April 17, 2023 • 75 mins
Traveling for Spring Break, vacation, or work? Join The Audit and guest ethical hacker, Matthew Wold, to hear best practices for keeping your journey cyber-secure.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Eric Brown (00:05):
You're listening to the Audit presented by IT Audit
Labs.
Mandi Rae (00:14):
Hey, welcome back to the Audit, a podcast by IT Audit
Labs.
Today joining us is Eric Brownfrom IT Audit Labs and Matthew
Wold, friend of the podcast andcybersecurity extraordinaire.
Hi guys.
Eric Brown (00:35):
Hey, mandy, this is where I want to mention some of
Matt's other nicknames, but Isaid I wasn't going to, so I
won't.
Mandi Rae (00:44):
I want to mention some of Matt's other nicknames,
but I said I wasn't going to, soI won't.
Well, today we're going to callhim Travel Matt because, in
preparation for the upcomingspring break season, we're going
to talk about cyber safe travel.
So, joining us, Matt.
Why don't you kick us off withsome best practices from an
expert and, if could I even callyou an ethical hacker who would
(01:06):
know exactly what to look outfor?
Mathew Wold (01:09):
Thank you, I appreciate that.
Thank you for having me on it.
It's always a pleasure to behere.
So you know, I was doing alittle research as we kind of
came into spring break and youknow, as COVID was, I don't want
to use the term slowing down alittle bit, but it seems like
more and more people are goingout traveling now and I just
(01:34):
thought it would be time to havesome of those conversations
about cyber, safe travel, thingsto think about before you go
traveling, some steps and maybesome tips on what to do before,
after and during your travel.
So I put this presentationtogether.
You know it turned out to bereally relevant because when I
originally put the presentationtogether, I wasn't planning on
(01:57):
going on vacation, but now I am,and you know I'm following some
of my own best practices aswell, and you know I'm following
some of my own best practicesas well.
Eric Brown (02:05):
Did you get a phishing email that said that
you had won a free trip?
You clicked on it and nowyou're going.
Mathew Wold (02:16):
Yeah, and I fully expect to get on that flight
later today.
Mandi Rae (02:18):
Well, good luck with that.
Maybe after that you're goingto meet a prince and inherit
millions of dollars from arelative you never met.
Mathew Wold (02:25):
That would be the end to my perfect day.
So you know, in thepresentation you know I kind of
go through some of these travelscams and I think you know
knowing what to look out for isprobably a big key to staying
safe.
You know we talked aboutfraudulent vacation sweepstakes
(02:48):
that you could win.
That's definitely one of themIf you're going to go on
vacation.
There's a lot of things likefake airline websites offering
discounts, fake rental homes,stuff.
That sometimes is a little bittoo good to be true.
Those are always a red flagfree vacation travel promotion
(03:13):
If you just get a flightconfirmation, especially if
you're not planning on going onvacation.
But if you are and you'regetting emails from someplace
that doesn't look right, itprobably isn't right.
Something that I definitely wantto dive into a little bit here
is when we talk about rentalhome fraud.
So sometimes when you go tomaybe book an Airbnb or
(03:38):
something else, sometimes whathappens is that that listing
isn't actually available and sopeople have shown up, you know,
expecting to get into theserental places and either it's
not even a rental place orthere's already somebody who is,
you know, booked it for theexact same dates and now you
(03:58):
have a big problem on your hand.
Sometimes these rental placesdon't even exist at all, and so
they're just, you know,completely fraudulent bookings
and you know you show up forvacation and you have no place
to stay.
So I think it's reallyimportant to really know the
site and the outfit that you'rerenting some of this stuff
(04:22):
through.
It's pretty important to usereputable sites.
Mandi Rae (04:26):
Especially now that hackers are using Photoshop.
Eric Brown (04:30):
Yeah, I was talking to someone the other day about
some of the legitimate and I putthat in quotes travel scams.
But there was a Wall StreetJournal investigation a couple
of years ago into Orbitz, anonline travel agency, and the
(04:56):
claim was that they were showinghigher-priced hotel rooms to
Mac users compared with thosewho used Windows PC to access
their site.
So I think they did aninvestigation and Orbitz later
admitted that it did have somesort of algorithm to target
(05:16):
specific users based on whattype of machine they were
logging in from, and Mac userswere being shown more premium
rooms compared with Windowsusers, who were always shown the
cheapest price room for a roomfirst.
So apparently they've removedthat feature, but interesting
(05:36):
nonetheless that these sorts ofgames are played by the
quote-unquote legitimatecompanies.
Mathew Wold (05:43):
Yeah, and you know I'm glad that you brought that
up.
I read something around that aswell, not specifically Orbitz,
but just how, when you go tosome of these travel places
online that they'll either readother cookies on your computer
to see what other sites that youshop at or sites that you visit
(06:04):
and you visit, you know, and ifyou're, you know, going to a
lot of high-end websites, theyjust automatically assume that
you'll pay more for a vacation.
And same thing, they'll, youknow, show you higher price
stuff.
So I think I think that'sreally interesting, definitely
something to to watch out for.
You know, and how do you getaround that?
You know you could either, youknow, clear cookies out first,
(06:28):
or you know if you have a webbrowser extension that you know
changes, you know thatinformation.
You know that you couldprobably get around it that way,
yeah absolutely.
Eric Brown (06:40):
It's almost, like you know, a throwback to our
dark web episode with Bill.
You need tails and a VPN tojust book travel tickets, just
like you're getting onto thedark web, yeah exactly.
Mathew Wold (06:55):
It shouldn't have to be that difficult.
Eric Brown (06:58):
No.
Mathew Wold (06:59):
I guess that's where we're at.
So I broke down a little bit ofone of these travel scams which
I was doing a little bit ofreading online and it's really
interesting kind of how itunfolded the attacker and social
media is definitely a usefultool for attackers no matter
(07:21):
what it is.
Any sort of scam or attack likethat.
The attacker is always lookingfor opportunities opportunities
and that goes for anything.
But you know if they'respecifically targeting travelers
or, you know, maybe it's just alack of a better word crime of
opportunity.
You know, maybe a scammer comesacross like a Facebook post or
something that somebody says youknow they're going out of town.
(07:43):
They see that and they starttargeting that person.
You know, doing some opensource intelligence to start
gathering some backgroundinformation, getting more
information about, maybe, wherethey're going and when they're
going to be gone, and then, oncethey get all that information,
you know, then they launch thatattack and you know either it's
some sort of phishing scam oryou know some other sort of like
(08:06):
smishing scam.
But in the specific examplethat I saw, you know as a person
who you know, just like what Iwas saying, is, you know, like a
Facebook post, where theattacker had, you know, seen
that with that they were goingout of town and then did a whole
bunch of research and, at theend of the day, what ended up
(08:31):
happening is they sent emails totheir family saying that they
were on vacation and theycouldn't use their phones and
anything like that, and thatthey were in trouble and that
they needed them to wire moneyto an account, not to contact
them directly, and stuff.
(08:51):
And so they're pretty smartabout these kinds of things and
how they use social engineeringto try to manipulate people,
friends and family and try toget them to send money.
And so then these people cameback home and their family was
like, oh, is everything okay?
And of course, they had no idea, and I mean, what a shame.
(09:14):
It really starts with bookingtravel, right?
That's kind of where the wholeprocess starts, the whole being
security minded.
Um, you know, being securityminded, you know when you go
into travel and booking travelsthe first step in, you know I
think it's important to booktravel through a reputable
company.
You know if you, if you'rebooking travel, you know through
(09:36):
someplace that you never heardof, you're not really sure what
you're going to get, but you'regoing to go online and you book
through, like Travelocity orExpedia, you, if you're gonna go
online and you book throughTravelocity or Expedia, they're
pretty reputable as far asonline goes.
But there's other places too Ifyou want to book through an
actual person.
(09:57):
I think Carson Wagonlet is atravel place where you can go in
and book through.
If you're a Costco member, youcan book travel through Costco.
So I think there's a lot ofgood companies that are a safe
bet that you can book through.
When booking travel online, Ithink it's really important to
(10:18):
have a safe online connection.
Probably shouldn't be bookingtravel through, you know, your
Starbucks Wi-Fi connection orover some random you know
internet connection.
You probably want to.
You know, book it at home whereit's safe.
And then you know justmonitoring all your travel
accounts before your trip.
(10:39):
You know monitoring during andafter your trip too, for any
suspicious activity, but justkeeping an eye on it so that way
if you start getting weirdemails that you can take some
sort of action or dig into it alittle bit.
Eric Brown (10:56):
Many credit card companies these days too offer
that fraud protection where youcan spin up a virtual credit
card number to use for aparticular site, which is nice.
And a lot of credit cardcompanies too have no charge for
international purchases.
(11:18):
So if you're goinginternationally you wouldn't pay
a surcharge to the credit cardcompany for using that card
overseas.
I know in the past there wasnot as many credit card
companies doing that, so you hadto try to find the right card
when you're going to travel, butI think now most of them do.
But it's always wise to checkwith your credit card company,
(11:43):
and it also used to be thatyou'd have to notify them, I
think, before you traveled.
But now the algorithms are suchthat at least the ones I use
don't require thatpre-notification for travel.
I don't know if either of youhave experienced that.
Mathew Wold (12:02):
Yeah, in the past I've had to do that, but I think
you're right with the way thealgorithms work these days, you
know, when I went to San Diego,or even when I was in Vegas, I
didn't have to do any of that.
So I think it's smart enoughnow that you don't need to.
Yeah, but yeah, I think thatwas a really good call too,
(12:25):
about you know the the creditcard companies and spinning up a
virtual virtual card, cause youknow that that could definitely
be, you know, a big saver forsomebody.
You know if you're using thatvirtual card and you know if
you're.
If your credit card companydoesn't offer that, there is
other services like Privacycomthat offer that ability.
(12:48):
So that way, you know, you canspin up your own virtual credit
card and use that as well.
So, yeah, I think that'sdefinitely good to remember.
Eric Brown (12:58):
Yeah, that's a good tip about the Privacycom the
privacycom.
Mathew Wold (13:07):
I know that, um, you know, for my, not every
single credit card works forprivacycom.
Um, I knew somebody who wastrying to use it and the credit
card that they had.
They couldn't register it inprivacycom.
So I guess that's kind of abummer something to to think
about if it, if it's not workingfor you working for you, maybe
your credit card doesn't supportthat.
Along with the idea of justbeing safe online and using
(13:33):
reputable businesses, protectingtrip details is always a great
idea too.
Knowing what you should andshouldn't share online is
definitely a huge plus.
I'm in the boat where socialmedia is not really my thing,
but even if it was, I wouldn'tpost anything online about you
(13:54):
know I'm going.
You know on vacation on suchand such dates, or you know
where I'm going to go, oranything like that.
I would just keep that tomyself, but scammers tend to to
use that, that information, toto target you.
Um, you know.
So I would say that you know ifyou're gonna, if you have to
(14:16):
share the those trip details.
You know maybe, uh, maybe, it'ssomething that you share over
the phone with.
You know a trusted loved one,or you know like a trusted
friend or something.
If you are going to share thatinformation online, maybe try
not to use specifics.
Mandi Rae (14:34):
I know people on their social media that have
like a trip countdown and likeeven put in a map and they are
so communicative about theirtravels.
I worry for them for thisspecific reason.
Like they're live postingduring their trip, they're
(14:54):
taking pictures of their hotel,their key card, their door their
room number, I mean just reallypromoting every last bit of it.
Eric Brown (15:04):
It's like a black mirror episode.
Yeah, that is scary.
I mean just really promotingevery last bit of it.
It's like a Black Mirrorepisode.
Yeah, that is scary.
One of the things I've donerecently when I've gone on some
larger trips is to keep a papercopy of all of the things, just
in case you're on a little bitlonger of a plane ride, phone's
(15:26):
not charged, get to a foreigncountry and then you're trying
to fill out the paperwork.
Sometimes you've got to fillout paperwork to get into the
country and go through customsand they like to know the
address that you're staying at,things like that and if, for
whatever reason, you can't getto it on your phone or computer,
(15:46):
it's nice to just have thatpaper backup that you know you
keep secure, but with just thedetails of where you're going to
be and then some contactinformation on how to get in
touch with if you're staying at,you know, say, a person's house
or an Airbnb or something likethat, how you would get in touch
with them if, for whateverreason you know you couldn't get
(16:09):
into the property or what haveyou.
Mathew Wold (16:11):
Yeah, what's your thoughts on?
You know, when I was doing thisresearch, there's a lot of
organizations that were saying,you know, even having like
photocopy backups of things likepassports, driver's license,
birth certificates, anythinglike that, just in case that
documentation gets stolen whileyou're away, what are your
(16:32):
thoughts on having a paperphotocopy backup of that?
Eric Brown (16:38):
So I had a situation .
I was in Italy a couple ofyears ago.
I was in Italy a couple ofyears ago and there was a
situation where the passportwent through the washing machine
and it was a couple of daysbefore we were coming back home,
so I didn't have enough time togo to the embassy and deal with
(17:05):
all that rigmarole.
So I was like, well, let's justroll the dice and see what
happens.
And fortunately it was intactenough to still have the picture
and things like that.
It was just like the.
You know, it had gotten wet, soit was starting to come apart
and the customs agent was like,oh, this went through the wash.
So he kind of made light of it.
(17:27):
But I did have a copy.
I took a picture of it and hada copy of it on my phone as well
, but it didn't come to usingthat.
The paper copies are probably agood idea if you have a safe
place to keep them.
I don't know that I'd bring mybirth certificate, but I do know
(17:49):
in some countries they willtake your passport from you when
you get to the hotel.
So it might be nice to havethat paper backup in case
something happened there.
What do you think, mandy?
Mandi Rae (18:06):
Trying to keep track of paper or anything is so
stressful to me.
I'm so thankful for my phoneand the app.
I feel like it simplifiedtravel so much that I'm not as
good with the backup solution,so I'm taking some pointers from
you guys on this call.
Mathew Wold (18:22):
Yeah, I would say that you know, I like the idea
of having having it backed updigitally, like on your phone.
You know the my worry there.
There is like what if you knowwhat, if you drop your phone in
the ocean or you know somethinghappens to it and then all of a
sudden you know, now you havenothing.
Mandi Rae (18:38):
I'm usually a super chill traveler where, like, I'll
even roll up to the airportdangerously late and just
confidence my way through stuff.
But then the minute I getthrough the security line I feel
like I check for my id and myphone like 7 000 times.
Eric Brown (18:56):
So paper stuff I just can't even think of it yeah
, I know I was just going to saythat some places use a mobile
passport control now and I'mtalking international travel so
you don't necessarily have tofill out all of that paperwork.
(19:17):
There is an app on the phonefor it and it makes it a little
quicker to get through customs,to get through customs and then,
of course, if you do all of thethings that you can do, like
CLEAR and some of thoseinternational travel programs
where you pay a little bit ofmoney, go through additional
screening months ahead to get onan approved list, so to speak,
(19:40):
and then you have facialrecognition to get into the
country, rather than, yeah and Ithink the US is starting to do
that more as well at least thelast time I came through it's
been a little while, but theyhad facial recognition.
They scan that picture on yourpassport and then some form of
(20:02):
facial recognition when you'regoing through to talk to that
agent.
Mandi Rae (20:07):
I can't wait till we're in the place where it's
just like a retina scan, likeyou get to the ATM retina scan.
Here's your money.
You get to the airport retinascan, get on the plane.
Eric Brown (20:19):
That would be nice.
Mathew Wold (20:21):
Yeah, it sounds like maybe a little work up
front saves you a lot of theback end if you go through that
clear process and stuff.
Eric Brown (20:28):
Yeah, it is.
I think there's some people maynot want to go through it
because they take yourfingerprints and go through the
processing of that and thenprobably share those
fingerprints with otherorganizations, because I don't
think it's a governmentorganization that's doing it.
(20:51):
It's some sort of private NGOthat has a relationship with TSA
and such.
But for most of us we've beenfingerprinted in the system for
a variety of work reasons, soit's not that big of a deal.
But I can imagine some peoplemight not want to go through it.
Mathew Wold (21:09):
Yeah, Kind of like when you submit your DNA to like
ancestrycom and the fine fineprint says that they could share
that, that DNA information outwith other organizations.
Right yeah.
Mandi Rae (21:23):
I think it's only those of us in the security
realm are the ones who are likewe're not doing this.
We read fine print.
Mathew Wold (21:31):
Yeah, I mean to Eric's point, though I mean for
anything that's work related,that involves like sieges and
whatever.
You've been fingerprintedalready.
Mandi Rae (21:42):
A fingerprint doesn't scare me, but you don't need my
DNA.
Mathew Wold (21:46):
Yeah, that's fair.
So you know I have some thingsthat you know that I think maybe
should be done before travel.
And you know, I think it'simportant that you know, you
think about any electronicequipment that you're going to
take.
You know with you Becauseanything that you take you're
going to take.
You know with you becauseanything that you take you're
(22:06):
going to need to to manage it.
And you know if you take it,protected, I think is kind of
the key phrase there, but youknow.
So just making sure that anyelectronics you know are kind of
handled before you leave.
So some some important thingsyou know to do are are backing
up any sort of files off of thatdevice, you know, just making
(22:28):
sure that if you like that phone, if you end up losing it, that
all the data is backed up.
So backing up files.
Updating any devices to thelatest OS versions, and then not
just the operating systems butalso applications, but also
applications.
So any applications that needto be updated, make sure you
update those.
Confirming that your antivirussoftware is updated with the
(22:51):
latest virus definitions.
Installing any sort of softwarethat you're going to need.
So definitely you want some VPNsoftware so that way you can
connect securely when you're out.
You know, maybe even somedevice recovery software so that
way you know if you, if youmisplace your phone, you can you
can locate it using strongpasswords.
(23:12):
I know we talk a lot aboutpassword safety and multi-factor
authentication.
So just enabling that stuff onaccounts, you never know where
you're going to be when you needto log into something and you
know having multi-factor,multi-factor authentication is
always a great idea.
You know we kind of talkedabout international travel and
you know, when you talk aboutinstalling software, a really
(23:34):
great application is the USDepartment of State Smart
Traveler application.
There's a lot of stuff that, ifyou're going to do
international travel, that thatapplication provides to people,
provides to people.
And then just removing anysensitive data, you know,
anything that you wouldn't wantanybody else to see probably
should pull it out of yourdevices, any unnecessary
(23:56):
applications that you reallydon't need.
Those applications can be, youknow, a gateway into that device
if it were to get compromised.
So you know, maybe thatapplication has some sort of
flaw in it, you know.
So just getting rid of anythingthat you're not going to use.
And then you know, justdisabling, like location
(24:17):
tracking, you know, so that waylike the old Foursquare when it
used to just automatically liketrack your location and update.
You know, send updates toFacebook and stuff like that.
You know, checking you inplaces, just disabling that kind
of stuff, uh, you knowdisabling that is triggering
(24:38):
that like should have been namedlike the stalker app.
Eric Brown (24:43):
Does that still exist?
Do people?
Mathew Wold (24:45):
still use that.
Mandi Rae (24:46):
I don't even know if foursquare is around anymore I
don't think it's relevant, butit that's a good thing yeah, but
you know facebook.
Mathew Wold (24:56):
I think facebook has that ability too.
Where you know it'll, it'llcheck you in places again.
I'm not a social media user, soI'm not the best person to talk
about Facebook.
Mandi Rae (25:08):
You're not wrong All social media platforms.
I don't know if you cancontinue to share your location
with friends, but you canabsolutely check in places and
live stories seem to be such agrowing trend right now that
it'd be hard to avoid where youare when you're living your life
out loud on social media.
Mathew Wold (25:27):
Yeah, it's just, that's always just so scary.
So, you know, I think, turn itoff in general, but you know,
especially if you're going to gotraveling that's my personal
opinion.
And then you know anything likepersonal hotspots.
You know, if you don't need itto be on, turn it off.
Same thing with like bluetooth.
I know that.
Uh, you know, if you havebluetooth heads, headphones or
(25:49):
something like that and you andyou want to use them, turn
bluetooth on for for that, andbut then as soon as you're done,
I think you should turn it backoff and then keeping track of
your luggage with uh, like airtags, for instance.
Eric Brown (26:07):
Uh is pretty cool, right?
You could see if you put it inin your checked luggage and and
even your the luggage that youcarry on in case it gets
misplaced.
It's kind of cool to be able tojust open up the app and see
exactly where that luggage is.
I know I've enjoyed waiting atthe luggage carousel and the
luggage is still somewhere outon the tarmac, so you know it's
(26:30):
not going to be getting to thecarousel for a while.
You've got time to go to thebathroom or grab a cup of coffee
or something like that, andthen, of course, if it does get
lost or misplaced, it might be alittle easier to find it.
Mathew Wold (26:43):
I think that's a really interesting use of an air
tag.
I didn't I didn't think aboutthat, but now that you say that,
yeah, I think that's you know.
If your luggage got misplaced,you know you could, I suppose,
use that to find out where it is, too yeah absolutely.
Mandi Rae (27:01):
My parents recently took a trip.
They had a cruise with umrecently took a trip.
They had a cruise with um.
Multiple flights to get totheir destination and they
watched as their plane took offand their luggage did not,
following this exact thing.
Mathew Wold (27:18):
So no one got there and was disappointed at the
luggage carousel like they knewit the minute they took off,
like well junk wasn't there astory recently, maybe like a
couple weeks ago, where somebodyhad an air tag and either a
package or luggage or somethingand it got misplaced and they
(27:39):
were able to find out that itwas at some employee's home,
maybe, Maybe it was a UPSpackage and they were trying to
get it back.
And finally they just went onUPS on their Twitter feed and
they posted a picture of theAirTag location and they said
(28:00):
something like UPS, I want mypackage back.
And then UPS responded like Iguess they had been trying to
get the package back for a whileand this was like their last
resort measure and they postedit and they said they wanted it
back and finally UPS I mean itwas only like a couple of hours
and they they messaged theperson and they were able to to
(28:23):
get the package from the fromthe UPS employee's house.
Eric Brown (28:27):
Wow, it's unfortunate you have to resort
to public shaming to get yourstuff back.
Mathew Wold (28:38):
Yeah, huh.
Eric Brown (28:40):
I know, though, just talking about wireless too and
not to do too much productnaming, but I know Firewalla is
one.
There's probably others, butFirewalla makes a small personal
firewall device that you canessentially connect your hotspot
to the Firewalla and thenconnect wirelessly your other
devices to that Firewalla, so itacts as a firewall for your
(29:06):
devices that are behind it,which is kind of cool.
If you're in an unknown placeand you have a couple of devices
that you want to connect to it,you could be assured that those
are relatively secure behindthat firewall device, and then
you're just using that as agateway out to the Internet.
Mathew Wold (29:24):
Talking about hotspots, that's something that
you know is going to come uphere later, but you know, I
think it's really important toyou know there's a cost
associated with that, of course,but it's not as much as it used
to be, you know.
So I think it's reallyimportant that people, you know,
don't connect to any sort ofpublic Wi-Fi and my kids have
(29:48):
iPads and they always want toconnect and watch movies and
game and all that stuff, and so,taking my own advice, I went
out last week and I ended upgetting a personal hotspot.
I went out last week and Iended up getting a personal
hotspot, you know, configuringthat.
(30:08):
I think that firewall idea isreally good too, because on,
like on a personal hotspot,there isn't any sort of firewall
protection.
You know, it's just that openconnection out to the Internet.
So probably a smart idea to putsomething like that on there.
Eric Brown (30:22):
And you could do something similar with your cell
phone provider, where you canget an international plan for
data with your most major cellphone providers.
It's like a pay-per-day or apay-per-use.
(30:44):
I think it's more expensive butnot necessarily unreasonable.
Just to add that in for a shortduration of time and then you
can also if you're going to beon a vacation I know it works in
most of Europe you can get ahotspot at the airport in
country.
(31:04):
That would give you five or tengigs of data, something like
that, for a pretty reasonablecost and with, depending on the,
the uh company that you'reusing, they can ship you the
device beforehand or you canpick it up, usually at the
airport, and then when you'redone you just ship it back.
You know when you're, whenyou're done with your vacation
(31:26):
and then when you're done, youjust ship it back.
Mathew Wold (31:28):
You know when you're done with your vacation,
but I've done that in the pastas well and that's worked out
pretty good.
Yeah, and you know, when wetalk about, like the US
Department of State, you know wetalk a lot about travel
advisory levels.
You know countries have.
You know like a level one, two,three or four, and, uh, you
know level four countries are.
You know they're like do nottravel countries, but you know
(31:50):
if you, if you need to travelthere, you could still do it,
and I think that idea of havingsome other you know like service
in another country is a reallygreat idea.
You know, personally, maybe Iwould take that a step further
where if I was going to, if Ihad to go to a level three or a
level four country, maybe I'dget a completely throwaway phone
(32:17):
, maybe even a separate SIM card, and take that with me.
I've heard that when you gointo some countries that you're
required to turn over all ofyour electronics and that
sometimes they'll just openlyconnect them and download the
data.
They have.
You unlock them so that waythey can access the data.
(32:37):
And I think that's reallyinteresting and scary at the
same time that if you want toenter the country, that you have
to turn over everything andunlock it.
Eric Brown (32:48):
It's just that's a bit much yeah feels impressive
yeah, yeah, I'm like the guywho's going with at least two
phones and probably threelaptops.
If I, if I have to whittle itdown to two, I will, but but
yeah, that's ridiculous.
Mandi Rae (33:07):
I was going to say you're always rolling with
multiple pieces of technology.
Eric Brown (33:12):
Too many.
Mathew Wold (33:12):
Yeah, yeah.
So yeah, I think you know, ifyou're just traveling within the
US or maybe you're just goingto like a level one country, you
know, getting you know somesort of like other data plan, I
think it's a great idea.
But I mean, has anybody evergone to like a non-level one
(33:33):
country?
Eric Brown (33:36):
I've been to a level two and probably a level three,
but never a level four.
Mandi Rae (33:41):
You're pretty uncultured because I don't even
know where you get this levelscale.
So, moving on, I'm going to beuncultured because I don't even
know where you get this levelscale.
Mathew Wold (33:50):
So, moving on, well , you can.
If you go to the US Departmentof State website, they have a
part of their website where youcan select the country that
you're going to go to and it'lltell you what the travel
advisory level is.
Mandi Rae (34:07):
I also want to be like.
Eric Brown (34:08):
Hey, like this YouTube if you're on the same
page as Mandy.
Mandi Rae (34:11):
So, thank you for teaching us.
Eric Brown (34:12):
Well, you know, the level fours are like North Korea
, Iran, stuff like that.
Mathew Wold (34:18):
Yeah, but you know I haven't admittedly, I haven't
done really any internationaltravel outside of North America,
so you know, just Canada for me.
But, um, you know, as I wasgoing through the the different,
uh, travel advisory levels andstuff, I was reading um a lot
more of the in-depth informationthat the department of state
(34:41):
posts there and there's somereally interesting information
because they talk a lot aboutthings that us, as Americans,
wouldn't think would be a bigdeal.
It's like a serious crime overin other countries and you can
obviously go to jail in thatcountry for doing some of that
stuff.
(35:01):
And I was just reading throughit and I thought, wow, is
anybody who's going to travelinternationally should read
through this, because a lot ofthis stuff is just a no-go over
there.
You know you get yourself intoa lot of trouble.
That's a good point.
(35:21):
Yeah, dating app on your phoneis frowned against.
Or, you know, having umpictures that we may not think
are, um, a big deal over there.
You know it's, it's a crime,like it's.
It's just you can't.
You can't do it, yeah.
Eric Brown (35:42):
So and Mandy, you've probably been to a level four
country before, like, forexample, mexico, has states in
it that are considered levelfour, some of which is level
four is do not travel, like, forexample, sinaloa, due to crime
and kidnapping is a do nottravel.
(36:04):
But then you may have otherstates in Mexico that are a
level three, which is reconsidertravel, or a level two,
exercise increased caution and,for example, a reconsider travel
, which would be a level three,like the state of Baja
California, which is in Mexico.
(36:25):
It's due to crime andkidnapping that they're saying.
You know, just use extremecaution when going there.
Mandi Rae (36:34):
Well, I have been to Mexico, so you got me, and next
time I'll use the US Departmentof State smart traveler site
Awesome.
Mathew Wold (36:45):
Thanks, you know we talked about you know making
sure that all of your stuff isbacked up and I think it's
important just you know backingit up to you know some sort of
cloud storage.
You know if you have you knowan Apple device, you can upload
that to the Apple Cloud.
Same thing with Google.
If you don't have either ofthose or you have a lot of data,
(37:07):
you could back up something tolike Backblaze.
And if you don't have cloudstorage, backing it up to either
like a flash drive or some sortof external hard drive, maybe
leaving it at home in a safewhat do you think about those
hotel safes?
Eric Brown (37:22):
Have you ever tried to access one?
Have you ever tried to access?
Mathew Wold (37:26):
one.
I've used one a long time agowhen I was naive and thought
that I was the only person inthe world that had the code.
But not anymore, after readingthat anybody in the hotel staff
(37:49):
can get access to the backupcode, which makes sense, right?
Because if somebody putssomething in there and forgets
the code, they're going to haveto get it out of there.
So not not secure at all.
Yeah, probably more more secure.
If you know it's a non-hotelperson that breaks into your
room, then I suppose you knowit's just up to them trying to
guess your four digit code.
(38:10):
But you know, one of the thingsthat kind of came up in some of
this research was you know, ifyou do have to leave like a
phone or something inside of asafe, you know they suggested
taking out the SIM card, ifthat's possible, or removing the
battery, if you can do both ofthose things.
And then, you know, just throwthem in your pocket, because you
(38:30):
know phone batteries areusually pretty small and that
sim card is, you know, just thattiny little wafer.
You know that at least then ifsomebody you know a hotel person
came and got in there, therewouldn't be any way to power on
that phone.
And even if they did that, simcard would be gone as well.
So I think that's pretty,pretty good advice, right?
Eric Brown (38:50):
I mean, there's not much more you can do, unless
you're gonna hide it someplacein the room, which I suppose you
could do there's that dark mapdiaries episode where I think
they were um poker players andlike online poker players and
the one person had put things inhis.
(39:10):
He had his laptop in his roomand he had, I think, other stuff
in his safe.
I listened to it a while ago soI'm not fully recalling, but he
did have an unauthorized accessentry into his room and someone
had fiddled with his computerand, I think, got into his safe.
But it might have been nationstate level stuff, but that's
(39:36):
not an excuse for it yeah, and Ithink they make a lot.
Mathew Wold (39:41):
There is a slide in the slide deck that shows it.
But there is a device that youcan, that you can buy, to put
into a safe like that and, um,basically you can put a like a
padlock or something on it.
So that way, even if somebodydid know the code you know and
they tried to get into it, youcould still lock it and, uh, you
(40:02):
know, you could probably justthrow that in a carry-on and
bring it with you or, you know,just throw it in a bag.
So there's some ways aroundthat to keep it safe.
But while you're out andtraveling, maybe you're stopping
by a coffee shop, maybe youneed to jump online real quick.
(40:23):
Something that probablyeverybody has heard of these
days is VPN software.
I think this is still a reallygreat solution just to have on
your phone in case you need it.
These days, vpn software isfairly inexpensive.
If you're using a VPN softwarethat's free, using a VPN
(40:49):
software that's free, more thanlikely you're the product.
That VPN company is probablycollecting your information and
then selling it to third-partyorganizations.
So I would steer clear ofanything that's free.
But there's a lot of goodsolutions out there.
There's Mozilla's VPN service.
That's a little bit newer.
I've never used that oneservice that's a little bit
newer.
I've never used that one.
But there's ExpressVPN, nordvpnand ProtonVPN.
(41:14):
I've used those ones.
They're pretty good?
Eric Brown (41:17):
I'm not sure, eric.
What's your choice of VPNsoftware these days?
No, I like all of these.
I like what Proton is doing,and I think all of these ones
that you've mentioned here don'tlog either, which is important.
I think it was Proton thatrecently went through a third
party audit that proved thatthey don't have logging
capabilities, or if they do havelogging capabilities, they're
(41:39):
not turned on.
Another one is private internetaccess.
I've used that in the past.
That one seems pretty good.
I look for ones that have aglobal distribution of servers,
and preferably ones in countriesthat I'm traveling to.
Yeah, like you said, there's alot out there.
Mathew Wold (42:01):
Yeah, that's a good point too, because you probably
need to know or make sure thatyou're going to have access in
that country, because I knowthat NordVPN doesn't have some
of the servers and stuff thatExpressVPN has, and vice versa
too.
So, yeah, I think that's a goodcall out, making sure that it's
going to work wherever you'regoing.
(42:22):
We talked a little bit aboutremoving sensitive data.
You're going, you know wetalked a little bit about
removing sensitive data.
You know, I think maybesometimes people you know just
initially think of maybe likephotos that would be sensitive,
and you know I'd say thatthere's probably more sensitive
data than just photos.
You know, if you have documentsmaybe they're like financial
documents or, I guess, anythingthat you wouldn't necessarily
(42:46):
want someone to download youknow keeping those off of your
phone.
There are some I don't know ifErica or Mandy, if you've ever
used one of these, but there aresome like third party
applications that will do likealmost like a locker, like an
encryption locker, on the devicewhere you can store data and
(43:07):
then you need to have asix-digit passcode or a
fingerprint or something to getinto it and then access those
documents.
Have you ever used softwarelike that before?
Eric Brown (43:19):
I've heard about that type of software when it
came to some applications onjailbroken iPhones.
Back in the day I know a buddyof mine had an app that you
could play sounds of a differentlocation so you could be on the
(43:42):
phone and then you could playthe sound of like a train
station behind you so it soundedlike you were in the train
station when you were talking onthe phone.
Um, which was kind of funny.
And then there was some sort oflike hidden applications where
it looks like it's a calculatorand you put in the right um code
(44:04):
and it gets to a privateaddress book or something like
that.
I haven't seen anythingrecently but I imagine those
things still exist.
Mathew Wold (44:14):
Yeah, I have an application called OneSafe and
it's specifically designed forputting documents inside of it
and, you know, keeping itencrypted.
So I use that a lot to storeany sort of um, you know,
documentation that that I don'twant just sitting on the phone
(44:34):
in case it ever got lost orstolen or, you know, god forbid,
somebody were was to hack itand download that data.
So, you know, I was just kindof thinking that you were going
to keep your travel documents.
Maybe try to keep them in anapplication like that, just in
case the phone was compromisedsome way that they couldn't get
(44:58):
a hold of a scanned passportdocument or something.
Yeah, that makes sense for sure.
Document or something yeah,that makes sense for sure.
Yeah, any sort of like textmessages.
I suppose you know if you'vehad a conversation that you know
you wouldn't want anybody toread or you wouldn't want it
leaked out there, maybe deletingthose messages, any contacts,
you know, if you don't want tobe necessarily associated with
(45:20):
somebody if it, if it ever gotout, you know, maybe maybe get
rid of those.
Change the contact information,maybe, um, and then any apps.
So you know, maybe maybe getrid of those.
Change the contact information,maybe, and then any apps.
So you know when, when we weretalking about going to other
countries, and you know wheredating apps you know are aren't
aren't seen very positive.
You know maybe getting rid ofthose, you know, before you
(45:42):
leave.
And then I think you knowthere's some really good tips
about.
You know how to stay safe whileyou're traveling and I almost
feel like you know you couldprobably do a whole podcast on.
You know physical personalsafety while you're traveling.
That's probably a ton of stuffyou could talk about there, but
you know for for this, we'lljust focus on things.
(46:04):
You know digital to keep safe,you know, but auto-connecting is
a big thing that you shouldturn off and I think we talked a
little bit about that.
You know those things like NFCand Wi-Fi.
You know the ability to airdropor I think Android has nearby
(46:26):
share turning that kind of stuffoff.
We talk a lot about Wi-Fiauto-connecting and when you
think about things like theWi-Fi pineapple and attacker
tools like that you definitelydon't want, especially when
you're on vacation, you don'twant your phone auto-connecting
(46:47):
to something like a pineapple.
And then you don't wantespecially when you're on
vacation, you don't want yourphone auto-connecting to
something like a Pineapple, andthen you don't realize that it's
connected there, and now you'rejust handing over information
to an attacker.
Yeah, that's good too.
Yeah, I am bringing myPineapple with on vacation, are
you really?
Eric Brown (47:05):
Yeah, I figure, I know know.
Oh, what's that?
No, go ahead.
I was gonna say, mandy, don'tyou usually bring your ponagachi
?
Mandi Rae (47:15):
that's what I was just gonna ask matt if he has a
ponagachi that he's gonna bringmy ponagachi is um already
attached to my backpack.
Mathew Wold (47:24):
Yep, nice, that will be coming with as well.
I figure you know I got a lotof time by the pool where I'm
just hanging out.
I might as well, you know, fireup the pineapple and see what
happens.
Mandi Rae (47:36):
Well, if you haven't checked, it out yet episode 11,.
You could pull a Jaden withthat Ponegachi.
Eric Brown (47:41):
Yeah, oh, and take it on the airplane.
Yeah, If it's already attachedto your backpack.
Backpack, that'll be aninteresting one on the airplane
yeah, I'm just gonna let it run.
Mathew Wold (47:49):
I got my, uh, my like 30 000 milliamp battery.
I figure that'll be enough toget me from a to b and still
have battery left over.
Yeah, uh, you know.
And avoiding public computing,public charging, public-fi we
talked about that one, but Ithink one of the things that I
(48:10):
mentioned in this presentationthat I think a lot of people
don't think about or don't evenknow about is public charging.
Right, and the reallyinteresting thing is that if you
plug your cell phone into oneof those hotel lamps where it
has the USB port, it seemsreally convenient, right?
(48:30):
You don't need to plug anythinginto the wall if you just have
the cable, but people can putelectronics into that stuff.
And all of a sudden, you plugit into charge and it starts
downloading data.
Eric Brown (48:45):
Maybe it sends it someplace via wi-fi or you know,
maybe that sounds like a blackmirror episode and speaking of
that, what do you guys thinkabout when you're doing these
trips using vrbo or airbnb?
Um that there isn't some sortof nanny cam weirdness going on
(49:11):
while you're staying there?
Do you check for that?
What do you look for to makesure you're not being spied on?
Mandi Rae (49:21):
I feel more vulnerable to being spied on at
gym changing rooms or tanningsalons or public restrooms so I
guess I really haven't put a lotof thought into like a guest
room at a hotel.
I personally haven't stayed atan Airbnb where the owner was
(49:42):
still there or it was someoneelse's home.
Mathew Wold (49:46):
Gotcha, yeah.
So my wife went to Florida lastyear and her and her friends
rented an Airbnb and that's oneof the first things I told her
is look for anything suspicious,because they do that right.
You can hide one of thoselittle pinhole cameras somewhere
.
I mean they sell so much stuffthat has pinhole cameras.
(50:08):
You know they have like the usb, um, you know like the, the
wall charger that has a camerain it.
I mean, everything can hide acamera these days.
But I think also don't theysell a device that you can use?
It has like a red, like aninfrared light or something on
(50:28):
it and you can shine it aroundthe room and the camera lens
will reflect and you can spot itwhen you look through the
device.
Interesting.
Eric Brown (50:40):
Is there anything?
Mandi Rae (50:40):
you do, Mr Brown.
Eric Brown (50:42):
No, I guess the only thing I do in hotels when I'm
in other countries is just becognizant of the peephole in the
door and put something over itif it doesn't have a built-in
cover to it.
I had a buddy of mine who wastraveling to India years ago and
(51:05):
he heard a noise in the hallwayoutside of his room.
Long story short, it turned outsomebody was out there using
one of those door scopes it'skind of like a way to reverse
look through a peephole on hisroom and um, ever since then I
was like, well, it's probablyjust better, because usually the
(51:27):
way hotel rooms are set up,like you know, you can look in
that peephole and see the wholeroom.
Um, but uh, just puttingsomething over that peephole is
just adds a little bit of uhsecurity, and I usually uh put
the blinds down too if they havethose blinds that you know,
one's like a sheer blind andthen one's a blackout.
I'll just put the sheer onedown during the day isn't it
(51:49):
crazy?
Mandi Rae (51:51):
This could probably be its own broadcast, but
there's so much realitytelevision and so much content
available online, people arestill spying on people in hotel
rooms and Airbnbs.
It's so perplexing to me,because there's so much
available that people want youto see.
(52:12):
Why are we seeking out otheropportunities?
Eric Brown (52:18):
It could be just the danger factor of it, I don't
know.
Mathew Wold (52:24):
The taboo-ness of being a voyeur.
Yeah, yep, voyeur, that's theword I was looking for well
stated yeah I'm sure that if yougoogle airbnb like spy camera,
I'm sure you probably just finda ton of articles where people
have found, you know, some sortof spy device in airbnbs and
(52:47):
that'll be your next episode ofthe Audit.
Sometimes hotels may have, likethe lending chargers or you know
, cables and stuff.
So if you forget your stuff youcan just go down to the front
desk and, you know, borrowsomething you know, and it may
even be something as innocuousas like a USB cable, but but you
(53:10):
know they sell USB cables thathave all of that hardware built
right into the cable.
So I mean you can't even trusta cable these days.
Eric Brown (53:19):
That's a good point too, to pack extra cables and
chargers to be able to get on avariety of power types.
Mathew Wold (53:27):
Yeah, I think, if, if, if it's not yours, if you
didn't bring it or you didn'tbuy it at an electronic store or
something, don't even connectto it, and then they have.
You've probably seen this too.
It's like the OMG cables andthey have one that's.
(53:47):
Or like the USB killer USBstick and the cable now that can
kill USB.
You know so, you plug it in andall of a sudden you know it
just destroys whatever deviceyou plugged in.
You know just to be malicious.
Eric Brown (54:04):
Oh, sends an electric current to it Right.
Mathew Wold (54:08):
Yep.
So yeah, so much stuff outthere that you have to avoid.
You know, and I think you knowjust kind of.
On this last topic here of ofguarding devices, we talked a
lot about, you know, locking updevices when you, when you leave
them behind, and removing thesim cards and stuff.
But I think it's important tojust power down devices when
they're not in use.
I did, I read even where theywere saying that if you're going
(54:29):
to go through devices whenthey're not in use, I read even
where they were saying that ifyou're going to go through like
security, if you're in anothercountry and you're going through
checkpoints or any sort of youknow security location, that you
should power those devices off.
So that way, you know, it'smuch more difficult to try to
(54:49):
power them on and copy data fromthem or, you know, to get into
those devices.
Sure, maybe you know, maybejust some extra food for thought
there.
Does, uh, does anybody connecttheir phones to rental cars when
you're, when you're out, whenyou're on vacation?
I believe I have before through.
Eric Brown (55:06):
Bluetooth.
I believe I have before through.
Mathew Wold (55:09):
Bluetooth Did you?
When you were done, did you gothrough and like unpair it?
Eric Brown (55:18):
Yeah, I'd like to say I have 100% of the time, but
I can't say that because I'mnot sure I don't share my
contacts or anything throughBluetooth like you can in some
cars.
But that is a good reminder todo that.
Mandi Rae (55:36):
That is an interesting feature in a rental
car and it's surprising theywouldn't disable it, because
it's really easy to make themistake to allow it to download
your contacts.
Eric Brown (55:47):
Yeah, well, even your destinations too, right,
like, like you know, when somesometimes you can get a loaner
car if your car is being workedon for an extended period of
time or you know a rental car aswell and you go in and you look
and you can see the history ofwhere the people before you that
have had the car have traveledto, which is interesting,
(56:12):
especially if you're doing likea turo, if you guys have ever
done that where you know you're,you're using somebody else's
car and and paying them for it.
It's kind of like um, airbnbfor cars yeah, I haven't ever
done that, but I heard about it.
Mathew Wold (56:30):
Yeah, I haven't either, so maybe now we talk
about returning home Soundsgreat, okay.
So I think following good cyberhygiene while you're out is a
really great idea.
When you come home, there's abunch of things that you need to
(56:52):
do as well, and I think a lotof this is you know, kind of
goes back to what you do beforeyou leave, but maybe just more
of like a cleanup stance, youknow, or cleanup idea, you know,
when you get back, you know.
So you know it's important toagain update antivirus software.
You know.
(57:29):
So you know it's important toagain update antivirus software.
You know, run any sort of scansjust to make sure that you know,
when you're, if you connectedto that Wi-Fi.
You know if you left that thatdevice alone in a hotel room for
a while.
You know that.
You know.
You run that A-B scan, makesure that, sure that the machine
is clean.
You know, I don't know, eric,when you go on vacation, when
you come back, do you ever justwipe the machine?
Do you have a machine that'sspecifically designed, you know,
just for travel and then that'sall it's used for?
Or how do you do that?
Like?
What kind of steps do you take?
Eric Brown (57:50):
I have not done that , but maybe my profile might be
a little different, because Iuse a cloud-hosted PC when I can
, when I'm away.
So that kind of maybe mitigatesthe need for that, because I'll
just connect to that clouddevice and do my work there and
(58:14):
keep anything off of my localmachine.
Mathew Wold (58:17):
Yeah, I hadn't thought about that, but that's
an interesting idea.
Do you use just something likea Paperspace instance or
something along those?
Eric Brown (58:27):
lines yeah, I've used Paperspace and do use
Paperspace.
I've got just a regularcomputer there, but also like a
cracking computer there.
And then for work I've got aWindows 11 machine up in
(58:50):
Microsoft's cloud so they callit a cloud PC which works pretty
well.
But then for other customerswhere they provide computing
equipment for me to use whileI'm working with them, I'll
typically either take that withme, if it aligns with their
(59:13):
policy, or if I don't plan ondoing any work with them, I'll
leave that computer behind.
Mathew Wold (59:21):
Sure, yeah, I think that's a really good point and
I think if you're just aneveryday user, if you have the
means to do some sort of cloudcomputer while you're gone,
that's probably the best thingto do.
I think that's a great idea.
Then you can either just spinit down at the end of your
(59:44):
vacation or you could just resetit.
Mandi Rae (59:48):
If it has that ability to do some sort of point
in time reset, yeah, Well, whenI go to level four countries, I
bring a burner phone and I keepall my electronic devices at
home.
Mathew Wold (01:00:05):
Yeah, I mean that's a good plan.
Maybe have a burner laptop too.
Mandi Rae (01:00:14):
It would be awesome to be that cool.
Mathew Wold (01:00:16):
Yeah, I know, when I took my last trip I just set
up my laptop and then I justtook an image of it and then
went on vacation, did my thing,and then when I came home I just
reloaded the image and just tryto mitigate any sort of issues
that way, just in case somethinghad happened.
Mandi Rae (01:00:39):
That's really smart and good precautions.
Eric Brown (01:00:43):
Yeah, do you VPN back into your home lab at all?
Mathew Wold (01:00:56):
your home lab at all.
I do, yeah, yep, yep, I've,I've done that too.
Um and uh, you know it's reallynice because then you know all
of my network traffic is goingthrough.
You know that securedconnection, um, I have access to
.
You know all of my.
You know Proxmox VMs and youknow I can use one of those
machines.
I have home automation too.
So you know I can, I cancontrol some of that stuff as
well.
(01:01:16):
So, yeah, nice.
So I think you know, once youreturn home, you know another
big thing is shredding boardingpasses.
You know, I guess I I shouldn'tbe shocked, but you know
there's, there's, there'sbarcodes on all of that stuff,
and while I've never scanned one, I guess there's a wealth of
(01:01:37):
information in that barcode andso you wouldn't necessarily
maybe want somebody getting ahold of that and getting your
personally identifiableinformation from that boarding
pass or those luggage tags, orboarding pass for that matter.
So just getting rid of those ifyou can.
And then I think, once youreturn home, it's a great
(01:01:59):
opportunity to then share anysort of social media stuff
letting people know how yourvacation was, where you went,
sharing any photos, talkingabout all the fun you had,
sharing any photos, you knowtalking about all the fun you
had.
And then you know, just keepingan eye on, you know those
devices, if you, you know if youweren't able to reset you know
a phone or a tablet or something, just making sure that you know
(01:02:21):
if it, if weird things starthappening, you know windows
opening and closing on their ownor the battery draining super
fast.
You know that might be anindicator that the device is
compromised.
Keeping an eye on any sort ofyou know financial accounts that
you use.
So if you, you know, did use acredit card or even a debit card
(01:02:46):
while you're out, you know,just, I guess I would say,
monitor that a lot more closely.
You know, just to make surethat everything looks normal.
And then just keeping an eye onyour email too, Just, uh, so
that way, if, if you get anysort of um, like hotel bills or
any receipts or um, you know,like invoice stuff from from
(01:03:07):
when you were on vacation, youknow saying that there's still
an outstanding balance, that youcontact anybody before just
paying it, because that coulddefinitely be a scam still.
Eric Brown (01:03:20):
And there's examples of I guess you could call them
legitimate scams in the countryas well, and I'll give an
example of that when I went toIceland.
Renting a car if you're goingto go anywhere other than
Reykjavik is pretty necessary todo to get around the country,
(01:03:44):
and rental cars are reallyexpensive in Iceland, for
whatever reason Two to threetimes what they would be in the
US.
But you can find some dealswhere they're cheaper and
they're off airports.
But these companies areunscrupulous in how they either
(01:04:09):
charge for insurance or theyscam you on damage that's on the
car when you return the car.
So if you do go to a countrylike this Costa Rica is another
one where they can get a littlefunny with the car rentals and
(01:04:30):
it's another one of those thingswhere, if you go off airport
and rent at a cheaper place, youjust want to make sure you take
really good pictures.
If, if it's rained out and thecar is wet, ask for a towel,
wipe it off and take reallydetailed pictures of um of the
(01:04:50):
car, the paint from all sides,hood, back top because they will
try to say, oh well, there's ascratch on the car.
But another thing you could dois you know, again use that
virtual credit card and then ifthey try any of that post-return
(01:05:12):
fee gouging, you can justcancel that virtual card.
But it's something to becautious of and and I doesn't
happen in in all countries butread the reviews beforehand
before you travel a lot ofpeople will talk about it,
complain about it, share theirexperiences and it's probably
(01:05:34):
better just to rent from areputable place and pay a little
bit more than go through therigmarole when you're returning
the car and in a hurry to getback to the airport, to the
airport.
They're very well versed atthese scams and they know that
(01:05:55):
you're under time pressure,especially if it's an off-site
rental facility and you knowit's well-practiced social
engineering.
Mathew Wold (01:06:03):
Yeah, do you ever take a picture of like the
odometer, like the dash, thedash stuff as well?
Eric Brown (01:06:10):
Okay, the dash, even if I'm renting something
locally like from a Home Depotusing their vehicle to.
You know it's like 20 bucks or30 bucks for 90 minutes.
You know you just need to haulsome stuff around.
I take a picture of exactlywhere the gas is, the odometer.
I take pictures of the outsideof it.
(01:06:32):
You know it only takes, youknow, a minute to do all those
pictures and that way you've gotproof.
You know, when you return it,that nothing happened.
Mathew Wold (01:06:42):
Yeah that's another .
That's a good tip.
So we've talked a lot aboutthings to do once you return
home, and I think that ties inreally well with a lot of the
things that you should do beforeyou go traveling and while
you're traveling, and I thinkone of the biggest things is
(01:07:03):
just maybe doing a little bit ofresearch.
Um, with your vacation, youknow, before you leave, um, you
know we talked a lot about um,you know, doing some research,
uh, on who to who to book travelthrough, like when you're going
to stay someplace.
(01:07:23):
Um, you know, making sure thatyou know your, your, your stay
is, you know a legitimate stay,that if you're doing Airbnb,
that it's you know a legitimateplace.
You know if you're going to usea car rental company, to do
some research there as well.
So I think that's one of the bigthings just doing a little work
ahead of time to make sure thateverything is legitimate.
(01:07:46):
And then doing work to makesure that all of your devices
are backed up, you're ready totravel with them, you know where
you're going and what you canand leaving behind and maybe who
has access to those and whatyou're sharing online.
(01:08:16):
So just being really carefulthere as well, and then once you
get home, just making sure thatyou have all of your
electronics with you.
So make sure you have thatbefore you leave, make sure that
you have it when you get back.
You know, just kind of doing alittle cleanup work after that
and then you know you can havethe fun part of sharing all that
information on social media ifthat's your thing.
Eric Brown (01:08:40):
Thanks, matt.
We've talked about a lot todayand really appreciate your time.
Before we wrap up what's yourfavorite place to travel to?
We wrap up what's your favoriteplace to travel to?
Mathew Wold (01:08:50):
You know I've been to San Diego so many times.
It really is one of my favoriteplaces.
The weather just always seemsto be so nice, so currently
that's my, that's my go-todestination.
Eric Brown (01:09:03):
Nice, cool, yeah, lots of lots of fun stuff to do
in San Diego?
Mandi Rae (01:09:11):
Good breweries there too.
How about you, mandy?
I always like to say myfavorite place is probably one
I've never been, but, like we'vebeen talking about, with travel
restrictions, I've definitelyhave a new fondness for being
able to just jump on a flightand go to Vegas, whether it be
for DEF CON or for the weekend,and so that is a place I often
(01:09:31):
frequent.
Eric Brown (01:09:33):
Oh, very cool.
Mandi Rae (01:09:34):
How about you?
Eric Brown (01:09:35):
I would say my current favorite place is.
I really did like Iceland, Ihave to say Really cool country,
lots to see and do, a lot ofoutdoor activities, great food
and fun people.
Really just a great tripoverall.
Mandi Rae (01:09:57):
I've always had it on my bucket list to check out
peak northern light season inIceland.
Was that something you got tosee?
Eric Brown (01:10:06):
It wasn't.
I was there a little bit beforethey were really active.
I guess they're active all thetime, but before they were
really active I didn't quitemake that season and it was
cloudy a lot of the time that Iwas there, but overall a really
great trip, really great trip.
Mandi Rae (01:10:27):
That'll be an excuse to get to go out again.
Eric Brown (01:10:31):
That's the more I sit with it.
Mandi Rae (01:10:38):
My favorite travel destination has to be Colorado.
Eric Brown (01:10:39):
Lived there for a little while, and so it's really
nice to get to go back out.
Colorado's a great place, andI'm going to amend mine, mandy,
just to say anywhere wherethere's a direct flight is a
place that I'd like to go.
I do not like airport transfers.
Mandi Rae (01:10:55):
I agree.
I used to travel in a previousrole and I was home a week, gone
a week, and so I loathe theairports.
Eric Brown (01:11:05):
Well, we had a lot of fun today, and Mandy too.
Thank you for your time as well.
Always fun to chat, um andagain, matt, thanks again.
I'm sure we'll have you onagain soon, but um, yeah, that
was uh.
Travel safe with Matt Wold andthe folks at IT Audit Labs.
(01:11:28):
Thanks again, thanks for havingme.
Mandi Rae (01:11:32):
Hi, okay, matt Wold, would you mind if we put the
presentation on our website sopeople could view it?
It's okay to say no.
Mathew Wold (01:11:45):
Sure, it doesn't bother me.
Mandi Rae (01:11:47):
That would be the only other thing I could use, so
I won't rebrand it or change itat all, but Casey has been
working on the platform to tietogether episodes and related
content or things we recommend,so this would be really
complimentary Sure.
Mathew Wold (01:12:01):
I can email it over to you and it's a really good
prezo, thanks Great.
Eric Brown (01:12:05):
Did you guys have fun with it?
Mandi Rae (01:12:08):
I enjoyed this topic and that's why I was like, Ooh,
I'll come to this one.
Eric Brown (01:12:11):
It's Mr Wold Right, and now Matt gets to travel for
real, so that's cool.
Mathew Wold (01:12:18):
Yep, yeah, you know , I called my.
I usually call my mom on theweekends, while my mom and dad
and you know we were talkingabout traveling and stuff and
they were good enough to jointhe the library one.
It was the only one thatthey've been to and so, uh, my
mom was kind of grilling me onon if I was taking some of my
own advice.
(01:12:38):
So how?
Mandi Rae (01:12:39):
sweet when you sent me the library link.
Um, my parents were going on acruise in a couple days, so I
sent it to them too and I waslike watch this.
It's for old people at RamseyCounty Library like you guys are
in that group yeah, that'sawesome.
Mathew Wold (01:12:54):
I think it's just a topic that you know, we don't,
we don't think of very much, andso you know I had a lot of fun
doing the research on it and, um, I feel like there's probably
so much more that could havegone into it.
Um, but yeah, I just hope.
I hope people can can getsomething out of it.
Mandi Rae (01:13:11):
You weren't wrong about Googling Airbnbs with
hidden cameras, Like there was alot of juicy content there, but
by the time I got it pulled upwe had transitioned and I didn't
want to belittle the point, butthat's an entertaining thing to
do if y'all are ever bored.
Eric Brown (01:13:26):
Yeah, oh, wow, okay, like people's horror stories.
Mandi Rae (01:13:31):
Yep, oh, wow, okay, like people's horror stories.
Yep, there's stories.
And then there's also, you cantell, annually around, like the
May June timeframe, differententities are articulating how to
look for cameras or how tocourt because of the cameras
that were placed strategicallythroughout the property that
(01:13:54):
they felt compromised.
They're nasty.
Yeah.
Eric Brown (01:13:59):
That's got to get better cameras, that's what
happens when you buy the cheapshit.
Mandi Rae (01:14:05):
I I don't go to tanning salons often but I bring
them up because I that was oneof my first jobs.
I worked in one and acompetitor to our franchise got
busted in a huge sting about thesame thing.
Because you know, at tanningsalons if you ever go to like
get ready for a mexico trip orsomething, a lot of people you
know pre, pre be in the sunbecause they want to you know,
(01:14:28):
get that tan yeah, pre-game,pre-game, um, anyhow, but
they're pretty much like.
some of them don't even havedrywall, you know, they don't
have ceilings, and so this guywas literally there's just holes
with cameras in them, watchingpeople prepare to get in the
tanning bed and watching peoplewhile in the tanning bed, and
(01:14:50):
that really boosted our businesswhen all his salons got shut
down.
Well, we'll protect your,protect yourself from weirdos.
Yup, that's the name of thegame.
Mathew Wold (01:15:01):
Thank you, I will.
Eric Brown (01:15:05):
Bye guys, have a good weekend.
Mandi Rae (01:15:07):
You too.
Eric Brown (01:15:08):
Later Bye MoneyRedecom.
You're listening to the Audit presented by IT Audit
Labs.
Mandi Rae (00:14):
Hey, welcome back to the Audit, a podcast by IT Audit
Labs.
Today joining us is Eric Brownfrom IT Audit Labs and Matthew
Wold, friend of the podcast andcybersecurity extraordinaire.
Hi guys.
Eric Brown (00:35):
Hey, mandy, this is where I want to mention some of
Matt's other nicknames, but Isaid I wasn't going to, so I
won't.
Mandi Rae (00:44):
I want to mention some of Matt's other nicknames,
but I said I wasn't going to, soI won't.
Well, today we're going to callhim Travel Matt because, in
preparation for the upcomingspring break season, we're going
to talk about cyber safe travel.
So, joining us, Matt.
Why don't you kick us off withsome best practices from an
expert and, if could I even callyou an ethical hacker who would
(01:06):
know exactly what to look outfor?
Mathew Wold (01:09):
Thank you, I appreciate that.
Thank you for having me on it.
It's always a pleasure to behere.
So you know, I was doing alittle research as we kind of
came into spring break and youknow, as COVID was, I don't want
to use the term slowing down alittle bit, but it seems like
more and more people are goingout traveling now and I just
(01:34):
thought it would be time to havesome of those conversations
about cyber, safe travel, thingsto think about before you go
traveling, some steps and maybesome tips on what to do before,
after and during your travel.
So I put this presentationtogether.
You know it turned out to bereally relevant because when I
originally put the presentationtogether, I wasn't planning on
(01:57):
going on vacation, but now I am,and you know I'm following some
of my own best practices aswell, and you know I'm following
some of my own best practicesas well.
Eric Brown (02:05):
Did you get a phishing email that said that
you had won a free trip?
You clicked on it and nowyou're going.
Mathew Wold (02:16):
Yeah, and I fully expect to get on that flight
later today.
Mandi Rae (02:18):
Well, good luck with that.
Maybe after that you're goingto meet a prince and inherit
millions of dollars from arelative you never met.
Mathew Wold (02:25):
That would be the end to my perfect day.
So you know, in thepresentation you know I kind of
go through some of these travelscams and I think you know
knowing what to look out for isprobably a big key to staying
safe.
You know we talked aboutfraudulent vacation sweepstakes
(02:48):
that you could win.
That's definitely one of themIf you're going to go on
vacation.
There's a lot of things likefake airline websites offering
discounts, fake rental homes,stuff.
That sometimes is a little bittoo good to be true.
Those are always a red flagfree vacation travel promotion
(03:13):
If you just get a flightconfirmation, especially if
you're not planning on going onvacation.
But if you are and you'regetting emails from someplace
that doesn't look right, itprobably isn't right.
Something that I definitely wantto dive into a little bit here
is when we talk about rentalhome fraud.
So sometimes when you go tomaybe book an Airbnb or
(03:38):
something else, sometimes whathappens is that that listing
isn't actually available and sopeople have shown up, you know,
expecting to get into theserental places and either it's
not even a rental place orthere's already somebody who is,
you know, booked it for theexact same dates and now you
(03:58):
have a big problem on your hand.
Sometimes these rental placesdon't even exist at all, and so
they're just, you know,completely fraudulent bookings
and you know you show up forvacation and you have no place
to stay.
So I think it's reallyimportant to really know the
site and the outfit that you'rerenting some of this stuff
(04:22):
through.
It's pretty important to usereputable sites.
Mandi Rae (04:26):
Especially now that hackers are using Photoshop.
Eric Brown (04:30):
Yeah, I was talking to someone the other day about
some of the legitimate and I putthat in quotes travel scams.
But there was a Wall StreetJournal investigation a couple
of years ago into Orbitz, anonline travel agency, and the
(04:56):
claim was that they were showinghigher-priced hotel rooms to
Mac users compared with thosewho used Windows PC to access
their site.
So I think they did aninvestigation and Orbitz later
admitted that it did have somesort of algorithm to target
(05:16):
specific users based on whattype of machine they were
logging in from, and Mac userswere being shown more premium
rooms compared with Windowsusers, who were always shown the
cheapest price room for a roomfirst.
So apparently they've removedthat feature, but interesting
(05:36):
nonetheless that these sorts ofgames are played by the
quote-unquote legitimatecompanies.
Mathew Wold (05:43):
Yeah, and you know I'm glad that you brought that
up.
I read something around that aswell, not specifically Orbitz,
but just how, when you go tosome of these travel places
online that they'll either readother cookies on your computer
to see what other sites that youshop at or sites that you visit
(06:04):
and you visit, you know, and ifyou're, you know, going to a
lot of high-end websites, theyjust automatically assume that
you'll pay more for a vacation.
And same thing, they'll, youknow, show you higher price
stuff.
So I think I think that'sreally interesting, definitely
something to to watch out for.
You know, and how do you getaround that?
You know you could either, youknow, clear cookies out first,
(06:28):
or you know if you have a webbrowser extension that you know
changes, you know thatinformation.
You know that you couldprobably get around it that way,
yeah absolutely.
Eric Brown (06:40):
It's almost, like you know, a throwback to our
dark web episode with Bill.
You need tails and a VPN tojust book travel tickets, just
like you're getting onto thedark web, yeah exactly.
Mathew Wold (06:55):
It shouldn't have to be that difficult.
Eric Brown (06:58):
No.
Mathew Wold (06:59):
I guess that's where we're at.
So I broke down a little bit ofone of these travel scams which
I was doing a little bit ofreading online and it's really
interesting kind of how itunfolded the attacker and social
media is definitely a usefultool for attackers no matter
(07:21):
what it is.
Any sort of scam or attack likethat.
The attacker is always lookingfor opportunities opportunities
and that goes for anything.
But you know if they'respecifically targeting travelers
or, you know, maybe it's just alack of a better word crime of
opportunity.
You know, maybe a scammer comesacross like a Facebook post or
something that somebody says youknow they're going out of town.
(07:43):
They see that and they starttargeting that person.
You know, doing some opensource intelligence to start
gathering some backgroundinformation, getting more
information about, maybe, wherethey're going and when they're
going to be gone, and then, oncethey get all that information,
you know, then they launch thatattack and you know either it's
some sort of phishing scam oryou know some other sort of like
(08:06):
smishing scam.
But in the specific examplethat I saw, you know as a person
who you know, just like what Iwas saying, is, you know, like a
Facebook post, where theattacker had, you know, seen
that with that they were goingout of town and then did a whole
bunch of research and, at theend of the day, what ended up
(08:31):
happening is they sent emails totheir family saying that they
were on vacation and theycouldn't use their phones and
anything like that, and thatthey were in trouble and that
they needed them to wire moneyto an account, not to contact
them directly, and stuff.
(08:51):
And so they're pretty smartabout these kinds of things and
how they use social engineeringto try to manipulate people,
friends and family and try toget them to send money.
And so then these people cameback home and their family was
like, oh, is everything okay?
And of course, they had no idea, and I mean, what a shame.
(09:14):
It really starts with bookingtravel, right?
That's kind of where the wholeprocess starts, the whole being
security minded.
Um, you know, being securityminded, you know when you go
into travel and booking travelsthe first step in, you know I
think it's important to booktravel through a reputable
company.
You know if you, if you'rebooking travel, you know through
(09:36):
someplace that you never heardof, you're not really sure what
you're going to get, but you'regoing to go online and you book
through, like Travelocity orExpedia, you, if you're gonna go
online and you book throughTravelocity or Expedia, they're
pretty reputable as far asonline goes.
But there's other places too Ifyou want to book through an
actual person.
(09:57):
I think Carson Wagonlet is atravel place where you can go in
and book through.
If you're a Costco member, youcan book travel through Costco.
So I think there's a lot ofgood companies that are a safe
bet that you can book through.
When booking travel online, Ithink it's really important to
(10:18):
have a safe online connection.
Probably shouldn't be bookingtravel through, you know, your
Starbucks Wi-Fi connection orover some random you know
internet connection.
You probably want to.
You know, book it at home whereit's safe.
And then you know justmonitoring all your travel
accounts before your trip.
(10:39):
You know monitoring during andafter your trip too, for any
suspicious activity, but justkeeping an eye on it so that way
if you start getting weirdemails that you can take some
sort of action or dig into it alittle bit.
Eric Brown (10:56):
Many credit card companies these days too offer
that fraud protection where youcan spin up a virtual credit
card number to use for aparticular site, which is nice.
And a lot of credit cardcompanies too have no charge for
international purchases.
(11:18):
So if you're goinginternationally you wouldn't pay
a surcharge to the credit cardcompany for using that card
overseas.
I know in the past there wasnot as many credit card
companies doing that, so you hadto try to find the right card
when you're going to travel, butI think now most of them do.
But it's always wise to checkwith your credit card company,
(11:43):
and it also used to be thatyou'd have to notify them, I
think, before you traveled.
But now the algorithms are suchthat at least the ones I use
don't require thatpre-notification for travel.
I don't know if either of youhave experienced that.
Mathew Wold (12:02):
Yeah, in the past I've had to do that, but I think
you're right with the way thealgorithms work these days, you
know, when I went to San Diego,or even when I was in Vegas, I
didn't have to do any of that.
So I think it's smart enoughnow that you don't need to.
Yeah, but yeah, I think thatwas a really good call too,
(12:25):
about you know the the creditcard companies and spinning up a
virtual virtual card, cause youknow that that could definitely
be, you know, a big saver forsomebody.
You know if you're using thatvirtual card and you know if
you're.
If your credit card companydoesn't offer that, there is
other services like Privacycomthat offer that ability.
(12:48):
So that way, you know, you canspin up your own virtual credit
card and use that as well.
So, yeah, I think that'sdefinitely good to remember.
Eric Brown (12:58):
Yeah, that's a good tip about the Privacycom the
privacycom.
Mathew Wold (13:07):
I know that, um, you know, for my, not every
single credit card works forprivacycom.
Um, I knew somebody who wastrying to use it and the credit
card that they had.
They couldn't register it inprivacycom.
So I guess that's kind of abummer something to to think
about if it, if it's not workingfor you working for you, maybe
your credit card doesn't supportthat.
Along with the idea of justbeing safe online and using
(13:33):
reputable businesses, protectingtrip details is always a great
idea too.
Knowing what you should andshouldn't share online is
definitely a huge plus.
I'm in the boat where socialmedia is not really my thing,
but even if it was, I wouldn'tpost anything online about you
(13:54):
know I'm going.
You know on vacation on suchand such dates, or you know
where I'm going to go, oranything like that.
I would just keep that tomyself, but scammers tend to to
use that, that information, toto target you.
Um, you know.
So I would say that you know ifyou're gonna, if you have to
(14:16):
share the those trip details.
You know maybe, uh, maybe, it'ssomething that you share over
the phone with.
You know a trusted loved one,or you know like a trusted
friend or something.
If you are going to share thatinformation online, maybe try
not to use specifics.
Mandi Rae (14:34):
I know people on their social media that have
like a trip countdown and likeeven put in a map and they are
so communicative about theirtravels.
I worry for them for thisspecific reason.
Like they're live postingduring their trip, they're
(14:54):
taking pictures of their hotel,their key card, their door their
room number, I mean just reallypromoting every last bit of it.
Eric Brown (15:04):
It's like a black mirror episode.
Yeah, that is scary.
I mean just really promotingevery last bit of it.
It's like a Black Mirrorepisode.
Yeah, that is scary.
One of the things I've donerecently when I've gone on some
larger trips is to keep a papercopy of all of the things, just
in case you're on a little bitlonger of a plane ride, phone's
(15:26):
not charged, get to a foreigncountry and then you're trying
to fill out the paperwork.
Sometimes you've got to fillout paperwork to get into the
country and go through customsand they like to know the
address that you're staying at,things like that and if, for
whatever reason, you can't getto it on your phone or computer,
(15:46):
it's nice to just have thatpaper backup that you know you
keep secure, but with just thedetails of where you're going to
be and then some contactinformation on how to get in
touch with if you're staying at,you know, say, a person's house
or an Airbnb or something likethat, how you would get in touch
with them if, for whateverreason you know you couldn't get
(16:09):
into the property or what haveyou.
Mathew Wold (16:11):
Yeah, what's your thoughts on?
You know, when I was doing thisresearch, there's a lot of
organizations that were saying,you know, even having like
photocopy backups of things likepassports, driver's license,
birth certificates, anythinglike that, just in case that
documentation gets stolen whileyou're away, what are your
(16:32):
thoughts on having a paperphotocopy backup of that?
Eric Brown (16:38):
So I had a situation .
I was in Italy a couple ofyears ago.
I was in Italy a couple ofyears ago and there was a
situation where the passportwent through the washing machine
and it was a couple of daysbefore we were coming back home,
so I didn't have enough time togo to the embassy and deal with
(17:05):
all that rigmarole.
So I was like, well, let's justroll the dice and see what
happens.
And fortunately it was intactenough to still have the picture
and things like that.
It was just like the.
You know, it had gotten wet, soit was starting to come apart
and the customs agent was like,oh, this went through the wash.
So he kind of made light of it.
(17:27):
But I did have a copy.
I took a picture of it and hada copy of it on my phone as well
, but it didn't come to usingthat.
The paper copies are probably agood idea if you have a safe
place to keep them.
I don't know that I'd bring mybirth certificate, but I do know
(17:49):
in some countries they willtake your passport from you when
you get to the hotel.
So it might be nice to havethat paper backup in case
something happened there.
What do you think, mandy?
Mandi Rae (18:06):
Trying to keep track of paper or anything is so
stressful to me.
I'm so thankful for my phoneand the app.
I feel like it simplifiedtravel so much that I'm not as
good with the backup solution,so I'm taking some pointers from
you guys on this call.
Mathew Wold (18:22):
Yeah, I would say that you know, I like the idea
of having having it backed updigitally, like on your phone.
You know the my worry there.
There is like what if you knowwhat, if you drop your phone in
the ocean or you know somethinghappens to it and then all of a
sudden you know, now you havenothing.
Mandi Rae (18:38):
I'm usually a super chill traveler where, like, I'll
even roll up to the airportdangerously late and just
confidence my way through stuff.
But then the minute I getthrough the security line I feel
like I check for my id and myphone like 7 000 times.
Eric Brown (18:56):
So paper stuff I just can't even think of it yeah
, I know I was just going to saythat some places use a mobile
passport control now and I'mtalking international travel so
you don't necessarily have tofill out all of that paperwork.
(19:17):
There is an app on the phonefor it and it makes it a little
quicker to get through customs,to get through customs and then,
of course, if you do all of thethings that you can do, like
CLEAR and some of thoseinternational travel programs
where you pay a little bit ofmoney, go through additional
screening months ahead to get onan approved list, so to speak,
(19:40):
and then you have facialrecognition to get into the
country, rather than, yeah and Ithink the US is starting to do
that more as well at least thelast time I came through it's
been a little while, but theyhad facial recognition.
They scan that picture on yourpassport and then some form of
(20:02):
facial recognition when you'regoing through to talk to that
agent.
Mandi Rae (20:07):
I can't wait till we're in the place where it's
just like a retina scan, likeyou get to the ATM retina scan.
Here's your money.
You get to the airport retinascan, get on the plane.
Eric Brown (20:19):
That would be nice.
Mathew Wold (20:21):
Yeah, it sounds like maybe a little work up
front saves you a lot of theback end if you go through that
clear process and stuff.
Eric Brown (20:28):
Yeah, it is.
I think there's some people maynot want to go through it
because they take yourfingerprints and go through the
processing of that and thenprobably share those
fingerprints with otherorganizations, because I don't
think it's a governmentorganization that's doing it.
(20:51):
It's some sort of private NGOthat has a relationship with TSA
and such.
But for most of us we've beenfingerprinted in the system for
a variety of work reasons, soit's not that big of a deal.
But I can imagine some peoplemight not want to go through it.
Mathew Wold (21:09):
Yeah, Kind of like when you submit your DNA to like
ancestrycom and the fine fineprint says that they could share
that, that DNA information outwith other organizations.
Right yeah.
Mandi Rae (21:23):
I think it's only those of us in the security
realm are the ones who are likewe're not doing this.
We read fine print.
Mathew Wold (21:31):
Yeah, I mean to Eric's point, though I mean for
anything that's work related,that involves like sieges and
whatever.
You've been fingerprintedalready.
Mandi Rae (21:42):
A fingerprint doesn't scare me, but you don't need my
DNA.
Mathew Wold (21:46):
Yeah, that's fair.
So you know I have some thingsthat you know that I think maybe
should be done before travel.
And you know, I think it'simportant that you know, you
think about any electronicequipment that you're going to
take.
You know with you Becauseanything that you take you're
going to take.
You know with you becauseanything that you take you're
(22:06):
going to need to to manage it.
And you know if you take it,protected, I think is kind of
the key phrase there, but youknow.
So just making sure that anyelectronics you know are kind of
handled before you leave.
So some some important thingsyou know to do are are backing
up any sort of files off of thatdevice, you know, just making
(22:28):
sure that if you like that phone, if you end up losing it, that
all the data is backed up.
So backing up files.
Updating any devices to thelatest OS versions, and then not
just the operating systems butalso applications, but also
applications.
So any applications that needto be updated, make sure you
update those.
Confirming that your antivirussoftware is updated with the
(22:51):
latest virus definitions.
Installing any sort of softwarethat you're going to need.
So definitely you want some VPNsoftware so that way you can
connect securely when you're out.
You know, maybe even somedevice recovery software so that
way you know if you, if youmisplace your phone, you can you
can locate it using strongpasswords.
(23:12):
I know we talk a lot aboutpassword safety and multi-factor
authentication.
So just enabling that stuff onaccounts, you never know where
you're going to be when you needto log into something and you
know having multi-factor,multi-factor authentication is
always a great idea.
You know we kind of talkedabout international travel and
you know, when you talk aboutinstalling software, a really
(23:34):
great application is the USDepartment of State Smart
Traveler application.
There's a lot of stuff that, ifyou're going to do
international travel, that thatapplication provides to people,
provides to people.
And then just removing anysensitive data, you know,
anything that you wouldn't wantanybody else to see probably
should pull it out of yourdevices, any unnecessary
(23:56):
applications that you reallydon't need.
Those applications can be, youknow, a gateway into that device
if it were to get compromised.
So you know, maybe thatapplication has some sort of
flaw in it, you know.
So just getting rid of anythingthat you're not going to use.
And then you know, justdisabling, like location
(24:17):
tracking, you know, so that waylike the old Foursquare when it
used to just automatically liketrack your location and update.
You know, send updates toFacebook and stuff like that.
You know, checking you inplaces, just disabling that kind
of stuff, uh, you knowdisabling that is triggering
(24:38):
that like should have been namedlike the stalker app.
Eric Brown (24:43):
Does that still exist?
Do people?
Mathew Wold (24:45):
still use that.
Mandi Rae (24:46):
I don't even know if foursquare is around anymore I
don't think it's relevant, butit that's a good thing yeah, but
you know facebook.
Mathew Wold (24:56):
I think facebook has that ability too.
Where you know it'll, it'llcheck you in places again.
I'm not a social media user, soI'm not the best person to talk
about Facebook.
Mandi Rae (25:08):
You're not wrong All social media platforms.
I don't know if you cancontinue to share your location
with friends, but you canabsolutely check in places and
live stories seem to be such agrowing trend right now that
it'd be hard to avoid where youare when you're living your life
out loud on social media.
Mathew Wold (25:27):
Yeah, it's just, that's always just so scary.
So, you know, I think, turn itoff in general, but you know,
especially if you're going to gotraveling that's my personal
opinion.
And then you know anything likepersonal hotspots.
You know, if you don't need itto be on, turn it off.
Same thing with like bluetooth.
I know that.
Uh, you know, if you havebluetooth heads, headphones or
(25:49):
something like that and you andyou want to use them, turn
bluetooth on for for that, andbut then as soon as you're done,
I think you should turn it backoff and then keeping track of
your luggage with uh, like airtags, for instance.
Eric Brown (26:07):
Uh is pretty cool, right?
You could see if you put it inin your checked luggage and and
even your the luggage that youcarry on in case it gets
misplaced.
It's kind of cool to be able tojust open up the app and see
exactly where that luggage is.
I know I've enjoyed waiting atthe luggage carousel and the
luggage is still somewhere outon the tarmac, so you know it's
(26:30):
not going to be getting to thecarousel for a while.
You've got time to go to thebathroom or grab a cup of coffee
or something like that, andthen, of course, if it does get
lost or misplaced, it might be alittle easier to find it.
Mathew Wold (26:43):
I think that's a really interesting use of an air
tag.
I didn't I didn't think aboutthat, but now that you say that,
yeah, I think that's you know.
If your luggage got misplaced,you know you could, I suppose,
use that to find out where it is, too yeah absolutely.
Mandi Rae (27:01):
My parents recently took a trip.
They had a cruise with umrecently took a trip.
They had a cruise with um.
Multiple flights to get totheir destination and they
watched as their plane took offand their luggage did not,
following this exact thing.
Mathew Wold (27:18):
So no one got there and was disappointed at the
luggage carousel like they knewit the minute they took off,
like well junk wasn't there astory recently, maybe like a
couple weeks ago, where somebodyhad an air tag and either a
package or luggage or somethingand it got misplaced and they
(27:39):
were able to find out that itwas at some employee's home,
maybe, Maybe it was a UPSpackage and they were trying to
get it back.
And finally they just went onUPS on their Twitter feed and
they posted a picture of theAirTag location and they said
(28:00):
something like UPS, I want mypackage back.
And then UPS responded like Iguess they had been trying to
get the package back for a whileand this was like their last
resort measure and they postedit and they said they wanted it
back and finally UPS I mean itwas only like a couple of hours
and they they messaged theperson and they were able to to
(28:23):
get the package from the fromthe UPS employee's house.
Eric Brown (28:27):
Wow, it's unfortunate you have to resort
to public shaming to get yourstuff back.
Mathew Wold (28:38):
Yeah, huh.
Eric Brown (28:40):
I know, though, just talking about wireless too and
not to do too much productnaming, but I know Firewalla is
one.
There's probably others, butFirewalla makes a small personal
firewall device that you canessentially connect your hotspot
to the Firewalla and thenconnect wirelessly your other
devices to that Firewalla, so itacts as a firewall for your
(29:06):
devices that are behind it,which is kind of cool.
If you're in an unknown placeand you have a couple of devices
that you want to connect to it,you could be assured that those
are relatively secure behindthat firewall device, and then
you're just using that as agateway out to the Internet.
Mathew Wold (29:24):
Talking about hotspots, that's something that
you know is going to come uphere later, but you know, I
think it's really important toyou know there's a cost
associated with that, of course,but it's not as much as it used
to be, you know.
So I think it's reallyimportant that people, you know,
don't connect to any sort ofpublic Wi-Fi and my kids have
(29:48):
iPads and they always want toconnect and watch movies and
game and all that stuff, and so,taking my own advice, I went
out last week and I ended upgetting a personal hotspot.
I went out last week and Iended up getting a personal
hotspot, you know, configuringthat.
(30:08):
I think that firewall idea isreally good too, because on,
like on a personal hotspot,there isn't any sort of firewall
protection.
You know, it's just that openconnection out to the Internet.
So probably a smart idea to putsomething like that on there.
Eric Brown (30:22):
And you could do something similar with your cell
phone provider, where you canget an international plan for
data with your most major cellphone providers.
It's like a pay-per-day or apay-per-use.
(30:44):
I think it's more expensive butnot necessarily unreasonable.
Just to add that in for a shortduration of time and then you
can also if you're going to beon a vacation I know it works in
most of Europe you can get ahotspot at the airport in
country.
(31:04):
That would give you five or tengigs of data, something like
that, for a pretty reasonablecost and with, depending on the,
the uh company that you'reusing, they can ship you the
device beforehand or you canpick it up, usually at the
airport, and then when you'redone you just ship it back.
You know when you're, whenyou're done with your vacation
(31:26):
and then when you're done, youjust ship it back.
Mathew Wold (31:28):
You know when you're done with your vacation,
but I've done that in the pastas well and that's worked out
pretty good.
Yeah, and you know, when wetalk about, like the US
Department of State, you know wetalk a lot about travel
advisory levels.
You know countries have.
You know like a level one, two,three or four, and, uh, you
know level four countries are.
You know they're like do nottravel countries, but you know
(31:50):
if you, if you need to travelthere, you could still do it,
and I think that idea of havingsome other you know like service
in another country is a reallygreat idea.
You know, personally, maybe Iwould take that a step further
where if I was going to, if Ihad to go to a level three or a
level four country, maybe I'dget a completely throwaway phone
(32:17):
, maybe even a separate SIM card, and take that with me.
I've heard that when you gointo some countries that you're
required to turn over all ofyour electronics and that
sometimes they'll just openlyconnect them and download the
data.
They have.
You unlock them so that waythey can access the data.
(32:37):
And I think that's reallyinteresting and scary at the
same time that if you want toenter the country, that you have
to turn over everything andunlock it.
Eric Brown (32:48):
It's just that's a bit much yeah feels impressive
yeah, yeah, I'm like the guywho's going with at least two
phones and probably threelaptops.
If I, if I have to whittle itdown to two, I will, but but
yeah, that's ridiculous.
Mandi Rae (33:07):
I was going to say you're always rolling with
multiple pieces of technology.
Eric Brown (33:12):
Too many.
Mathew Wold (33:12):
Yeah, yeah.
So yeah, I think you know, ifyou're just traveling within the
US or maybe you're just goingto like a level one country, you
know, getting you know somesort of like other data plan, I
think it's a great idea.
But I mean, has anybody evergone to like a non-level one
(33:33):
country?
Eric Brown (33:36):
I've been to a level two and probably a level three,
but never a level four.
Mandi Rae (33:41):
You're pretty uncultured because I don't even
know where you get this levelscale.
So, moving on, I'm going to beuncultured because I don't even
know where you get this levelscale.
Mathew Wold (33:50):
So, moving on, well , you can.
If you go to the US Departmentof State website, they have a
part of their website where youcan select the country that
you're going to go to and it'lltell you what the travel
advisory level is.
Mandi Rae (34:07):
I also want to be like.
Eric Brown (34:08):
Hey, like this YouTube if you're on the same
page as Mandy.
Mandi Rae (34:11):
So, thank you for teaching us.
Eric Brown (34:12):
Well, you know, the level fours are like North Korea
, Iran, stuff like that.
Mathew Wold (34:18):
Yeah, but you know I haven't admittedly, I haven't
done really any internationaltravel outside of North America,
so you know, just Canada for me.
But, um, you know, as I wasgoing through the the different,
uh, travel advisory levels andstuff, I was reading um a lot
more of the in-depth informationthat the department of state
(34:41):
posts there and there's somereally interesting information
because they talk a lot aboutthings that us, as Americans,
wouldn't think would be a bigdeal.
It's like a serious crime overin other countries and you can
obviously go to jail in thatcountry for doing some of that
stuff.
(35:01):
And I was just reading throughit and I thought, wow, is
anybody who's going to travelinternationally should read
through this, because a lot ofthis stuff is just a no-go over
there.
You know you get yourself intoa lot of trouble.
That's a good point.
(35:21):
Yeah, dating app on your phoneis frowned against.
Or, you know, having umpictures that we may not think
are, um, a big deal over there.
You know it's, it's a crime,like it's.
It's just you can't.
You can't do it, yeah.
Eric Brown (35:42):
So and Mandy, you've probably been to a level four
country before, like, forexample, mexico, has states in
it that are considered levelfour, some of which is level
four is do not travel, like, forexample, sinaloa, due to crime
and kidnapping is a do nottravel.
(36:04):
But then you may have otherstates in Mexico that are a
level three, which is reconsidertravel, or a level two,
exercise increased caution and,for example, a reconsider travel
, which would be a level three,like the state of Baja
California, which is in Mexico.
(36:25):
It's due to crime andkidnapping that they're saying.
You know, just use extremecaution when going there.
Mandi Rae (36:34):
Well, I have been to Mexico, so you got me, and next
time I'll use the US Departmentof State smart traveler site
Awesome.
Mathew Wold (36:45):
Thanks, you know we talked about you know making
sure that all of your stuff isbacked up and I think it's
important just you know backingit up to you know some sort of
cloud storage.
You know if you have you knowan Apple device, you can upload
that to the Apple Cloud.
Same thing with Google.
If you don't have either ofthose or you have a lot of data,
(37:07):
you could back up something tolike Backblaze.
And if you don't have cloudstorage, backing it up to either
like a flash drive or some sortof external hard drive, maybe
leaving it at home in a safewhat do you think about those
hotel safes?
Eric Brown (37:22):
Have you ever tried to access one?
Have you ever tried to access?
Mathew Wold (37:26):
one.
I've used one a long time agowhen I was naive and thought
that I was the only person inthe world that had the code.
But not anymore, after readingthat anybody in the hotel staff
(37:49):
can get access to the backupcode, which makes sense, right?
Because if somebody putssomething in there and forgets
the code, they're going to haveto get it out of there.
So not not secure at all.
Yeah, probably more more secure.
If you know it's a non-hotelperson that breaks into your
room, then I suppose you knowit's just up to them trying to
guess your four digit code.
(38:10):
But you know, one of the thingsthat kind of came up in some of
this research was you know, ifyou do have to leave like a
phone or something inside of asafe, you know they suggested
taking out the SIM card, ifthat's possible, or removing the
battery, if you can do both ofthose things.
And then, you know, just throwthem in your pocket, because you
(38:30):
know phone batteries areusually pretty small and that
sim card is, you know, just thattiny little wafer.
You know that at least then ifsomebody you know a hotel person
came and got in there, therewouldn't be any way to power on
that phone.
And even if they did that, simcard would be gone as well.
So I think that's pretty,pretty good advice, right?
Eric Brown (38:50):
I mean, there's not much more you can do, unless
you're gonna hide it someplacein the room, which I suppose you
could do there's that dark mapdiaries episode where I think
they were um poker players andlike online poker players and
the one person had put things inhis.
(39:10):
He had his laptop in his roomand he had, I think, other stuff
in his safe.
I listened to it a while ago soI'm not fully recalling, but he
did have an unauthorized accessentry into his room and someone
had fiddled with his computerand, I think, got into his safe.
But it might have been nationstate level stuff, but that's
(39:36):
not an excuse for it yeah, and Ithink they make a lot.
Mathew Wold (39:41):
There is a slide in the slide deck that shows it.
But there is a device that youcan, that you can buy, to put
into a safe like that and, um,basically you can put a like a
padlock or something on it.
So that way, even if somebodydid know the code you know and
they tried to get into it, youcould still lock it and, uh, you
(40:02):
know, you could probably justthrow that in a carry-on and
bring it with you or, you know,just throw it in a bag.
So there's some ways aroundthat to keep it safe.
But while you're out andtraveling, maybe you're stopping
by a coffee shop, maybe youneed to jump online real quick.
(40:23):
Something that probablyeverybody has heard of these
days is VPN software.
I think this is still a reallygreat solution just to have on
your phone in case you need it.
These days, vpn software isfairly inexpensive.
If you're using a VPN softwarethat's free, using a VPN
(40:49):
software that's free, more thanlikely you're the product.
That VPN company is probablycollecting your information and
then selling it to third-partyorganizations.
So I would steer clear ofanything that's free.
But there's a lot of goodsolutions out there.
There's Mozilla's VPN service.
That's a little bit newer.
I've never used that oneservice that's a little bit
newer.
I've never used that one.
But there's ExpressVPN, nordvpnand ProtonVPN.
(41:14):
I've used those ones.
They're pretty good?
Eric Brown (41:17):
I'm not sure, eric.
What's your choice of VPNsoftware these days?
No, I like all of these.
I like what Proton is doing,and I think all of these ones
that you've mentioned here don'tlog either, which is important.
I think it was Proton thatrecently went through a third
party audit that proved thatthey don't have logging
capabilities, or if they do havelogging capabilities, they're
(41:39):
not turned on.
Another one is private internetaccess.
I've used that in the past.
That one seems pretty good.
I look for ones that have aglobal distribution of servers,
and preferably ones in countriesthat I'm traveling to.
Yeah, like you said, there's alot out there.
Mathew Wold (42:01):
Yeah, that's a good point too, because you probably
need to know or make sure thatyou're going to have access in
that country, because I knowthat NordVPN doesn't have some
of the servers and stuff thatExpressVPN has, and vice versa
too.
So, yeah, I think that's a goodcall out, making sure that it's
going to work wherever you'regoing.
(42:22):
We talked a little bit aboutremoving sensitive data.
You're going, you know wetalked a little bit about
removing sensitive data.
You know, I think maybesometimes people you know just
initially think of maybe likephotos that would be sensitive,
and you know I'd say thatthere's probably more sensitive
data than just photos.
You know, if you have documentsmaybe they're like financial
documents or, I guess, anythingthat you wouldn't necessarily
(42:46):
want someone to download youknow keeping those off of your
phone.
There are some I don't know ifErica or Mandy, if you've ever
used one of these, but there aresome like third party
applications that will do likealmost like a locker, like an
encryption locker, on the devicewhere you can store data and
(43:07):
then you need to have asix-digit passcode or a
fingerprint or something to getinto it and then access those
documents.
Have you ever used softwarelike that before?
Eric Brown (43:19):
I've heard about that type of software when it
came to some applications onjailbroken iPhones.
Back in the day I know a buddyof mine had an app that you
could play sounds of a differentlocation so you could be on the
(43:42):
phone and then you could playthe sound of like a train
station behind you so it soundedlike you were in the train
station when you were talking onthe phone.
Um, which was kind of funny.
And then there was some sort oflike hidden applications where
it looks like it's a calculatorand you put in the right um code
(44:04):
and it gets to a privateaddress book or something like
that.
I haven't seen anythingrecently but I imagine those
things still exist.
Mathew Wold (44:14):
Yeah, I have an application called OneSafe and
it's specifically designed forputting documents inside of it
and, you know, keeping itencrypted.
So I use that a lot to storeany sort of um, you know,
documentation that that I don'twant just sitting on the phone
(44:34):
in case it ever got lost orstolen or, you know, god forbid,
somebody were was to hack itand download that data.
So, you know, I was just kindof thinking that you were going
to keep your travel documents.
Maybe try to keep them in anapplication like that, just in
case the phone was compromisedsome way that they couldn't get
(44:58):
a hold of a scanned passportdocument or something.
Yeah, that makes sense for sure.
Document or something yeah,that makes sense for sure.
Yeah, any sort of like textmessages.
I suppose you know if you'vehad a conversation that you know
you wouldn't want anybody toread or you wouldn't want it
leaked out there, maybe deletingthose messages, any contacts,
you know, if you don't want tobe necessarily associated with
(45:20):
somebody if it, if it ever gotout, you know, maybe maybe get
rid of those.
Change the contact information,maybe, um, and then any apps.
So you know, maybe maybe getrid of those.
Change the contact information,maybe, and then any apps.
So you know when, when we weretalking about going to other
countries, and you know wheredating apps you know are aren't
aren't seen very positive.
You know maybe getting rid ofthose, you know, before you
(45:42):
leave.
And then I think you knowthere's some really good tips
about.
You know how to stay safe whileyou're traveling and I almost
feel like you know you couldprobably do a whole podcast on.
You know physical personalsafety while you're traveling.
That's probably a ton of stuffyou could talk about there, but
you know for for this, we'lljust focus on things.
(46:04):
You know digital to keep safe,you know, but auto-connecting is
a big thing that you shouldturn off and I think we talked a
little bit about that.
You know those things like NFCand Wi-Fi.
You know the ability to airdropor I think Android has nearby
(46:26):
share turning that kind of stuffoff.
We talk a lot about Wi-Fiauto-connecting and when you
think about things like theWi-Fi pineapple and attacker
tools like that you definitelydon't want, especially when
you're on vacation, you don'twant your phone auto-connecting
(46:47):
to something like a pineapple.
And then you don't wantespecially when you're on
vacation, you don't want yourphone auto-connecting to
something like a Pineapple, andthen you don't realize that it's
connected there, and now you'rejust handing over information
to an attacker.
Yeah, that's good too.
Yeah, I am bringing myPineapple with on vacation, are
you really?
Eric Brown (47:05):
Yeah, I figure, I know know.
Oh, what's that?
No, go ahead.
I was gonna say, mandy, don'tyou usually bring your ponagachi
?
Mandi Rae (47:15):
that's what I was just gonna ask matt if he has a
ponagachi that he's gonna bringmy ponagachi is um already
attached to my backpack.
Mathew Wold (47:24):
Yep, nice, that will be coming with as well.
I figure you know I got a lotof time by the pool where I'm
just hanging out.
I might as well, you know, fireup the pineapple and see what
happens.
Mandi Rae (47:36):
Well, if you haven't checked, it out yet episode 11,.
You could pull a Jaden withthat Ponegachi.
Eric Brown (47:41):
Yeah, oh, and take it on the airplane.
Yeah, If it's already attachedto your backpack.
Backpack, that'll be aninteresting one on the airplane
yeah, I'm just gonna let it run.
Mathew Wold (47:49):
I got my, uh, my like 30 000 milliamp battery.
I figure that'll be enough toget me from a to b and still
have battery left over.
Yeah, uh, you know.
And avoiding public computing,public charging, public-fi we
talked about that one, but Ithink one of the things that I
(48:10):
mentioned in this presentationthat I think a lot of people
don't think about or don't evenknow about is public charging.
Right, and the reallyinteresting thing is that if you
plug your cell phone into oneof those hotel lamps where it
has the USB port, it seemsreally convenient, right?
(48:30):
You don't need to plug anythinginto the wall if you just have
the cable, but people can putelectronics into that stuff.
And all of a sudden, you plugit into charge and it starts
downloading data.
Eric Brown (48:45):
Maybe it sends it someplace via wi-fi or you know,
maybe that sounds like a blackmirror episode and speaking of
that, what do you guys thinkabout when you're doing these
trips using vrbo or airbnb?
Um that there isn't some sortof nanny cam weirdness going on
(49:11):
while you're staying there?
Do you check for that?
What do you look for to makesure you're not being spied on?
Mandi Rae (49:21):
I feel more vulnerable to being spied on at
gym changing rooms or tanningsalons or public restrooms so I
guess I really haven't put a lotof thought into like a guest
room at a hotel.
I personally haven't stayed atan Airbnb where the owner was
(49:42):
still there or it was someoneelse's home.
Mathew Wold (49:46):
Gotcha, yeah.
So my wife went to Florida lastyear and her and her friends
rented an Airbnb and that's oneof the first things I told her
is look for anything suspicious,because they do that right.
You can hide one of thoselittle pinhole cameras somewhere
.
I mean they sell so much stuffthat has pinhole cameras.
(50:08):
You know they have like the usb, um, you know like the, the
wall charger that has a camerain it.
I mean, everything can hide acamera these days.
But I think also don't theysell a device that you can use?
It has like a red, like aninfrared light or something on
(50:28):
it and you can shine it aroundthe room and the camera lens
will reflect and you can spot itwhen you look through the
device.
Interesting.
Eric Brown (50:40):
Is there anything?
Mandi Rae (50:40):
you do, Mr Brown.
Eric Brown (50:42):
No, I guess the only thing I do in hotels when I'm
in other countries is just becognizant of the peephole in the
door and put something over itif it doesn't have a built-in
cover to it.
I had a buddy of mine who wastraveling to India years ago and
(51:05):
he heard a noise in the hallwayoutside of his room.
Long story short, it turned outsomebody was out there using
one of those door scopes it'skind of like a way to reverse
look through a peephole on hisroom and um, ever since then I
was like, well, it's probablyjust better, because usually the
(51:27):
way hotel rooms are set up,like you know, you can look in
that peephole and see the wholeroom.
Um, but uh, just puttingsomething over that peephole is
just adds a little bit of uhsecurity, and I usually uh put
the blinds down too if they havethose blinds that you know,
one's like a sheer blind andthen one's a blackout.
I'll just put the sheer onedown during the day isn't it
(51:49):
crazy?
Mandi Rae (51:51):
This could probably be its own broadcast, but
there's so much realitytelevision and so much content
available online, people arestill spying on people in hotel
rooms and Airbnbs.
It's so perplexing to me,because there's so much
available that people want youto see.
(52:12):
Why are we seeking out otheropportunities?
Eric Brown (52:18):
It could be just the danger factor of it, I don't
know.
Mathew Wold (52:24):
The taboo-ness of being a voyeur.
Yeah, yep, voyeur, that's theword I was looking for well
stated yeah I'm sure that if yougoogle airbnb like spy camera,
I'm sure you probably just finda ton of articles where people
have found, you know, some sortof spy device in airbnbs and
(52:47):
that'll be your next episode ofthe Audit.
Sometimes hotels may have, likethe lending chargers or you know
, cables and stuff.
So if you forget your stuff youcan just go down to the front
desk and, you know, borrowsomething you know, and it may
even be something as innocuousas like a USB cable, but but you
(53:10):
know they sell USB cables thathave all of that hardware built
right into the cable.
So I mean you can't even trusta cable these days.
Eric Brown (53:19):
That's a good point too, to pack extra cables and
chargers to be able to get on avariety of power types.
Mathew Wold (53:27):
Yeah, I think, if, if, if it's not yours, if you
didn't bring it or you didn'tbuy it at an electronic store or
something, don't even connectto it, and then they have.
You've probably seen this too.
It's like the OMG cables andthey have one that's.
(53:47):
Or like the USB killer USBstick and the cable now that can
kill USB.
You know so, you plug it in andall of a sudden you know it
just destroys whatever deviceyou plugged in.
You know just to be malicious.
Eric Brown (54:04):
Oh, sends an electric current to it Right.
Mathew Wold (54:08):
Yep.
So yeah, so much stuff outthere that you have to avoid.
You know, and I think you knowjust kind of.
On this last topic here of ofguarding devices, we talked a
lot about, you know, locking updevices when you, when you leave
them behind, and removing thesim cards and stuff.
But I think it's important tojust power down devices when
they're not in use.
I did, I read even where theywere saying that if you're going
(54:29):
to go through devices whenthey're not in use, I read even
where they were saying that ifyou're going to go through like
security, if you're in anothercountry and you're going through
checkpoints or any sort of youknow security location, that you
should power those devices off.
So that way, you know, it'smuch more difficult to try to
(54:49):
power them on and copy data fromthem or, you know, to get into
those devices.
Sure, maybe you know, maybejust some extra food for thought
there.
Does, uh, does anybody connecttheir phones to rental cars when
you're, when you're out, whenyou're on vacation?
I believe I have before through.
Eric Brown (55:06):
Bluetooth.
I believe I have before through.
Mathew Wold (55:09):
Bluetooth Did you?
When you were done, did you gothrough and like unpair it?
Eric Brown (55:18):
Yeah, I'd like to say I have 100% of the time, but
I can't say that because I'mnot sure I don't share my
contacts or anything throughBluetooth like you can in some
cars.
But that is a good reminder todo that.
Mandi Rae (55:36):
That is an interesting feature in a rental
car and it's surprising theywouldn't disable it, because
it's really easy to make themistake to allow it to download
your contacts.
Eric Brown (55:47):
Yeah, well, even your destinations too, right,
like, like you know, when somesometimes you can get a loaner
car if your car is being workedon for an extended period of
time or you know a rental car aswell and you go in and you look
and you can see the history ofwhere the people before you that
have had the car have traveledto, which is interesting,
(56:12):
especially if you're doing likea turo, if you guys have ever
done that where you know you're,you're using somebody else's
car and and paying them for it.
It's kind of like um, airbnbfor cars yeah, I haven't ever
done that, but I heard about it.
Mathew Wold (56:30):
Yeah, I haven't either, so maybe now we talk
about returning home Soundsgreat, okay.
So I think following good cyberhygiene while you're out is a
really great idea.
When you come home, there's abunch of things that you need to
(56:52):
do as well, and I think a lotof this is you know, kind of
goes back to what you do beforeyou leave, but maybe just more
of like a cleanup stance, youknow, or cleanup idea, you know,
when you get back, you know.
So you know it's important toagain update antivirus software.
You know.
(57:29):
So you know it's important toagain update antivirus software.
You know, run any sort of scansjust to make sure that you know,
when you're, if you connectedto that Wi-Fi.
You know if you left that thatdevice alone in a hotel room for
a while.
You know that.
You know.
You run that A-B scan, makesure that, sure that the machine
is clean.
You know, I don't know, eric,when you go on vacation, when
you come back, do you ever justwipe the machine?
Do you have a machine that'sspecifically designed, you know,
just for travel and then that'sall it's used for?
Or how do you do that?
Like?
What kind of steps do you take?
Eric Brown (57:50):
I have not done that , but maybe my profile might be
a little different, because Iuse a cloud-hosted PC when I can
, when I'm away.
So that kind of maybe mitigatesthe need for that, because I'll
just connect to that clouddevice and do my work there and
(58:14):
keep anything off of my localmachine.
Mathew Wold (58:17):
Yeah, I hadn't thought about that, but that's
an interesting idea.
Do you use just something likea Paperspace instance or
something along those?
Eric Brown (58:27):
lines yeah, I've used Paperspace and do use
Paperspace.
I've got just a regularcomputer there, but also like a
cracking computer there.
And then for work I've got aWindows 11 machine up in
(58:50):
Microsoft's cloud so they callit a cloud PC which works pretty
well.
But then for other customerswhere they provide computing
equipment for me to use whileI'm working with them, I'll
typically either take that withme, if it aligns with their
(59:13):
policy, or if I don't plan ondoing any work with them, I'll
leave that computer behind.
Mathew Wold (59:21):
Sure, yeah, I think that's a really good point and
I think if you're just aneveryday user, if you have the
means to do some sort of cloudcomputer while you're gone,
that's probably the best thingto do.
I think that's a great idea.
Then you can either just spinit down at the end of your
(59:44):
vacation or you could just resetit.
Mandi Rae (59:48):
If it has that ability to do some sort of point
in time reset, yeah, Well, whenI go to level four countries, I
bring a burner phone and I keepall my electronic devices at
home.
Mathew Wold (01:00:05):
Yeah, I mean that's a good plan.
Maybe have a burner laptop too.
Mandi Rae (01:00:14):
It would be awesome to be that cool.
Mathew Wold (01:00:16):
Yeah, I know, when I took my last trip I just set
up my laptop and then I justtook an image of it and then
went on vacation, did my thing,and then when I came home I just
reloaded the image and just tryto mitigate any sort of issues
that way, just in case somethinghad happened.
Mandi Rae (01:00:39):
That's really smart and good precautions.
Eric Brown (01:00:43):
Yeah, do you VPN back into your home lab at all?
Mathew Wold (01:00:56):
your home lab at all.
I do, yeah, yep, yep, I've,I've done that too.
Um and uh, you know it's reallynice because then you know all
of my network traffic is goingthrough.
You know that securedconnection, um, I have access to
.
You know all of my.
You know Proxmox VMs and youknow I can use one of those
machines.
I have home automation too.
So you know I can, I cancontrol some of that stuff as
well.
(01:01:16):
So, yeah, nice.
So I think you know, once youreturn home, you know another
big thing is shredding boardingpasses.
You know, I guess I I shouldn'tbe shocked, but you know
there's, there's, there'sbarcodes on all of that stuff,
and while I've never scanned one, I guess there's a wealth of
(01:01:37):
information in that barcode andso you wouldn't necessarily
maybe want somebody getting ahold of that and getting your
personally identifiableinformation from that boarding
pass or those luggage tags, orboarding pass for that matter.
So just getting rid of those ifyou can.
And then I think, once youreturn home, it's a great
(01:01:59):
opportunity to then share anysort of social media stuff
letting people know how yourvacation was, where you went,
sharing any photos, talkingabout all the fun you had,
sharing any photos, you knowtalking about all the fun you
had.
And then you know, just keepingan eye on, you know those
devices, if you, you know if youweren't able to reset you know
a phone or a tablet or something, just making sure that you know
(01:02:21):
if it, if weird things starthappening, you know windows
opening and closing on their ownor the battery draining super
fast.
You know that might be anindicator that the device is
compromised.
Keeping an eye on any sort ofyou know financial accounts that
you use.
So if you, you know, did use acredit card or even a debit card
(01:02:46):
while you're out, you know,just, I guess I would say,
monitor that a lot more closely.
You know, just to make surethat everything looks normal.
And then just keeping an eye onyour email too, Just, uh, so
that way, if, if you get anysort of um, like hotel bills or
any receipts or um, you know,like invoice stuff from from
(01:03:07):
when you were on vacation, youknow saying that there's still
an outstanding balance, that youcontact anybody before just
paying it, because that coulddefinitely be a scam still.
Eric Brown (01:03:20):
And there's examples of I guess you could call them
legitimate scams in the countryas well, and I'll give an
example of that when I went toIceland.
Renting a car if you're goingto go anywhere other than
Reykjavik is pretty necessary todo to get around the country,
(01:03:44):
and rental cars are reallyexpensive in Iceland, for
whatever reason Two to threetimes what they would be in the
US.
But you can find some dealswhere they're cheaper and
they're off airports.
But these companies areunscrupulous in how they either
(01:04:09):
charge for insurance or theyscam you on damage that's on the
car when you return the car.
So if you do go to a countrylike this Costa Rica is another
one where they can get a littlefunny with the car rentals and
(01:04:30):
it's another one of those thingswhere, if you go off airport
and rent at a cheaper place, youjust want to make sure you take
really good pictures.
If, if it's rained out and thecar is wet, ask for a towel,
wipe it off and take reallydetailed pictures of um of the
(01:04:50):
car, the paint from all sides,hood, back top because they will
try to say, oh well, there's ascratch on the car.
But another thing you could dois you know, again use that
virtual credit card and then ifthey try any of that post-return
(01:05:12):
fee gouging, you can justcancel that virtual card.
But it's something to becautious of and and I doesn't
happen in in all countries butread the reviews beforehand
before you travel a lot ofpeople will talk about it,
complain about it, share theirexperiences and it's probably
(01:05:34):
better just to rent from areputable place and pay a little
bit more than go through therigmarole when you're returning
the car and in a hurry to getback to the airport, to the
airport.
They're very well versed atthese scams and they know that
(01:05:55):
you're under time pressure,especially if it's an off-site
rental facility and you knowit's well-practiced social
engineering.
Mathew Wold (01:06:03):
Yeah, do you ever take a picture of like the
odometer, like the dash, thedash stuff as well?
Eric Brown (01:06:10):
Okay, the dash, even if I'm renting something
locally like from a Home Depotusing their vehicle to.
You know it's like 20 bucks or30 bucks for 90 minutes.
You know you just need to haulsome stuff around.
I take a picture of exactlywhere the gas is, the odometer.
I take pictures of the outsideof it.
(01:06:32):
You know it only takes, youknow, a minute to do all those
pictures and that way you've gotproof.
You know, when you return it,that nothing happened.
Mathew Wold (01:06:42):
Yeah that's another .
That's a good tip.
So we've talked a lot aboutthings to do once you return
home, and I think that ties inreally well with a lot of the
things that you should do beforeyou go traveling and while
you're traveling, and I thinkone of the biggest things is
(01:07:03):
just maybe doing a little bit ofresearch.
Um, with your vacation, youknow, before you leave, um, you
know we talked a lot about um,you know, doing some research,
uh, on who to who to book travelthrough, like when you're going
to stay someplace.
(01:07:23):
Um, you know, making sure thatyou know your, your, your stay
is, you know a legitimate stay,that if you're doing Airbnb,
that it's you know a legitimateplace.
You know if you're going to usea car rental company, to do
some research there as well.
So I think that's one of the bigthings just doing a little work
ahead of time to make sure thateverything is legitimate.
(01:07:46):
And then doing work to makesure that all of your devices
are backed up, you're ready totravel with them, you know where
you're going and what you canand leaving behind and maybe who
has access to those and whatyou're sharing online.
(01:08:16):
So just being really carefulthere as well, and then once you
get home, just making sure thatyou have all of your
electronics with you.
So make sure you have thatbefore you leave, make sure that
you have it when you get back.
You know, just kind of doing alittle cleanup work after that
and then you know you can havethe fun part of sharing all that
information on social media ifthat's your thing.
Eric Brown (01:08:40):
Thanks, matt.
We've talked about a lot todayand really appreciate your time.
Before we wrap up what's yourfavorite place to travel to?
We wrap up what's your favoriteplace to travel to?
Mathew Wold (01:08:50):
You know I've been to San Diego so many times.
It really is one of my favoriteplaces.
The weather just always seemsto be so nice, so currently
that's my, that's my go-todestination.
Eric Brown (01:09:03):
Nice, cool, yeah, lots of lots of fun stuff to do
in San Diego?
Mandi Rae (01:09:11):
Good breweries there too.
How about you, mandy?
I always like to say myfavorite place is probably one
I've never been, but, like we'vebeen talking about, with travel
restrictions, I've definitelyhave a new fondness for being
able to just jump on a flightand go to Vegas, whether it be
for DEF CON or for the weekend,and so that is a place I often
(01:09:31):
frequent.
Eric Brown (01:09:33):
Oh, very cool.
Mandi Rae (01:09:34):
How about you?
Eric Brown (01:09:35):
I would say my current favorite place is.
I really did like Iceland, Ihave to say Really cool country,
lots to see and do, a lot ofoutdoor activities, great food
and fun people.
Really just a great tripoverall.
Mandi Rae (01:09:57):
I've always had it on my bucket list to check out
peak northern light season inIceland.
Was that something you got tosee?
Eric Brown (01:10:06):
It wasn't.
I was there a little bit beforethey were really active.
I guess they're active all thetime, but before they were
really active I didn't quitemake that season and it was
cloudy a lot of the time that Iwas there, but overall a really
great trip, really great trip.
Mandi Rae (01:10:27):
That'll be an excuse to get to go out again.
Eric Brown (01:10:31):
That's the more I sit with it.
Mandi Rae (01:10:38):
My favorite travel destination has to be Colorado.
Eric Brown (01:10:39):
Lived there for a little while, and so it's really
nice to get to go back out.
Colorado's a great place, andI'm going to amend mine, mandy,
just to say anywhere wherethere's a direct flight is a
place that I'd like to go.
I do not like airport transfers.
Mandi Rae (01:10:55):
I agree.
I used to travel in a previousrole and I was home a week, gone
a week, and so I loathe theairports.
Eric Brown (01:11:05):
Well, we had a lot of fun today, and Mandy too.
Thank you for your time as well.
Always fun to chat, um andagain, matt, thanks again.
I'm sure we'll have you onagain soon, but um, yeah, that
was uh.
Travel safe with Matt Wold andthe folks at IT Audit Labs.
(01:11:28):
Thanks again, thanks for havingme.
Mandi Rae (01:11:32):
Hi, okay, matt Wold, would you mind if we put the
presentation on our website sopeople could view it?
It's okay to say no.
Mathew Wold (01:11:45):
Sure, it doesn't bother me.
Mandi Rae (01:11:47):
That would be the only other thing I could use, so
I won't rebrand it or change itat all, but Casey has been
working on the platform to tietogether episodes and related
content or things we recommend,so this would be really
complimentary Sure.
Mathew Wold (01:12:01):
I can email it over to you and it's a really good
prezo, thanks Great.
Eric Brown (01:12:05):
Did you guys have fun with it?
Mandi Rae (01:12:08):
I enjoyed this topic and that's why I was like, Ooh,
I'll come to this one.
Eric Brown (01:12:11):
It's Mr Wold Right, and now Matt gets to travel for
real, so that's cool.
Mathew Wold (01:12:18):
Yep, yeah, you know , I called my.
I usually call my mom on theweekends, while my mom and dad
and you know we were talkingabout traveling and stuff and
they were good enough to jointhe the library one.
It was the only one thatthey've been to and so, uh, my
mom was kind of grilling me onon if I was taking some of my
own advice.
(01:12:38):
So how?
Mandi Rae (01:12:39):
sweet when you sent me the library link.
Um, my parents were going on acruise in a couple days, so I
sent it to them too and I waslike watch this.
It's for old people at RamseyCounty Library like you guys are
in that group yeah, that'sawesome.
Mathew Wold (01:12:54):
I think it's just a topic that you know, we don't,
we don't think of very much, andso you know I had a lot of fun
doing the research on it and, um, I feel like there's probably
so much more that could havegone into it.
Um, but yeah, I just hope.
I hope people can can getsomething out of it.
Mandi Rae (01:13:11):
You weren't wrong about Googling Airbnbs with
hidden cameras, Like there was alot of juicy content there, but
by the time I got it pulled upwe had transitioned and I didn't
want to belittle the point, butthat's an entertaining thing to
do if y'all are ever bored.
Eric Brown (01:13:26):
Yeah, oh, wow, okay, like people's horror stories.
Mandi Rae (01:13:31):
Yep, oh, wow, okay, like people's horror stories.
Yep, there's stories.
And then there's also, you cantell, annually around, like the
May June timeframe, differententities are articulating how to
look for cameras or how tocourt because of the cameras
that were placed strategicallythroughout the property that
(01:13:54):
they felt compromised.
They're nasty.
Yeah.
Eric Brown (01:13:59):
That's got to get better cameras, that's what
happens when you buy the cheapshit.
Mandi Rae (01:14:05):
I I don't go to tanning salons often but I bring
them up because I that was oneof my first jobs.
I worked in one and acompetitor to our franchise got
busted in a huge sting about thesame thing.
Because you know, at tanningsalons if you ever go to like
get ready for a mexico trip orsomething, a lot of people you
know pre, pre be in the sunbecause they want to you know,
(01:14:28):
get that tan yeah, pre-game,pre-game, um, anyhow, but
they're pretty much like.
some of them don't even havedrywall, you know, they don't
have ceilings, and so this guywas literally there's just holes
with cameras in them, watchingpeople prepare to get in the
tanning bed and watching peoplewhile in the tanning bed, and
(01:14:50):
that really boosted our businesswhen all his salons got shut
down.
Well, we'll protect your,protect yourself from weirdos.
Yup, that's the name of thegame.
Mathew Wold (01:15:01):
Thank you, I will.
Eric Brown (01:15:05):
Bye guys, have a good weekend.
Mandi Rae (01:15:07):
You too.
Eric Brown (01:15:08):
Later Bye MoneyRedecom.
Popular Podcasts
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Therapy Gecko
An unlicensed lizard psychologist travels the universe talking to strangers about absolutely nothing. TO CALL THE GECKO: follow me on https://www.twitch.tv/lyleforever to get a notification for when I am taking calls. I am usually live Mondays, Wednesdays, and Fridays but lately a lot of other times too. I am a gecko.