Tag: security (page 1 of 7)

Securing your digital life

Usually, guides to securing your digital life are very introductory and basic. This one from Ars Technica, however, is a bit more advanced. I particularly appreciate the advice to use authenticator apps for 2FA.

Remember, if it’s inconvenient for you it’s probably orders of magnitude more inconvenient for would-be attackers. To get into one of my cryptocurrency accounts, for example, I’ve set it so I need a password and three other forms of authentication.

Overkill? Probably. But it dramatically reduces the likelihood that someone else will make off with my meme stocks…

Security measures vary. I discovered after my Twitter experience that setting up 2FA wasn’t enough to protect my account—there’s another setting called “password protection” that prevents password change requests without authentication through email. Sending a request to reset my password and change the email account associated with it disabled my 2FA and reset the password. Fortunately, the account was frozen after multiple reset requests, and the attacker couldn’t gain control.

This is an example of a situation where “normal” risk mitigation measures don’t stack up. In this case, I was targeted because I had a verified account. You don’t necessarily have to be a celebrity to be targeted by an attacker (I certainly don’t think of myself as one)—you just need to have some information leaked that makes you a tempting target.

For example, earlier I mentioned that 2FA based on text messages is easier to bypass than app-based 2FA. One targeted scam we see frequently in the security world is SIM cloning—where an attacker convinces a mobile provider to send a new SIM card for an existing phone number and uses the new SIM to hijack the number. If you’re using SMS-based 2FA, a quick clone of your mobile number means that an attacker now receives all your two-factor codes.

Additionally, weaknesses in the way SMS messages are routed have been used in the past to send them to places they shouldn’t go. Until earlier this year, some services could hijack text messages, and all that was required was the destination phone number and $16. And there are still flaws in Signaling System 7 (SS7), a key telephone network protocol, that can result in text message rerouting if abused.

Source: Securing your digital life, part two: The bigger picture—and special circumstances | Ars Technica

Most don’t talk or act according to who they are, but as they are obliged to

NASA image of stars

The World’s Oldest Story? Astronomers Say Global Myths About ‘Seven Sisters’ Stars May Reach Back 100,000 Years — “Why are the Australian Aboriginal stories so similar to the Greek ones? Anthropologists used to think Europeans might have brought the Greek story to Australia, where it was adapted by Aboriginal people for their own purposes. But the Aboriginal stories seem to be much, much older than European contact. And there was little contact between most Australian Aboriginal cultures and the rest of the world for at least 50,000 years. So why do they share the same stories?”

🚶‍♂️ The joy of steps: 20 ways to give purpose to your daily walk — “We need to gallivant around outside in daylight so that our circadian rhythms can regulate sleep and alertness. (Yes, even when the sky is resolutely leaden, it is still technically daylight.) Walking warms you up, too; when you get back indoors, it will feel positively tropical.”

🔐 How Law Enforcement Gets Around Your Smartphone’s Encryption — “Cryptographers at Johns Hopkins University used publicly available documentation from Apple and Google as well as their own analysis to assess the robustness of Android and iOS encryption. They also studied more than a decade’s worth of reports about which of these mobile security features law enforcement and criminals have previously bypassed, or can currently, using special hacking tools.”

🚫 Misinformation dropped dramatically the week after Twitter banned Trump and some allies — “The findings, from Jan. 9 through Friday, highlight how falsehoods flow across social media sites — reinforcing and amplifying each other — and offer an early indication of how concerted actions against misinformation can make a difference.”

😲 The Ethics of Emotion in AI Systems (Research Summary) — “There will always be a gap between the emotions modelled and the experience of EAI systems. Addressing this gap also implies recognizing the implicit norms and values integrated into these systems in ways that cannot always be foreseen by the original designers. With EAI, it is not just a matter of deciding between the right emotional models and proxy variables, but what the responses collected signify in terms of human beings’ inner feelings, judgments, and future actions.”


Quotation-as-title by Baltasar Gracián. Image from top-linked post.

3 apps to help avoid post-pandemic surveillance culture [VIDEO]

This is an experiment using a green screen and OBS. Let me know what you think!

Briar
Tor
LibreTorrent
F-Droid