This is a fascinating story in WIRED: North Korea Hacked Him. So He Took Down Its Internet
It may seem far fetched, but if you read it you can see there were plenty of opportunities for him to exploit weaknesses in North Korea’s networks. He’s also modest about what he was able to accomplish.
Among other things, it reminded me that the Internet is full of fragile technology that can be brought down. Even if that technology is owned by government agencies.
Yesterday I wrote about the new glasses from Facebook from a design AND privacy point of view. Here are seven more links to articles on privacy I thought you might find worthwhile reading:
(Photo by Lianhao Qu on Unsplash )
Hey, if you are like me, you are ordering your presents online. When you do that, you get a lot of emails back updating you on the status of your order. Since it is Christmas, you are anxious about your order so naturally you are checking on them quickly. And that’s why you need to be careful.
Last night I got an email from Target asking me to check out the status of my order by clicking the link. This was fishy (phishy?) to me, because I didn’t order anything from Target. I checked the links in the email and sure enough: they did not go back to the Target web site.
And it’s not just merchants. I also got one from Paypal warning me of someone breaking into my account and asking me to press a button which wasn’t linked to PayPal.
In short, check your confirmation emails carefully before you click on anything. Otherwise your Christmas could be an unhappy one.
It’s a guide on… How to Keep Your Zoom Chats Private and Secure (WIRED)
I would recommend people consider safer and more private form of video conferencing, but if you are going to use Zoom, make sure you do it safely. A good way to do that is read and follow that guide.
A simple way of determining if an email is a phishing attempt is to move your mouse over the link(s) in it to see if they match what is on your screen. For example, if you get an email from Apple that says:
Use this link https://applid.apple.com to verify your account
You might move your mouse over the URL and see that the link is to company https://phishingRUs.com/ or something else.
But what if the URL is a URL shortening site, like http://bit.ly or http://dlvr.it/?
My advice: assume it is a phishing attack. It could be the real company, but most large organizations will not do this. (And if they do, they need to at least be explicit about it in the URL).
My general advice: if you are not sure or uncomfortable, assume it is spam or phishing and delete it.
I highly highly recommend this: NYT Programs – Secure Your Digital Life in 7 (Easy) Days
You can never do enough to security your information technology, but the more you do, the better off you are.
And you can get it here: blm849/supersimplehardening: A super simple way to harden your server.
I create a lot of Ubuntu test servers, and I find that as soon as I create a Ubuntu server on a cloud environment, it gets immediately attacked by automated software. This is obviously a concern. A bigger concern is that when I went searching for recommendations on how to harden such a server, I found a wide variety of recommendations! It can be hard to know what to do. Still, I needed something. As a result, I created this package of scripts. The scripts do a number of things:
- prevent direct root login to your server via ssh. This was one of the things I saw consistently happen and once someone cracks the root access on your machine, it’s game over.
- stop some basic security holes, like IP spoofing
- download some useful software, like logwatch, ufw and others
- upgrade all software on the server
This is just a very very limited number of things to prevent attacks. But it is better than nothing.
If you install Apache, PHP, MySQL or other software on your machine, there are even more attacks that will be launched against it. I recommend you get a firewall up and running and at least run logwatch on a regular basis to look for potential attacks being launched against you.
Finally, if it is important for you to secure your server, don’t stop with my scripts. Go out and consult with IT security specialists right away.
…Then you want to go here and download and install the appropriate software for your Windows system: Security Essentials Download.
According to this, Microsoft has upgraded it’s security software to prevent similar attacks. That’s good. What’s not good is that you can be certain there will be a wave of copycat attacks coming. Get the software and install it today.
Of course you do: everyone does. Therefore check this out: Tools for a Safer PC — Krebs on Security.
Posted in IT
Tagged IT, Krebs, PC, security, tools
Yes, it is possible to write good articles on what is the bane of our current existence: computer passwords. The first one talks about the top passwords that people commonly use. The second one is a beautifully written piece about the thought that goes into people’s passwords.
You will have an entirely new perspective on passwords after reading this.
P.S. Thanks to Anna P for pointing out the second one.
It’s a constant battle, but this article by Sean Bonner (Encryption and Privacy – What I’m Using) is a great rundown of tools you should consider in making your Internet use more private and less exploitable.
He covers a wide range of tools, from Tor to VPNs to duckduckgo, and more. Better still, his article is readable and understandable by people who lives revolve around something other than computers.
When it comes to security, you are always making trade-offs between being more secure and other things you want from technology (e.g. ease of use). That said, try and make your computer as secure as you can: every bit helps.