The Firing Line Forums

Go Back   The Firing Line Forums > Forum Support > Site Questions and Tech Support (NO FIREARMS QUESTIONS)

Reply
 
Thread Tools Search this Thread
Old July 22, 2009, 09:26 PM   #1
tyme
Staff
 
Join Date: October 13, 2001
Posts: 3,309
**Web and Browser Security**

Browser and Mobile (phone/tablet) privacy

The NSA (along with affiliates and competitors) is known to monitor communications of all kinds. Protect your privacy with good encryption software. Make sure websites you visit are encrypted (look for a green padlock next to the url bar), especially if you log into them. Use encrypted communication apps like Signal or Whatsapp whenever you can.


Keep your software and operating system up to date. Avoid buggy software

Don't install more software than you really need, and keep everything you have up-to-date. Especially web browsers (they auto-update, and if you've disabled that, you probably shouldn't have). Especially software that you use to read documents you get from the internet, like Adobe Acrobat Reader and MS Office (or LibreOffice). If you have Flash or Java installed, those need to be kept up to date too. Video players, audio players, codec packs... they all need to be kept up to date.

Don't install additional antivirus software unless you really need it. It sounds strange, but antivirus software itself can make your computer more vulnerable to malware, and it tends to make your computer much slower than Microsoft's AV does. Microsoft's built-in Windows Defender is the sweet spot in most cases. Seriously.

If you suspect a malware infestation in Windows, running multiple scanners gives you the best chance of catching the malware. Malwarebytes is a good free antivirus to use in addition to Windows's built-in antivirus. The MalwareBytes Forums provide help diagnosing suspected malware problems.


OS & Browsers
You shouldn't be running Windows XP on an internet-connected computer. If you're running Windows 7, you should be planning to upgrade to Windows 10 in the near future. Windows 10 may have some minor privacy issues, but it's better at keeping your computer from getting hacked. Extended support for Windows 7 ends in January 2020.

Firefox and Chrome/Chromium are both good.


Browser Extensions

Recommended extensions (you can find them by googling the browser name and the extension name together):
  • µBlock origin (for Chrome or Firefox)
  • Cookie Autodelete (Firefox)
  • Vanilla Cookie Manager (chrome) is slightly less capable, but the same sort of thing as FF's Cookie Autodelete

    For fine-grained blocking of different types of content (particularly scripts, frames, xmlhttprequests, cookies) based on request and target domain, try one of these:
  • uMatrix (Chrome or Firefox)
  • Noscript (firefox)

    For best security, but at the expense of some additional hassle, enable uMatrix or Noscript blocking globally, then whitelist individual sites that need javascript/plugins, and that are important to you, as you run across them.


Email Security

Access to your email account allows password resets for most sites you register with. It's imperative that you try to keep your email account secure. Don't reuse your email account password(s) or banking password(s). If you've reused your email password somewhere else, and that "somewhere else" site gets hacked, and the attacker gets your password from it, they can now login to your email account. Since access to your email account allows resetting your passwords at most other sites (including ecommerce sites), it's critical that you take email account passwords as seriously as you take banking or financial information.

Most email providers also now provide 2-factor authentication. It might be codes sent via SMS to your phone, or a code or 2d barcode you scan into an app on your phone that can then, without using SMS, generate codes you type in in addition to your username and password. More on 2-factor later.

Gmail, Hotmail/Outlook.com, and Yahoo all now support SSL encryption by default. If you use some other email provider and it doesn't support SSL, it's crap, and you should move to a security-conscious email service. Without SSL, the NSA or anyone else who can listen in on network traffic between you and the email service can read all your email. The greatest risk is when you're on public wifi or some other kind of untrusted network connection.

DO NOT FALL FOR EMAIL SCAMS.

How do you recognize a scam? Does an email make you afraid or nervous or otherwise emotional? Does it claim there's some problem and encourage you to rush to solve it? Does it present an attachment or link and entice you to open it? If so, assume it's fake and do not click on any links in the email, and do not open any attachments, until you can confirm it came from who it says it's from.

***What do email scams look like?***

Example of an Email Scam
If you receive an email like that, the sender's email account has been hacked.

Make sure your email account has recovery options (usually an alternate email -- make sure you take the security of the alternate account seriously, too! -- or a mobile number for using SMS to recover the account, or a recovery code -- Hotmail/Outlook.com offers those. Print recovery codes if they're offered, and put them in your bank safe deposit box. That's in case you lose your password and your phone (for 2-factor), or if the account gets hacked and you need a way to prove you're the real owner.


2-Factor Security

Important services like email and banking, and even less important services, often have the option of 2-factor security. This means either an app on your phone will generate a code each time you want to log into the site in question, or the site will text message you a code.

Either option is far more secure than just using a password, but be aware that text messages aren't as secure as you might think. Clever hackers can call your phone company, impersonate you, get your phone number routed to their phone, and then receive your SMS 2-factor code. Mobile apps that generate codes offline are the best 2-factor option, but not all sites offer it. If they do, it may be listed as "TOTP 2-factor" or app-based 2-factor. Go to your mobile device's app store and search for 2-factor. Duo Security and Authy both offer decent apps, but be aware Authy does (or used to, at least) backup your encrypted 2-factor secrets to the cloud. If you're not tech savvy you might need some help setting the first few 2-factor accounts up.

Alternative 2-factor access methods are important, too. You don't want to be locked out of a site forever if you lose your phone. Think about that. But also make sure the alternatives are reasonably secure. One option is to keep an old phone or tablet around and add all your 2-factor accounts to both your current and your older devices, but that won't help if there's a natural disaster or theft and both devices are taken. Another option is to write down the 2-factor seeds on paper and store that in a safe deposit box. It's a hassle, but getting your accounts compromised or losing access to an account because your phone died are even bigger hassles.

There's a much better 2FA security solution, called U2F (universal 2-factor), by the FIDO alliance, but it typically involves an extra hardware dongle that you have to pay for. If you don't mind that, you probably already know about them, but here are Yubico's variants (disclaimer: I do not work for, nor have any financial interest in Yubico; there are a few other companies that make similar products, but Yubico is probably by far the most well-known):
https://www.yubico.com/products/yubi...pare-yubikeys/


Password Management
Password management is important because, if you're *not* reusing passwords between sites, you will have a ton of passwords, more than most people can remember. And, if you *are* reusing your passwords, that's bad... a hack of one site can get your password leaked and then your accounts with the same password at other sites can be compromised.

Commercial password managers with cloud backup include LastPass (some features free, the other features plus mobile client support cost $24/yr) and 1Password, Bitwarden (open source, but the company's cloud sync service costs a little $), and Dashlane.

I recommend using KeePassXC and using sync or backup software to keep a very recent copy backed up to the cloud. As long as your KeePassXC master password is strong, the password database file can't be realistically cracked, so there shouldn't be too much risk involved in syncing that password file to the cloud.

If you don't care about cross-platform support so much, there are lots of other keepass variations (it's open source, and there have been a bunch of clones from the original keepass). KeePass 2.x is a C# app that can run in linux using Mono. There are additional KeePass derivatives listed on Wikipedia. Keep in mind there are keepass 1.x format data files, and keepass 2.x format data files, and keepass 1.x derivatives won't read 2.x data files. KeePassXC is derived from 1.x, so it will not read 2.x data files (afaik).


Other Security Measures

If you don't have Windows 10 yet, or you don't keep it up to date, Microsoft EMET is good, but not for the faint of heart. https://aka.ms/emetdownload
If you have up to date Windows 10, Microsoft has integrated EMET features into it. That's one of several reasons why Windows 10 is more secure than Windows 7 or 8.

Sandboxing applications with containers (in linux) or with a program like Sandboxie in windows is good. Running untrustworthy software in a VM is better. The best solution, while not for the faint of heart, is to use an advanced OS that does good security isolation within one coherent OS interface... like Qubes OS.

There are some miscellaneous security-related (and some not-so-security-related) links, many of which are now broken or outdated but perhaps historically interesting, at software tools and sites in the TFL library.



Backups

Like password management, backups are critical for you to set up and use on any computer where you store anything you can't afford to lose. What happens if your entire computer gets fried? What happens if your house gets demolished by a falling defunct Russian or Chinese satellite (while you aren't home, hopefully)?

Make sure all your critically important files are within whatever directories are being backed up.

Network backup devices, like Apple's TimeMachine, Synology's lineup, QNAP's lineup, Drobo's lineup, etc, are good, but they're going to tend to be in the same place as your computer most of the time. It'll save you if your computer's disk dies, but what if there's a fire, a natural disaster, lightning strikes and fries both computer and NAS, or if someone steals all electronics in your home or office? That's why cloud backup can be very important even if you backup to a NAS device.

Crashplan has left the personal backup business, but you can pay slightly more for their small business plan. Backblaze has a $5/mo cloud backup offering. You can roll your own with software like Cloudberry (beware, it can be buggy, so test restoration) or Duplicati (open source, and free, but also buggy), but you'll need a cloud storage provider like AWS S3, Google Storage, Microsoft OneDrive, Backblaze B2, etc. Whatever cloud backup software you use, read its documentation to see what cloud storage providers it supports.

Whatever cloud storage provider you choose, if you're backing up anything private, make sure your backup software encrypts your data before sending it to the cloud. Cloud providers cannot be trusted not to read your data.


Computer Hardware

Most mainstream computers are affected by hardware flaws disclosed in January 2018 ("Meltdown" for intel processors only; "Spectre v1" and "Spectre v2" for almost everything). Keep your OS up to date to minimize risk!

Hopefully by 2019 there will be newer chips that don't suffer from these problems.
__________________
“The egg hatched...” “...the egg hatched... and a hundred baby spiders came out...” (blade runner)
“Who are you?” “A friend. I'm here to prevent you from making a mistake.” “You have no idea what I'm doing here, friend.” “In specific terms, no, but I swore an oath to protect the world...” (continuum)
“It's a goal you won't understand until later. Your job is to make sure he doesn't achieve the goal.” (bsg)

Last edited by tyme; February 28, 2015 at 12:02 PM.
tyme is offline  
Old October 17, 2009, 11:23 AM   #2
Bud Helms
Staff
 
Join Date: December 31, 1999
Location: Middle Georgia
Posts: 13,155
Good post, tyme. I just noticed it.
__________________
"The irony of the Information Age is that it has given new respectability to uninformed opinion." - John Lawton, speaking to the American Association of Broadcast Journalists in 1995
Bud Helms is offline  
Old March 12, 2010, 11:16 AM   #3
Te Anau
Senior Member
 
Join Date: June 17, 2004
Location: Somewhere south of the No
Posts: 3,824
A lot of the above (and in the security link) is great info but well beyond the scope of your "average" computer user. If I know someone who is having computer issues I recommend the following.

1.Open "My computer", go to your "C" drive and right click on properties. Click on tools and schedule an error check after checking both boxes to automatically fix errors and scan for and attempt recovery of bad sectors. Restart your computer and let scan commence.

2.Go to www.cnet.com and download Malwarebytes. Install program, check for updates and run full scan. Manually check for updates about once a month and manually run a full scan weekly.

3.Go to www.cnet.com and download "Super anti-spyware free edition". Install program, check for updates and run full scan. Manually check for updates about once a month and manually run a full scan weekly.

4.Go to www.free-av.com and download Avira AntiVir as your free anti virus program. Install, check for updates and run full scan. This program will monitor your computer as you surf and if set up correctly will automatically download updates. Run scan at least every week.

5.Go to www.cnet.com and download "CCleaner". Install program, leave on default settings with one exception. Go into the settings area and check one of the boxes for secure file deletion. I use and recommend 3 overwrites. This program should be run weekly and will remove a tremendous amount of garbage from your typical "abused" home computer.
__________________
"Patriotism is supporting your country all the time, and your government when it deserves it." --American author Mark Twain (1835-1910)

Last edited by Mal H; March 12, 2010 at 11:48 AM. Reason: Edited format
Te Anau is offline  
Old March 12, 2010, 12:29 PM   #4
Brian Pfleuger
Moderator Emeritus
 
Join Date: June 25, 2008
Location: Austin, CO
Posts: 19,339
Quote:
Originally Posted by Te Anau
If I know someone who is having computer issues I recommend the following.
I used to do all that too, well, if they refused to buy a Mac, which is the best solution but nowadays, Microsoft Security Essentials handles virtually all of those tasks, does it pretty well and is also free. You're right about the disk scan part too, most people never do that.



The correct answer is still "Buy a Mac" but some people are slow to listen.
__________________
Nobody plans to screw up their lives...
...they just don't plan not to.
-Andy Stanley
Brian Pfleuger is offline  
Old March 12, 2010, 05:07 PM   #5
Te Anau
Senior Member
 
Join Date: June 17, 2004
Location: Somewhere south of the No
Posts: 3,824
Quote:
The correct answer is still "Buy a Mac" but some people are slow to listen.
They're too expensive and the amount of freebies is muuuuuucccchh smaller then that available for Windows machines.I guess new Macs may run some windows stuff. Still too much $$$$$ however.
__________________
"Patriotism is supporting your country all the time, and your government when it deserves it." --American author Mark Twain (1835-1910)
Te Anau is offline  
Old October 7, 2010, 05:32 AM   #6
Jimmy10mm
Senior Member
 
Join Date: June 16, 2010
Location: Greenacres, FL
Posts: 933
Quote:
They're too expensive and the amount of freebies is muuuuuucccchh smaller then that available for Windows machines.I guess new Macs may run some windows stuff. Still too much $$$$$ however
There is also Linux. I run Ubuntu on a PC at home and another at work. I haven't spent a dime on anything but hardware in years.
Jimmy10mm is offline  
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 10:48 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2018, vBulletin Solutions, Inc.
This site and contents, including all posts, Copyright © 1998-2018 S.W.A.T. Magazine
Copyright Complaints: Please direct DMCA Takedown Notices to the registered agent: thefiringline.com
Contact Us
Page generated in 0.05875 seconds with 7 queries