Browsed by
Month: March 2016

3DSC BONUS DAY: INFOSEC RESOURCES

3DSC BONUS DAY: INFOSEC RESOURCES

The Thirty-Day Security Challenge has come to an end.  Let’s quickly rundown what we covered: in week one we focused on securing your local machine.  You updated it, set up standard user accounts, did a security and privacy checkup, and scanned it with antivirus and antimalware.  Week two brought password managers, the first of Account Security Tuesdays, and internet browser security.  The fourth week introduced two-factor authentication, VPNs, and smartphone security.  During the fourth we week shifted to some personal…

Read More Read More

3DSC Day 30: Recruit Others

3DSC Day 30: Recruit Others

Today is the final day of the Thirty-Day Security Challenge!  To round out the Challenge I am going to issue another on-going task: recruit others to use encryption and increase their security.  Some of you have probably been doing doing this throughout.  There are plenty of good reasons to recruit others. Increase your own security.  A majority of your messaging probably occurs with just few other people.  These people are your “inner circle”.  They are your closest friends and family…

Read More Read More

3DSC Day 29: Unique Usernames

3DSC Day 29: Unique Usernames

Today is the final “Account Security Tuesday” in the Thirty-Day Security Challenge!  Today I challenge you to create unique usernames for all your online accounts.  Like changing passwords and adding two-factor authentication, you don’t have to do this all at once.  Do it one account at a time, at normal logins.  Why does this matter as a security measure?  There are several reasons: If someone is targeting your account, he or she has to know where to begin.  If my…

Read More Read More

3DSC Day 28: Backup Your Files

3DSC Day 28: Backup Your Files

In January I suffered a catastrophic malfunction of my main hard drive.  After returning from a work trip I settled in to check email only to find my computer unwilling to boot.  This is not the first time I have broken a computer.  Fortunately this time I was prepared.  The step that saved me in this instance is today’s task: backup your files. Local Backups:  Local backups are stored offline, in your home or office.  These backups are typically stored…

Read More Read More

3DSC: What Happens Next?

3DSC: What Happens Next?

In three short days the Thirty-Day Security Challenge will come to an end.  This will be something of a relief for me (I do have books to get back to, after all), but I have also thoroughly enjoyed it and my interaction with all of you!  So what happens next?  In two weeks I am going to submit an after-action review of The Challenge.  I will try to correct any errors, any topics that weren’t explained to your satisfaction, etc. …

Read More Read More

3DSC Days 26 & 27: Full Disk Encryption

3DSC Days 26 & 27: Full Disk Encryption

Last weekend I wrote about file-level encryption.  This is an excellent way to protect sensitive files, but it isn’t perfect.  First, the learning curve is slightly steeper.  It takes time to open VeraCrypt, find the volume you want to open, and mount it.   Worse, unencrypted versions of your files are very likely stored on your hard drive.  These versions may be compromised by an attacker.  A more comprehensive form of encryption is this weekend’s task: implement full disk encryption…

Read More Read More

3DSC Day 25: Social Media Privacy

3DSC Day 25: Social Media Privacy

This week has focused on some privacy-centric aspects of security.  This is because security and privacy are integrally linked.  There can be no true security without privacy, and vice-versa.  Your social media is accessed and sold to advertisers and data aggregators.  It can indicate when you are at home and when you aren’t.  Location data can let others know where you live.  Information obtained through your Facebook page can be used to socially engineer you, one of your family members,…

Read More Read More

3DSC Day 24: Credit Freeze

3DSC Day 24: Credit Freeze

Identity theft is an incredibly invasive and potentially devastating form of crime.  It can cost tens of thousands of dollars, ruin credit, and consume countless hours of time.  One of the best tools for preventing identity theft is what is known as a credit freeze (sometimes called a security freeze).  A credit freeze is free for residents of many states, and to victims of identity theft.  For the rest this will cost only $5 or $10, depending on the laws…

Read More Read More

3DSC Day 23: Email Masking

3DSC Day 23: Email Masking

Giving out your email address can introduce some vulnerabilities.  While most of these are privacy concerns, there are some security concerns with this, as well.  Your email address is attached to your true-name and “real” accounts.  This allows advertisers, data-aggregators, and hackers to see linkage between your accounts.  Security-wise, your email address is your username for some services.  If an attacker tries to hack one of your accounts, he or she probably already knows your username.  It is a good…

Read More Read More

3DSC Day 22: Close Unused Accounts

3DSC Day 22: Close Unused Accounts

Today is the third installment of what I have officially dubbed Account Security Tuesday!  Last Tuesday I asked you to set up two-factor authentication on your accounts.  The previous Tuesday I asked you to begin changing the passwords on them.  Today I am going to ask you to to take an additional step: identify and close unused accounts. At this point you may be wondering why I am so concerned with securing your online accounts.  There are a few reasons,…

Read More Read More