Author Archives: Terry Cutler

About Terry Cutler

Terry Cutler is the founder of Digital Locksmiths, Inc. - an IT security and data defense firm based in Montreal - and serves as the company's Chief Technology Officer. Terry is a Certified Ethical Hacker who has learned the mindset of hackers and trained in the techniques of "the bad guys" who seek to do harm to corporations and individuals alike. He is responsible for staying on top of the latest trends in cybersecurity and being an advocate for best practices in the identification and eradication of vulnerabilities that leave the customers of Digital Locksmiths susceptible to the most dangerous threats. Another one of Terry's roles is to be a thought leader for Digital Locksmiths by sharing his expert insights about effective digital security strategies and countermeasures through his writings, speaking engagements, and media interviews. Connect with Terry on Google +

Monitor, not surveillance, more important role of adults in kids’ online lives, says study.

Terry Cutler founder of Digital LocksmithsA nationwide report is calling on parents, teachers and policy makers to monitor more, survey less, young Canadians in meeting the challenges of growing up in the digital age.

The report, based on a one-year study in 2012 and a national survey of interviews with children and teens, parents and teachers was released in January 2015 by MediaSmarts

“When we brought together all of the research from our third phase of the Young Canadians in a Wired World study, the call to action for adults was very clear,” says Jane Tallim, Co-Executive Director, MediaSmarts.

“If we want resilient kids we need to understand what young people’s experiences are online, listen to their concerns, and intervene with their best interests in mind,” said Tallim in a press release.

The report offers recommendations for a wide range of issues young people encounter online, including sexting, excessive Internet use, cyberbullying and privacy risks. It also includes an analysis of students’ top 50 favourite websites and profiles of students’ online activities organized by grade.

According to the report, the way forward is to create an empathetic online culture. Fostering empathy and encouraging students to treat each other with kindness and respect will promote positive online behaviour, reveals the report.

Surveillance, according to the report, can create more risk for youth. Kids understand the safety messages they have been taught, what they now need from adults is involvement and mentorship.




Terrasse-Vaudreuil’s website one of many hacked

Terry Cutler founder of Digital LocksmithsA group calling itself the Middle East Cyber Army claiming to have connections with Islamic extremists left its calling card on the homepage of the Terrasse-Vaudreuil’s website in Île-Perrot this week, but it was just one of many hit-and-miss hacks without teeth.

The message left on the website’s home page said the group works for Allah, and that Islam “always will dominate.”

It is highly doubted the hack was anything more than the result of a random search for web servers with lower security requirements.

It was probably a search on a search engine, that came up with a specific version of a web server or specific code inside someone’s website. Once that happens the group or person could have launched a script and tried to compromise “hundreds of thousands” of websites in one swoop.

“They did a search, saw all these vulnerable websites, and thought ‘let’s go deface everybody and try to get our name out there,’ ” said Terry Cutler, who founded Montreal-based IT security firm Digital Locksmiths.

It’s a problem, he said, that plagues small businesses and municipalities alike: thinking they’re too small to be the target of an attack, he told the Montreal Gazette.

“It’s what we hear 99 percent of the time,” he said.

“Even if Terrasse-Vaudreuil wasn’t targeted specifically, it can still look bad to the public.”

See more of Terry Cutler’s opinion on CTV News

See more of Terry Cutler’s opinion on CBC news

See more of Terry Cutler’s opinion on Global News Montreal



Crossing the “online” into cyber bullying

Terry Cutler founder of Digital LocksmithsMy business offers me the opportunity to help businesses as well as help families deal with hacking on a more personal level. Internet safety and what to do about it wasn’t something anybody considered with regards to sitting behind a machine, or using something as simple as an IPhone, yet nowadays it isn’t anything anybody is taking for granted. Cyber bullying, one of the biggest online abuses with today’s Internet, is peaking the attention of Internet safety experts and law enforcement agencies.

Bullying someone online is a bit different from what we know as schoolyard bullying, at least in the beginning. What we have to understand is that there is a difference between the traditional bullying, which is often associated with power struggles between the bully and the victim, a dedicated targeting of a victim with ongoing aggression; and online bullying, a form of bullying less obvious than the traditional face-face abuse.

Information from a large-scale University of British Columbia study in 2012 found 95 percent of the youth surveyed said that what happened online was initially meant to be a joke and about five percent was actually meant to harm someone.

What this study is indicating is that children don’t connect online bullying with traditional bullying. This joking, intended or not to be harmful, can spiral out of control. For example, teenagers posting vile messages on a free social networking site AskFM has reportedly linked to several suicides. This case remains before the courts, and what is important here is how does one prevent online bullying and the horrible consequences?

Let’s start at home. An open and honest relationship between parents and children is one of the best ways to protect from these online risks. It sounds easy, but only one in ten children report online abuse to their parents.

Next we can consider the web cam.  Often overlooked this camera can be a spy camera in the hands of a clever person. Cam chatting reveals what is in the background from the name of a school on a uniform, or even your teen’s name tag on a sports jersey. By piecing together a few items in the view of the camera, someone posing as a teen, but much older, could learn a few things about your teen. All someone with bad intentions needs is a few pieces of information to start an investigation.

Schedules. Sometimes forgotten in parental supervision are the differences in schedules. While you’re asleep, they text and chat, and this accounts for why your teen may be tired at school. They are texting or chatting between 10 p.m. and 4 a.m., while you sleep. That is the best time to take their hand held devices and lock their computers.

It may seem like these methods are intrusive, and they are meant to be that way. The Internet cyber bullies are intruding and it is our job, as parents, to put an end to this.



Ethical hacker to spread cyber knowledge in new video course

Original source is found at

By Trevor Greenway

Terry Cutler is every kid’s worst nightmare.

The certified ethical hacker based out of Montreal wants to teach parents to be as savvy as their kids when it comes to online activity so they can keep (sort of) tabs on what they are looking at, who they are talking to and what they are downloading.

“My goal is to take a parent who knows nothing about technology, because that is the common thing I hear, that the parents can’t keep up with their kids, and I am going to show them how navigate an iPad, how to set up the configuration to spy on them,” said Cutler, also the co-founder of Montreal-based IT security firm Digital Locksmiths.

“I am like the kids’ worst nightmare,” he added with a chuckle.

But he’s not out to just get kids; he’s out to help them too. By creating a better understanding of the Internet between parents and kids, conversations about cyberbullying, sexting and online harassment begin to take place, he says. Cutler is launching a series of video-based Internet security courses for parents and kids and part of the goal is to combat online bullying.

“Bullying is everywhere, but it’s hitting close to home where we can see a relative who all of a sudden is deactivating his Facebook account, he is not answering his phone calls anymore, he’s always depressed and doesn’t want to talk about it,” said Cutler.

The course isn’t just geared towards cyber bullying, but deals with nearly every aspect of cyber security we face today – everything from setting up the proper privacy settings on Facebook to avoiding compromising your data by clicking on phishing links. The course will be tailored to each demographic: parents, kids and even businesses looking to protect data.

“It comes down to the end users that are letting these hackers in. So if I can show them how to protect themselves, protect their employee or their business, then I hit all those targets that I need.”

Cutler hasn’t settled on a price for the 6-10 hour course, although it will likely be around $120.
Visit for more information.

Heartbleed bug causes headaches for Montreal accountants

CTV Montreal
Published Sunday, April 13, 2014 6:43PM EDT
hands on the keyboard heartbleed bugThe five days the Canada Revenue Agency’s online services were offline has made it difficult for many accountants to do their jobs.Chartered professional accountant Dan Blumer says he was able to complete tax returns for his clients, but had to wait to send them.“We have hundreds of them in cue waiting to be e-filed and as soon as the website is back up and running,” he said.

The Heartbleed bug was discovered last week, but it appears to have gone undetected for years.

Heartbleed is a glitch that affects open-source software, which is at the centre of applications used to encrypt internet communications.

It can reveal the computer’s memory, including passwords and credit card numbers.

It can also allow hackers to impersonate other servers.

It’s still unclear exactly how many websites may have been compromised.

“Because it leaves no trace, hackers can be at it all day long collecting data,” Internet security expert Terry Cutler said.

The CRA decided to shut down its web services to protect Canadians from any information leaks that may occur.

“The biggest problem we’re going to see now is that people aren’t going to trust what they are doing online, banking or online transactions,” says Cutler.

Each website has to repair the glitch itself, which could take days.

Cutler says there’s a way to check if the site you’re using has been compromised. A downloadable plug-in called Chromebleed will check if the website you’re visiting is still vulnerable to the glitch if you browse the web using Google Chrome.

Internet users should change their passwords only if they know the website they’re visiting as fixed the problem.

Now that the CRA website is back up and running, people can go online and file their taxes.

Because of the outage, the deadline to file has been extended to May 5.

Ubiquitous passwords online cause myriad challenges

Original source

imageCybersecurity expert Terry Cutler said the number of passwords to remember is much higher than most people think. Counting everything from alarm security codes to car door keypads, he estimates that most people have between 20 and 50 passwords to remember.


A popular online joke shows a frustrated computer user in front of a screen that reads: “I’m sorry, your password must contain a capital letter, two numbers, a symbol, a spell, a gang sign, a hieroglyph and the blood of a virgin.”

The rise of “password” jokes puts a funny spin on a very real phenomenon: much of our personal information is available online, protected only by a string of alphanumeric characters that we must generate, and, even worse, remember.

This week, it was revealed that the so-called Heartbleed bug, a flaw in the encryption software used by two-thirds of secure websites, may be putting a great deal of personal information at risk.

The advice being given to ordinary consumers is: change your passwords. All of them. But for people with dozens of different codes, that can be a daunting task.

Sitting at a Montreal-area coffee shop, students Lucie Goyette, 24, and Catherine Bergeron, 22, made a quick tally. Between phone codes, PINs, student numbers and countless social media accounts, they figured they each have about a dozen passwords.

Goyette said hers are pretty easy to remember. “They’re all a variation of the same base word,” she said. “I guess I’d be pretty easy to hack.”

Cybersecurity expert Terry Cutler said the number of passwords to remember is much higher than most people think. Counting everything from alarm security codes to car door keypads, he estimates that most people have between 20 and 50 passwords to remember.

“The challenge that I’m seeing is that people, especially those who are not from the Internet generation, are using passwords like their birthdays, their mother’s maiden name, their address, or anything else that’s easy to remember,” he says.

Password management company SplashData released a list of the most popular passwords of 2013, with 123456, password, and qwerty all making the Top 5.

The problem with this kind of password, according to Cutler, is that most hackers use software that stores millions of codes in something called a dictionary file. “Those common sequences are the first thing they’ll try,” he says.

Nevertheless, that doesn’t stop many Montrealers.

Bruce Hulley, in his 80s, spent many years teaching fellow seniors basic computer and Internet skills. For many older people, the sheer number of passwords to use and remember can be a barrier to Internet use.

“We lived most of our lives with just our address, our phone number, and our social insurance number,” he said. “Now we’re confronted with dozens of passwords we promptly mess up and forget.”

He said he used to suggest easy-to-remember passwords, like a first name, to his students. Although it’s not the most secure, “it’s better than them not using the Internet at all.”

But forgetting passwords is not limited to seniors. Goyette said she has forgotten and reset many of her passwords numerous times. Even the backup verification questions aren’t always a help.

“On one account, I’d put the name of my boyfriend as the security question,” she said. “Years later, I had no idea how I’d spelled his name.”

Cutler said everyone can develop a password that is secure: at least 16 characters long, containing a mix of numbers, upper and lowercase letters, and symbols.

“The best way is to take a favourite phrase or song lyric, and replace a couple of the letters with symbols, like putting an ‘@’ symbol in place of an ‘a,’ ” he says.

Even though it won’t help with system failures like Heartbleed, it’s better than nothing.

“A good password can take years to break,” he said.

Just don’t use letmein.

© Copyright (c) The Montreal Gazette

7 Essential Questions to Ask When Hiring an IT Security Consultant

Daniel Humphries Managing Editor at at Software Adviceby Daniel Humphries
Managing Editor, Software Advice
March 06, 2014
Original link at

Questions to Ask Before Hiring an IT Consultant


Having an in-house security team may be too expensive for most companies, but that doesn’t mean that securing your business should be any less of a priority. I recently joined a trio of security experts who spoke with Software Advice’s IT Security analyst Daniel Humphries to help him identify the most important questions to ask before considering an IT security consultant. Here are some of the questions I suggested to help you select the right person for the job:

1. Will you train my employees in the new security measures?

End users can be a company’s biggest worry, as they are the “low-hanging fruit” that hackers will target.

2. What related experience do you have?

I advised to ask the consultant for specific “war stories” that qualify them for the job. This way you know exactly what the consultant has done in the past, as opposed to what they could hypothetically do for you.

Also ask the consultant to make analogies for you, so that you can better understand his technical lingo.

3. Who should I expect to come in and do the hands-on work?

Knowing who is going to end up performing the security work is important. I suggested that you Google the consultant’s name as a way to verify that there are no obvious red flags that you need to worry about.

4. Should certifications matter to you?

This is a topic that will bring many passionate opinions out of consultants, and the answer is up to the individual. My advice is that while over-reliance on certifications is unwise, ultimately certifications are not a bad thing to have, and in fact may be valuable tests of knowledge- particularly at the advanced level. Other experts think that practical experience is the only thing that should sway your decision to hire someone or not.

“You can read more of my interview with Software Advice about hiring an IT security consultant here.