Security precautions outside your own space

This is for all discussions related to IT and technology. Hardware, software, programming, it all goes here.
Post Reply
User avatar
Valerion
Alpha Wolf
Posts: 2803
Joined: Fri Apr 11, 2008 8:50 pm
Gender: Male
Sexual preference: Gay
Species: Werewolf
Region: Gauteng
Location: ::1
Contact:

Security precautions outside your own space

#1

Post by Valerion »

After my post here, I was wondering what security precautions people take to secure their own communications channels. Or what you do to protect your own private space, especially your home.

Quoting from there:
The big takeaway here is that you always need to be prepared and alert. If you are using someone else's infrastructure, there are several tricks they can pull to gain access to your information. If you cannot trust them (e.g. coffee shop, hotel, etc.) the best is to always use a VPN, or to always use encrypted (SSL) sites when typing in passwords and similar. Assume they can read what you do, and do all the needed encryption and security on your end.

If you cannot trust your workstation (e.g. internet cafe) then most bets are off. Keep this in mind and change your passwords when you return to a trusted computer. Never leave a VPN or SSH or similar key on such a device.

Proper 2-Factor or multi-factor authentication is a real bonus here, as it renders your password in isolation useless.
Post your thoughts here, and let's see what we can do to raise awareness. Just be extremely careful of the Dunning-Kruger effect. IT security in particular suffers from this.
User avatar
Rakuen Growlithe
Fire Puppy
Posts: 6718
Joined: Tue Apr 01, 2008 2:24 pm
Gender: Male
Sexual preference: Bi
Species: Growlithe (pokemon)
Region: Other
Location: Pretoria
Contact:

Re: Security precautions outside your own space

#2

Post by Rakuen Growlithe »

Well when I browse I nearly always use Firefox and I've set up to hopefully protect against basic stuff. Javascript is disabled by default. Cookies have to ask permission (and I only allow sites I need to input information or, if it's something that probably needs to store something but not a login then I only allow cookies to last a session). Flash was disabled until the plugin and Firefox version became incompatible. Firefox tells sites no tracking cookies and I've got an extension that can detect and block tracking cookies. Got extension to force HTTPS according to sets of rules but I've already bookmarked the HTTPS versions of sites I use regularly.

I figure that should stop the common browser threats. It certainly stops some sites from working at all... Then I either have to go enable the javascripts on that page one-by-one, according to which looks most likely to be important, or I just load the page in Chromium/Chrome.

Also I don't connect to random Wi-Fi when I'm out. It's always either been my home network, family/friend's network, University/work network or, in unavoidable cases, hotel/B&B where I know they are supposed to be providing Wi-Fi.
"If all mankind minus one, were of one opinion, and only one person were of the contrary opinion, mankind would be no more justified in silencing that one person, than he, if he had the power, would be justified in silencing mankind."
~John Stuart Mill~

“Give me the liberty to know, to utter, and to argue freely according to conscience, above all liberties.”
~John Milton~
User avatar
Fluke
Tyrant's Eye
Posts: 1564
Joined: Mon Sep 20, 2010 12:47 am
Region: Other

Re: Security precautions outside your own space

#3

Post by Fluke »

No reason for me to care about that stuff really.
User avatar
Rakuen Growlithe
Fire Puppy
Posts: 6718
Joined: Tue Apr 01, 2008 2:24 pm
Gender: Male
Sexual preference: Bi
Species: Growlithe (pokemon)
Region: Other
Location: Pretoria
Contact:

Re: Security precautions outside your own space

#4

Post by Rakuen Growlithe »

Fluke wrote:No reason for me to care about that stuff really.
Because you just don't use the internet? Think you might be lying there.
"If all mankind minus one, were of one opinion, and only one person were of the contrary opinion, mankind would be no more justified in silencing that one person, than he, if he had the power, would be justified in silencing mankind."
~John Stuart Mill~

“Give me the liberty to know, to utter, and to argue freely according to conscience, above all liberties.”
~John Milton~
User avatar
Valerion
Alpha Wolf
Posts: 2803
Joined: Fri Apr 11, 2008 8:50 pm
Gender: Male
Sexual preference: Gay
Species: Werewolf
Region: Gauteng
Location: ::1
Contact:

Re: Security precautions outside your own space

#5

Post by Valerion »

Fluke wrote:No reason for me to care about that stuff really.
As long as you don't like having money, and like people posting under your name, sure.

Why don't you send me your signature on a blank page and your ID? Won't use it for too long ...
User avatar
Faanvolla
Plaas Brak
Posts: 1961
Joined: Thu Jun 21, 2012 12:55 am
Gender: Male
Sexual preference: Gay
Species: Dog (Vampire)
Region: Western Cape
Location: Stellenbosch
Contact:

Re: Security precautions outside your own space

#6

Post by Faanvolla »

I've throught about doing something like that a few times, but every time I realize I have exactly no idea how any of that works, and then I just don't.

I never really use my laptop on a connection other than my one at home or my phone's hotspot.
I do use my phone on other connections though, sometimes, although I'm not sure if one even can do something more to protect it (iPhone).
Seize the day, not your bearings.
Steam, Rockstar SocialClub, Uplay, Battlenet: Faanvolla#2539, Telegram: @Faanvolla
Switch Code: SW-0054-4917-1029
DeviantArt,Furaffinity,SoFurry, Weasyl, FurryNetwork
ProfilePic by hanimetion
Leeward
Recalcitrant Ruminant
Posts: 7036
Joined: Wed Mar 19, 2014 10:23 pm

Re: Security precautions outside your own space

#7

Post by Leeward »

I have a few n00b questions, since you guys seem to know your stuff:

(1) What can a malicious user do with your information once they've violated your security? (i.e. "Why should I care?") I know there is such a thing as identity theft, but how far can that go?
(2) How easy/possible is it to obtain enough information for malicious use?
(3) How does one reverse such a violation?
(4) Is common sense enough to avoid making yourself a target?
(5) Is it really worth the hassle of having to enable scripts manually to have pages work normally?
(6) Why isn't such security a standard feature that doesn't turn all but the most advanced users into sitting ducks?
User avatar
Rakuen Growlithe
Fire Puppy
Posts: 6718
Joined: Tue Apr 01, 2008 2:24 pm
Gender: Male
Sexual preference: Bi
Species: Growlithe (pokemon)
Region: Other
Location: Pretoria
Contact:

Re: Security precautions outside your own space

#8

Post by Rakuen Growlithe »

Leeward wrote:(1) What can a malicious user do with your information once they've violated your security? (i.e. "Why should I care?") I know there is such a thing as identity theft, but how far can that go?
(2) How easy/possible is it to obtain enough information for malicious use?
(3) How does one reverse such a violation?
(4) Is common sense enough to avoid making yourself a target?
(5) Is it really worth the hassle of having to enable scripts manually to have pages work normally?
(6) Why isn't such security a standard feature that doesn't turn all but the most advanced users into sitting ducks?
Valerion can probably give much better answers but I'll give it a shot anyway.

1) All sorts of things. If they're trying to steal stuff and you ever use internet banking or any account then they could use your money to buy things or empty as much of your account as possible. If you had naked photos of yourself they could steal those and post them online or email them to your boss and co-workers. They could just delete everything on your computer which means you could lose all photos or music or whatever isn't backed up.

2) I think there are tools that are available that make it a lot easier than one might expect.

3) Depends what it is. If they deleted your files you can try recover them. There was a scam where a virus encrypts your files instead and then you have to pay for the unlock code (assuming they will actually know or give it). Recovering from both of those can be very difficult (and expensive) to practically impossible. If it's money you would have to talk to the bank, who could probably reverse it but it will be a lot of effort, just like having your card stolen.

4) It'll make you safer. Just like you're less likely to be mugged walking in a good neighbourhood then dark alleyways in a slum. None of it is a guarantee though.

5) Most pages don't need them. Also if it's a site you use a lot you just put it on a whitelist. Plus blocking ads and all those stupid things can sometimes be quite nice. It probably depends what all you do online.

6) Probably because people are lazy. Every extra bit of security is an extra inconvenience. Compare how easy it is to walk through doors inside your home than when you enter or leave and need to lock or unlock everything. It'll depend for each person where they want to trade off convenience for security. There are pushes to improve security online though.
"If all mankind minus one, were of one opinion, and only one person were of the contrary opinion, mankind would be no more justified in silencing that one person, than he, if he had the power, would be justified in silencing mankind."
~John Stuart Mill~

“Give me the liberty to know, to utter, and to argue freely according to conscience, above all liberties.”
~John Milton~
User avatar
Fluke
Tyrant's Eye
Posts: 1564
Joined: Mon Sep 20, 2010 12:47 am
Region: Other

Re: Security precautions outside your own space

#9

Post by Fluke »

Rakuen Growlithe wrote:
Fluke wrote:No reason for me to care about that stuff really.
Because you just don't use the internet? Think you might be lying there.
I do use the Internet, obviously. No need for snarky remarks.

I just don't use it for anything illegal. That would be dumb, it's completely public.

Sure everyone has something to hide on the Internet, some have more to hide than others or some have more reason to hide certain stuff than others.
I don't really, apart from banking details obviously, I don't see why I have much reason to be paranoid.
Leeward
Recalcitrant Ruminant
Posts: 7036
Joined: Wed Mar 19, 2014 10:23 pm

Re: Security precautions outside your own space

#10

Post by Leeward »

One last question, related to Fluke's point: is paranoia really warranted when you have nothing to hide? If you don't put anything personal online and are sure you don't have a keylogger or some other snoopy malware, do you really have to worry about somebody sniffing out your Internet banking password? Sure if somebody "hacked" my Google account they would find my CV or some signed document in my Drive, but what can a malicious user do with that that a potential employer (who would also have it) can't?

Also what are the chances that out of all the denizens of the Internet, somebody would target you? If you're a high-profile person or somebody has a vendetta against you I understand, but otherwise who would bother?
User avatar
Rakuen Growlithe
Fire Puppy
Posts: 6718
Joined: Tue Apr 01, 2008 2:24 pm
Gender: Male
Sexual preference: Bi
Species: Growlithe (pokemon)
Region: Other
Location: Pretoria
Contact:

Re: Security precautions outside your own space

#11

Post by Rakuen Growlithe »

You shouldn't be listening to Fluke. He might know about hardware but he's got a really weird way of looking at security. Just because you have nothing to hide doesn't mean you have nothing to protect or no reason to use security. Listening to his line of thinking would say because he's not in a gang there's no reason to be on the lookout for criminals. Some crimes are targeted at specific individuals. You won't need to worry about that. Other crimes are opportunistic and everyone is at risk. That's why you need to think about security.

What could someone do? Perhaps you missed the Sony hack in the news? Part of that was the email leak which revealed private comments that wound up getting a lot of people embarrassed/in trouble. Maybe that's not an issue either. But since you could have your whole hard drive deleted, if an attacker is particularly malicious, unless you can say it wouldn't matter if everything was deleted you have a need for security.

Who would target you? You're approaching this the wrong way. It's not about targeting you specifically. It's about blanket targeting weak spots. Have you ever received a spam sms or an email from a Nigerian prince? You've already been targeted, at least in the early sniffing out phase. Why do you think this forum has an image capture, "are you a bot?" question and needs admin approval for registration? Because it's constantly targeted. Do you use SoFurry, InkBunny, Weasyl or FA, all of which were hit by a DDoS a few weeks ago? Then you were one of the targets. Or perhaps you use XBox Live or the Playstation network, both of which were taken down over Christmas. Again, targeted. It's not you as an individual but you are already targeted and there are already people looking for weak spots automatically.
"If all mankind minus one, were of one opinion, and only one person were of the contrary opinion, mankind would be no more justified in silencing that one person, than he, if he had the power, would be justified in silencing mankind."
~John Stuart Mill~

“Give me the liberty to know, to utter, and to argue freely according to conscience, above all liberties.”
~John Milton~
User avatar
Fluke
Tyrant's Eye
Posts: 1564
Joined: Mon Sep 20, 2010 12:47 am
Region: Other

Re: Security precautions outside your own space

#12

Post by Fluke »

Why would I need to drive around in an APC when I only go around safer areas of Cape Town? Would you really need an armoured car in the Cavendish parking lot?
I still lock my doors and don't stop for strangers, but I don't drive a tank.

I have been on very few sites that don't support https (I guess this is the only one) and up-to-date SSL certs. (heck, your browser would identify that anyway immediately. Not to mention the server it's running on).

And DDoS doesn't count as hacking, it really doesn't lol. Also in that same point you said that they blanket attack multiple people, but you listed very high-profile targets as an example. Same thing goes for the TOR network. Bunch of idiots decided to break the golden rule of it still staying up and are going after individual node IPs. It's like the kids in school who ruin a school tradition by telling the teachers the exact details of it. Besides, any data I would put onto public profiles or sites like that is extremely minimal.

And even then, what are they gonna do with my private messages on my phone - try and embarrass me? I'm just not sure who'd they show that to to make me embarrassed. I can imagine someone with certain kinks or fetishes or maybe even illegal sexual interests would be much more worried however.
User avatar
Sev
Superbike Snow Leopard
Posts: 6596
Joined: Thu Mar 06, 2014 9:27 pm
Gender: Male
Sexual preference: Gay
Species: Snow Leopard
Region: Western Cape
Location: A Twisty Road

Re: Security precautions outside your own space

#13

Post by Sev »

Fluke wrote:Besides, any data I would put onto public profiles or sites like that is extremely minimal.
Like setting your region to "Other" when we all know that you live in Cape Town?
User avatar
Fluke
Tyrant's Eye
Posts: 1564
Joined: Mon Sep 20, 2010 12:47 am
Region: Other

Re: Security precautions outside your own space

#14

Post by Fluke »

Sev wrote:
Fluke wrote:Besides, any data I would put onto public profiles or sites like that is extremely minimal.
Like setting your region to "Other" when we all know that you live in Cape Town?
That's a basic example, but yeah. I don't give out gender, birthday, actual email etc. Unless it's a forum/site that I trust. Which then again could be said to be dangerous to trust certain sites over others.
User avatar
Rakuen Growlithe
Fire Puppy
Posts: 6718
Joined: Tue Apr 01, 2008 2:24 pm
Gender: Male
Sexual preference: Bi
Species: Growlithe (pokemon)
Region: Other
Location: Pretoria
Contact:

Re: Security precautions outside your own space

#15

Post by Rakuen Growlithe »

Fluke wrote:And DDoS doesn't count as hacking, it really doesn't lol. Also in that same point you said that they blanket attack multiple people, but you listed very high-profile targets as an example.
I never said DDoS was hacking. It is a type of cyber attack though. Some targets were high-profile. Others were not. You can discount the high-profile examples if you want, assuming you don't ever use those services. But since you're a gamer you almost certainly use Steam. Steam would be a high profile target but if someone hacked it, screwed with the database and you lost all your games and the money you spent on them, I think you consider it to have effected you.
"If all mankind minus one, were of one opinion, and only one person were of the contrary opinion, mankind would be no more justified in silencing that one person, than he, if he had the power, would be justified in silencing mankind."
~John Stuart Mill~

“Give me the liberty to know, to utter, and to argue freely according to conscience, above all liberties.”
~John Milton~
User avatar
Fluke
Tyrant's Eye
Posts: 1564
Joined: Mon Sep 20, 2010 12:47 am
Region: Other

Re: Security precautions outside your own space

#16

Post by Fluke »

Rakuen Growlithe wrote:
Fluke wrote:And DDoS doesn't count as hacking, it really doesn't lol. Also in that same point you said that they blanket attack multiple people, but you listed very high-profile targets as an example.
I never said DDoS was hacking. It is a type of cyber attack though. Some targets were high-profile. Others were not. You can discount the high-profile examples if you want, assuming you don't ever use those services. But since you're a gamer you almost certainly use Steam. Steam would be a high profile target but if someone hacked it, screwed with the database and you lost all your games and the money you spent on them, I think you consider it to have effected you.
Yet there is nothing I can do to stop that from happening, so my original point still stands for me.
Leeward
Recalcitrant Ruminant
Posts: 7036
Joined: Wed Mar 19, 2014 10:23 pm

Re: Security precautions outside your own space

#17

Post by Leeward »

I hate to sound flippant but I tend to agree with Fluke; if there's nothing you can do about it, why bother putting up a glass fence? You're just making your life difficult.
User avatar
Kangee Gold
Posts: 87
Joined: Sun Aug 16, 2015 9:06 pm
Gender: Male
Sexual preference: Bi
Species: Raven
Region: Gauteng

Re: Security precautions outside your own space

#18

Post by Kangee Gold »

My security solution is pretty simple.

I simply don't log into anything unless I'm on my own personal PC at home. On my phone or internet at other places I flat out don't use websites that require a login.

At home I have a full Internet Security package installed, and my router is firewalled.
Quick! Somebody chew on my nipples or we're all gonna die!
Post Reply