Browsed by
Month: June 2016

My Ultra-Private iPod Phone 2

My Ultra-Private iPod Phone 2

Welcome back to Part 2 of my attempt to create a private and secure iPod phone!  When I started this series I thought it would consist of three parts: procurement, setup, and use.  Setup took far more time than I expected, however, so I am going to cover this stage of the process somewhat more slowly.  One of the reasons I wanted to do this experiment was to see what roadblocks I might run into.  True to form, I ran…

Read More Read More

My Ultra-Private iPod Phone 1

My Ultra-Private iPod Phone 1

Some time ago I read an amazingly good article on using an iPod Touch as a secure/private phone.  I love the idea, and I have thought about it for quite a while.  An iPod Touch is remarkably similar to an iPhone, but potentially far more private and secure.  Recently I decided to try it for myself and see how easy (or hard) it would be to set up.  I also had unanswered questions about its actual use.  Part 1 of…

Read More Read More

How to Verify HTTPS Certificates

How to Verify HTTPS Certificates

Hypertext Transport Protocol/Secure (HTTPS) is the backbone of internet security.  It is a ubiquitious encryption that secures connections automatically.  Users do not have to enable it, and the security it provides is strong.  The cases of Lenovo, Dell, and GoGo Inflight Wi-Fi are all well-documented instances of HTTPS tampering. Most users blindly trust the green padlock in their address bar.  You should always verify your connection is actually secure before inputting authentication credentials or financial information.  When using tools like…

Read More Read More

How-To: Tor Browser Bundle

How-To: Tor Browser Bundle

My last post covered threat modeling the Tor Network.  While I have a very nuanced opinion of Tor, I do think it is ideal for certain use cases.  Unless contraindicated .  Using Tor is not difficult, but there are some potential pitfalls to be aware of.  This post will cover how to use the Tor Browser Bundle. Download and Install the Tor Browser The first step is to download the Tor Browser from https://torproject.org.  Before you install it you should…

Read More Read More

Tor Threat Models

Tor Threat Models

The Tor Browser Bundle is a terrific security tool.  Tor is a decentralized, anonymization network. To use it you need a specific internet browser, and it allows you to be as close to anonymous as one can be on the internet.  It also strongly encrypts your traffic, and best of all, it is free.  Readers have asked my opinion on Tor, and why I have not written about it.  There are some potential downsides to using Tor.  As a result,…

Read More Read More

Social Engineer Podcast Interview

Social Engineer Podcast Interview

My co-author, Michael Bazzell and I were recently interviewed on the Social Engineer podcast. Michael and I discussed topics from our recently released book, The Complete Privacy and Security Desk Reference, and how these techniques could help defeat social engineers. The podcast was a lot of fun, and it was pretty awesome to be invited as guest.  If you don’t listen to the SE podcast, you should check it out. The podcast deals with human security and covers a broad…

Read More Read More

Usernames as a Security Measure

Usernames as a Security Measure

I was recently a guest alongside my co-author, Michael Bazzell on the Social-Engineer podcast (the episode will be be available tomorrow).  We discussed social engineering for security and privacy reasons.  Since being on the show I have thought more about social engineering than at any time since I attended Chris Hadnagy’s SE course back in 2013. One realization I’ve had is that social engineering attacks commonly begin with a starting point.  An email address to which the attacker can send…

Read More Read More

Knox-Box Key Box Explained

Knox-Box Key Box Explained

I’m willing to bet most of you regularly encounter a lock box like the ones in the photos – even if you haven’t noticed it.  They are typically mounted on the exterior of a public building, usually near a door.  If you want to see one, keep your eye out at your local shopping mall, library, hotel, or apartment complex.  You’ll probably run across one, or several.  They may protrude from the wall, or they may be mounted flush with…

Read More Read More

IronKey Secure Flash Drive Review

IronKey Secure Flash Drive Review

I have always been a bit skeptical of the IronKey secure flash drive.  While boasting some sexy features, the cost seemed probitive and unjustified to me.  After several reader questions I decided it was finally time to get one of these devices and try it for myself.  The result: I’m convinced that this is the ultimate in secure, portable data.  Due to its extreme cost I am still not converting over fully to IronKey, but I would if I could…

Read More Read More

Cloud Storage Threat Models

Cloud Storage Threat Models

It is likely that readers of this blog know where I stand on cloud storage.  I have been fairly outspoken against the practice of storing personal data in the cloud.  Unfortunately, I realize this may be an untenable solution for many who desire – or even require – the ability to use and access cloud storage.  Even I had a personal experience recently that made me re-think the utility of cloud storage.  Cloud storage does offer the benefit of being…

Read More Read More