Security Bytes - MAR 2016 - Breathe New Life in Router
In one of my previous articles I touched on the topic of utilizing a hardware firewall behind your ISP internet router. Now more than ever this has become a HOT topic again with the advent of more malware and revelations of Govt spying on individuals via corrupt router firmware and backdoors.
While there are numerous commercial products that can be expensive to accomplish this one of the simplest ways to achieve a reasonable level of security and privacy is via an off the shelf basic router / firewall that you can purchase at nearly any computer store. Be mindful however that while many of these “ off the shelf “ products come ready to go it is HIGHLY advisable to re-flash them with new firmware that has been vetted by the security community to be secure and stable.
One such source is called DDWRT. It can be found at the following website: http://dd-wrt.comand it has the ability to be installed on numerous off the shelf products as well as being installed by default by some of the vendors on their support list. The advantage of this firmware is that it puts TOTAL control over what goes on in YOUR hands. While this may seem daunting at first, with a quick read o their documentation and hands on manipulation of the router firmware, one can quickly get up to speed as to what is going on at all times and get a better understanding for what devices on their network are doing. I would recommend looking at their router support list ( Found at this link: http://www.dd-wrt.com/wiki/index.php/Supported_Devices) to get a better idea of what router one can purchase in a store and still be able to install the firmware on it.
Security Bytes - Feb 2016 - Gadgets Gadgets Everywhere
I am sure all my readers have heard the term “IOT” or Internet of Things mentioned somewhere in a magazine or a TV show. Generally, that term refers to all the gadgets / Internet enabled devices we buy and place on our home of business networks.
Usually one does not even give a second thought to setting up an Internet enabled doorbells, thermostats or cameras on our home WiFi because we are a society that just embraces gadgets! Remember that all the gaming consoles / smart appliances or any other device that connects to the Internet from the home can be classified as an IOT device. I am also one of those that uses many of these IOT devices on my own networks, but one thing needs to be looked at carefully! How secure are these devices? We purchase these from vendors that may be established or may just be upstarts that may have limited software development budgets and we have NO easy way of checking how do these devices communicate on our networks. We take a leap of faith and put these devices on our networks assuming they have been tested to be secure and many times we trust these devices to add security to our home or business.
Security Bytes – November, 2015 – Holiday Shopping Tips.
In my previous article February 2014, I discussed how to use better methods to secure your credit card information when shopping online. New technology updates have come and it is time to revisit this topic.
With the adoption of digital chips in many cards today using one’s credit card at stores has become far more secure than ever, however there are still some pitfalls. Many vendors have not yet become compliant by employing the Chip and Signature technology fully, and also many people still have not received their updated cards yet. In addition, there are are a few reports of hackers cleverly creating email and actual paper documents to get an individual to disclose their sensitive personal data under the guise that they are completing a form to “expedite” the delivery of their new cards.
I wish to draw attention that one should NOT respond to ANY such requests over the phone OR via email or paper mail UNLESS one calls the issuing bank and VERIFIES that the request is legitimate! The technology IS in fact secure and the criminals know this, the only way (as of this writing) that criminals can compromise security is by social engineering, thereby causing one to give them the information they need to compromise an account. That being said I also need to strongly advise everyone to Re-read my Sept 2014 article on password management and start using STRONG passwords of at least 16 or more characters! Computing power has moved forward and criminals know that many people still use simple passwords from the dictionary and possibly demographic information about themselves. By using simple passwords, it makes the process of getting at your data just a matter of time for a hacker to crack your accounts.
Security Bytes - Dec 2015 - Who Is Watching
Readers, this month I want to shed light on the problem with 3rd party trackers that track your every click on the Internet. In the past I have talked about ways to increase your privacy and anonymity on the Internet, however just as one becomes more aware of how to evade snooping, the people that want your information have found better ways to gather information from you indirectly.
Many of us browse the web and shop online without concern for what is done with the information one provides to a merchant or online website that asks for you to fill out a form. Many times we blindly fill out the needed forms to finish a transaction or get to information that one wants to see. What one does not realize is that many web sites also have 3rd party trackers embedded into them that are there to gather as much information as possible from users. All of the information is gathered and put into massive databases and then sold to other merchants so that they can better provide appropriate ads to their customers based on their specific interests. Here is an example of this in action: Lets say your interest is in travel and you browse a website that has information about Hawaii. Next you go to a shopping website that you have NEVER been to before and they put bathing suits on the first page. That information got to them by a 3rd party tracker.
Security Bytes – October, 2015 – Encrypt My Stuff!
This month I wish to inform you all of a nice Chrome browser add-on called miniLock that makes the process of sending secure files to someone quite easy.
Many of us use Chrome as a browser and it allows for webapps to be installed as past of the browsing experience. MiniLock is one such app that simplifies the process of sending a secure file to another person by utilizing strong cryptography in conjunction with your email address and a secure passphrase to encrypt the files before being sent my any method you wish. Once you install the app into Google Chrome you are presented with a dialog box that will ask you to enter your email address and a strong passphrase.