Your Information or Theirs?

The concept of allowing a company you purchase from to share your information with other companies has become very commonplace in our modern society.  Information like your name, email address, phone number(s), and even physical or mailing address are common pieces of information that will get shared by companies and you usually agree to it without even knowing you’re doing it.  Buried within most “Terms of Service” agreements will be some sort of clause that allows the company to share your data with other vendors or even to sell your data for their own profit.

What most of us do not realize is that the definition of that information is evolving almost as fast as technology.  The most recent and surprising example of this type of data sharing comes from the company iRobot, the makers of the popular Roomba vacuum.  According to an article by Hacker News, Roombas being manufactured since 2015 not only vacuum but also map your entire house as they do.  iRobot is apparently planning on selling and/or sharing this data with third-parties.

iRobot CEO Colin Angle stated, “there’s an entire ecosystem of things and services that the smart home can deliver once you have a rich map of the home that the user has allowed to be shared.”

Angle also mentioned that he is planning to push the company toward a broader vision of the smart home, and in the near future iRobot could sell your floor data with the business like Apple, Amazon, Microsoft, and Google.  He does add the caveat that it wouldn’t be without the user’s consent.

While I see the vision of the company and the positive aspects of sharing the data between devices inside a single home or building, the idea of data that specific about my life and my home simply scares me.  I have to ask myself, as should these companies, where do we stop or how much is too much?  I also worry about whether or not they will actually inform or request separate permission from their customers before they do this or if they just rely on their existing Terms of Service agreement.

Another, larger question on my mind deals with where will it go from here.  What new types of information will start to be gathered and sold by all of these new Internet of Things (IoT) devices we keep adding to our lives.  At what point is our privacy just not going to matter anymore? Honestly, it’s not technology or progress that is to blame, but rather the lack of forethought and the lack of care about people that I feel causes these issues.

My advice, as usual, is pay attention and be careful.  Be as aware as you can of the technology you use and the companies that make it.  Protect your data and your privacy at all costs.  If you have any doubts or questions, you can always contact us here at Cyber Watchtower and we will be glad to help in any way we can.

Austin Bynum
Chief Watchman
Cyber Watchtower

Austin Bynum has spent the last 18 years working in IT and network security.  His passion is to ensure everyone stays safe online and digitally.  His belief is that everyone has the right to be safe online without having to be their own expert.

Is “Biohacking” our future?

The term “biohacking” has developed several definitions over the past several years.  It has, however, increasingly come to refer to implanting of devices into one’s body in order to interface with technology.  e.g. the implanting of microchips for payment and other services.

From my perspective, I really dislike this term, especially because many people in the technology arena are advocates of this practice.  To me, it seems silly to take a word that typically has a negative connotation to people, like “hack”, and apply it to something you see as positive.

Regardless of the terminology, the real question lies in whether or not we should go down this path at all.  The debates range from technological advancement and the natural progression of technology to moral questions and even apocalyptic omens.  I’m not sure where you might fall in this, but for me, it is somewhere in the middle.

If you read my blogs at all, by now you should know that I love technology and have built my career around protecting people from the misuse of technology and trying to make to productive to increase the efficiency of our lives.  While I do understand that there is a natural progression to anything, including technology, I do think we forget to ask ourselves if the next step is really one we should take.

According to a recent article from Hacker News, “Marketing solution provider Three Square Market (32M) has announced that it had partnered with Swedish biohacking firm BioHax International for offering implanted microchips to all their employees on 1st August, according to the company’s website.  I encourage you to read this article and truly develop your own opinion on the subject as I think we will start to see this trending more and more.

As an IT professional, I totally see the benefits and security of this type of access control and monitoring.  They refer in the article to things such as door and computer access as well as vending machine purchases.  This is, in many ways, an IT Director’s dream.  One of the first positives that I see is that we essentially are eliminating the need for passwords on our computers if the access is controlled via these devices.  We, therefore, take the human element out of the equation of computer access which will always make IT people happy.  Or will it?  Let’s think about the new security concerns and other questions that will arise.

Security and other concerns:

  • How do you handle these devices once the employee has moved on from the company?  Do they keep it or do you have to have it removed?  What is the expense either way?
  • The devices use RFID to communicate.  How easy are these devices and/or their frequencies to copy, manipulate, or duplicate?
  • What are the long term health implications of these devices inside the body?
  • Are there other health concerns such as pace makers, defibrillators, etc?
  • Can the device or frequency be tracked off-premise or even via GPS?

These questions make up just a few of the concerns that will inevitably arise.  As with the case of introducing any new technology, we introduce an entirely new set of concerns and avenues for security breaches, many of which we are unable to see until we have implemented said technology.  Many times, it is near impossible to foresee all of the new issues and attack vectors that will arise from new technology implementation.

The hardest part for me is that I am such an advocate of new technology and where advancements are taking humanity.  I appreciate them and usually “geek out” over them initially.  However, I find myself having an ever-increasing reticence with things like biohacking and biometrics.  On the surface, they seem to just provide convenience and more peace of mind.  I contend, however, that many of these new technologies, especially authentication technologies, should be carefully examined and tested before implementation.  If there is one thing history has taught us, it is that if someone wants into something bad enough, they will get in.

Some food for thought for us all I suppose . . .

Stay connected.  Stay safe!

Austin Bynum
Chief Watchman
Cyber Watchtower

Austin Bynum has spent the last 18 years working in IT and network security.  His passion is to ensure everyone stays safe online and digitally.  His belief is that everyone has the right to be safe online without having to be their own expert.

Cybersecurity and You (Pt. 2)

In Part 1 of this series, we discussed some current general internet statistics and how they show us why we, as users, need stronger security practices as well as a better understanding of how best to protect ourselves against the growing number of threats out there.  We also discussed good password management practices and how best to avoid common pitfalls that create weak passwords.

In this segment, I want to discuss some of the common threats that exist out there and how you can best protect yourself from and avoid them.

Problem: Malware
The first thing I want to discuss is Malware. Malware is essentially any malicious program created by some intended to do harm to you, your computer, and/or your data. Many times it is intended to steal your data for identity theft purposes.

The most common types of malware are things that you’ve probably heard of such as viruses or worms.  Other, more malicious forms include things like ransomware.

Ransomware is malicious software that once it infects your computer, it encrypts all of your files keeping you from accessing them. A message will then display on your screen essentially extorting you for money if you want to get your files back. Some people pay and some don’t.  Regardless, the damage is done and some businesses never recover after one of these infections.  You may recall an attack in the new recently about “WannaCry”.  This is one of the most recent and worst examples of this type of attack that we have seen.

Solution: Defense and DON’T OPEN/DON’T CLICK strategy
So how do you prevent these things from happening to you?  To answer that, we have to look at that the most common way that malware infects computers.  Statistics show us that 91% of all these infections come through some sort of PHISHING attack.

What is PHISHING? Well, it is officially defined as, “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.”  They can also be used to infect your computer via bad file attachments or links to infected websites.

So the simplest solution here is to pay close attention to the emails that you open.  The best rule is DO NOT open ANYTHING that is from someone you do not know or that you are not expecting.  Along with that, if it looks fishy (or PHISHY), delete it.  The biggest thing to pay attention to here is that with a stat like 91% you can see that if you’re going to get an infection of some kind, it will more than likely come via email.

Of course, another important solution is to protect your computer/equipment with anti-virus/anti-malware software or these days referred more to as security protection suites.  Having some sort of protection on your machine like this will also go a long way in preventing or helping to prevent your data from being compromised by these malicious programs.

Problem: Social Engineering
When I speak to audiences, I make sure to talk a little about social engineering.  One of my friends once put in the form of a trick question.  What is the least secure operating system?  The answer is the Human Operating System.  US.  We are the weakest link for malicious parties to exploit.  I define Social Engineering as “hacking the human OS (Operating System)”.

It is basically is the oldest trick in the book.  It’s the con game.  It’s the selling of snake oil.  There are a lot of ways these malicious parties attempt to get your information.  They will do anything from stage fraudulent phone calls posing as a representative of a company with which you do business to PHISHING email campaigns.  That’s right, PHISHING that we just discussed is another form of social engineering.

Regardless of the method, social engineering has one goal, to do you harm in a way that also benefits the person initiating it.  Whether they are attempting to steal your personal data or infect your computer, their ultimate goal is financial gain at your expense.

Solution: Be wary.  When in doubt, don’t give out your information.
The best thing you can do in any situation is to trust your gut.  If something feels wrong, it most likely is. Whether in email, on the phone, or even in person, trust that feeling inside that says, “I really don’t feel right giving any information to this person.”  I’ve been known to ask very pointed questions on that phone that either get good answers or make the person hang up.  The hang ups are obviously people who realize I’m more in tune with their intentions than they expected, so they move on to the next target.  Remember that these people are looking for the easy game, so when they meet resistance, it’s easier for them to just move on.

So, ask questions.  Ask them why they need your full social security number, or why they need you to give them your password.  These types of questions are not ones typically asked by legitimate businesses.  They should already have the data and not need you to provide it, especially if they called you.  Also, watch for lack of professionalism.  Some of these people will get belligerent when you question their need for information.

I know this has been a bit of a long post, but I wanted to get you as much information for your own protection as possible.  Be cautious and protect yourself the best you can.  Equip yourself with knowledge and tools to keep you, your business, and your family safe from these ever-increasing dangers online.  As aways, we at Cyber Watchtower are here if you need us.

Stay connected.  Stay Safe!

Austin Bynum
Chief Watchman
Cyber Watchtower

Cybersecurity and You (Pt. 1)

I travel state-wide here in Texas and speak to as many people who will have me.  I try to keep my audiences diverse and open because cyber security affects everyone, even you.  Whether you’re a 25-year-old IT professional spending most of your life online or a retired grandmother with 15 grandchildren who may only use the internet once or twice a week, your life is somehow impacted by this ever-growing concern in our modern world.

In this short series of blogs, I am going to discuss several different and important ways that you can make some minor changes to make your digital life more secure.

Now, when I present to audiences, I love to give statistics so that people can see just how important it is to have good cybersecurity practices.  Some of the stats I give really shock people and while my goal is not to cause fear, it is to bring awareness to the criticality of the situation and then personalize it so they can see how it can potentially affect their lives.

We discuss the growing rate of internet usage and how just over 50% of the world now has internet access.  This growing environment not only increases available targets for the malicious people, it is giving the malicious people room to grow and recruit.  Below are some of the other current stats that I use:

  • 130 – Average number of online user accounts per person in the US
  • 91% – The percentage of malware infections that happen from PHISHING
  • Asia has the most internet users at nearly 1.9 Billion but that is only 45% of their population
  • North America has 320 Million users and makes up 88% of our population

We usually discuss password hygiene and security as it is such a huge part of our overall security as a society.  I even explain to them the trends that are growing in password hacking technology such as pattern recognition.  Those malicious parties now look for common password patterns such as:

  • All numbers in the password being together (i.e. “hereismypassword1234”)
  • The most common used special character is the “!” and it is usually at the end. (i.e. “hereismypassword1234!”)
  • When a capital letter is required people just usually make it the first letter of the password.

Here are some recommended adjustments that while minor will still help take the security of your passwords to the next level.  Essentially make adjustments to your existing passwords around the few things I mentioned above.

  • Start your password with a lower case letter or special character
  • Mix up your numbers
  • Place capitals at random
  • Substitute some letters with numbers


Internet access exists all over the world and let’s face it, it’s not going to lessen anytime soon.  Anyone reading this blog most likely has plenty of online presence including at least 10 user names and passwords online.   Hopefully, the above information has been helpful to you and will be a good starting place in you having a better understanding of cyber security and how you can flex some of your own security muscle in your digital life.

Keep watching here.  Next time I will discuss some specific threats to your digital life and how you can protect against them.

Stay connected.  Stay Safe!

Austin Bynum
Chief Watchman
Cyber Watchtower

“I Give Up!”

Cybersecurity. Ransomware. Antivirus.

If you own any sort of electronic computing device, these are just a few terms that have become a part of your daily life.  With all that is out there in cyberspace and the news, it’s a wonder that we still have any trust in technology at all.  Honestly, some people are getting quite fed up and are ready to throw in the towel, but reality won’t even let them.

The truth is that technology isn’t going away.  The other truth is that neither are the security risks.  I know at times it must seem that the world is falling apart around us electronically, especially after the last week with the WANNACRY ransomware attack.If you are unfamiliar with what has been going on, last week a ransomware infection started in Europe and has now infected thousands of computers in hundreds of industries across more than 150 countries.  The hardest hit was most likely the NHS (National Health Service) in the UK.  Many hospitals had computers and equipment infected and rendered useless, at least temporarily.  It has been a very scary time.

If you are unfamiliar with what has been going on, last week a ransomware infection started in Europe and has now infected thousands of computers in hundreds of industries across more than 150 countries.  The hardest hit was most likely the NHS (National Health Service) in the UK.  Many hospitals had computers and equipment infected and rendered useless, at least temporarily.  It has been a very scary time.

If you’d like more specifics about the infection I’m including several links to other, more detailed articles for you to read.  The short of it is that a weakness in an older, outdated and unsupported version of Windows (XP) was exploited.  The worst part, other than the outdated operating systems, is that the infections came via PHISHING attacks.  PHISHING involves people receiving infected emails they think are legitimate and it is the most common method of distributing this type of attack.

I don’t want to get bogged down in the details of this today though.  What I want to do is acknowledge that there are so many of you out there that just want to live your lives and trust the technology you have to increase the efficiency and quality of your life.  That, after all, is its intended purpose.  Nothing new comes without risk, but I know many of you ask why you should be a technology expert just to stay safe online.

The truth is that you shouldn’t have to.  You should be able to trust that the technology you use is safe, for you and for your family.  That is mainly why we created Cyber Watchtower.  We want you to be able to just enjoy life and use these technological tools without fear of all the risk that comes with it.  I make it my mission to educate and help people with these issues as much as I can because I know they scare and intimidate most of you.

We will try to keep you as informed as we can.  Just remember, we are here for you if you need us.  Do not hesitate to even just ask us questions if you need a better understanding of something.

Take care of yourselves out there.

As always, stay connected. Stay safe.

Austin Bynum
Chief Watchman
Cyber Watchtower

Apple Breached?

On March 21st of this year, Motherboard released an article about a possible security breach to Apple and its iTunes’ accounts.  According to the article, a hacker group calling themselves the ‘Turkish Crime Family’ has acquired a cache of iCloud and other Apple user names and passwords and are attempting to extort Apple for $75,000 in bitcoin or $100,000 in iTunes gift cards.

Apple has stated that there have been no breaches to any of their systems.  According to an article from Wired, Apple has stated, “The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services. We’re actively monitoring to prevent unauthorized access to user accounts and are working with law enforcement to identify the criminals involved.”Apple has gone on to say that they do not perceive the hacker group as a credible threat.

Apple has gone on to say that they do not perceive the hacker group as a credible threat.  In some ways, it is easy to see why they feel that way.  I’ve honestly waited until now to write about this because the more that is published and I read, the story seems to change and the group even changes their story.  Even in the first article, there was a discrepancy in the number of accounts the group claimed they had in their position.  Now, from all that I’ve read, they’ve either upped their demands or the story keeps changing.  Now the threat includes everything from locking people out of their accounts to wiping 250 million iPhones.  They have even apparently given a deadline of April 7, just 3 days away, for Apple to comply with their demands.

Regardless of the threat credibility, the solution for everyone is actually quite simple.  The simple answer to this problem if you are worried is . . . change your iTunes password.  I know it sounds so repetitious of me, but it really is that simple.  If what the hacker group has is truly active credentials for iTunes/iCloud, then we can all just take away the threat by changing the passwords so that whatever the information they have is no longer any good.

My personal recommendation is to do just that.  I have already changed mine.  I suggest you change yours.  Now, I know that many of you have multiple Apple devices that will require you to update your password once you change it.  I am not different.  I have 4 devices that will need updating with my new password, but it seems a small price to pay to protect myself and my data.

Remember, the group has given a date of April 7, so I suggest changing your password as soon as possible if this worries you at all.  For the sake of fair play, below I’ve provided three links to different articles to let you decide for yourself.  My opinion is still the same though.  It’s a simple fix versus rolling the dice.

Motherboard Article
Wired Article
Fortune Article

As always, be safe.

Austin Bynum
Chief Watchman
Cyber Watchtower

Kids, Technology, and Security

Being the father of teenage twin daughters, I’m continually surprised and impressed at the amount of technology they use in school and in their lives compared to when I was a teenager.  Over the course of the last several weeks I have had the privilege of speaking to several classes at my daughters’ high school about cyber security and identity theft.  The classes that I have been speaking to belong to the school’s “LIFT” program.  This special set of classes prepares and competes in a really innovative event called Future Problem Solving or FPS.

While I love everything about this concept and event, especially with the subjects that they choose to tackle, I wasn’t sure what to expect when I was asked to come speak on these subjects.  Usually these kids have done tons of research and are very informed on their topics.  To be fair, they had just started researching this one, but the most amazing part to me was the lack of basic security knowledge and understanding inside a group of very intelligent teenagers from a generation that has been completely saturated with technology their whole lives.

Don’t get me wrong, there were some things that they knew.  However, when I started on the discussion of passwords and best practices surrounding them for protections, they were as surprised as the adults I often speak to.  They had a general idea of what malware is, but no real understanding of how it works, spreads, or how dangerous it is.  When I discussed social engineering, they hadn’t really heard of even the most basic and oldest concepts.  I was very shocked.

To their credit, they did have some understanding of social media dangers, which makes sense and made me breathe a small sigh of relief.  The most amazing part was that as I started connecting some of the dots for them and teaching about some of the real dangers out there and how identity really gets stolen digitally as well as just basic cyber security practices everyone should be aware of, they latched on and soaked up most of what I had to say.

Don’t get me wrong here.  I am not knocking these kids.  They were all great and let’s be honest, the reason they didn’t know a lot of what I spoke about is because we, the generations ahead of them, have not taught them.  Again, to be fair, I do this for a living and so I do take my own knowledge for granted sometimes, but many of the things I discussed were things that in my mind everyone should know and be on the look out for.

Honestly, speaking in front of these classes opened my eyes even further to the need for general education and training for everyone so that they can simply protect themselves.  It was also a nice confirmation that the services we offer as a business are just as needed as I have suspected.

I do ask this of you, my readers.  If you have kids, teenagers especially, please start teaching them good cyber security practices, password hygiene, and responsible social media usage as soon as you can.  Also, please start using them yourself.  Protect yourself! Your online presence has so much more information about you out there than you realize and you need to take care of it.

Remember that if you need help, advice, or services to help protect you, that is what Cyber Watchtower is here for.  We are here for you and your family to make sure that you stay as safe online as you possibly can.

Austin Bynum
Chief Watchman
Cyber Watchtower

Yahoo! . . . Again and Again and Again

If you have been reading my blog entries, you know that Yahoo, one of the first and largest dot coms, has been having a lot of security headaches over the past few years.  Most recently you may remember that a breach originally reported to have exposed 500,000,000 user accounts was updated to twice that many, 1 billion user accounts.

Oddly enough, with all of the media coverage on this huge issue, another, more disconcerting issue was reported by Yahoo in December of 2016, largely flew under the RADAR.

This new issue had nothing to do with user names and passwords being compromised, but according to Yahoo, they “believe an unauthorized third-party accessed the Company’s proprietary  code to learn how to forge certain cookies”.  What does this mean?  It means if your account was a victim of one of these “forged cookies”, the malicious parties didn’t need your user name or password to access your account.  The new cookies allow them the access accounts without credentials.

According to Mohit Kumar, CEO of The Hacker News, “Yahoo began warning its customers just last month that some state-sponsored actors had accessed their Yahoo accounts by using the sophisticated cookie forging attack.”

He does go on to say, “However, the good news is that the forged cookies have since been “invalidated” by Yahoo so they cannot be used to access user accounts.

Below is a link to the full article:
Yahoo Reveals 32 Million Accounts Were Hacked Using ‘Cookie Forging Attack’

While it is a great thing that the issues was discovered and the cookies were invalidated, there are still major questions and issues that linger for me.  It might not seem like as big of an issue since it only affected 35 million users.  However, what is most disconcerting to me is that an “unauthorized party” was able to access “proprietary code” from the company.  That is usually the most protected asset of any company like Yahoo.

The other major issue is that the compromise completely circumvents normal authentication, i.e user names and passwords.  This means that even if users changed their passwords or other security measures, it likely would have little impact on the malicious party’s ability to access the accounts.

What does this mean for you?
First, if you have one of the accounts that could have been compromised, you should have received an email from Yahoo regarding it in the last month.  Follow the advice that they gave you, but I would also change every bit security with them that you can.  This means, your password, your security questions, and even turning on any form of secondary authentication they have available.  If you are more daring and can, I’d say close any affected Yahoo account you have and change services.  Things are not looking good for Yahoo and they are about to be sold and split up anyway.

Second, as always, keep a close watch on all your security surrounding any online account access you have.  Your email accounts, believe it or not, are just as important as your bank accounts.  Why?  Because, if your email is compromised, then a malicious party can issue password resets on your accounts and get into your email to complete them.

Honestly, as important as cyber security is in today’s world, and considering the size and penetration of Yahoo, I am seriously worried about anyone who uses them for anything now.  Yahoo just can’t seem to get things together or protect anyone anymore.  Perhaps that is unfair, but hey, 3 strikes and all.

As usual, I strongly encourage you all to keep a close watch on everything you do online from banking to email and from social media to online purchasing.  Be careful out there and remember that Cyber Watchtower is here if you need us or our help with any of these issues, Yahoo or otherwise.

Austin Bynum
Chief Watchman
Cyber Watchtower

2016 – The Good, The Bad, and The Scary

2016 was quite a year in regard to the internet and its usage, not to mention users’ increase in security awareness.  While those things are positive, we also saw an increase in security breaches as well as an increase in the complexity of attacks the hackers and other malicious parties are using.

According to Gina Smith from and Internet World Stats, 2016 saw an increase to the tune of just under 3.7 billion internet users world wide.  The increase represents roughly a 10% increase from the previous year, but more astoundingly, mobile usage saw an increase of roughly 17% by adding over 280 million users.

I promise, I’m not trying to bore you with stats.  I just think the numbers help to fully understand why all of our lives are so much more at risk online than they used to be.  What’s more fascinating is that while North America only represents 8% of the internet users, the United States itself leads the world in overall online spending.  It’s no wonder we make exceptional targets for malicious activities like identity theft and credit card fraud.

The malware that is responsible for so many of data loss and security breaches continues to become more and more complex, almost by the week.  These days, most security professionals will tell you that a simple anti-virus program just isn’t enough anymore for your protection.

What’s amazing is that even with the increase of users and the increase of awareness of those users, the bad guys are still finding their way into our systems and devices by using the same old tricks most of the time.  According to TrendMicro, 91% of system infectious of malware are still coming from successful PHISHING attacks.  That means that users are still clicking on links and opening files in emails that are infected and they are not from who they say they are from.  To be fair, the PHISHING emails themselves have become very, very good and look very official most of the time.

TIP:  As always, don’t open emails from people you do not know or you are not expecting.  If it is from an official site or company, remember to be skeptical, especially if you are not expecting the email.  For example, this time of year, the bad guys like to use emails the appear to be from the IRS, but they end up asking you for information then stealing your identity.

As much as you need the proper tools and services to protect you, remember that you are your best protection agains these issues.  Use the internet and your email wisely.  Pay attention to ANYTHING that seems out of the ordinary on your computer, your phone, your bank account, your credit cards, or anything else that could mean a breach of your security and information.  Even a hack of your social media (i.e. Facebook, Twitter, etc.) could mean the beginnings of a larger attack on you as a person.

2016 was a growing year in many ways, but not all of them good.  Remember that Cyber Watchtower is here to help you with information and services to help keep you life more secure.    The internet is going to get more crowded as the years go on, so let us help keep you safe online.

Austin Bynum
Chief Watchman
Cyber Watchtower