Thursday, 9 August 2012

Added Security

Security is a topic that I find both important and interesting. Hence I start writing more about it on this blog. This being my first second (here is my first) security related tech post.

Added Security
I've taken some measurements to increase my own online security. This might be interesting for others as well.

Laptop camera
Most of today's laptops has a built in camera. When not using this camera you should cover it physically. Some might reckon covering your camera is being paranoid, however there are a lot of tools and malware out there that captures images from cameras without the user's knowledge. Do some searches on the net and see for yourself. As well, I'm sorry to let down those being ignoramus stating that there are no viruses or malware on Macintoshes. Because this is a issue on Macs as well. If you don't believe me read more here.

2-step verification (if using Gmail, VXG and Google Apps)
As I'm using VXG for my email I've enabled 2-step verification. Everyone using Gmail, VXG or another Google Apps powered email solution should enable this.

From Google: "2-step verification drastically reduces the chances of having the personal information in your Google account stolen by someone else. Why? Because hackers would have to not only get your password and your username, they'd have to get a hold of your phone."

Encrypted messages
If you want to send someone secrets like your credit cards details, your Gmail password or what have you got, it is far from wise (read: "bloody stupid") doing it as plain text in an email, or as an SMS. A solution is to encrypt the content before sending it, in a way only the designated sender can read it. A neat tool for doing this can be found at, a solution initiated by the founder of Atari, Nolan Bushnell. Unfortunately the current Chrome plugin is faulty. Installing that causes right clicking failing on several sites. Guess this will be fixed later though. In the meantime the webpage can be used. Read more about scrambl'ing stuff at this page.

It's crazy to see how many people that are not backing up their valuable content on their computers, to "the cloud". Hard drives do stop working all the time, and it might be both expensive and difficult to restore corrupt content. Despite of brilliant tools, like SpinRite from Steve Gibson, you might not be able to get back content if your hard drive crashes really badly. And what if your computer gets stolen or you have a fire? Seriously, if you're not backing up your computer at the moment you should start doing it ASAP. Personally I'm using Crash Plan (the "CrashPlan+ Family Unlimited" plan to be specific), and I'm very satisfied with the ease and functionality of that solution. For my mum's computer I was unable to install Crash Plan and ended up installing the Norwegian developed backup solution Jotta. That seems to be working as well. However the big test is when you need to restore your lost content, something I haven't done so far. For Mac users I've heard a lot positive about Arq.

When you do backup to "the cloud" you need to realise that all backed up content from your computer will be transferred out to the Internet. Hence privacy should be a topic that you do pay some interest. I want my stuff to be encrypted before any bytes at all leaves my computer. A TNO (Trust No One - from "TNO, Trust No One, meaning that we're able to send off blobs of noise, pseudorandom noise, which no force on Earth, as far as we know, can reasonably decrypt, and put that out there for storage, and then get it back.") policy is also positive, for avoiding employees at a backup company being able to sneak around in your private files.

For everyone interested in this topic I do recommend Security Now episode 349 (transcript), 350 (transcript) and 351 (transcript).

Backup Bouncer test results done by Arq.

True TNO
Another backup solution I'm running is Duplicaty. I'm using this backup solution with my VXG account (Google Docs or Google Drive), something that works like a charm. This works as a true TNO. I use Duplicati for files that are top secret, and no one else but myself should be able to read, no matter what.

Easy setup for Duplicati.

Selected folder that will be backed up.

The result of the backup in my VXG Drive in "the cloud".

Waiting for the next scheduled backup.

Duplicati specific tip:
Note that it is possible to use VXG Drive / Google Drive as a backup target with a deep folder hierarchy (using sub folders). In the example from the image below I used the following backup path:
private/[private] backup/[private] [backup] duplicati

Deep folder hierarchy.

Browser improvements
I've also changed some settings in my browser, for added security. For example I do not like having scripts and plugins disabled by default. Java and Flash are full of security holes, and I don't want that starting without my knowledge.

For disabling script, or JavaScript, by default I'm using the extension NotScripts as I'm running Chrome. A similar add-on for Firefox is NoScript.

Scripting needs to be enabled as it is disabled by default.

For disabling plugins by default in Chrome go to settings, search for "content settings" and click the "Content settings" button. Change the option to "Click to play".

Content settings in Chrome

Click to play.

Having to click to run Flash is the safest.

To check your existing plugin settings you can type "chrome://plugins/" in in Chrome address bar.

DNS Checker
A lot of computers has gotten their DNS (Domain Name System) settings hacked lately (DNS Changer Malware). Read more about this at this page. This is a major problem as it means the hackers really can mess up your life. For example, in stead of being sent to PayPal when typing in you might be redirected to an exact copy of that site, created by the hackers.

You should straight away check if your DNS settings are hacked by going to or another site that checks this.

Hopefully the DNSChanger Trojan horse is not on your machine.

While we're at DNS I've also started using DNSCrypt. A brilliant piece of software to avoid your ISP and others from knowing everything you do online.

Easy to install.

Your computer gets protected in no time.

DNS Crypt

Prevents man-in-the-middle-attacks and snooping of DNS traffic.

By installing DNSCrypt localhost will (automatically) be used as your DNS server.

No comments:

Post a Comment

Allowed HTML tags:
<a href="">hyperlink</a>

Please, show the courtesy of identifying yourself when adding a comment. Anonymous comments will, most likely, be removed.