Recent Posts
Categories
As we travel for the holidays ..ways to keep data safe
Greetings all
It’s that time of year for travel to meet loved ones, or maybe just because you feel like traveling to a different location. Most of you will travel with one or more of your electronic devices. If you do there is a risk of things being lost or stolen. To make it less of a worrisome issue there are some things you can do.
First ask yourself if you really need to take it with you? You are going on vacation, so don’t you want to get away from the distractions? If you still want to take them with you then here are some tips.
Back up the data
- If they are stolen or broken you still have the data for them in a safe place. Also make sure you have things like serial numbers for the devices and support numbers as well. They will help calm you knowing you have them handy should there be issues. Make sure the backup is correct, its no good to have what you think is a backup and when trying to restore the device find the backup is no good.
Change the password
- If you have not changed them in a few years its time to do so. I am not one to say change them every month but you should do a password change at least once a year, and use a long complex type. There are many sites that will give ideas on how to come up with random ones that you can remember. And not the type that you just a one number for each month because your forced to change them every month at some places.
- Change the password before you leave, then change it again when you return home.
Remove personal data
- Of all the devices, your phone could be the most personal. It keeps track of more information than most any device we have ever came up with in our history. If you feel you need to take it then is there information you can remove from it. Also, if you need to take other electronic devices, then check those as well, and remove as much personal information from them as possible.
- Take less personal devices
- Again, ask yourself, “do you need to take this device?” You are going on vacation, so think about taking a book or some other object to occupy your time. You are on vacation so it means getting away from things. If you still feel the need then again remove files or data you really do not need.
Things to note when traveling
- Watch your device, keep a close eye on it wherever you are. Keep it out of sight unless needed.
- Do not auto connect to any, repeat ANY WiFi location. If you have your own cell service use that, not the locations WiFi.
- Don’t install any apps no matter how cute they are unless you are doing it from your home or a location you know for sure is secure.
- If you have a cell hot-spot then use that for your other electronic connected devices.
- Do not charge your device from a public charging location. Use your own charging accessories for all your devices, just remember to take them of course.
- Books do not require batteries and few people have interest in stealing them.
Have a happy and safe holiday to all and may all your data be safe..
General Security when Traveling
Many of you will need to travel for work or for a vacation. Some travel within your own country, others will be outside your country. With the changes to borders by various countries, you now need to be more vigilant on what you keep with you that may get searched or used against you.
Short of leaving all your electronic devices home or having a security detail watch you everywhere you go, there are steps you can do to protect your privacy from snooping and some actions to keep your persons safe as well. This is not an end all fix all, a change in legislation and ideology is the only way to fix that.
Some of these suggestions may help, some may not. Governmental polices and feelings are to in flux so there is no hard and fast solution. With that being said, I am not responsible if the options do not work for you. These are guideline and general options:
-
Yourself and ones close to you
-
Try to fit in to the environment you find yourself in, be like the locals, dress like the locals. Some countries have expected dress codes for different genders, some do not. Spend some time getting to know it and what the history of the location is.
-
Set up meeting places if you get separated from your group. People are going want to explore if they have never been to the location before. That is good, it helps you grow. Some of that exploring may get you separated from others or if there is a major event and chaos becomes the norm, you will need places to find others that may have gotten swept up in the event. Have multiple places, not a lot maybe two or three. Depending on the event some location may be better than others. Some location may be the center of the event other may just be passed by like they do not exist. The do not exist places are the safest, again it will depend on the event, so having a few, and everyone knowing about them will be helpful. They can be most anything, statues, gas stations, hotels, churches, a locally known person’s house. But remember they can also be the worst places to be, so just note the event and chose carefully.
-
Make note of the location you are staying at. If it is a hotel note the escape areas, stairs and elevators. Note the area around the hotel and the buildings near it, can you jump to the next building if needed or can you climb out the window using bed sheets? Are you able to get to a location or can you defend in place if needed? Noted from one of my executive protections professors, set up zones of protection around yourself. Things you can drop if needed and things you need to keep close. Note things you may be able to barter with, like jewelry or even shoes. If you worried about losing mom’s priceless ring heirloom then leave it at home, you don’t need to show it off that badly. In fact leave most of your jewelry at home, maybe take knock off stuff but keep the good stuff at home. Keeping things like medicine, passports, money, things you need to have at all time, place them in something that you can grab quickly and go.
-
Learn the history of the place, when I talk of history I do not mean ancient history, I mean recent history. Has the location had any large scale events, such as earthquakes, upheavals in governments, civil unrest, things on that type. Have some knowledge of the location where you will be staying, its main roads, airports, travel places.
-
Have a quick escape plan, if you need to leave how will you do it and where will you go? Make sure everyone knows it and knows what to do.
-
-
Electronic devices
-
Next to yourself and family many people will feel that their electronic devices are like a second child to them. I am talking about their cell phone, tablet or laptop. These devices hold more data about you than most of the paperwork you may have in your lock-boxes. Personal contacts, social media, account numbers, search histories, all this information can create a profile about yourself that is very accurate and can be used to cause harm or simple embarrassment if not kept secure. It’s called “Metadata” It alone can create a very accurate profile on you, your likes, habit’s and how you live. It can show links to people that you may not care about but may flag you because of someone else may be a person of interest to others, so you now become a person of interest. Guilt by association. In the past this was not really an issue, but in this day and age its more and more relevant. With the new policies in the US and its boarders, searching of your laptop and phone’s contents has become more widespread. Even to the point of forcing you to login any social media so it can be copied for later viewing. Removing you phone from your sight and copying all its contents is another now normal at boarders. Sure you can resist, but you will be tired, hungry, and you are stuck in an environment that others control. Its easier to just give in and let them win. If you do some preparing beforehand you can minimize some of the loss of privacy, not all but you will be more in control of the data they will have access to.
-
For your cell phone if you can use a burner phone, then buy and use it. Its safer for you because if its stolen or border control want to look at it, there is not much of your private data that can be tracked, then your just out that phone and the hours you put on it, not your main phone. If you have to take your personal smart phone then make sure it is encrypted. Many new phones have options to encrypt it when it is turned off. It is still possible the border people will want you to turn it on but its something. Another step is to remove all your social media apps from the phone. Twitter, Facebook, snapchat, dropbox, etc. Log out and clear your cache from the phone. Look into apps that will have encrypted sections you can store data in if you need to have the data. I know smartphones have wonderful cameras so you will have photos of your trip, if you can keep them in secure storage all the better. Have a few G rated images on the phone to make it look like you do use it so less change of sticking out in a search.
-
For your laptop, that is a tough one. My recommendation is not to take it at all. But if you really feel you need one with you, then use one like a chrome laptop. Having no OS for them to search and using the web only so your information is reasonably secure. Have two accounts, one main, and one you use to auto boot it up to have them look at if forced. If you feel you need to have it then have hard-drive boot encryption and encrypted folders. This will keep your mind at ease if it gets it stolen or lost but not as much of told to boot it up so they can make a copy of the hard-drive. Another option is to have it shipped to the place you are going, not one I recommend easily for small person business but larger corporation may have that option. Some smart phones have encrypted micro SD cards, you can store needed data on them and insert it when at your location. When using your laptop have it run a VPN that you setup before you leave on the travel. If that is not possible then use TOR or some other type of anonymous web serving solution. One never knows who may be sniffing the traffic at the location or in-between you and your location. I should not need to remind you not to do banking or accessing sites of a private personal nature when traveling, if you do then you get what’s coming to you.
-
-
General
-
Be helpful but not overly so. If not asked, don’t give information. You need to keep remembering they do not work for your protection, they work for the government’s protections.
-
Use a VPN at all times if you are browsing and non-home network connection. If not able to install a VPN, then use TOR to keep some of your searching anonymous. When you order a VPN make note of their log policy, find one that does not log anything, and look for ones that have multiple countries you can connect to. Watch out for VPN fakes, they will sell you a fake do nothing VPN’s, so do research on ratings.
-
If they take your devices out of your sight, then I would treat them as a bio-hazard and never use or turn them on again. If they leave your sight, then you never truly know if any spyware apps have been installed on the device. Safe now or sorry later, up to you.
-
-
Don’t stay quiet if any of this happens to you or someone you know, write a letter to your congressmen, complain to the company, use other services, Ask why you are being singled out for the exposure, make a scene so other see the stupidity of what is going on. Don’t just sit back and let it happen. Seek legal action and let them know about it. Contact organizations like the EFF and Civil liabilities groups.
Welcome to 2017 new and the old
Now the new year is rolling around there are some things you should revisit or even do if you have new toys.
Let’s start with the old stuff that you should revisit.
First you should go through your accounts, yes all of them, and see what can be removed. Like many of us we at the time think we need an account but find out that we never or hardly use it so remove it. Of course before you remove it note what places use it or send stuff to it. Would be bad to remove an account thinking it was UN-needed account and find your key tax or stock information gets sent to it, not good. If not sure then note the account and watch it from time to time as things are sent to it then go to the sending account and change it. If it’s an email account and not sure, then make it in-box-zero. That means clear it out so no mail is there, it has some advantages. First it will make you feel good that you now have a place that is clutter free. It will also make it harder for companies to make a portfolio/file on your likes and connections and make it easier to see what you get that is needed and what you get that is junk. I also want to say that there are E-mail and IM services that encrypt send and receiving of messages, thats the time and look at them.
Next in the list of revisit is to change the account password or your important sites and systems if not done in the last few months. There are many ways to define passwords from letter number combination to first letter of a saying you like. The key point is to not reuse it on other accounts that you have. Use a password manager there are many around from Lastpass, Mypass, even use an encrypted document with the password (with this one do not put it on a cloud service) to store so you can use different ones. This works with e-mail, banking, etc. Also the security questions that many are asking you when first created you do not need to tell the truth, in fact lie and make up an answer for them, just remember to document it so you will be able to retrieve it when asked.
Since we are going into the list, now is a good time to look in the scraps of papers that have account and password and put them in the file as well so you will have quick access to them. Put them in a few different places and different formats like paper in the safe as well as electronic HDD and thumb-drives. Do make sure if in electronic format it is encrypted in some way and another person knows the password if something happens to you. All forbid you die and your accounts are locked away in your dead brain never again accessible by your loved or hated ones.
Now let’s hit on the new toys and stuff you got.
If you’re lucky or perhaps unlucky you got some gadgets for the holidays that need to be set up and connected to other electron things that you have. Crack out the electronic document, paper and pencil or pad and pencil to start a document folder on them. Yes you may say why do I need to document the new cheap gadget I just got? Trust me, it will make your life easier in nine months or so when it needed to be reset and you no longer remember what you did to set it up the first time, yes a pain, but worth it.
Many new gadgets like web-cams, routers, TV, refrigerator, IoT (Internet of Things) devices have a default passwords and account on them, CHANGE IT, CHANGE IT. If you can’t change the account or password then “DO NOT USE IT” send it back and get your money back. Sure, the devices may be cheap but the manufactures still need to think about security. The best way for them to see it is with your pocketbook, don’t use them, or get a better model that allows it to be changed. Devices called IoT or Internet of things are quickly becoming the attack vector of choice for bad-people. From DDOS (Distributive Denial of Service) to use of it to spy on you and your kids. The devices are a treasure trove for them. Don’t make it any easier for them and don’t become a part of the IoT bot-nets that are used to create large traffic bottlenecks to places and slow down the Internet for us all. Taking the time now will benefit all of us later. When creating a password use the longest it will allow, most likely you will only change it once, so make it a very long and complex one. If it allows you to change the account name then make it something not recognized as a device. Before you open it up to the network explore the document and the device itself, know how it is supposed to work so you will be able to recognize when it is not or has been attacked. With the IoT devices some things to look for: If there is a remote management access via outside of your network then “Turn it off” if possible. Think if it this way, why do you need to tweak with the device from an Internet Cafe after its been set up? Setting up the device local first to what you want. If from time to time you find an issue then connect and adjust when you are at home. A pain maybe, but security is the bottom line for all IoT devices. Never just plug it in and think it’s done, because then someone else will control it, not you.
Make sure you are all patched up on your devices, from phone to computer to doorbell. Many devices allow for updates and patches to fix problems. If you don’t know how to update it and do not want to know maybe the device is not for you, better yet learn how to update it. Get help if you need it, much of what you need to know is freely available if you just take a little time and look for it. Yes at times things will change, programmers love tweaking to make it “better”, but in the long run it will fix security issues for the benefit of all.
Some final thoughts for the new year : First off, security is hard, it is what it is, it takes time and effort to get it right, this is not to say the effort is not worth it, it is. You will be rewarded if you take the time and walk through the steps to make it very difficult for others, I am speaking of people that want to steal your information to get the data. If a group or people with enough resources let’s say a state or nation want to get your data or attack your system they will and you will lose, sorry but they have more funds then you. You by taking the time, can make it harder for them to do so. Next keep in mind if something is free then it is you that are the product that they are selling, yes Google, Facebook, Yahoo, and the others may give you “free stuff” but there is a reason the owners and value of the business is worth what it is, you are the product being sold. Also note you do not have to give them correct information or at times information at all, lying works quite well. Some services will not work and if you like them then by all means use them, but remember there is a cost. With that thinking also ask yourself, do I really need to use the service? The answer may surprise you and contradict what you hear by the business pressing the service on you. Don’t always take what is being given as truth, question it, question the reason for it, look to other options. You can say no to it. This works with your security and life in general. Have a Happy New Year!
What future do we want..
This posting will be a bit different this time. I am just going to discuss general security thoughts and feelings about what is going on in the world.
The most pressing is the expansion of spying this government is doing on you and me.
Many have read about the NSA capturing much of the data that is being exchanged on the internet. A lot has been discussed about the legal and moral rights to do so. You will have heard the expression “if you have nothing to hide then is should not matter”, I put foreword that “why are you spying on me if I have nothing to hide?” I also question the reason the number of acts that were prevented are classified. I believe the reason they are classified is because it does not work and if brought to the light of day we would demand the wastefulness of it stopped
How much of this spying effects the society as a whole? If you know you are being watched it has been show that you will change your behavior, and sadly not for the better. Many of us will not express ourselves as openly as we should for a free society to work.
As part of human nature is we give up freedoms when we are afraid, think of 911 and what was taken from you. Its not weakness on your part but it is just the way we are, not good not bad it just is.
Many say well its been allowed by law, but is it really? There are unjust laws, created by people wanting to keep the status the way it is for them and you. In our long history there have been laws created to control you by others, never forget that. Must we always follow a law because it is a law? I say no, we must follow the Constitution and its fundamental principles, and one of the principles is liberty. Having what you say and to who, stored and sorted for reasons that are hidden from you is not the actions of a free society but the actions of a broken society. Would the creators of this country have agreed or would they as well be labeled malcontent’s and disruptive by this very same government? I bet they would be. So give a voice to your questions and ask them, not by email but by true letter or phone call to your congressional representative. Let them know that what they are doing is not what a free and open society does if it wants to stay that way. Lets take back our government so it is again a free and open country by and for the people. Don’t know who your representative is? Find it here: http://www.house.gov/representatives/find/
What can you do?
You may say that security is hard to do, yes it is, but with some effort most everyone can exchange information privately. There is a framework called the internet that can help, search and ask and you will be rewarded many time over for the better. There are E-mail tools, IM tools, Chat tools, and web tools that can help keep what you say private. Many of the tools work on most of the devices you use, from phone to computer and are quite easy to install and setup. Stay informed on what is being done with and to your data. If there is a question then look for the answer and if the given answer seems incorrect then look deeper.
Just need to remember, its like anything we as humans create, it can be used for good or evil, its up to us to decide how we use it.
Secure chat with cryptocat
With some of the events in the news lately of your privacy being spied upon not only by criminals but by your own government, keeping your conversations private even if you have nothing to hide is your right no matter what you are told. In this entry I will discuss a program that will allow you to chat with others at the same time be secured and encrypted. The nice part of this program is that it is done via your web browser or if you have a mac then there is a program that can be installed and run.
First off like every program there may be bugs so keep up to date, nothing is truly secure forever. What may be secure today with changes in technology tomorrow it may not be. Sorry to burst your bubble but that is the way of technology. So now for the program.
The program is called cryptocat. There are two options one is a plugin for most main stream browsers, Chrome, Firefox and Safari. There is also a program you can run on your modern mac. The site to get the plugin or program is https://crypto.cat/ at least for now that is, it may change so do a web search to find it if the link does not work. You can also set up a cryptocat server so you have even more control on your chat exchanges. It has a feel of a IRC chat client because you define your user name and room name in real time so it can change as needed. There are some predefined rooms if you wish, quite interesting ones as well. There is a lot of documentation on the site so I will leave you to look it over as you should for any security software to see if it will work for you.
Installing is quite easy and fast. Open your Firefox, Chrome or Safari browser and go to the cryptocat web site. It will be a https link so if is not then look again for the link. It should have selected the proper plugin for your browser if not then you may want to see if any java settings are causing issues. After you have downloaded and installed the plugin and restarted your browser you should be ready to start.
Click on the icon that looks like an 8bit Cat. A dialog box will open that will give you field for conversation name and nickname. Enter a conversation name and a nick name you want to be for this chat session and press connect and your ready to go in a few moments. Secure and encrypted between you and others.
That’s it and that simple..
Also please donate to them so they can keep up the work and keep it secure.
Setup and sending encrypted e-mail.
With the changes in many of the laws that kept the government out of your information, they have more access now than anytime in the country’s past. If you don’t mind the intrusion access then that’s fine, but if you do read on.
This entry will cover setting up and sending your encrypted mail to another using Thunderbird, EnigMail plugin and PGP /GnuPG programs. I am using Thunderbird because it is available for most every operating system around and its free, but I would ask you give a donation to help keep it around.
If your already using Thunderbird mail client then you are half way finished, if not you will need to install the client for your OS to use first and get in working correctly. Go to www.mozilla.org/thunderbird/ and download the version for your system, then setup your account. You will need to install enigma mail plugin and GnuPG. To get EnigMail plugin go to http://enigmail.mozdev.org/home/index.php.html and select the version for the OS you are using. If you are using a newer version of Thunderbird you can go to the “Add-ons” sections and search for then install from there, simple and easy or you just download the version and select Install from the “Tools -> Add-ons” menu, Select the .XPI file and install. Go to www.gnupg.org to get a copy of the program and install using the instruction for your OS system.
Now that you have a general idea on what, why and how of encryption, lets get started using it to send mail to another person. Install the Thunderbird plugin and install GNUpg program as well on your system. The first thing you will need to do in set up a public/private key. The Private or (secret key) is for you, the public key is for everyone else. There are two ways to generate the keys. One way is to use the command line, the other is to use the GUI in the Thunderbird OpenPGP option, for now will show the OpenPGP option.
Start Thunderbird then select OpenPGP, from the drop down menu select “Key Management”. Select “Generate” then “New key pair”. Select the Account / User ID you want to use then give it a paraphrase, you may also want to give it a comment, that is up to you. You can leave the Key expires option alone for this time, you can play around with others after setup. Select the Advance tab, depending on the speed of your machine you can leave the settings for Key size and Key type alone. Increasing the size will increase the time it takes to generate the keys, if you want to make it very difficult for people to hack your keys use the 4096 and DSA & EL Gamal option, it will take a while to create the keys so be aware of that. The 2048 key size is quite large and difficult to crack so you can leave the Key size and key type alone. After you are happy with the settings select Generate Key, sit back and wait for a bit while it generates the keys for you. When the keys have been generated they will show up in the Key management box.
Now lets get to using the generated keys. First you need to send them to another person, to do that select Key Management again, you have three options. One option is to send the public key by email, another options is to send the Public Key as a file and the last is to upload the Public Key to a key sever. For now just use Send Public Key by Email option, select the email of the person or persons and send. In the attachment sections you will see the public key, it will be numbers and letter with an .ase extension. When the person gets the email they will save the attachment into there PGP key folder and from then on they can send messages to you encrypted.
Sending encrypted E-mail is quite easy from then on. Select Write then enter the email address, from the OpenPGP menu select Encrypt Message, enter your Subject and message then click Send, you may be asked to verify the recipient public key then it will send the message. When the message is received open the OpenPGP pull down and select Decrypt/Verify, it will ask for the password to your private key and then will decrypt the message. And the good part is it is only decrypted when you want to see it, all the others times is encrypted.
Its sad you have to do this to protect your self from unreasonable intrusion by the government and business but..$fdRuyde^%7gde43%ynb(4sCX234gmq093467v%$dffg4^&=asw
Tor – the onion router
Anonymity is a right.
With this entry I am going to talk about a way to protect your true ip address from being logged when you surf the web.
I will discuss a program/service called tor, or “the Onion router.” Tor is a systems that will hide your IP location data as it travels along the internet from prying eyes. It can also be used to send data in a general encrypted form from you to another. When you go to websites your IP address is protected because the site does not know were you truly came from.
More and more companies and governments are using your IP address to track you and your behavior for their own personal use, good and evil. With tor your IP address is cloaked and in doing so much of your surfing habits are protected as well. The service was originally created to allow activists in repressive countries to be able to communicate information or discussions that the government would not want to be known, and not be worried that they would be found out, in some countries their lives would depend on them being anonymous.
The service is quite easy to set up and the more people that use it the better it gets. The current service installs all you need in one directory and runs from that directory only. Here is a little background of tor and how it works. The “onion” part is the fact that it uses different software routers set up by people to send each packet along. Each time it sends data it sends it encrypted and in a different direction using different routers. This is a strength but also creates a weakness, because at times can be slow. With tor as more people use the system the security increases for everyone because there are more routers which allows more random packet directions. First off you may be saying to yourself, how do I know that the routers are not tracking my data? Even if there may be some people/governments that have hacked the routers and are logging the packets that travel along their routers at that one time, its the random nature that will protect you, each time it will be different path that is used.
Here is a simple three step visual description from the tor web site.
To set up tor go to https://www.torproject.org/ and down load the “Tor browser Bundle” for your OS, Linux, Windows, OSX or smart-phones. Install it the start the router program, after a few moments it will open up a browser and let you know your are now browsing the web with your IP hidden for the sites you connect to. If you are worried about installing the software on your system there are two new options called “Tails”, that allow you to create a Live USB or Live DVD so no software is loaded on your machine. You just boot from the USB or DVD and run tor from the independent original operation system. Reboot and the live systems is gone without a trace. This is nice if you are at temp locations/machines and want to have some protection but leave no trace. I recommend you go to the tor web site and brows the “About Tor” section if you still have more questions.
Thanks and safe surfing.
Note if the images are not being displayed – here is the links to them
https://www.torproject.org/images/htw1.png
https://www.torproject.org/images/htw2.png
https://www.torproject.org/images/htw3.png
IM encryption with pidgin and OTR plugin
In this entry I will discuss secure IM. For this discussion I will talk about pidgin and how to add some secure encryption. This will allow you to talk with another person and be reasonably sure that you are will not be snooped. As all security and encryption, there may be as yet unknown bugs or ways to access the data, some may be from a side channel. Depending on your operating system you will need pidgin, you will also need a plugin called OTR. The OTR plugin does most of the work in securing the encryption between you and the other IM client. I will also talk about a few other plugin that may be kind of nice to have enabled.
First off you need download and install pidgin for your system. To do that go to http://www.pidgin.im/ and select the version for your system. There also is a sections along the top called Plugins, select that and you will get a list of plugin options. Find the “Security and Privacy” section and select “Off-the-Record Messaging”. Down load the plugin for your system, and install them both, pidgin first of course.
What is OTR? Off-the-record, its a cryptographic protocol that provides encryption for instance messaging conversations. This allows deniability and confidential message exchange. It uses multi-key exchange hash functions, that is it uses a mix of mathematical keys to encrypt the messages between each of the recipients on the IM exchange.
Now lets get started setting up the secure connections. First thing you need to do after you set up your IM account in pidgin is to set up the “Off-the-record” plugin private key. To do this go to the Plugins sections and select “Off-the-record Messaging” then select “Configure Plugin”. There is a new dialog box that will open, from here click on the “Generate” button to generate a private key fingerprint. It should after a bit of time generate a 40 letter/number key combination, it may take a bit of time depending on the speed of your machine. On this page also there are some other options you may want to set. I would recommend setting “Enable private messaging”, “Don’t log OTR conversations” and “Automatically initiate private messaging”. You can also set “Require private messaging” if you know the other person is using OTR as well, if you set this and they do not it will not connect (in future versions that will change to allow non default encrypted connection). There are other plugins you may want to play with so go for it.
To start a conversations, select the person you want to IM, there is a button in the lower right sections that will default to “Not private”. Click on the button and select “Start Private Conversation”. It will change to one of four options, “Not Private”, “Private”, “Unverified” and ”Finished”. Not private is just that, all exchanges are in clear text. Private means you and the person you are connection have been authenticated and not an impostor. Your exchanges are now encrypted and visible only to the other person not a third party that may be sniffing the traffic. This is not to say it is a guarantee because the technology may be found to break the keys, but for now they should be safe. Unverified means you are getting an encrypted feed but the key can not be fully verified, there may be someone acting as the other person. The last is Finished, this means the other person has change the setting to “Not private”, this prevents the other person from accidentally sending a message they think is encrypted.
Now you have a secure connection between you and the other person. The questions you still need to ask yourself is, “is the rest of the machine secure?” More on that later.
Passwords and file encryption
In this entry I will cover some quick and simple ideas that you can do right now to protect your online presence.
First and perhaps the most important one is the passwords that you use for different places, yes I do mean using different passwords for different sites you log into. Don’t use the same password for everything. If you have been watching the news lately there have been a number of places that have “lost control” of their password file to hackers. I will admit it is a bit more work, but would you rather change only one password if the account has had the password stolen or multiple accounts?
There are programs that will secure your lists of passwords with a password so you only need to remember one to decrypt them. You may say what is the difference between having one password for all accounts and one password for the password holder?. First off you are more likely to have it on a machine that is password protected in the first place, and they will need to know you have a password file there. Most “hackers” are more interested in selling the machine or doing a quick look on what is there then digging deeply into it. It may be true that they may dig deeper for corporate treasures and if that is true it is hoped that your IT has steps and options in place to secure that, more on that later.
The next issue is the type and lengths of the password. There are many papers written about this and many different ideas. As a standard idea, the longer the better, but as long as you do not use dictionary words you can use a little as six letters for the password. As a general rule having special characters like ” @#$%*^$” will make the passwords harder to crack, sadly some systems will not allow these, so if you can, use them.
On the subject of cracking passwords you may have wonders how they do that? If the password encrypting program is well written then most of the time it is easy to encrypt the password but hard to decrypt. There are large databases call “rainbow tables” that have passwords already created and the hackers will take the database and search for a match, so they do not need to decrypt it just match it to a pre-created list. Adding special characters will make the time needed to crack it cost more than the data is worth. That is the key, once it is not cost effective then they will just wipe the machine and sell the hardware.
On the idea of passwords and encryption of passwords, I also want to touch on having your machine use a password to log into and not have it just auto-boot into your account. It may be a nice feature but if it is stolen then your data is open to all. With that being said and you still want to have it auto login to your account then you should at least encrypt the files you want no one to have access to. Setting up a space to save files in an encrypted form will depend on your operating system.
I will start with OSX first because it is the easiest. If you use OSX, it has an option to create an encrypted disk image. Think of it like a folder that will store the files, you then mount the folder like a drive. To create the encrypted image select and launch “Disk Utility” its in the Utilities folder under Applications, Select New Image, Choose a name for your image, then choose the size of the image, I would keep it under 4Gig because any larger you would not be able to burn the image to a DVD. Look for the encryption setting and select 128 or 256 AES its up to you, the higher the number the slower it will be to encrypt the data depending on your machine. Many new machines are fast enough for the higher number. You can also select the locations to create the image, leave the rest of the settings as they are. Select Create and an Authenticate dialog box will appear, give it a password and then retype it for verification. Use a strong password for this, that is numbers letters and the mix. To mount the file just click on it and it will ask you for a password, after you enter the correct password it will mount just like a standard OSX drive.
If you use Linux, Windows or OSX there is a third party application called “truecrypt” it is free, but I would ask you give a donation to them if you would please. I like the program because it open source, that means you can look at the source code for your own personal feel good that there are no backdoors in it. Also it has been look at by many others and there seems to be no security issues. It is on the same lines of having a single encrypted image that you store your files in. I am not going to go into all the features at this time. I will have a full posting at a later date with some cool security features. For this posting it will only go into creating a simple encrypted disk image. First down load the program for you systems from http://www.truecrypt.org/downloads. Select the OS you use and install onto your system. Start TrueCrypt, select Volumes, Create New Volume, keep the Create and encrypted file container selected, click next leaving the Standard TrueCrypt volume open marked. Click Next again and give the volume a name then select Next. For now you can leave the Encryption Algorithm set to AES and the Hash Algorithm set to RIPEMD-160 as well. Select Next and give it a size I would say 4GB max for this so you can burn it to a DVD if wished. you can experiment later with different sizes. Select Next and give it a password, it may give you an error if it thinks the password is to short or easy crack-able you can disregard it but try to create a strong one. Click Next again and give it a format type, the select FAT file system is fine for now, click Next again the Volume Format dialog box will be showing random numbers, move your mouse in the box for a while to create a random set of key numbers, then click Next to create the volume, it will say Volume Create at this point click Exit. It will bring you back to the start screen, to mount the created volume. Make sure one of the slots is highlighted. Click Select File and click on the file you created, select mount and it will ask you for the password then mount the file. Add the files to the mounted volume after done, just un-mount it and it will close.
I Think that is plenty for now so enjoy
Project – best practices for people to use to keep there data secure, including tools.
Greetings All —
For a while there have been questions from people on what are the best ways to keep your personal data and information safe from prying eyes on the net. This is is a hard question because your data is now a valuable commodity, by many groups, both business and governmental. Some of it is a good thing, much of the free services would never be around, or of it is it would be a “pay for use” type system if all of your personal data was kept hidden away and not able to be used. The internet we see now may never have grown to what it is today. So some personal information being used as a commodity is a good thing, but, you still need to protect as much as you can of it and how it is being used. For a few blog entries there will be some tips and ways to keep most of it secure, and ways to keep track of it from people that try to take and use it. It is not totally possible to keep all your data safe, never has and never will be, sorry that is the way it is.
For the next few entries I will give you some ideas to keep your data safe and also give you some tools to use to help as well. Here are some of the key points I will try to cover and not in any special order except I will do the general information first.
Key points to cover –
General information
E-mail
File exchange
Web browsing
IM exchange
Buying online
Social media
There are some things you can go right away, some take a bit of work but are worth doing to give you a fighting chance to keep your data safe. For now I will leave you with one quick idea, it is easy but it does require some work. It is passwords, make sure you change them from time to time, and don’t use the same one for everything. Each site should have its own password, Ok you may be saying “well how to I keep track of them all?.” There are programs that will store them and are password protected as well. When it comes to passwords, lengths is not always what matters it is what letters/numbers are being used for the password. A nice rule of thumb is 10 characters with a mix of numbers letters and special characters, that being ($&#*) or a mix of others depending on your keyboard. Use at least three of them and don’t use thinks like your pet, home, kids, or real object names. Many times people will use a dictionary to scan for the names. If you want to do a bit of looking check out Steve Gibsons web site (grc.com) he has a nice write up on password storage programs.
Well that should keep you bust for a while – more to follow.
Recent Comments