Many of my fellow WordPress bloggers have contacted me and been chagrined that they can’t click on the “follow” button on my blog so they can see it in their email or reader or whatever. However, I don’t host my site on wordpress, therefore I don’t qualify for that button, which feels a bit discriminatory, but, whatever. I could add the code in easily enough; but, every time there’s an WP update or a widget update or whatever, I would have to redo everything. So, I’m here asking that you take a minute and just do the email follow. You only have to do it once and you’ll get all the alerts when I post. I’m not to the point that I’m putting out newsletters now, but with the fun future coming up, I hope to include that (we’re talking a couple of years down the road…shhh! more on that later). So, won’t you follow me the old-fashioned way? Please and thank you.
Author: CaszABrew
In The Weeds: Weekly InfoSec Round-Up 4-5-17
Really behind the power curve today; but, it’s still Wednesday in Pacific Time. And to help cure your hump-day blues (I sure needed this giggle) we’re going to start out with a not so serious clip.
Fashion and the hacker: https://hackaday.com/2017/04/01/ask-hackaday-which-balaclava-is-best-for-hacking/
Google Chrome brings down the smackdown on Symantec: http://boingboing.net/2017/03/24/symantec-considered-harmful.html
And I’m sorry, but when Apple stumbles I secretly do my woohoo dance. Most hackers seem to embrace open source, and Apple’s stifling proprietary stuff isn’t just tech-geek annoying, it’s toaster-user annoying. http://www.techrepublic.com/article/new-mac-desktops-on-the-way-apple-admits-its-mistake-with-pro-users/?ftag=TREe01923b&bhid=26093227954548321669490942282653
Talking with InfoSec specialists almost daily, I’ve learned that many of them are, depending on what hat they where, treading water to keep their organizations from negative cyber events (see I’m not saying attacks, only a government apparently can see an attack...see last week) while others seem to be twirling their villainous mustaches. This article confirms what I’ve suspected: http://www.cioinsight.com/security/recognizing-the-new-face-of-cyber-security.html
Meanwhile, A $200,000 bounty Google offered to hack its Android OS was not enough to tempt…
As in week’s past, feel free to leave a comment here about any of those articles. Let’s learn from one another. Okay, have pity on the noob and let me learn from you.
Have another great week InfoSec geeks. See you soon.
One Minute of Zen:
It’s loud, so you might want to view in silence if that type of noise is upsetting to you, but this is how the wind often blows in the Pacific Northwest’s shores. There’s something so soothing about watching the ocean waves lap onto the shore and rise back over to the sea once again. In and out. Ebb and flow. Good Zen moment for sure.
In The Weeds: A Noob’s Guide to Regaining Internet Privacy
The tech crowd is up in arms and they should be. Congress has effectively eliminated your ability to control your privacy online. All of your data, history, browsing preferences, conversations, etc. are now a commodity to be sold when the Republican-lead Congress repealed FCC Privacy Rules and passed SJ 34, legislation that gives free reign to corporations to mine your internet data. Trump still needs to sign and the legislation is scheduled to cross his desk in the coming weeks. It’s highly unlikely he’ll veto.
As a noob in the information security arena, I’ve not seen so much chatter and noise about one particular issue like this one. Many folks are speaking in terms and ideas that are far above what the general internet user knows. But I’m here to help you make it understandable. In a nutshell this repeal allows your Internet Service Provider (ISP), ala Comcast, Century Link, etc., to sell your internet browsing history to anyone they choose without your permission. And it doesn’t necessarily mean that it will be a money-making corporation that will be buying said information. Think 1984 meets Animal Farm meets The Man in the High Castle meets A Handmaid’s Tale. In the words of John Perry Barlow, “Relying on the government to protect your privacy is like asking a peeping tom to install your window blinds.”
So, I’m going to give you the Noob’s Guide to Regaining Your Internet Privacy.
Why should you be worried about this change to internet privacy?
The first risk is that Internet providers already have a track record of not keeping your information secure. It’s kind of like handing out your personal sensitive information right on a billboard for any one to find — hacker, criminal, thieves, etc.
Another risk is that currently your internet provider can only monitor a small slice of your browsing that isn’t encrypted. Allow me to explain a bit more, whenever you visit a site that starts with https (instead of just http), your ISP can’t see the contents of what you’re browsing. With this repeal, that goes away. They will be able to spy on all of it.
Third, the risk is that the ISP can follow up that monitoring by analyzing it and then inserting ads into your browser, which in turns opens up vulnerabilities, which hackers will easily find and exploit. And this is beyond what you see on Facebook, which only shows when you are in that application. This will appear no matter where you click, browse, and view on the ‘net.
In order to do the above — inserting ads into your browser — your ISP can also put in spyware, which we all know opens the door for malware. Malware can erase your entire internet presence as well as steal your sensitive personal information. Additionally, it can disable your hardware.
Now if all the above is not convincing you that you should be making plans to change how you exist in the cyber world, there’s still another risk you need to be aware of and that is Zombie Supercookies. Yes, it’s as scary as it sounds.
In order for the noobs in us to understand Zombie Supercookies, you have to understand what Web Cookies are and then understand Zombie Cookies. Once you get that, just reading the words Zombie Supercookies should strike the fear in you that it should. In short, Zombie Supercookies allow hackers to track you wherever you go. Wherever. Zombie Supercookies would work like this: the ISP tags your internet traffic with a unique ID. Then they can sell this information to others. Tools you’ve used in the past to avoid Zombie Cookies won’t work because this tracking tag is added after the data leaves your computer. And if the data exists, hackers can find it; they won’t necessarily have to buy it from the ISP.
In short, this repeal will not only mean your privacy is invaded, but that your security is at risk, since the two go hand in hand. ISPs storing more data, much of it sensitive, will become giant targets for hackers.
Cybersecurity disaster, right?
So how can you #resist against this?
If you’re not already making sure that the sites you visit have the “https” prefix in the URL, well, you’re already behind the power curve. So start there. With the repeal you won’t be invisible to ISP, but they will be able to see less of what you’re doing on a particular site.
Next, and likely the most powerful, but not a cure all to push back against this repeal is a little thing called Virtual Private Network, VPNs for short. When it was up for a vote I tweeted, then deleted, because I’m angsty like that, to get your investments in VPN services in place because people are going to need them. VPNs are on the front lines of mitigating the new reality once this repeal is the law of the land (just a few weeks from now), until, of course, we can vote in more reasonable people into office (more on that later). Therefore ,your first step is to invest in a Virtual Private Network service. A VPN will route all your traffic in a manner that makes it appear that you’re only ever connecting to one particular server — and the information gathering for your ISP stops there. Here’s a list compiled by PC Mag of the “best” VPN services. The service that I’m using is in that list.
Next you may want to consider using a couple of tools when browsing. I love the convenience of Google and all their well-loved and used bundled apps, but they are not above the threat of potential abuse, as they are a corporation that has shown they already have quite a bit of data on you and me, much like they do on Facebook. You can continue to use Google and Facebook, but then you may want to consider using something like the Electronic Frontier Foundation’s Privacy Badger I have been using that honey of a badger for a few months now. Google and Facebook’s ads are now very random. But, if you want to take your internet browsing to yet another level of privacy, you may consider using Tor to browse. This service dispenses your internet traffic through a conglomerate of tubes/tunnels, making it confusing and downright hard to track said traffic. It was a tech first developed by the Navy, but is now available to anyone. You can download Tor, by using this link here.
There’s a great article, too, from the folks at CloudWards on how to encrypt your hard drive if you want to really go into hardcore privacy protection. This is a comprehensive guide about not only how-to, but best practices whether you do Windows, mac, or Linux. Thanks to Laura from CloudWards for turning me onto this!
Lastly, and likely even more important, is the political moves you can make to regain your internet privacy. Start by calling your state congressional representatives and see if they can’t fight back against the federal lawmakers who sold out our privacy so a few corporations can make a few extra dollars. Minnesota has already decided to fight back, voting to bar internet service providers from selling their users’ personal data without express written consent. Today I heard rumblings in the Washington state #resist channels that my state is not far behind my Northern Great Lakes compatriots. Also, in the mid-term elections in November of 2018 you can call to task the reps and senators that voted for this repeal by voting them out of office. Between now and then you can work with or donate to groups like the Electronic Frontier Foundation, Fight for the Future, Access Now, the Center for Democracy and Technology, Public Knowledge, Free Press, and the ACLU.
Well, there you have it, your Noob’s Guide to Regaining Your Internet Privacy Back. From one noob to the other: here’s to getting our internet privacy back.
In the Weeds: Weekly InfoSec Round-Up 3-29-17
Man, what a week. We lost internet privacy in the U.S. Brexit is happening in the U.K. And now using the term Cyber Attack is under attack. Here take a look:
“Words matter,” said Thomas Rid, who teaches at the Department of War Studies at King’s College London. “Words affect intelligence operations; words affect military operations; words affect the behavior of allies and enemies. And of course words shape what lawmakers think and what laws are made. So if we’re not precise, we’re literally escalating a problem.” As a writer, I can hardly disagree. As Mark Twain said, “The difference between the almost right word and the right word is really a large matter. ’tis the difference between the lightning bug and the lightning.” https://apnews.com/2c25d7da76f4409bae7daf063c071420/What-makes-a-cyberattack?-Experts-lobby-to-restrict-the-term
Weak encryption and Brexit: “I can’t build an access technology that only works with proper legal authorization, or only for people with a particular citizenship or the proper morality,” writes security expert Bruce Schneier, CTO of IBM’s Resilient. “The technology just doesn’t work that way. If a backdoor exists, then anyone can exploit it.” http://www.bankinfosecurity.com/blogs/great-crypto-diversion-p-2435
VPNs and browsing incognito won’t save your internet privacy after U.S. House of Representatives vote: https://www.wired.com/2017/03/vpns-wont-save-congress-internet-privacy-giveaway/
Raspberry Pie + Mobile Phone = Zero Terminal: http://www.techrepublic.com/article/this-raspberry-pi-powered-linux-computer-packs-a-keyboard-and-display-into-a-phone-sized-case/?ftag=TRE684d531&bhid=26093227954548321669490942282653
Give your Instagram account an extra layer of security: http://www.techrepublic.com/article/how-to-enable-two-factor-authentication-on-instagram/?ftag=TRE684d531&bhid=26093227954548321669490942282653
As in week’s past, feel free to leave a comment here about any of those articles. Let’s learn from one another. Okay, have pity on the noob and let me learn from you.
Have another great week InfoSec geeks. See you soon.