Yeah. No, it's all about relationships like
me with boss, mother in law, boyfriends like so we
go across the spectrum. It's really fun to do. It's
been a pandemic special. That's great. That's great. We will
be sure to link to both of those in our
show notes. Uh and Carol, we really appreciate Thank you
for for taking the time to talk to us today.
It was an absolute pleasure, guys. And thank you for
(44:19):
teaching me the word clutch. Carol, you are welcome. Joel,
I hope that's not not a term that we overuse,
you know. I feel it might be one of those
words I go to too often. I I tend to
do it as well. But what a great interview though
that we just had here with Carol. I feel like
this is the perfect topic to bring somebody on for right.
It's it's something where it's related to our money, but
it's not so on the nose, and it's not something
(44:41):
that we are too terribly familiar with, but it is
so important, you know. She we talked through all the
many different ways that we need to make sure that
we're being smart, you know, with with with the devices
that we're using, with our different accounts, with our passwords.
So yeah, for you man, what was your your big takeaway.
What's the one thing that you're gonna start doing now
in order to make sure that you're being uh smarter
and safer online? All right, Well, I learned a lot,
(45:03):
and there are probably a few changes I'll make, but
I think that the biggest thing that stuck out to me,
the biggest takeaway I had was will a smart device?
Will it make your life measurably better? That's what Carol said,
And you said, if not, skip it or take it
out of your home if it's not making a big
difference in your life. And so for us, we do
have UM a couple of Alexa speakers, and the girls
(45:24):
love to like play Frozen two or whatever it does.
They want to listen to on the device. And I
like at night just to be able to yell at
my speaker and tell it to play me whatever I
want to listen to. UM to not have to get up,
because yeah, it is kind of for the lazy man
like myself, that's what she said, the lazy man. We
don't even have to get up. It works. It's even
swipe or type with your thumb. Yeah. But but you
know what, maybe during certain parts of the day, I'll
(45:46):
turn it completely off. Um, I'll unplug the device so
that it's not listening to me, because that's the problem
with those smart devices. And I'm not one of those
people that that has a lot of connected Internet of
Things stuff going on in my house. But I'm going
to take another look, like what is it that I
do have here and and what can I get rid
of that isn't making a big difference that I don't
need that could potentially be a problem in my life
(46:08):
leading to someone knowing more about me than they need
to know. So I think that's my big takeaway from
from this conversation. Matt, what's yours? Yeah, I think I've
got a couple takeaways here and and but they all
have to call the big takeaway yet you choose multiples. Uh.
They both have to do with your cell phone though.
How about that? Uh? You know she mentioned how going
with the bona fide apps for a specific banking institutions,
(46:30):
how that's just a slam dunk way to make sure that,
uh that your data is encrypted. You know she's talking
about how, Uh, there's basically a higher standard that those
companies have to adhere to. And it makes sense, right,
You know, when you have thousands and hundreds of thousands
of of individuals dollars maybe in a specific account, you
need to make sure that it's difficult for folks to
get into those accounts. Uh So that was encouraging to hear.
(46:51):
And the other thing has to do with saving money.
I often will jump on Wi Fi no matter where
I am in order to to keep my data usage low,
even when I'm not necessarily aware as to who is
running that WiFi network, right, And so I was encouraged
maybe to not do that, you know, if I didn't
know who is running that network. But then also if
I do decide, it's kind of like a frugal or
(47:12):
cheap thing, right Yeah, yeah, seriously, five bucks in Daddy
used to you're gonna span might be worth it compared
to someone you know getting access to your information. Right,
But if you are gonna be frugal or maybe borderline
cheap to consider, you know, some of those virtual private
network systems, you know, the VPN. If you are going
to be on someone else's WiFi and you're not totally
sure if the security there, that is when a VPN
(47:33):
makes sense. It's not something that you need to be
concerned about when you're on your own WiFi, but when
you're out and about, those are the kind of situations
where a VPN might make sense for you. So yeah,
if if you're on the road more, if you travel
a lot, like, yeah, VPN might be something that you
need to look into. But you know, if you're more
of a homebody like me and only rarely make it
out to the outside world where you're gonna hop on
someone else's WiFi, that's not something that I need to
(47:55):
worry about. Well, I hear too that if you have
a VPN, you can watch like Netflix content it in
Canada or Scandinavia or whatever like, because well, he doesn't
know where you're at locationalize and so you have access
to some of the streaming content from Netflix around the world,
which you know, they've got different contracts negotiated with different
providers in in every single country, and so yeah, what's
(48:16):
available in India is different than what's available in the
United States. Um, that's a little park something I heard
on the street. But um, yeah, alright, So Matt, let's
go back to the beer that we had on the
show today. While we were chatting with Carol, she had
a beer herself. But the beer that we had is
called Duh Snake Blood by Dissolver Brewing. This is a
beer you picked up for us UM recently and it's
(48:38):
a raspberry chocolate Imperial stout. So yeah, what was your
take on this beer? Man? Yeah, this is one of
the breweries that Kat and I poked our head into
and got a couple of beers while we were there visiting.
This was, uh, like you said, a raspberry chocolate imperial
stuff that has raspberry vanilla, French broad cocoa, nibs and husks.
I'm not totally sure what husks are like, like corn husks.
I don't know, Man, that's weird. This was a really
(49:00):
tasty stout, and this is one that's perfect for you know,
these cooling temperatures. I love having beers that fit with
the season. Um. But man, I will say this particular beer.
I gave your cup the first pour, like the first
half of the of the beer, and I got the
second half. I'll be honest, it got a little thick
there towards the bottom of my glass. I don't know
if that's a quality control issue per se, or if
that's just how they Maybe that's the husks. Actually it
(49:23):
could be. Well, I just looked it up. Coco husks
are the outer shell of the cocoa bean um and
like the being, they're also edible. So yeah, it's just
two different parts of the cocoa bean that we're used
in the making of this beer. But interestingly enough, I
agree like this this beer probably should have been filtered,
and it's okay when some beers are unfiltered. In fact,
I like many of my beers in particular, I p
a s unfiltered. I feel like there's more flavor sometimes,
(49:45):
but when you're using bigger ingredients like that, maybe um,
a more intense filtering process is helpful. I really like
the beer. I like the flavors like dark chocolate and raspberry.
But at the same time, the mouth feel was a
little bit off just because of the lack of filtering.
I think, little tooth thick, little too chunky my mouth. Right, Uh, yeah,
I'm with you, and I will say, man, of course
I got this beer for you. Right. It's a big
(50:05):
old style, but it's got raspberry in it. It's too
kind of I appreciate that. Try to be thoughtful where
I can. Yeah, well, it's a fun one. Glad we
got to have this one together. And I can see
why they called it snake blood, because snak blow would
be like dark with like a hint of raspberry color.
I would think, right, yeah, I would agree. I'm guessing
I haven't ever killed the snake, but that's my assumption,
or enjoyed his blood exactly. Gross. All right, well, um,
(50:27):
that's gonna do it for this episode. For folks who
want the show notes, including links to some of the
things that Carol mentioned in our conversation, will have those
available for you at how to money dot com. And
if you listen to this episode you found it helpful
and enjoyable, we would ask for you to leave us
a review over at Apple Podcast. And if you've already
done that, we would ask for you to to tell
a friend or a family member about the show. That
(50:48):
helps us to get the word out and it helps
them to start doing smarter things with their money as well.
So Joel, that's gonna be a buddy. Until next time,
Best Friends Out, Best Friends Out.
Hosts And Creators
Joel Larsgaard
Matthew Altmix
Popular Podcasts
Las Culturistas with Matt Rogers and Bowen Yang
Ding dong! Join your culture consultants, Matt Rogers and Bowen Yang, on an unforgettable journey into the beating heart of CULTURE. Alongside sizzling special guests, they GET INTO the hottest pop-culture moments of the day and the formative cultural experiences that turned them into Culturistas. Produced by the Big Money Players Network and iHeartRadio.
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by Audiochuck Media Company.
The Brothers Ortiz
The Brothers Ortiz is the story of two brothers–both successful, but in very different ways. Gabe Ortiz becomes a third-highest ranking officer in all of Texas while his younger brother Larry climbs the ranks in Puro Tango Blast, a notorious Texas Prison gang. Gabe doesn’t know all the details of his brother’s nefarious dealings, and he’s made a point not to ask, to protect their relationship. But when Larry is murdered during a home invasion in a rented beach house, Gabe has no choice but to look into what happened that night. To solve Larry’s murder, Gabe, and the whole Ortiz family, must ask each other tough questions.