OLLI Course: Be Safer on the Internet

OLLI Course: Be Safer on the Internet webadmin Thu, 01/15/2015 - 16:19

Course Summary

  • computer security[proposed] Fall 2017: Ashland
    previously offered: 2016 Fall: Ashland; 2016 Winter: Medford; 2015 Fall: Ashland; 2015 Spring: Ashland
  • Sessions: 6
  • Course URL: http://communicrossings.com/olli-course-be-safer-internet
  • The goal of this lecture course is to help you improve the privacy and security of your personal information -- online and offline.
  • It presents preventive strategies, discusses trade-offs and prioritizes practical steps to reduce your risks (even from the NSA!) for computers, tablets, smartphones and the "Internet of Things".
  • Topics include strong passwords, password managers, software updates, local & cloud backups, WiFi and router setup,
    browsing, email, messaging, encryption, malware, ad blocking, VPNs, social media, travel.
  • Students should be familiar with the location of their system and browser settings.
  • Specific settings will be demonstrated only for latest macOS and iOS (iPad/iPhone) systems, Safari browser and selected apps. However, users of Android, Windows and other/older devices can use provided references to adjust similar settings.
  • Recommended e-book: Take Control of Your Online Privacy (discounted version available).
  • More about the course: Introduction: Approach, Audience, Devices, Topics, E-books

About the Instructor

steve

Safer Internet: Introduction

Safer Internet: Introduction webadmin Mon, 02/16/2015 - 11:12

Quotes

The "Problem"

  • The Internet's initial design did not foresee today's privacy and security problems.
  • Instead, the Internet has evolved like patchwork over the past 45+ years.
  • cat identityHuman nature has not evolved much over the millenia.
  • Users can be gullible; governments, spies and criminals are attracted to ever more sensitive data and weak safeguards.
  • More people & devices are connected to the Internet, for many more uses, from more locations.
  • With inexpensive online storage, data tends to accumulate.
  • personal dataTotal online privacy is basically impossible, but also probably not what you want.
  • Ordinary people with ordinary needs can still avoid the biggest privacy and security threats.
  • Additional sections -- from All Courses: Introduction [menu]
  • Resources: where to find materials, i.e., here
  • Navigation: using this web site
  • Handouts: how to create your own printed version

References

Safer Internet: Introduction: Approach

Safer Internet: Introduction: Approach webadmin Mon, 02/16/2015 - 11:16

This course plans to:

  • TCYOPFollow Joe Kissell's e-book: Take Control of Your Online Privacy {TCYOP}
  • Vary the sequence of Topics and depth of coverage, depending on student questions and background
  • Offer even more advice, and links to many articles: reviews, news, issues
  • Help you understand the kinds of information you might want to protect, and from whom, as well as techniques to improve privacy.
  • Explain 'just enough' of the underlying infrastructure and technology to enhance understanding
  • Emphasize preventive, proactive measures -- rather than deal with post-loss emergencies
  • paranoid security expertPrioritize (by difficulty: [1,2,3]) some manageable steps you can take to reduce your privacy and security risks -- [4] though not completely from the NSA.; see Audience [1-4] descriptions
  • Present trade-offs: convenience/effort for you vs. sensitivity/value of your info; one size does not fit all
  • Update advice over time, based on new threats and tools -- check Course Updates section
  • Guarantee that...

Safer Internet: Introduction: Audience

Safer Internet: Introduction: Audience webadmin Mon, 02/16/2015 - 11:14

Who

  • dogYou -- "ordinary" users with willingness to:
  • Explore settings on your computers/devices and read articles
    -- or if you're not DIY, at least understand the risks/issues (and show to your 'techie')
  • Take action; avoid procrastination, panic, guilt or information overload
  • Ask questions, especially about jargon (or see PC Glossary definitions of Computer and Internet Terms)

Advice Levels / Tags

  • [#] prefix on advice/references suggests audience, importance and/or effort:
  • [1]: Beginners with some familiarity with system/browser settings; mostly easy
  • audience relevance[2]: Intermediate; moderate, less common, some complexity
  • [3]: Advanced; more complex; special situations; programmers, administrators; maybe research or future-oriented
  • [4]: Extreme; dissidents, journalists, whistleblowers, celebrities, lawmakers, lawbreakers, corporations, paranoids
  • This Chart Shows How Computer Literate Most People Are 12/7/2016

Safer Internet: Introduction: Devices

Safer Internet: Introduction: Devices webadmin Mon, 02/16/2015 - 11:20

Devices, Devices, Devices

  • you vs. techModern-day desktop computers, laptops, tablets, and phones provide similar capabilities, and most web browsers and email applications provide similar features, often with similar names -- though there can be annoying small differences.
  • This course strives to offer cross-platform approaches and advice. However, ...

Operating Systems

  • tech supportIt would be difficult -- for Joe K. in {TCYOP}, or me in this course -- to provide or discuss up-to-date recommendations and configuration advice specific to every site, device model, operating system version, application, and tool, for every country.
  • Steve will list or demonstrate specific examples of settings for only most recent macOS (formerly "OS X") & iOS (iPad, iPhone) -- not: tvOS, watchOS
  • He will also demo (and sometimes recommend) specific applications in different categories, e.g., browser: Safari; email: Mail; disk backup: Time Machine, Carbon Copy Cloner; password manager: 1Password; VPN: Witopia; ad blocker: Adblock Plus; 1Blocker [iOS], etc. -- there may be other viable alternatives for you (platform, features, costs)
  • tech supportIf you're using Windows or Android, or an older version of macOS or iOS, or some other wearable or home device/camera/streaming box/system (e.g., "Internet of Things"), don't panic -- you should be able to locate corresponding settings by reading articles or exploring your device.
  • Each topic has links to articles in a References section, subdivided by platform and subtopics.
  • Also, see section: Finding More Help: other e-books, classes, consultants.

configureSystem Settings

Access

Search

Before Change

After Change

  • Save any new login name, password, recovery key, security answer, etc. in a secure place, e.g., password manager -- see Passwords section

Apps

  • IE icon grandmaCheck Internet-related Preferences, Settings or Tools for your device's apps, e.g.,
  • web browsers: Firefox, Google Chrome, Internet Explorer, Opera -- in addition to Safari
  • mail clients: Outlook, Thunderbird -- in addition to Mail
  • communication, social networking, maps, etc.

Access

Search

  • macOS: Launchpad > Search
  • terminologyiOS: swipe down on home screen > Search

Update / Buy

  • macOS: Apple menu > App Store
  • iOS: App Store

Safer Internet: Introduction: Topics

Safer Internet: Introduction: Topics webadmin Mon, 02/16/2015 - 11:21

Sequence

No. of Sessions

  • summaryTypical privacy & security recommendations could be summarized in 5 minutes or so: free 1-page 'cheat sheet', or the Quick Start section {TCYOP-3: 9-10; TCYOP-2: 8-9; TCYOP-1: 11-12}; there are many articles with titles like "10 Things You Can/Should..."
  • However, if you'd like to understand background, context, tradeoffs, see demonstrations, and ask questions (and have me speak more slowly), six sessions turns out to be about right.

What We Won't Cover

  • Problems with your specific device & configuration (esp. non-Internet related); however, I may include tips about usage and costs; also see More Help section for learning, troubleshooting recommendations
  • Other non-digital privacy / security issues: paper, home, surveillance, death, etc. -- some in Offline Reference sections
  • Other Internet technical questions and social issues -- ask me to re-offer OLLI course: Internet History and Issues
  • Some [2] intermediate and most [3-4] advanced issues, depending on time and class interest

Safer Internet: Introduction: Discounts

Safer Internet: Introduction: Discounts webadmin Sat, 05/09/2015 - 04:39
  • Besides educational discounts on TCYOP (suggested e-book), discounts are sometimes available for software, services, and e-books -- some listed here and under various topics.
  • 1Password (password manager): those who join Tidbits.com can receive member discounts on Mac or Windows version of 1Password (25%), other Take Control e-books (30%), etc.
  • There may be discounts available to user groups, e.g., on TakeControl books for AshMUG members
  • For other products/services, there may be occasional online promotions, especially around "Cyber Monday" (after Thanksgiving) or special dates, e.g., World Backup Day (Mar 31 for backup products).
  • Witopia (VPN): when subscribing to Witopia VPN service, use this referral link (or code: Q8Hg3YRM) to receive a 15% discount; Steve receives a similar credit.
  • If you don't need unlimited voicecalls, unlimited texting and/or excess cell data (at 4G speeds), you can save money by having a monthly, pay-for-what-you-need cellular phone plan. I suggest checking your bills over past year to see your average monthly usage. I pay < 1/2 with Consumer Cellular for our calling, texting and data compared to AT&T; if you decide to switch to Consumer Cellular, mention that Steve Weyer referred you, and we'll both get a credit; if you're an AARP member, you'll save an additional 5% per month

Safer Internet: Introduction: E-books

Safer Internet: Introduction: E-books webadmin Sat, 05/09/2015 - 04:34

TCYOP

  • TCYOPAs mentioned earlier, this course is based on Joe Kissell's e-book: Take Control of Your Online Privacy {TCYOP}, from the excellent Take Control series of technical e-books. TCYOP is suggested but not required for this course; this course generally uses the same chapter/section headings and sequence.
  • The instructor can obtain a discounted price for registered OLLI students (in multiples of 10).
  • Students request & prepay before/at the second class -- $3 or $4 depending on number ($3 if exactly 10, 20, 30 or 40)
  • Instructor will order copies; Take Control emails e-book to Instructor in a few days
  • Instructor e-mails the .pdf e-book version to students.
  • To view the .pdf version, students need a PDF reader application; many are free, e.g., Adobe Reader (for computers, tablets, phones), Preview (for macOS), or iBooks (iOS).
  • Later, students can download an updated .pdf version (if available, for free or at a discount) and a .epub (iBooks) or .mobi (Kindle) version, e.g., for a tablet or eReader; see "Ebook Extras section" {TCYOP-3: 149; TCYOP-2: 132; TCYOP-1: 119}.

TCYOP Editions

  • 3.0; 4/2017; 152pp.; reg: $15; OLLI: $3-4
  • 'cheat sheet'; free; 1 pp. .pdf
  • sample; free; 53 pp. .pdf
  • 2.0; 5/2015; 135pp.
  • 1.1; 3/2014; 123pp.
  • "{TCYOP-3: #}" in course material refers to Chapter and Figure pages in the current .pdf edition
  • "{TCYOP-2: #; TCYOP-1:#}" (in smaller font) refers to pages in older editions (for students from previous terms).

Other E-Books

  • Read Me First: A Take Control Crash Course understand user interface, System Preferences (macOS), Settings (iOS) for the Take Control series; free versions: web, .pdf, .mobi (Kindle), .epub (iPad); version 1.0: 49 pp.; 9/3/2014
  • TakeControl publishes many other e-books about related topics, e.g., 1Password, Apple Mail, Backing up your Mac, Crashplan, Dropbox, FileVault, iCloud, iOS, macOS, Mac Security, Passwords -- most with free sample chapters; you can save $ if you're a Tidbits.com member, or order multiple e-books.

Safer Internet: Introduction: Finding More Help

Safer Internet: Introduction: Finding More Help webadmin Sat, 05/09/2015 - 04:53

Online

  • flowchartHelp / ? in your OS and applications -- as you look for and change settings.
  • E-books, e.g., Take Control of Your Online Privacy, other Take Control e-books
  • This course's References sections for each topic, especially for your OS
  • Support sections on hardware / software vendor web sites: manuals, tutorials, FAQs, software updates, forums
  • Tech blogs / magazines, e.g., LifeHacker.com; ArsTechnica; macOS/iOS: Tidbits.com

Groups, Classes

People, Companies

Safer Internet: Privacy, Security, Anonymity

Safer Internet: Privacy, Security, Anonymity webadmin Tue, 01/27/2015 - 08:13

Quotes

Definitions

  • dogPrivacy: freedom from observation or attention
  • Security: freedom from danger or harm
  • Anonymity: freedom from identification or recognition
  • Advice, settings and tools may affect more than one of these, and be repeated for different topics

Analogy: paper postal mail

  • envelopePrivacy: postcard vs. envelope
  • Security: stolen check or ID; white powder; locked mailbox
  • Anonymity: no return address; PO box
  • "Before" network diagram: {Figure 1. TCYOP-3: 44; TCYOP-2: 39; TCYOP-1: 39}

References

Analogies

Safer Internet: What Do You Have to Hide?

Safer Internet: What Do You Have to Hide? webadmin Thu, 01/29/2015 - 13:19

Quotes

Summary

  • dogEveryone is at risk, more so if you're a high-profile target: celebrity, politician, business, investigative journalist, political dissident, whistleblower -- or an easy mark (poor security/privacy practices)
  • Contact information: home address, phone, email -- yours and family
  • Vital Statistics: your birthday, birthplace, family members
  • [Refs]: "How Many Times Has Your Personal Information Been Exposed to Hackers?" [quiz]
  • [Refs:Identity]: "Here's what your stolen identity goes for on the internet's black market"
  • [Refs:Identity]: "Five Common Scams Directed at Seniors"
  • Your current and past locations
  • [Refs:Vehicles]: "Chevy Malibu 'Teen Driver' Tech Will Snitch if You Speed"
  • Photos
  • [Refs]: "California becomes first state to convict someone for operating a revenge porn website"
  • Medical information
  • [Refs:Health]: "29 million US health records exposed by data breaches between 2010 and 2013"
  • [Refs:Health]: "Ancestry.com DNA Privacy Statement: advertising relevant to genotype"
  • circus guessFinancial information: SSN, credit cards, purchases, tax returns, bank statements
  • [Refs:Identity]: "Sign Up at irs.gov Before Crooks Do It For You"
  • Email, chat, and other communication history
  • Browsing behavior -- current and historical {List. TCYOP-3: 73-74; TCYOP-2: 58-60; TCYOP-1: 58-60}; browser 'footprint'
  • closed captioning google glassPersonally-identifiable vs. anonymously-aggregated information; content vs. metadata
  • Data across different sites via cookies or IP address can reveal patterns, and lead to individuals
  • [Refs]: "Why You Should Protect Even Your Most Unimportant Data"
  • Other devices: voting systems, (smart)TV, set-top/streaming box, game console, smart watch, health/fitness trackers, home automation, car; section: "Internet of Things" (IoT)
  • Others' devices: cameras, wearable technology

References

Attacks

Financial

Home

Health

Identity Theft

Vehicles

Voting

Safer Internet: Who Wants Your Private Data?

Safer Internet: Who Wants Your Private Data? webadmin Thu, 01/29/2015 - 13:25

Quotes

Summary

  • modern lifeAdvertisers / "Big Data" -- to support 'free' content
  • [Refs:Companies]: "How Target Figured Out A Teen Girl Was Pregnant Before Her Father Did"
  • [Refs:Companies]: "When a Company Is Put Up for Sale, in Many Cases, Your Personal Data Is, Too"
  • Employers, neighbors, stalkers, a vindictive ex
  • Banks, lenders, and insurance companies
  • [Refs:Companies]: "Banks Now Eyeing Cell Phone Metadata To Determine Your Loan Risk"
  • Hackers ('black hat')
  • [Refs:Hackers]: "Malware attacks give criminals 1,425% return on investment"
  • Major copyright holders (RIAA, MPAA)
  • obama verizon share everything"Big Brother": the government and law enforcement. NSA, GCHQ (UK), FBI, ...
  • [Refs:Govt]: "Sen. Ron Wyden thinks the next big cybersecurity bill could make things worse"
  • [Refs:Govt]: "If You Don't Care About The NSA Because You 'Haven't Done Anything Wrong,' You're Wrong"

References

Companies

Government

Hackers

ISPs

Policy

Safer Internet: Develop a Privacy Strategy

Safer Internet: Develop a Privacy Strategy webadmin Thu, 01/29/2015 - 13:32

Quotes

Policy / Law

  • terms and conditions"Privacy policies" specify how your information will be used / shared -- no guarantee of protection or enforcement; if you have some time, read/scan -- rather than blindly accept
  • Most companies do not provide details about robustness of their security practices (because they're clueless, embarassed?)
  • Terms & Conditions and Privacy Policies can change without notice, usually not for the benefit of users
  • e.g., Linkedin: User Agreement (T&C), Privacy Policy; also: Ad Choices; Community Guidelines; Cookie Policy; Copyright Policy
  • Government regulations & laws lag the technology;
    if they exist, they often favor corporate donors and surveillance agencies over consumers

Behavior

  • best practicesAccept that some changes are necessary; to get the most out of this class, some homework is required.
  • Invest attention and energy upfront to be proactive before problems occur.
  • Learn good habits, such as backing up regularly, updating software, choosing strong passwords, storing passwords securely, logging out when not using your computer; connecting to known, encrypted WiFi networks, etc.
  • [Refs]: "How the Experts Protect Themselves Online (compared to Everyone Else)"
  • [Refs]: "'Security fatigue': Computer users tired of too many passwords, warnings"
  • [Refs]: "The psychological reasons behind risky password practices"
  • Pray? Cyberinsurance?
  • type A BTV / movies often do not accurately portray security threats / practices
  • [Refs]: "Hollywood's take on cybersecurity"
  • Before: minimize personal information that you provide / volunteer
  • After: purge info from data brokers
  • [Refs]: "Privacy Tools: Opting Out from Data Brokers"
  • Avoid installing malware inadvertently, e.g., clicking on links in suspicious emails, panicking & responding to scary popups
  • "Social Engineering" can often defeat many otherwise secure systems -- especially if request comes from harried "boss", desperate "friend", incarcerated "grandchild", irate "customer"
  • [Refs]: "Majority of Americans fall for email phishing scams" (quiz)
  • PEKBAC"PICNIC": ...
  • the "Pledge": don't do anything stupid! {TCYOP-2: 33-34; TCYOP-1: 32-34}

Planning

  • risksConsider risks & needs by:
  • location: home, school, work, vacation
  • task: banking, searching, communicating, entertainment
  • device: phone, tablet, computer, etc.
  • type of information: required, optional, sensitive, personal
  • convenience: all mail, calendar, search, payments, passwords with one trusted provider, or different places?
  • companies you use: what is their business model? how "free" are their services? do they track you? e.g., Facebook, Google (advertising) va. Apple (hardware)

Technology

  • plan"Technology is...
  • "1) Everything that's already in the world when you're born is just normal;...
  • "1) When a distinguished but elderly scientist...
  • Make one-time changes, such as more secure passwords, system & browser settings, privacy options on social networking sites, etc.
  • [Refs]: "9 Facts About Computer Security That Experts Wish You Knew"
  • Since it would overwhelming to do everything that we'll discuss immediately, be selective and phase in gradually over months.
  • Ongoing: check vendor sites for updates; refer back here to course summaries & reference articles

Summary

References

Safer Internet: Offline Data

Safer Internet: Offline Data webadmin Tue, 01/27/2015 - 15:09

Quotes

Summary

  • What happens to your information if:
  • your devices and/or backups are lost, stolen, destroyed or corrupted -- at home or while travelling?
  • you neglect to install security updates?
  • you lose/forget your passwords?
  • lost homeworkyou donate or sell your computer?
  • you become forgetful, incapacitated, or dead?

References

Safer Internet: Offline: Passwords Intro

Safer Internet: Offline: Passwords Intro webadmin Thu, 07/16/2015 - 14:53

Summary

  • MRI cloggedPasswords are ubiquitous, but not the most secure or convenient way to authenticate someone's identity.
  • Create passwords as strong as possible (or at least, more than required).
  • Store, sync and access most of your passwords via an encrypted 'password manager' (PM) -- most commonly, an application (like 1Password); Apple-only users could use barebones, built-in iCloud KeyChain; the budget-minded could copy/paste via an encrypted file
  • Ideally, you need to remember only 2+ strong passwords: one for PM, one for (each) device.
  • World Password Day: May 5th create strong passwords; use a different password for each account; get a password manager; turn on multi-factor authentation; Betty White videos; security quiz

What is a "Strong" Password?

  • babyUnique -- don't reuse
  • Uncommon -- don't choose from worst: 25, 100, 500
  • Typically, 15+ characters long -- long phrases, and/or including mixed case, digits, punctuation.
  • Main (device & PM) passwords should be memorable -- and not too inconvenient to enter on your device.
  • For a phone/tablet,make longer than minimum 4-digit passcode, e.g., 8+ digits.
  • Strong passwords usually don't need to be changed (unless they've been compromised).
  • If site requires answers to security questions, provide answers to questions that no one can lookup or easily guess -- or lie; create your own questions if possible.
  • If a site allows only a short, weak password, consider creating an unusual username -- together they'll be stronger
  • We'll look at multi-factor methods later, e.g., using codes from mobile phone.

How to Generate a Password

  • correct horse battery stapleTo avoid predictability, consider creating a random password.
  • Use "password generator" in your Password Manager, e.g., pronounceable
  • macOS: System Preferences > Users & Groups > Password > Change Password > "lock": Password Assistant : Memorable
  • Be cautious about using online password generators: https? logging?
  • Manually generate multi-word phrase, e.g., Diceware; English
  • Roll die 5 times to select a word from a list of 7776 (65) words in a language.
  • Generate 4+ words; customize to increase strength even more
  • Other passwords (stored in your PM) can be long, random, complex, e.g., 64 characters of gibberish -- since you don't have to remember or type them.

How to Test Password Strength

  • best practicesTest the strength ("entropy") of your current passwords and new candidates.
  • Entropy is roughly a function of
  • the size of character set (# of possibilities): 0-9, A-Z, a-z, punct.!, dictionary list
  • to the power of the length of password sequence (number of characters / words)
  • decreased by rules, such as common recognizable patterns, e.g., 12345, pet names, common phrases, keyboard sequences, etc. -- and cracked password lists
  • Higher entropy means less predictable, i.e., more attempts / time to guess or crack by brute force
  • entropy equationGeneral recommendation: passwords should have 'high' entropy: 75 (or more)
    thousands of "centuries" to crack; though time estimates are unreliable due to sharing of known password lists by hackers, and increases in processing power.
  • Different sites can evaluate same password differently; Poor/Good/Strong labels or 'strength gauge' are crude.
  • Similar caveats (to generation) for online password testers; disable network after loading if you're paranoid.
  • My favorite checker: zxcvbn: numerical score with explanation; zxcvbn can be run locally (no network).
  • correct horse battery stapleShort 'random' phrases, e.g., correcthorsebatterystaple: 45 (only; via DiceWare).
  • Increase strength: more words, punctuation, misspellings, invented words, other languages.
  • Include 'unusual' chars (accented, foreign, etc.) -- check availability / compatibility for cross-platform use, e.g., opening password manager
  • macOS: System Preferences > Keyboard > Keyboard > show viewers for keyboard, emoji, and symbols in menu bar > Show Keyboard Viewer
  • Keyboard Viewer: view / select key
  • keyboard: press appropriate key combos, e.g., Option-
  • iOS: Settings > General > Keyboard > Character Preview; iOS 10: always on?
  • keyboard: hold down key to see possibilities
  • strength change tomorrowWeaker passwords, e.g., 8-digit phone PINs, might be adequate if device limits login attempts or can auto-erase.
  • 64 random characters, e.g., via a Password Manager, typically might have entropy: ~346 (trillions of centuries)

How to Store Passwords

  • postitsHuman memory should be fine for several strong passwords: one for PM, one for (each) device -- but be sure to backup elsewhere, e.g., Safety Deposit Box
  • Paper or a file might be ok if it's truly hidden and/or coded
  • Recommendation: use a password manager app, such as 1Password
  • PM encrypts passwords on your device; shares (sync / backup) between devices / cloud
  • PM navigates to correct site; PM automatically fills-in userid and password -- usually
  • PM recognizes password changes, and automatically updates -- usually
  • PM organizes sites like bookmarks / favorites -- usually searchable
  • PM integrates with your browser (and maybe system & other apps via icon menu)
  • PM can store other related info, e.g., unusual answers to security questions
  • 1Password and password security AshMUG: Peter DeGroot presentation; video; links; how-tos; 9/8/2015
  • Later section: Browsing: Passwords, discusses passwords, password managers (e.g., 1Password, Dashlane, LastPass), and related issues in more detail, along with reviews and articles.

Safer Internet: Offline: Accounts

Safer Internet: Offline: Accounts webadmin Tue, 01/27/2015 - 16:48

Why?

  • + Protect (encrypt) personal, sensitive (even deleted) files with a strong password (macOS: FileVault; iOS: default)
  • + Deny others easy access to your device: auto-login apps, e.g., messaging, email, password resets
  • - Inconvenience of entering password, esp. if short timeout

Basic

  • username basis with boss[1] Set a strong password / passcode on your computer, tablet, phone
  • Set a longer timeout to minimize your logins and inconvenience; shorter timeout when travelling?
  • Limit number of login attempts? auto-erase?
  • Add contact info maybe -- in case of loss (vs. Privacy) -- see Services: Location section
  • Protect sensitive files on drive -- see Encryption section
  • Avoid giving your password to tech support (esp. remote scammers) -- and if you do, change it immediately afterwards
  • baby usernamemacOS : System Preferences > Security & Privacy > Change Password
  • System Preferences > Users & Groups > Password > Change Password -- to set initial password, or change other accounts
  • System Preferences > Security & Privacy > Require password > (time)
  • Use same strong admin password for main disk (FileVault) and backup drive, e.g., TimeMachine
  • iOS: Settings > Passcode > Turn Passcode On
  • iOS: Settings > Passcode > Change Passcode > Options: Custom Alphanumeric Code, Custom Numeric Code, 6-Digit Numeric Code
  • iOS 8: Settings > Passcode > Simple Passcode : off
  • Use more than default PIN, e.g., 4-digit (iOS 8), 6-digit (iOS 9+); so attacker won't know length and will take much longer
  • Although letters and symbols can be included, a much longer numeric PIN can be entered more easily on larger number-only keypad; still difficult to brute force if OS limits login attempts
  • iOS: Settings > Passcode > Require Passcode > After x hours shorter when traveling?
  • iOS: Settings > Passcode & gt; Allow Access When Locked : Today View, Notifications View, Siri, Home Control
  • iOS: Settings > Passcode > Erase Data after 10 failed passcode attempts
  • iOS: Settings > Touch ID & Passcode fingerprint sensor on selected models, e.g., iPhone 6

Intermediate

  • login[2] Setup separate accounts for each user
  • Admin account for installs/updates; 2nd admin backup account
  • Non-admin accounts for routine use to avoid accidental malware
  • Setup "Parental Controls" on shared computers?
  • When: now, or the next time you upgrade your OS or replace hardware, and migrate user info
  • macOS: System Preferences > Users & Groups

Advanced

  • admin acct[3] Set a firmware password (macOS, Win) to prevent booting with other OS, accessing file system
  • May still be appropriate for some high security situations; alternatively, enable whole disk encryption
  • [3] Set a SIM PIN on cellular devices, e.g., iPhone, some iPads -- see Connection : WiFi section

References

Android

iOS

macOS

Windows

Safer Internet: Offline: Backups

Safer Internet: Offline: Backups webadmin Tue, 01/27/2015 - 17:28

Why?

  • disaster recovery+ Recover files lost because of disk/SSD failure, corruption, theft
  • + Encrypt backups to reduce impact of theft, surveillance
  • + Reverse an unwanted or incomplete software update
  • + Reduce effects of ransomware (hacker encrypting and holding your files hostage)
  • + Access files in cloud from multiple devices
  • - Inertia; initial setup
  • - Making it a habit

Quotes

What, Where, When?

  • bedtime story"Data loss is when you no longer have access to your own data...
  • "Data theft is when someone else gets access to your data illicitly...
  • Manual: selected files/folders copied to/shared with a USB drive or a cloud folder; must remember to do it
  • Incremental: only what's changed; automatic; user files, multiple versions, settings (contacts, bookmarks)
  • Complete: everything; user files/settings plus system, apps; ideally a bootable clone
  • delete homeworkLocal: a partitioned external disk is a convenient, inexpensive location for several backups
    e.g., Time Machine, Carbon Copy Cloner, SuperDuper;
    disk manufacturer may provide backup software, e.g., Retrospect
  • Recommendation: purchase external disk 4x (or larger) size of your internal storage:
    1x for clone; 2-3x for incremental (more if multiple versions/deleted files are maintained)
  • e.g., for 250G internal disk/SSD, use 1Tb (or larger) drive:
    250G for clone, 500-750G for incremental; ?G for archive misc. partition
  • [2] Encrypt backup drives during setup -- or later, e.g., FileVault; see Encryption section
  • [3] Use separate external drives for incremental and for clone -- to reduce risk of single drive failing or lost
  • cloud lost homeworkRemote/Offsite: cloud services can provide free / inexpensive, encrypted remote backup for email, photos, contacts, notes, passwords, calendar, selected files etc., e.g., DropBox, Google Drive, Box, OneDrive, CrashPlan; located separately from your devices / home
  • World Backup Day March 31st (just before April Fool's)
  • Once/year is better than never ;-); however, more often is better for new or changing, important info, e.g., hourly/daily for incremental (cloud), daily/weekly for incremental (disk), monthly/quarterly for complete
  • restore husbandInternational Verify Your Backups Day every Friday the 13th
  • Checking that your backups actually occurred and that you can restore files are just as important
  • [Refs]: "When will your hard drive fail?"; "11 Stupid Backup Strategies"
  • [Refs]: "It's World Backup Day, Now's a Good Time to Check Your Backups"

Incremental

  • brain sidesFrequency: weekly -- more often if many changed files; before any system updates
  • Mac (to disk): Time Machine > Open Time Machine Preferences
  • Mac (restore): Time Machine > Enter Time Machine [image]
  • [Refs:TimeMachine]: "How to Set Up Time Machine Backups in Mac OS X"
  • What to backup via iCloud?
  • iOS: Settings > iCloud: Photos, Mail, Contacts, Calendars, Reminders, Safari, Notes, News, Backup, Keychain, Find My iPad/iPhone
  • macOS: System Preferences > iCloud: Photos, Mail, Contacts, Calendars, Reminders, Safari, Notes, Keychain, Back to My Mac (File/Screen Sharing), Find My Mac
  • Email backup may not be necessary if using IMAP, i.e., messages already stored on ISP's mail server
  • How much is backed up / shared in iCloud?
  • iOS: Settings > iCloud > Storage > Manage Storage > Backups: device; Documents&Data
  • macOS: System Preferences > iCloud > Manage... (lower right)
  • macOS: icloud.com > Settings (home) > Storage
  • NSAIs the cloud "safe"?
  • The strength of the encryption mainly depends on the strength & security of your password
  • If cloud provider has that password, files are vulnerable to government request / hacking
  • Extremely secure if file already encrypted, e.g., 1Password (on Dropbox);
    or service uses a separate (non-account) key which only you have, e.g., Crashplan (custom)
  • [Refs:Cloud]: "Crashplan: Archive Encryption Key Security Options"; "What does Dropbox do to protect my stuff?"
  • [Refs:iCloud]: "iCloud security and privacy overview"

Complete

  • make imageFrequency: monthly/quarterly; before major system updates
  • iOS (USB): iTunes (macOS,Win) > (device) > Summary > Backups
  • Good insurance against ransomware (Malware, Encryption), disk corruption
  • macOS (to disk): Carbon Copy Cloner
  • [Refs:CarbonCopyCloner]: "Review: Carbon Copy Cloner 4"
  • punishmentmacOS (to cloud): CrashPlan (incrementally, automatically)
  • [Refs:Cloud]: "Why I prefer CrashPlan for online backups"
  • [1] USB/disk (at remote site), e.g., bank Safety Deposit box, trusted friend's house
  • ufo[1] While travelling, backup digital photos
  • [Refs:Photos]: "The best way to manage your photos online in 2015"
  • [1] Paper: important device & account passwords (esp. for password manager!) in SD box
  • Save .pdf of various paper documents, e.g., manuals for devices & appliances from manufacturers sites
  • [Refs:Death]: "Preparing Digital Assets for Your Eventual Death"
  • [Refs:Paper]: "Top 10 Backups Everyone Should Have (not Just Computer Backups)"

What I Use

  • update backup iTunesincremental [ext disk]: macOS: TimeMachine -- files; several times/week
  • incremental [remote]: macOS, iOS: Dropbox --1Password passwords, notes; ongoing
  • incremental [remote]: macOS, iOS: iCloud -- Safari, Settings, etc.; ongoing
  • incremental [remote]: macOS: CrashPlan -- all files; ongoing
  • complete [ext disk]: macOS: Carbon Copy Cloner -- files, apps, system; monthly, esp. before macOS updates
  • complete iOS: iTunes(macOS) -- files, settings, etc. (Manual) before iOS updates -- see screenshot on right

Intermediate

  • [2] Computer-to-(remote friend's) computer, e.g., CrashPlan (free)
  • [2] If you host a blog or website, save backups.
  • e.g., WordPress.com > Dashboard > Tools > Export

References

Android

Carbon Copy Cloner (Mac)

Cloud

Death, Divorce

Dropbox

Future

Home

iCloud

iOS

macOS

Natural Disaster, esp. Cascadia Quake

Paper, Other

Photos

SuperDuper (Mac)

TimeMachine (Mac)

Web Sites

Windows

Safer Internet: Offline: Software Updates

Safer Internet: Offline: Software Updates webadmin Tue, 01/27/2015 - 16:51

Why?

  • updating itself+ Security patches for system, built-in apps (e.g., browser, mail), other network apps
  • + Other privacy / security settings or other features
  • ? Performance: speedup or slowdown
  • - Change (in general): possible unwanted/missing features; learning time
  • - What to update? time to do updates; slow update servers
  • - Potential bugs or incompatibilities -- or unavailability?

Quotes

Basic

  • updates readyUpdate your system and application software, especially related to browser, security, cloud, network
  • BACKUP first -- both incremental and clone; see Backup section
  • Minimize number of applications and add-ons, esp. unused -- see Erasing section
  • Install updates and applications only from official store, or reputable developers -- don't jailbreak!
  • Look for install options -- often checked by default -- that might install unwanted extensions or adware, or change settings (home page, search engine); e.g., Oracle's Java installer
  • system: e.g., Android, iOS, macOS (formerly "OS X"), Windows
  • apps: e.g., Adobe Reader; Microsoft Office; Skype
  • add-ons, which customize/extend an app, esp. a browser
  • plugins: e.g., Adobe Flash; Oracle Java -- or consider uninstalling altogether
  • extensions: e.g., Adblock Plus, HTTPS Everywhere
  • brainHow to check your OS version:
  • iOS: Settings > General > Software Update / About : Version
  • macOS: [apple] > About

Incremental

  • upgrade itIncremental or standalone (security) updates, e.g., OS X 10.12.x, iOS 10.x
  • If not "critical" (and few new features), you can usually wait a day or so to avoid:
  • buggy releases, esp. for older devices -- rarer now due to wider beta testing
  • slow stores / upgrade servers
  • individual apps: check for updates upon startup (preference), or manually (via menu)
  • probably ok to ignore updates for apps that you never use, e.g., built-in apps like GarageBand
  • browser extensions: once installed, most browsers check/update automatically

Android

iOS

  • 2 things: updates, taxes[Refs:iOS:Current] iOS
  • iOS: Settings > General > Software Update
  • iOS: App Store > Updates
  • iOS users may want to use iTunes to update iOS: easy to backup first
  • for OTA (over the air) updates via WiFi or cellular
  • < iOS9: update can fail due to low device memory
  • ≥ iOS9: update can be slower; apps are removed/reinstalled if needed to create temporary space
  • Allow easier installation of free apps?
  • iOS: Settings > iTunes & App Store > Password Settings > Free Downloads > Require Password: off
  • [Refs:iOS]: "Hacking Team hack reveals why you shouldn't jailbreak your iPhone"

macOS

  • reading[Refs:macOS:Current] macOS
  • [apple] > About > Software Update
  • macOS: App Store > Updates -- macOS and selected apps
  • macOS: System Preferences > App Store: download/install, password
  • adobemacOS: Safari > Preferences > Extensions > Updates : Install Updates Automatically
  • macOS: Microsoft Excel > Help > Check For Updates
  • macOS: Firefox > Firefox > About Firefox
  • macOS: Adobe Reader > Help > Check For Updates
  • macOS: System Preferences > Flash Player > Advanced > Updates
  • [Refs:macOS]: "Microsoft Office 2016 15.xx and Office 2011 14.xx"

Windows

Major

  • everything movedMajor OS updates, e.g., 10.x.0, iOS x.0
  • Check if new OS version is incompatible with any important applications you have, e.g., release notes, vendor sites
  • Remove unused applications and browser add-ons -- see Erasing section
  • If no critical security updates, you might wait (a few days/weeks) for ".1" version to be released to avoid major bugs, performance slowdowns (esp. for older devices), user interface makeovers, etc.
  • [2] Check disk permissions, repair (if necessary)
  • macOS (< 10.10): Disk Utility > Repair Permissions -- or run Maintenance (or Onyx) utility
  • [3] Restart from Recovery partition; check main disk; repair (if necessary)
  • macOS: restart w/ cmd-R > OS X Utilities > Disk Utility > Repair Disk
  • [3] Check hardware, e.g., memory
  • macOS: restart w/ D key; diagnostic runs automatically
  • [Refs:macOS:Current]: "How to Prepare for & Install macOS Sierra"
  • [Refs]: "Why You Should Upgrade (On Your Own Terms)"

Replace?

  • obsoleteStrongly consider replacing your device if security problems are no longer patched in your OS version
  • usually if your computer OS is > 2 major versions behind; still ok: macOS: -1: 10.11 (El Capitan), -2: 10.10 (Yosemite); Windows: -1: 8, -2: 7
  • usually if your tablet/phone OS is 1 or more major versions behind; i.e., iOS 9, Android 6 no longer supported
  • Your device doesn't support a newer OS -- or needs extra memory that you cannot (or do not want to) add
  • In the meanwhile, use an actively maintained browser, e.g., Firefox, Chrome -- rather than built-in browser, i.e., macOS Safari, Windows IE
  • [3] You could consider replacing OS, e.g., Linux
  • When purchasing a new device, especially a subsidized or less expensive one, request that vendor remove pre-installed bloatware, crapware, adware
  • patchesIf you're switching between different OS (versions or vendors), check if migration tools are available for contacts, bookmarks, settings, photos, accounts, etc.
  • When donating / discarding old device -- see Erasing section
  • [Refs]: "This Chart Shows How Long iOS and Nexus Devices Get Updates"
  • [Refs]: "Interactive Comparison Charts: Laptops, Phones, Tablets"
  • [Refs:Android]: "The Real Crapware Problem Is on Android: handset makers, wireless carriers"
  • [Refs:Windows]: "The Complete Guide to Avoiding (and Removing) Windows Crapware"

Intermediate/Advanced

  • no dinner[2] Update software/firmware on other devices, e.g., router, smart TV
  • [3] Install test/beta official OS versions -- if you're bugged by a bug, need early access to features, or are a developer
  • [3] Update web site management/blog software on your host -- after data backup, and testing in non-production environment, e.g., Content Management System (CMS), e.g., Drupal, WordPress

References

Android

Current: Android 7.1.1 (Nougat); 12/5/2016

Misc.

iOS

Current: iOS 10.3.1; 4/3/2017

Misc.

macOS

Current: OS X 10.12.4 (Sierra) 3/27/2017

Misc.

Replace

Windows

Current: Windows 10

Misc.

Safer Internet: Offline: Encryption

Safer Internet: Offline: Encryption webadmin Tue, 01/27/2015 - 17:30

Why?

  • captain crunch decoder+ Prevent others from viewing sensitive files, notes, passwords
  • ? More difficult for law enforcement to read files or add spyware
  • - Time to setup
  • - Re-enter password to access files

Summary

Quotes

Basic

  • coffee canEncrypt entire partition or volume
  • iOS9+: automatic -- assuming strong passcode
  • macOS: System Preferences > Security & Privacy > FileVault;
    i.e., FileVault 2; not recommended: "Legacy" FileVault (version 1)
  • You'll have to re-enter password after Logout / Shutdown, or sleep timeout; if you have a very strong macOS account password, you could encrypt using that same password and have it saved in KeyChain for convenience
  • Also encrypt backup (incremental & clone) partitions/drives
  • macOS: Time Machine > Open Time Machine Preferences > (partition/disk) > Encrypt backups
  • [Refs:macOS]: "How to encrypt your Mac with FileVault 2, and why you absolutely should"
  • [Refs:macOS]: "Carbon Copy Cloner: how to create an encrypted, bootable volume using FileVault"
  • binary code upside downA few general notes about encryption strategy and strength
  • If you need to share key / password with someone else, communicate via alternate channel,
    e.g., if transferring file via email, send password via text or phone -- or in pieces
  • Backup any encryption key somewhere secure, e.g., password manager, SD box;
    if you also save recovery key in cloud (iCloud, Microsoft), you could access it, but so could government (legally or illegally)
  • For strong encryption, look for "AES-128" or "AES-256" (Advanced Encryption Standard) -- and create a strong password!
  • Avoid weak encryption, i.e., weak password (even with AES-128,-256), or older .zip format; standard .pdf or Office file
  • [Refs]: "How secure is AES against brute force attacks?"
  • disguiseEncryption will become more vulnerable over time with faster processing, better algorithms, uncovered backdoors, more invasive laws / exceptions.
  • [Refs:Govt]: "Apple, Google, and leading cryptologists urge President Obama to reject backdoors in smartphones and other devices"
  • [Refs:Govt]: "Forcing suspects to reveal phone passwords is unconstitutional, court says"
  • Files backed up to the cloud are usually encrypted automatically -- however, if provider has the password, this could be subpoenaed; if file/folder URL is shared or discovered, anyone could access file

[2] Selected Notes

  • grocery listmacOS: Keychain Access > Secure Notes
  • [Refs:macOS]: "Using Secure Notes to store secret information"
  • iOS: Notes > (share icon) > Lock Note
  • [Refs:iOS]: "How to Password Lock Notes on iPhone & iPad"

[2] Selected Files / Folders

  • "zip" utility w/ strong encryption, e.g., 7-Zip (= Keka on macOS) -- not older zip format
  • [Refs]: "How to Use 7-Zip to Encrypt Files and Folders"; "Five Best File Encryption Tools"
  • [Refs]: "Use an Encrypted Zip File to Secure Files in Dropbox"

[2] Selected Volume

  • evil plan wrenchCreate a "Disk Image" (embedded, compressed volume) -- if you don't want to encrypt entire disk (or have older Mac system)
  • macOS: Disk Utility > File > New > Blank Image > encryption, image format: sparse bundle
  • [Refs:macOS]: "How to increase Mac security with partition encryption"

References

Android

Government

Government: FBI vs. Apple

iOS

macOS

Quantum; Future

Windows

Safer Internet: Offline: Erasing Your Device

Safer Internet: Offline: Erasing Your Device webadmin Sat, 02/28/2015 - 13:48

Why?

  • pencil+ Do you want others to access your files on a donated / discarded computer, phone, printer or other device?
  • + Your files may still be accessible after normal delete -- unless encrypted, or stored on SSD (solid state drive) instead of regular (spinning) hard disk
  • + Deleted / hidden information in a file might be recoverable
  • - Different meanings for "delete/erase"
  • - Have to remember to setup or check

Quotes

Secure File Erasing

  • Even if you empty Trash / Recycle Bin, various utilities might be able to recover file content.
  • macOS: (≥ 10.10) use FileVault: erased file sectors are still encrypted -- thus unreadable; see Encryption section
  • macOS (< 10.10): Finder > Secure Empty Trash
  • [2] macOS (< 10.10): Disk Utility > (select drive) > Erase > Erase Free Space: number of times -- unused space from deleted files
  • [Refs:macOS]: "Disk Utility's erase free space feature"

[2] Erasing Apps

  • To remove not only an app, but also its settings, storage caches, etc.:
  • iOS: press down on app icon to enter move / delete ('jiggly') mode
  • tap "x" in upper left corner
  • popup: "Deleting (app) will also delete all of its data"
  • (press Home button to exit 'jiggly' mode)
  • To immediately delete related iCloud data:
  • iOS: Settings > iCloud > Manage Storage > (device) > disable old app
  • macOS: just dragging an app (from Applications folder) to Trash does not remove extra files
  • Use an app removal utility, e.g., App Cleaner
  • To find out how much storage is used on your device:
  • iOS: Settings > General > Storage&Cloud Usage > Storage > Manage Storage
  • macOS: [apple] > About This Mac > Storage

[2] Securely Erasing Device

  • ergonomicsSecurely erase drive before donating, discarding, recycling or selling your device; to be nice, re-install OS
  • iOS: Settings > General > Reset > Erase All Content and Settings
  • [Refs:iOS]: "How to erase your iOS device and then set it up as a new device or restore it from backups"
  • [Refs]: "How Do I Securely Erase My Phone Before I Sell It?"
  • Trigger auto-erase if lost or stolen?
  • iOS: Settings > Passcode > (passcode) > Erase Data -- after 10 failed passcode attempts
  • iOS: iCloud > Find My iPhone/iPad -- allows you to erase remotely
  • macOS: restart from another disk, e.g., Recovery Partition; Disk Utility > (select drive) > Erase > Security Options -- everything: are you sure?
  • [Refs]: "HowStuffWorks: 10 Things to Do Before You Wipe Your Computer"

[2] File Redaction

  • very funny redactedSome source files (e.g., .doc, .pdf, .jpg) can retain layers / versions of info, i.e., metadata, or track changes; it might be recoverable via copy/paste or tools; just deleting it or overlaying an annotation may not be enough!
  • So, omit sensitive info from files in the first place: content as well as metadata such as Author, Organization
  • or, save edited document or selected screen area as an image
  • or, copy/paste selected (non-sensitive) info into a simpler format, i.e., one that removes any hidden info -- or use redaction tools (next)
  • Remove photo metadata; e.g., phone location via iOS: Photo Investigator
  • Redact a .pdf or source document to remove sensitive info -- using proper tools, i.e., Adobe Acrobat Pro; otherwise, simple annotations / changes can be selected, copied, revealed
  • [Refs]: "Redacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word to PDF" (PSA from NSA)

References

Android

iOS

macOS

Photos

Recycling

Windows

Safer Internet: Keep Your Internet Connection Private

Safer Internet: Keep Your Internet Connection Private webadmin Thu, 01/29/2015 - 14:21

Quotes

Summary

  • not privateUnderstand privacy risks: WiFi, cellular, DNS, ISP
  • Always use WPA for Wi-Fi networks you control; avoid DNS problems
  • Use a VPN when you're on any open or unfamiliar network
  • Use https: for web browsing (and SSL/TLS for email) when available
  • Avoid malware
  • Turn off unnecessary services, e.g., location
  • Turn on your computer's firewall

Preview: privacy / security / anonymity via encryption / indirection

  • internet fairyRecall the letter / post office analogy in Privacy, Security, Anonymity section?
  • We're mostly concerned about content (postcard vs. letter) -- encryption
  • The address (actual vs. PO Box) could be important too -- indirection
  • The following figures show the effect of encryption from various techniques
  • What's not shown: which information might be added, e.g., ads, tracking, malware
  • which information might be saved on client or servers, e.g., history, logs, caches
  • how secure your data is on their server, e.g., passwords, medical records, credit card, social security no.
  • how someone else accesses information you've 'published', e.g., email recipient, blog reader
  • no encryptionNone: {Figure 1. TCYOP-2: 39; TCYOP-1: 39} -- at right
  • [1] Wi-Fi (WPA) [device-to-router]: {Figure 3. TCYOP-2: 41; TCYOP-1: 41}
  • [2] VPN [device-to-intermediate server; some address] {Figure 4. TCYOP-2: 43; TCYOP-1: 42}
  • [3] Tor [device-to-intermediate servers; most of address] {TCYOP-2: Figure 14: 77; TCYOP-1: Figure 13: 77}
  • [1] https: (for browser; SSL/TLS for email) [device-to-final site] {Figure 6. TCYOP-2: 47; TCYOP-1: 47}

References

Safer Internet: Connection: Encrypt Wi-Fi

Safer Internet: Connection: Encrypt Wi-Fi webadmin Fri, 01/30/2015 - 16:50

Why?

  • driveway+ Protect unencrypted traffic from hackers and eavesdroppers -- at least part of the way
  • + Block unauthorized users (slowdowns, datacaps, illegal activity)
  • - Some admin setup required
  • - Provide password to your users

Quotes

Wi-Fi Encryption

  • playgroundIf you use https: for web browsing, and SSL/TLS for email, much of your important traffic will already be encrypted.
  • However, this isn't always possible for all sites & situations, and there are other reasons to protect your router and connection.
  • Encrypt Wi-Fi networks you control with WPA (Wi-Fi Protected Access)
  • relativesWeak/no password could create problems if neighbors use your connection (& IP address) for illicit activities or excessive downloads -- not an issue if your WiFi range does not extend outside, or for hard-wired devices (via Ethernet cable)
  • WEP (Wired Equivalency Protocol) is easily cracked, barely better than no encryption
  • WPS (Wi-FI Protected Setup) lets you use WPA without having to enter a long password; however, you may be vulnerable if you have not changed the pre-shared WPA key from the factory default setting, and PIN feature is enabled.
  • [Refs:Wi-Fi]: "Wi-FI Protected Setup (WPS) is Insecure: Here's Why You Should Disable It"
  • Network figures
  • with no encryption (Wi-Fi, SSL/https): {Figure 1. TCYOP-2: 39; TCYOP-1: 39}
  • with Wi-Fi encryption: {Figure 3. TCYOP-2: 41; TCYOP-1: 41}
  • Netgear WPAChange encryption level to WPA/WPA2
  • consult your router manual (download .pdf from manufacturer) to locate settings
    and local IP address, e.g., http://192.168.1.1 router has its own web server!
  • use web browser to connect locally to router, or use manufacturer configuration app
  • Apple Airport {Figure 2. TCYOP-2: 40; TCYOP-1: 40}
  • Netgear: Wireless Settings > Security Options > WPA2
  • TP-Link: Wireless (freq) > Wireless Security > WPA/WPA2 [screenshot]
  • keep calmCheck encryption level from client: none?, WEP?, WPA?
  • macOS: menubar > [option-click] Wi-Fi icon: current network stats displayed; other networks: hover to display stats
  • iOS10: Settings > Wi-Fi insecure connection shown in red
  • iOS(older): there doesn't appear to be a built-in way to see security details of any routers, whether connected or not
  • Android, macOS, Windows: How to Check WiFi Security Encryption Type 1/24/2014
  • Don't connect automatically to open (insecure) Wi-Fi networks.
  • iceland no wifiBy default, macOS & iOS connect automatically only to "known" networks, i.e., open or password-protected networks that you've connected to before
  • Automatic connections might occur in older systems or on other platforms?
  • For a new, unknown network, you can be prompted to join it, or to select it manually. it won't connect automatically
  • macOS: System Preferences > Network > Wi-Fi > Ask to Join New Networks : "on" (prompt you when a new network is avail) or "off" (you'll select manually)
  • iOS: Settings > Wi-Fi > Ask to Join Networks (same as macOS)
  • To remove a network from the list of automatically connecting "known" networks (that you've connected to previously)
  • macOS: System Preferences > Network > Wi-Fi > Advanced > W-Fi > (select network) > "-"
  • iOS: Settings > Wi-Fi > "i" (for network) > Forget This Network
  • [2] To make your network freely available to others, e.g., during a disaster, setup a separate guest network (with no password), rather than disabling security on your regular network [screenshot]
  • [Refs:Wi-Fi]: "How (and Why) to Safely Open Your Wi-Fi Network During a Disaster"
  • cafe[2] Consider using a Virtual Private Network (VPN) (covered in next section) if
  • no password; in a public area, attacker might provide access point, e.g., "Free WiFi"; or greedy ISP might inject ads
  • weak password: WEP, WPS
  • widely known password, e.g., coffee shop
  • [Refs:Wi-Fi]: "The Dangers of Unsecured Wifi Hotspots"
  • [Refs:Wi-Fi]: "Big Vulnerability in Hotel Wi-Fi Router Puts Guests at Risk"

Router Password

  • p-a-s-s-w-o-r-d routerSet a strong admin password -- this is for router itself (not the Wi-Fi password you use or supply to guests)
  • if required to be short, also change admin user name
  • Netgear: Maintenance > Set Password
  • TP-Link: System Tools > Password [screenshot]
  • If you setup your smartphone to share its data connection via Wi-Fi (aka Personal Hotspot or tethering), be sure to set a password for security and avoiding other using your data allocation.

[2] Router/Device DNS

  • If your Wi-Fi connection seems 'stuck', first reset/get new device IP address; otherwise, restart cable/DSL modem, then router
  • macOS: System Preferences > Network > Advanced > TCP/IP > Renew DHCP Lease
  • iOS: Settings > Wi-Fi > (current network "i" icon) > Renew Lease
  • Netgear DNSChange DNS (Domain Name System) name servers; e.g., Netgear (right)
  • free: OpenDNS; Google Public DNS; Recursive DNS
  • benefits: speed; security; non-existent domains (ad redirection)
  • Netgear: Basic Settings > DNS Address
  • TP-Link: DHCP > DHCP Settings [screenshot]; Network > WAN [screenshot]
  • If you have no router (or it's someone else's), you can change DNS directly on device via "Network > DNS settings"
  • config atommacOS: System Preferences > Network > Advanced > DNS > DNS Servers
  • iOS: Settings > WiFi > (network: "i") > IP Address > DHCP > DNS
  • If possible, create separate network profile, e.g., Home, Travel?
  • [Refs:DNS]: "7 Reasons to Use a Third-Party DNS Service"; "Pharming Attack Targets Home Router DNS Settings"
  • island[3] Encrypt DNS lookups, e.g., DNS Crypt: article, download free for macOS, Win from OpenDNS (now Cisco); GitHub download Mac: 1.0.12
  • benefits: privacy; security (spoofing and man-in-the-middle attacks)
  • macOS: [menubar] > "DNSCrypt"

[3] Advanced

  • Netgear remoteDisable remote administration -- hopefully it was already off by default
  • Netgear: Advanced > Remote Management
  • TP-Link: Security > Remote Management [screenshot]
  • If you change many admin settings, consider making a backup.
  • Netgear: Maintenance > Backup Settings
  • TP-Link: System Tools > Backup & Restore
  • Check if an update (usually infrequent) is available for your router's firmware, automatically upon login, or manually.
  • Netgear: Maintenance > Router Upgrade
  • TP-Link: System Tools > Firmware Upgrade [screenshot]
  • telepathyIf you rent a router from your ISP, check with them about updates.
  • On some devices, e.g., iPhone, iPad*, you can lock your SIM card so that cellular data can't be used without entering a PIN -- whenever you swap SIM cards or restart. To enable, disable or change your SIM PIN:
  • iPhone: Settings > Phone > SIM PIN
  • iPad: Settings > Cellular Data > SIM PIN (*Wi-Fi + Cellular models)

References

Android

DNS, IP Addresses

iOS

macOS

Modem, Router

Wi-Fi

Windows

Safer Internet: Connection: Use a VPN

Safer Internet: Connection: Use a VPN webadmin Sat, 01/31/2015 - 15:12

Why?

  • tunnel+ Provide more encryption to protect data when no Wi-Fi encryption (WPA) and/or further toward destination
  • + Provide some additional privacy and anonymity; other possible reasons below
  • - Setup; may not work with certain networks
  • - Performance
  • - Cost

Intermediate

  • proxyUse a Virtual Private Network (VPN) to connect to the Internet when you're on an open, insecure or unfamiliar network
  • e.g., cellular and (non-WPA) Wi-Fi networks when travelling or telecommuting
  • e.g., non-secure (http:) sites, e.g., to minimize ad injection, MITM (man-in-the-middle) attacks
  • How much of connection is encrypted? {Figure 4. TCYOP-2: 43; TCYOP-1: 42}
  • [Refs]: "Five Best VPN Service Providers"; "China Cracks Down On VPN Services After Censorship System 'Upgrade'"
  • tunnel[Witopia]: Why do I need a personal VPN?
  • You desire extra security from online bad guys and identity thieves
  • You don't want your Internet Service Provider, or owner of a network you're connecting through, to log, monitor, and/or control what you do online
  • You want to hide your IP address so you can protect your identity and location
  • You don't want search engines, such as Google, Yahoo, AOL, and Bing recording and storing every Internet search you perform -- potentially forever
  • You use Wi-Fi Hotspots
  • You have a company-issued VPN but don't wish to use it for personal business
  • You use the Internet at hotels or other shared hospitality or public networks
  • You live in, or are visiting, a country that blocks Skype, Facebook, Twitter, or other Internet services
  • You live in, or are visiting, a country that engages in Internet censorship or monitoring of content
  • You wish to encrypt your VoIP traffic
  • You want to use a service or application that is geographically restricted by IP address
  • You simply desire extra privacy and security and want to round out your firewall and anti-virus protection for a complete security solution
  • great firewall of chinaConsiderations:
  • price
  • performance -- it can be (much) slower
  • company experience, longevity, privacy policy, trustworthiness
  • anonymity decreased by server logs?
  • network reliability, availability
  • bandwidth/transfer limits
  • configuration ease & support
  • Free, ad-supported, usage caps, e.g., Hotspot Shield
  • Paid subscriptions, e.g., Cloak; Disconnect Premium; NordVPN; VPN Unlimited; WiTopia* *if you decide to subscribe to Witopia, please use this referral link (or code: Q8Hg3YRM) -- you receive an immediate 15% discount, and Steve receives a similar credit!
  • hoorayWiTopia configuration: all platforms
  • [1] macOS, Win; "WiTopia's super-advanced VPN client software. We may have actually made encryption fun."
  • macOS: WiTopia > Quick Connect [screenshot: menu]; [screenshot: app]
  • [2] Android; iOS: more custom setup required
  • iOS: Settings > General > VPN > (select configuration) [screenshot]
  • iOS: ... > Add VPN Configuration {Figure 5. TCYOP-2: 44; TCYOP-1: 44}
  • note: once any VPN configuration has been added, Settings > VPN shortcut appears
  • comparison of protocols; IPsec; PPTP; L2TP; OpenSSL
  • Note: Witopia says "Android and iOS apps coming this year" 4/12/2015 ?

[3] Advanced

References

Android

iOS

macOS

Video

Windows

Safer Internet: Connection: Avoid Malware

Safer Internet: Connection: Avoid Malware webadmin Thu, 01/29/2015 - 15:17

Why?

  • upgrade+ Malware can compromise online identities and accounts.
  • + Malware can access, compromise local files.
  • - Requires "be-aware" and software -- paying attention and updating system, apps and AntiVirus tools (if applicable)

Quotes

Types

  • heebie jeebies hissyViruses Wreak Havoc On Your Files
  • Spyware Steals Your Information
  • Scareware Holds Your PC for Ransom
  • Trojan Horses Install a Backdoor
  • Worms Infect Through the Network

User

  • attachmentPay attention -- most malware requires active user involvement
  • Don't click on links or open attachments in an unexpected email from "friends", "boss", "family"
  • Don't click on links in popups, or unknown links in web pages, esp. ads
  • Do not respond to popups that "hijack" your browser, esp. those that "found malware" or download unexpected 'Flash updates' -- just quit browser (see Block Ads section if you can't close/quit); reputable companies do not use such annoying / scare tactics
  • remote access virus[Refs]: "Most Cyberattacks Are Phishing Related, Not Sophisticated Technical Attacks";
    "Hygiene, Honeypots, Espionage: 3 Approaches To Defying Hackers"
  • [Refs:macOS]: "Scary Internet Scam Becoming Disturbingly Common -- browser hijacking: pop-ups, tech support / FBI; spyware, ransomware"

Apps / Web Sites

  • star trekInstall & update your software -- system and applications -- by downloading only from vendor's app store (if screened), app's own Update preference or control panel, other reputable sites -- see Offline Data: Software Updates
  • macOS: App Store
  • iOS: App Store
  • macOS: System Preferences > Security & Privacy > General > Allow Apps Downloaded From: [screenshot]
  • [1] Mac App Store
  • [2] Mac App Store and Identified Developers
  • [3] Anywhere -- note: option hidden by default in 10.12
  • bat tool[2] To open an "unidentified" app that you're sure about:
  • macOS: Applications > (ctrl-click app) > Open > Open
  • iOS: use the TestFlight app to accept expected invitations from known developers
  • Use browser Bookmarks / Favorites or a password manager to access web sites -- see later section: Browsing: Go To Correct Site
  • double agentEnable phishing/malware/plugin warnings
  • macOS: Safari > Preferences > Security > Fraudulent sites; Internet plug-ins [screenshot]
  • macOS: Firefox > Preferences > Security > Block reported attack sites / web forgeries / add-ons
  • macOS: Chrome > Settings > Advanced Settings > Privacy > Protect you and your device from dangerous sites
  • iOS: Settings > Safari > Privacy & Security > Fraudulent Website Warning [screenshot]
  • [2] Don't automatically open downloaded files (check file types)
  • macOS: Safari > Preferences > General > Open "safe" files after downloading [screenshot]

Anti-Virus (AV)

  • bleachInstall & maintain antivirus software on your device, if applicable & desired
  • Be careful where you obtain malware protection software -- some may be malware / adware itself -- especially if obtained via ad links, popups, pop-under windows
  • Having AV installed is no excuse to be careless, stupid
  • iOS: unnecessary
  • macOS: optional -- to avoid distributing infected files to others, e.g., Windows friends, or if still using external portable media from unknown sources: USB drives, CD/DVD, floppies, etc.
  • virus definitions may not include newest threats; scanning may slow down, interfere with system
  • examples: Avast; Avira; ClamXav; Comodo; Sophos
  • note: if you're running Windows on macOS (using Boot Camp, or virtualization software like VMware Fusion or Parallels Desktop), you should absolutely run Windows anti-malware software -- Mac anti-malware won't help
  • bacteriumIf you must use others' devices to access your accounts, make sure they're well-protected (antivirus) and maintained (software updates) -- see Mobile Privacy section, esp. to avoid keyloggers or other spyware
  • [Refs]: "San Francisco techies are hiring this Wiccan witch to protect their computers from viruses and offices from evil spirits"
  • [Refs:AV]: "AVG Proudly Announces It Will Sell Your Browsing History to Online Advertisers"; "Gadgets Bring New Opportunities for Hackers"
  • [Refs:Ransom]: "For PC Virus Victims, Pay or Else" (ransomware)

[2] Manage / Minimize Plugins, Extensions, Add-ons

  • macOS: Safari > Preferences > Security > Allow plugins [screenshot]; [screenshot: Plug-in Settings]
  • macOS: Firefox > Preferences > Applications
  • macOS: Firefox > Preferences > Security > Warn me when sites try to install add-ons
  • macOS: Chrome > Preferences > Advanced Settings > Privacy > Content Settings > Plugins; also Unsandboxed Plugins
  • shell phone pluginsConsider disabling problematic, obsolete, infrequently-used plugins
  • some sites, e.g., YouTube, default to HTML5 for video if Flash not present; Java less popular
  • iOS: unnecessary -- since Flash and Java are not allowed
  • configure to selectively load a plug-in if desired, or re-install if needed
  • remove obsolete plugins, e.g., Microsoft Silverlight
  • macOS: Finder > (disk/user) > Library > Internet Plugins
  • [Refs]: "How I ditched the security risks and lived without Java, Reader, and Flash";
    "Cybercriminals target Silverlight browser plug-in users with new exploit kit"

[2] Flash: Update, Block or Uninstall

  • flasheriOS: NA
  • macOS: I generally recommend uninstalling Flash from system; if necessary to use for some Flash-based sites, seletively use Google Chrome, which keeps Flash up-to-date automatically, provides "sandboxing", and also auto-pauses certain videos / ads
  • macOS: Chrome > chrome://plugins > Enable, Always Allow to Run maybe possible to run on-demand selectively via ctrl-click?
  • example (crossword): LA Times
  • If you do need to use Flash more frequently / conveniently, make sure it's always up to date and control using a flash blocker
  • macOS: System Preferences > Flash Player > Advanced > Updates
  • macOS: System Preferences > Flash Player > Storage > Delete All
  • macOS: Safari > Preferences > Extensions > Get Extensions : ClickToFlash
  • macOS: Safari (ctrl-click) > ClickToFlash Preferences
  • macOS should automatically disable insecure versions, and display message: "Blocked plug-in", "Flash Security Alert" or "Flash out-of-date"
  • [Refs:Flash]: "It's time to uninstall Adobe's Flash from your Mac - here's how"
  • [Refs:Flash]: "Firefox Now Blocks Flash By Default"
  • [Refs:Flash]: "Super (Flash) Cookies Lurk in Your Browser"

[2] Java: Update, Block or Uninstall

  • flasheriOS: NA
  • macOS: System Preferences > Java > Update [screenshot]
  • macOS: System Preferences > Java > Security > Security Level
  • macOS: Safari > Preferences > Security > Allow Plugins > Website Settings : Java : Ask [screenshot]
  • notice if installer wants to install anything else or change settings by default, e.g., Yahoo homepage, search engine -- uncheck anything you don't want!
  • examples (crosswords): Gaffney
  • [Refs:Java]: "Do you need to uninstall Java to be safe from its vulnerabilities?"

[3] Advanced

  • self esteemDon't "jail break" or "root" your device, i.e., don't install unofficial or pirated system/application software, or even visit "warez" or "dark" sites
  • JavaScript: on
  • JavaScript (not the same as 'Java') is essential for most modern sites; most browsers don't provide an option to disable
  • macOS: Safari > Preferences > Security > Enable JavaScript
  • You can generally remove tracking scripts by using a Content/Ad Blocker -- see Block Ads section
  • WebGL: on
  • WebGL (Web Graphics Library) JavaScript-based graphics using GPU
  • macOS: Safari > Preferences > Security > Allow WebGL
  • If administering your own website, check system log for suspicious activity, e.g., logins to non-existent or unauthorized accounts, unexpected accesses to admin pages or to non-existent modules / pages; add suspicious IP addresses to a blacklist

References

Android

Anti-Virus

Cyber Attacks, CyberWar

Flash, Adobe

iOS

Java

JavaScript (JS)

macOS

Plug-ins

Ransomware

Windows

Safer Internet: Connection: Turn Off Unnecessary Services

Safer Internet: Connection: Turn Off Unnecessary Services webadmin Sat, 01/31/2015 - 17:03

Why?

  • + By default, it's easy to share too much info with other apps, services and sites
  • + Services / sharing can be useful in many contexts, if settings can be adjusted rather than just turned off.
  • - Settings can be difficult to locate -- sometimes scattered in several places
  • - Repeated access requests could be annoying

Quotes

General

  • Control info shared between apps and over the Internet
  • There are other ways to share files -- see section Share Files Privately
  • Besides exploring every option under Preferences / Settings, you can use Search
  • macOS: System Preferences > Security & Privacy > Privacy : Location Services, Contacts, Calendars, Reminders, Accessibility, Diagnostics & Usage [screenshot]
  • macOS: System Preferences > Sharing : Screen, Files, Printer, Remote, Internet, Bluetooth [screenshot]
  • iOS: Settings > Privacy : (many) [screenshot]
  • iOS: Settings > General > Restrictions: (many)
  • Windows: (File Sharing) {Figure 7. TCYOP-2: 51; TCYOP-1: 50}

Login ("Lock") Screen

  • iphoneAdding contact(s) can be useful in case of medical emergency, or your lost device is found
  • macOS: System Preferences > Security & Privacy > General (lock message) [screenshot]
  • iPad: Settings > Wallpaper > Choose a New Wallpaper (annotated image) [screenshot]
  • iPhone: Health > Medical ID: Medical Conditions, Spouse, Child, Blood Type, Organ Donor; result: "Emergency" link on lock screen
  • [Refs:macOS]: "Add Contact Information to Your Mac's Login Screen"
  • iOS: Settings > Control Center > Access on Lock Screen If on, someone would be able to enable Airplane Mode on a lost/stolen phone, which would disable Find My iPhone
  • iOS: Settings > Passcode (or Touch ID & Passcode) > Allow access when locked: Notifications, Siri, Wallet, etc. [screenshot]
  • [iOS]: "Security flaw in iOS 9 discovered, could expose photos, contacts (via Siri)"

Find My Mac / iPhone / iPad

  • keysLocate, and optionally erase, your lost/stolen device
  • macOS: System Preferences > iCloud > Find My Mac [screenshot]
  • iOS: Settings > iCloud > Find My iPad/iPhone [screenshot]
  • iOS: Settings > Privacy > Location Services > Find My iPhone > Status Bar Icon: off If your phone is lost/stolen, and you're tracking it, it's better not to advertise it
  • Windows (iCloud required)
  • to use: login to iCloud account
  • [Refs:iOS]: "Find a Misplaced iPhone by Making it Beep Remotely from iCloud"

Location

  • batcaveDo you want apps / sites to know where you are? could be useful for maps, local stores
  • Before
  • macOS: System Preferences > Security & Privacy > Privacy : Location Services [screenshot]
  • macOS: ... Location Services > System Services > Details > Show location icon in menu bar when System Services request your location
  • macOS: Safari > Preferences > Privacy > Website use of Location Services [screenshot]
  • macOS: Firefox -- none?
  • macOS: Chrome > Preferences > Advanced Settings > Privacy > Content Settings > Location
  • iOS: Settings > Privacy : Location Services: Share My Location; Apps; System Services [screenshot]
  • iOS: Settings > iCloud > Share My Location
  • After: allow/deny for individuals web sites that request access
  • [Refs:Loc]: "Visa wants to track your travels abroad to prevent declined payments"

Computer, Keyboard, Camera, Microphone, Screen

  • Avoid snooping on your keyboard and screen over your shoulder in public places; control remote access
  • macOS: System Preferences > Security & Privacy > Privacy > Accessibility > Allow apps to control your computer [screenshot]
  • macOS: System Preferences > Sharing > Screen Sharing; Remote Login [screenshot]
  • macOS: System Preferences > "Camera??" -- use a piece of cardboard & tape except for specific apps!!
  • [Refs:WebCam]: "How to Stop Hackers From Spying With Your Webcam" Mac,Windows
  • macOS: Chrome > Preferences > Advanced Settings > Privacy > Content Settings > Mouse cursor; Media (camera, microphone)
  • iOS: Settings > Privacy > Microphone, Camera, Motion [screenshot]

[2] Bluetooth

  • a wireless technology standard for exchanging data over short distances between "paired" devices, e.g., for keyboard, headset, AirDrop (file sharing), share Internet connection
  • range: 30-300' depending on device power Class and environmental factors
  • most modern devices and implementations support encryption
  • however, if you enable only temporarily when you need it, your device will be more secure, use less power, etc.
  • macOS: System Preferences > Bluetooth > Turn Bluetooth: On/Off [screenshot]
  • iOS: Settings > Bluetooth: On/Off [screenshot]
  • iOS: [swipe up] > AirPlay

[2] Notifications

  • Control messages that appear in the "Notification Center"
  • useful vs. annoying; risk if someone sees screen, e.g., verification codes via SMS
  • allow/deny for web sites that request access?
  • macOS: System Preferences > Notifications [screenshot]
  • macOS: Safari > Preferences > Notifications
  • macOS: Chrome > Preferences > Advanced Settings > Privacy > Content Settings > Notifications
  • iOS: Settings > Notifications [screenshot]

[2] Speech

  • Allow Siri request logging?
  • iOS: Settings > General > Siri > About Siri and Privacy (read)
  • Dictation online: spoken words are recorded and uploaded to Apple's servers for translation
  • Enhanced (offline) mode more private but requires software install
  • macOS: System Preferences > Dictation & Speech > Dictation > Use Enhanced Dictation
  • [Refs:macOS]: "Keeping Dictation on a Mac Private"

References

Android

Camera

iOS