Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Next revisionBoth sides next revision
security:start [2021/03/19 16:14] niklassecurity:start [2021/03/25 09:40] – [Social engineering] Expand section stefan
Line 1: Line 1:
 ====== Basic security measures ====== ====== Basic security measures ======
 These are relatively simple security measures but they will have a major impact on the ease at which political enemies and criminal elements can disrupt our activities. These are relatively simple security measures but they will have a major impact on the ease at which political enemies and criminal elements can disrupt our activities.
 +
 +==== Securing a computer or phone ====
  
 Firstly, it is necessary to secure any computer or phone that is being used to log in: Firstly, it is necessary to secure any computer or phone that is being used to log in:
Line 6: Line 8:
   * Security updates to Windows/MacOS/Android and other software must also be installed. Preferably, they should be set to install automatically, but, if that is not possible, they should be installed as soon as the notification appears.   * Security updates to Windows/MacOS/Android and other software must also be installed. Preferably, they should be set to install automatically, but, if that is not possible, they should be installed as soon as the notification appears.
   * Care must also be taken not to install dodgy software. That could be apps on your phone or browser plugins.The Android store in particular contains thousands of dodgy apps and care should be taken when installing new apps.   * Care must also be taken not to install dodgy software. That could be apps on your phone or browser plugins.The Android store in particular contains thousands of dodgy apps and care should be taken when installing new apps.
 +
 +==== Web browsers ====
  
 Secondly, most browsers (including Firefox and Chrome) are notoriously ridden with security holes, many which are not yet publicly known. Determined attackers could use these to steal your information simply by tricking you to visit a specially crafted website. They can easily produce very legitimate looking emails masquerading as coming from your bank, internet provider, phone company, Facebook, Amazon etc., but where links will send you to such a malicious site.  Secondly, most browsers (including Firefox and Chrome) are notoriously ridden with security holes, many which are not yet publicly known. Determined attackers could use these to steal your information simply by tricking you to visit a specially crafted website. They can easily produce very legitimate looking emails masquerading as coming from your bank, internet provider, phone company, Facebook, Amazon etc., but where links will send you to such a malicious site. 
Line 12: Line 16:
   * All Yahoo users’ address books were compromised a couple of years ago, so be extra careful when clicking on links that come from yahoo addresses, including people you know.    * All Yahoo users’ address books were compromised a couple of years ago, so be extra careful when clicking on links that come from yahoo addresses, including people you know. 
   * Also, never click on any links in spam email, or links randomly sent to you by strangers.    * Also, never click on any links in spam email, or links randomly sent to you by strangers. 
 +
 +==== Secure passwords ====
  
 Thirdly, use strong passwords: [[security:passwords|How to secure passwords?]] Thirdly, use strong passwords: [[security:passwords|How to secure passwords?]]
  
-For social engineering attacks, pay attention to how you react to something. More often than not these attacks will try to elicit an emotional response and then exploit your impulses. +==== Social engineering ==== 
 + 
 +According to Wikipedia, "social engineering is the psychological manipulation of people into performing actions or divulging confidential information". An attacker will try to exploit your reactions to get you to give them information such as personal details or passwords. 
 + 
 +Here are some basic techniques to protect against this: 
 + 
 +  * Be wary of anyone contacting you out of the blue asking "innocent" questions. 
 +  * Never reply to requests for personal information or passwords. No one will ever legitimately ask you for your password, not even for verification of your identity. 
 +  * Reject requests for help or offers of help. An attacker might pose as technical support and offer to "help", but no computer support will contact you unless you have contacted them first. 
 +  * "Break the loop". Most attacks try to force you into a sense of urgency. But what is the rush? Slow down, and always //take the time to think//. If someone is rushing you, that in itself is a major red flag. 
 +  * Ask for verification of identity. Research it, and don't trust it blindly. 
 +  * All offers and prizes or sent to you are fake. ("Get the latest iPhone for only 200 euros", "Fill out these questionswin a ferret"
 + 
 +Pay attention to how you react to something. More often than not these attacks will try to elicit an emotional response and then exploit your impulses.