W
Warl0ck
Basic Cyber Security
This information is provided on an as-is basis and is nowhere near complete. Call it basic security 101. I may have missed things as I wrote this off the top of my head but I will edit later if I remember something.
Securing Your Computer
- Patch your system immediately. Patches for Windows are released on the second Tuesday. For Mac it’s intermittent
Why: Patching fixes vulnerabilities that are commonplace in software. This is ongoing. When the company releases patches, hackers read what they're for and can exploit them on unpatched systems
- Remove all programs you don’t need. If you don’t use it, remove it. Just be sure the program you are removing isn’t required by the OS
Why: A program you aren’t using might have a vulnerability that could be exploited. Make your computing footprint as small as possible.
- Remove or update all software. One great free tool is https://www.flexerasoftware.com/ent...ility-management/personal-software-inspector/
Why: Flash and Java are the top vectors for your system to be hacked. It is incredibly easy to exploit a person with malware through Flash or Java. These programs are almost never updated.
- If you share the computer, create profiles for your kids & wife. Password protect each profile.
Why: This stops snooping and late night “shit did I log out of…”.
- Create an administrator account and do NOT give admin access to anyone. Something like 94% of all Windows breaches would have stopped if the user didn’t have default admin rights. If you want to install software, the user will be asked for the admin credentials. Have one person know that (you). NEVER SURF AS ADMIN or ANY ACCOUNT WITH ADMIN RIGHTS
WHY: Most malware is given the same rights as the user it infects. If you’re administrator you’re “God” so the Malware is good. If you’re just a standard user infection is more difficult. This is the number 1 flaw in Windows computers.
- If possible purchase a solid and paid antivirus or computer security package. If you cannot, consider free anti-virus like AVG.
Why: Obvious reasons
- Do not leave your computer turned on and connected to the internet unless you are sitting in front of it.
Why: A person may remotely connect to it. If it’s on and you’re not at it they could turn on your mic or your webcam and watch you. Check out Shodan, a search site filled with baby cams, etc that are insecure.
- Cover your webcam with tape
- Cover your microphone with tape
Why: See Above
- Many new computers come with what techs call “bloatware”. It’s free software installed on the new system. Have your tech remove this.
Why: This software also needs to be updated and if it’s not it can be exploited. It’s also not paid attention too.
- Choose HP or Dell versus Lenovo. Why? http://www.thetechforum.co.uk/index.php?topic=3860.0
Why: A company that sells a computer that’s “infected” is not a company you can trust
- When possible use a wired connection versus a wireless connection
Why: Wired is inherently more secure than wireless. Wireless is a promiscuous system.
- Do not click on ANY link you don’t trust no matter how enticing.
Why: They may contain payload (malware or ransomware)
- For shortened URLs use this http://checkshorturl.com/
- Do not connect your laptop to any public wireless even if a password is issued. If you must use public wireless use a VPN purchased from a trustworthy source
Why: Wireless is inherently insecure, but if you are sharing a connect it’s very easy for someone else to see what’s on your computer. It’s also somewhat common for a hacker to walk into a Starbucks, turn on his computer and broadcast an SSID (Free Wireless). You connect to it but you’re connecting to his machine. He captures your data. This is surprisingly easy.
Router Security
This link contains a good solid explanation of router security. If you are not sure what this is you might call it “your wireless”. It might also be combined with your cable or DSL modem. http://www.routersecurity.org/
Why: The router protects you from the internet.
Smart Phone Security:
The smart phone is the weakest link in technical security (outside of the human). Your smartphone probably contains more personal data about you than your computer does.
- Password protect the device. Put in as many characters as possible. For iPhone change it from 4 digits to 6 digits.So
- Set the phone to “wipe” after 10 unsuccessful logins. If the phone is lost & someone finds it will wipe your data after they attempt to log in 10 times.
- Consider an app like Anti Thief which will take a photo of someone trying to log into your phone
- Consider an app that lets you find your phone using its GPS
- Turn off the GPS if possible. If you cannot do not allow the GPS access to photos (especially important for SPs)
- Backup the phone to the Cloud or a laptop.
- Do not connect your photo to free wireless.
- If the phone has the option, encrypt it. iPhone encrypts when you apply a password.
- Set the phone to lock immediately or within a minute.
- Apply all patches to your phone. NOTE: This can be problematic with some Android phones as updates aren’t issued in a timely manner.
- Wiping your phone does not mean the data is gone. There are simple to use freeware tools to recover that data. You need to either burn your phone or pulverize it. Companies offer these services.
- Is Mac more secure than Windows? Strictly speaking coming out of the box yes. In practicality, it’s the opposite. Mac users can be cavalier and believe they’re safe. So they often forget some of the safeguards for safe computing.
- What’s better Android or iPhone? From a security point I’d give the win to iPhone. There are two problematic issues with Android. The first is that apps are often installed from places other than the Google Store. These apps can carry a payload. Apple vets all the apps it sells so it’s harder but not impossible to get infected. If you’re going to use Android the first choice should be all things Google (Nexus or the Pixel).
- Don’t recycle passwords. If you use the same email/password combo at multiple sites, then if your hacked your credentials can be used everywhere.
- Why should I care? Because your personal data is the new currency. For example, a person can hack a site then sell the usernames and passwords to anyone willing to pay.
- Always use complex passwords.
- Is the NSA spying on me? No. All their black vans are parked outside of my house.
- Is my wife spying on me? Most definitely.
**How would I know if I'm getting hacked** You probably won't. But, surf over to canarytokens.com & download a MS Word or PDF token. Save it to your hard drive & rename it to something that would entice a snoop (like passwordlist.doc). Place it on your computer in plain view. If someone opens it it sends a note to your email (silently) to advise you it was opened.
Last edited:
