Internet Expert Debunks Cybersecurity Myths | WIRED

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

From Wikepidia : Eva Galperin is the Director of Cybersecurity at the Electronic Frontier Foundation and technical advisor for the Freedom of the Press Foundation. She is noted for her extensive work in protecting global privacy and free speech and for her research on malware and nation-state spyware.

Sounds like she knows what she's talking about

👍︎︎ 71 👤︎︎ u/Dalcoy_96 📅︎︎ Jul 29 2020 🗫︎ replies

I don't have sticker on my webcam, I keep it simple - it just doesn't work under debian by default and I have no reason to get it fixed ¯\_(ツ)_/¯

👍︎︎ 30 👤︎︎ u/maxya 📅︎︎ Jul 30 2020 🗫︎ replies

I appreciate the info, but most of the stuff is common knowledge if you're in IT. Probably more helpful for non-IT folk

👍︎︎ 24 👤︎︎ u/neofiter 📅︎︎ Jul 29 2020 🗫︎ replies

I was thinking to share this out tomorrow for end user education, but I might give people headaches with the nonstop camera cuts and zooms. Really expected higher quality from Wired.

👍︎︎ 8 👤︎︎ u/theblinkenlights 📅︎︎ Jul 30 2020 🗫︎ replies

The hotels I’ve been staying at in the US. All of them had open WiFi. No acknowledging or agreeing usage. No password. I feel like they either don’t care or I didn’t understand it.

👍︎︎ 4 👤︎︎ u/posco12 📅︎︎ Jul 30 2020 🗫︎ replies

Pretty accurate up until she states the the IT manager cant see in to your https website your accessing, actually, yes, yes i can........

This section is pretty inaccurate.

👍︎︎ 4 👤︎︎ u/terrybradford 📅︎︎ Jul 30 2020 🗫︎ replies

Typically for me to stop you uploading the business secrets or downloading the virus.exe i need to dig inside the https stream of data, in a business i can do this by having the firewall trust the end point and also the website, however the firewall will be inspecting both parts before it sends them on, man in the middle.

👍︎︎ 2 👤︎︎ u/terrybradford 📅︎︎ Jul 30 2020 🗫︎ replies

Didn't know that stuff about Tor

👍︎︎ 2 👤︎︎ u/sonicworkflow 📅︎︎ Jul 30 2020 🗫︎ replies

I met her at a convention. Nice lady if a bit timid.

👍︎︎ 3 👤︎︎ u/Blacksun388 📅︎︎ Jul 30 2020 🗫︎ replies

Captions

it is vitally important that your password not be the same across different platforms because when platforms get compromised the usernames and passwords sometimes get dumped and passed around among hackers hi my name is eva galperin i work for the electronic frontier foundation where i am the director of cyber security and i'm here to debunk some myths about cybersecurity the government is watching me through my camera it is possible to remotely trigger somebody's camera if you install a remote access tool on their device that is something that hackers do that is something that criminals do that's something that governments do but in order for the government to install the software that they need to do in order to track you through your camera they need a warrant from a judge it is more likely that you will be watched by hackers or if you're a student by your school than it is that you're going to be watched by the government since it is possible for someone to turn on your camera without the little green light going on if you would like to make sure that when that happens they don't see anything then it is recommended to put a sticker over your camera most people aren't targeted with this stuff and usually you don't have to worry what i recommend that people do is that they download antivirus software from pretty much any antivirus company and just run a scan on the highest setting the dark web is a scary place full of illegal activity the dark web is a network of websites that you have to use something like tor browser or any of the other you know sort of guaranteed to be anonymous browsing uh applications in order to get to and it can be any kind of website this is not necessarily just used for you know selling drugs and trading child porn for example facebook has a dark website they have dot onion site that you can only get to if you are logged in using tor tor and other applications like it are not just used by criminals the other people who frequently need anonymity online journalists activists people who are talking to journalists and of course people in authoritarian countries who are very worried about their government spying on their social media use tor browser originally funded by the us navy the government needed a way for people to be able to go to websites and maintain their anonymity and not have their digital footprint seen by the people who are running the websites privacy is dead if privacy was dead governments and law enforcement wouldn't have to keep trying to kill it by proposing new laws and talking about all of the stuff they can't possibly get into but most importantly privacy is not about living as a hermit on a mountain by yourself never communicating with anybody privacy is power over your information understanding what kind of trail you leave behind enables you to limit that trail or enables you to limit who can see that trail the kind of security and privacy advice that you give to people really varies person by person but there are a couple of things that are that are good for everybody like eating your broccoli and taking your vitamins you should have long strong and unique passwords for all of your accounts and you turn on the highest level of two-factor authentication you're comfortable using take your software updates this is how you benefit from the work of the security team and finally that you actually sit down and you think about your threat model you think about what you want to protect and who you want to protect it from google reads all my gmail google actually does read all of your gmail google is storing all of your email if you are using a gmail account they automate scripts which read the contents of your mail and who you're you're mailing back and forth to what they do not do is read your email and then tell the government what's in it google has extremely strict privacy rules internally and if a government or law enforcement wants to get their hands on this data they have to show up with a subpoena for the metadata or a warrant for the actual contents of your email but there is a difference between protecting your data from hackers protecting your data from advertisers from governments and law enforcement a strong password protects you from hackers this is partially correct and that a strong password is one of the things that you need in order to secure your account it is vitally important that your password not be the same across different platforms because when platforms get compromised the usernames and passwords sometimes get dumped and passed around among hackers and hackers will do what we call credential stuffing where they try to get into your account using these old passwords from other platforms you should also be very careful about your security questions your security questions are usually things about you that a person who knows you relatively well knows a person who knows you well might know the name of the street that you grew up on or the name of your favorite teacher or your favorite breed of dog and so instead of answering those questions truthfully i recommend answering them as if they are simply more passwords so now you have a different long strong unique password for every account and trying to remember them all is a pain and this is why i recommend using a password manager which you install on each of your devices and will generate new passwords for you that way you can make sure that you never forget your password as long as you remember the single password to your password manager so how often should people change their passwords sometimes programs or companies will require you to change your password every 30 days or every 90 days this is actually not helpful at all it turns out that users create shorter and more memorable passwords when they have to change them all the time that they don't change them very much and therefore you're not actually getting a big gain in security your best bet is what we call diceware where you use somewhere between five or six randomly generated or randomly chosen words that way you get a very long very difficult to crack password that is also fairly easy to remember encryption will keep my data safe encryption is scrambling the data or the metadata so that it is not possible for somebody who sees it to read the information that you are sending encryption is used in two very different ways on the internet one is called encryption and transit encrypting data in transit is if you look at your browser and you see the url at the top of your browser you see that it probably starts with the letters https the s at the end there stands for security it means that the information which is being sent between you and the website that you're going to is encrypted so that anybody else was sitting on the network somebody else in your coffee shop the it manager at your office whoever it is that runs the network at your school all of those people can only see that you are going to the website and they can't see specifically what page you're going to and they can't see what it is that you're doing there for example they can't see what pictures you're downloading or they can't see what password you're entering the other kind of encryption is end-to-end encryption when you encrypt something in transit you are trusting the person who runs the website but no one else and when you are doing end-to-end encryption you don't even have to trust the person who runs the website the only person that you're trusting is the person that you are messaging and that is because you have the an encryption key and uh the person that you're sending a message to has an encryption key and that is how these things get locked down the good news is that there's a lot of powerful encryption that's being used to protect you every day and you don't even know it whatsapp for example has more than a billion users all over the world and their messages are end-to-end encrypted but what's most important is to understand where your data is going who has access to it and what they would have to do in order to access it if you do not want them to public wi-fi is safe back before the majority of the web was encrypted using https it was extremely easy for anybody who is sitting on the same network as you including somebody sitting on the same public wi-fi as you sitting in a cafe with you to not only see everything that uh that you were browsing and everything that you were typing in but also to inject false information into that stream so that you would say type your password into a website that the hacker controls and now the hacker has your password and they can log into your stuff it used to be extremely unsafe i and it was really common for hackers to hang out on public wi-fi this is less true now that the web is mostly encrypted a lot of people recommend using vpns vpn stands for virtual private network it is just a way of creating a tunnel between you and wherever your vpn is in order to protect your browsing or your internet activity from whoever is running the network that you're on for example if you are in a hotel and you use hotel wi-fi and you log in to work using your vpn the hotel can only see that you logged into the vpn they can't see what your traffic looks like but work can see all of your traffic and so you need to be able to trust them cyber attacks are the new warfare most of what we think of as cyber warfare is actually cyber espionage and in the cases where there is cyber warfare that's extremely rare probably the most famous example of that is stuxnet when the us and israel worked together on a piece of software which broke the centrifuges that the iranian government was using in order to refine radioactive materials for their nuclear weapons program but really it almost never happens what is important is that uh governments are not the only threat actors out there for the most part if you are an ordinary person you are more likely to be targeted by criminals by hackers who want your money a lot of what people think of as hacking is actually security research people who are trying to break systems for the better in order to inform both users and the people who make the systems about these vulnerabilities before bad people take advantage of them the hacker mentality can be applied to anything hacking is is not about being a bad person it is about understanding systems and subverting them understanding the limits of surveillance and of hacking is really important in order to build out a place for yourself where you can feel safe and where you can understand where your information is going and who has access to it

Info

Channel: WIRED

Views: 287,310

Rating: 4.8991327 out of 5

Keywords: cybersecurity, cybersecurity expert, computer hacker, hackers, hacker security, encryption, google read gmail, hackers computer camera, computer camera hacker, hacker camera, wired hacker, hacking expert, cyber security, computer security, network security, network security hacker, wired network security, computer hackers, hackers computer, security wired, wired eva galperin, eva galperin, eva galperin cybersecurity, mythbusting wired, mythbusting, wired

Id: cQI0O7xdNOU

Channel Id: undefined

Length: 11min 25sec (685 seconds)

Published: Wed Jul 29 2020