Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
security:start [2021/03/19 16:12]
niklas created
security:start [2021/04/04 08:28] (current)
stefan fix typos
Line 2: Line 2:
 These are relatively simple security measures but they will have a major impact on the ease at which political enemies and criminal elements can disrupt our activities. These are relatively simple security measures but they will have a major impact on the ease at which political enemies and criminal elements can disrupt our activities.
  
-It is necessary to secure any computer or phone that is being used to log in:+==== Securing a computer or phone ==== 
 + 
 +Firstly, it is necessary to secure any computer or phone that is being used to log in:
   * That is, there must be anti-virus software installed.   * That is, there must be anti-virus software installed.
   * Security updates to Windows/MacOS/Android and other software must also be installed. Preferably, they should be set to install automatically, but, if that is not possible, they should be installed as soon as the notification appears.   * Security updates to Windows/MacOS/Android and other software must also be installed. Preferably, they should be set to install automatically, but, if that is not possible, they should be installed as soon as the notification appears.
-  * Care must also be taken not to install dodgy software. That could be apps on your phone or browser plugins.The Android store in particular contains thousands of dodgy apps and care should be taken when installing new apps.+  * Care must also be taken not to install dodgy software. That could be apps on your phone or browser plugins. The Android store in particular contains thousands of dodgy apps and care should be taken when installing new apps
 + 
 +==== Web browsers ==== 
 + 
 +Secondly, most browsers (including Firefox and Chrome) are notoriously ridden with security holes, many of which are not yet publicly known. Determined attackers could use these to steal your information simply by tricking you to visit a specially crafted website. They can easily produce very legitimate looking emails masquerading as coming from your bank, internet provider, phone company, Facebook, Amazon etc., but where links will send you to such a malicious site.  
 + 
 +  * If you receive something from e.g. Facebook that needs your attention, manually open a new browser window and manually type the URL for the website and login there.  
 +  * All Yahoo users’ address books were compromised a couple of years ago, so be extra careful when clicking on links that come from Yahoo addresses, including people you know.  
 +  * Also, never click on any links in spam email, or links randomly sent to you by strangers.  
 + 
 +==== Secure passwords ==== 
 + 
 +Thirdly, use strong passwords: [[security:passwords|How to secure passwords?]] 
 + 
 +==== Social engineering ==== 
 + 
 +According to Wikipedia, "social engineering is the psychological manipulation of people into performing actions or divulging confidential information". An attacker will try to exploit your reactions to get you to give them information such as personal details or passwords.
  
-Most browsers (including Firefox and Chrome) are notoriously ridden with security holes, many which are not yet publicly known. Determined attackers could use these to steal your information simply by tricking you to visit a specially crafted website. They can easily produce very legitimate looking emails masquerading as coming from your bank, internet provider, phone company, Facebook, Amazon etc., but where links will send you to such a malicious site. +Here are some basic techniques to protect against this:
  
-If you receive something from e.gFacebook that needs your attentionmanually open a new browser window and manually type the URL for the website and login there.  +  Be wary of anyone contacting you out of the blue asking "innocent" questions. 
-All Yahoo users’ address books were compromised couple of years ago, so be extra careful when clicking on links that come from yahoo addressesincluding people you know.  +  * Never reply to requests for personal information or passwordsNo one will ever legitimately ask you for your passwordnot even for verification of your identity. 
-Also, never click on any links in spam email, or links randomly sent to you by strangersSee video: https://drive.google.com/file/d/1B084caNguD2Vu7-OLOzfnA7Yg2wVXhLX/view?usp=drive_web +  * Reject requests for help or offers of help. An attacker might pose as technical support and offer to "help", but no computer support will contact you unless you have contacted them first
 +  "Break the loop". Most attacks try to force you into sense of urgency. But what is the rush? Slow downand always //take the time to think//. If someone is rushing you, that in itself is a major red flag
 +  Ask for verification of identity. Research itand don't trust it blindly. 
 +  * All offers and prizes or sent to you are fake("Get the latest iPhone for only 200 euros", "Fill out these questions, win a ferret")
  
 +Pay attention to how you react to something. More often than not these attacks will try to elicit an emotional response and then exploit your impulses.