Beruflich Dokumente
Kultur Dokumente
1/28/2014 12:05:39 PM
Security Tips
Consumer Electronics, and Life, on-line and off-line.
Table of Contents, 4 levels Introduction (2013 July 05) ................................................................................................ 2 Digital Safety (2013 July 05).............................................................................................. 2 Computer Security Checks (2013 July 05) ..................................................................... 4 Physical World examples (2013 Dec 10)................................................................ 4 Digital World challenges (3 July 05) ...................................................................... 4 Test Cyber Security (3 July 05) .................................................................................. 4 Recovery Insurance (3 July 05) .................................................................................. 5 Do we need a patch or update? (3 July 05) ............................................................. 6 Applying Patches & Updates (2013 July 04).............................................................. 6 Malfunction Repairs (2013 July 15) ........................................................................... 7 On-Line Safety (2013 July 04) ....................................................................................... 7 Parents (2013 July 05) ................................................................................................ 8 e-mail Security (2013 July 05)........................................................................................ 9 Browser Security (2014 Jan 28)...................................................................................... 9 Privacy Settings (2014 Jan 28) ............................................................................. 9 AVG Privacy Fix (2014 Jan 28) ................................................................................. 9 AVG Privacy Fix for me (2014 Jan 28)................................................................ 10 Google Chrome (2013 July 05)................................................................................. 11 Mozilla Firefox (2013 July 05) ................................................................................. 11 First Aid before Disaster (2014 Jan 22)............................................................................ 11 ATM Risks (4 Jan 22)................................................................................................... 12 Check our credit reports (4 Jan 22)............................................................................... 13 Privacy (2014 Jan 28) ....................................................................................................... 13 Scams by Mail or Phone (2013 Dec 10) ....................................................................... 14 Insurance (2013 Dec 10) ............................................................................................... 15 Money in Bank Safety (2013 July 04) .............................................................................. 16 Corporate Security (2013 Nov 19).................................................................................... 17 Other Real World Security (2013 Dec 10) ....................................................................... 17 Answering Police (3 Dec 10).................................................................................... 18 Our Rights (2013 Nov 19) ............................................................................................ 19 Find Lawyer (3 Dec 10) ............................................................................................ 19 Revision History (2014 Jan 28) ........................................................................................ 20
1/28/2014 12:05:39 PM
You can post comments where I posted on Scribd & I will see the next time I sign on there, which is usually at least monthly. If you are on social media, you can find me, via my full name Alister William Macintyre or via abbreviated Al Macintyre. Linked In: http://www.linkedin.com/in/almacintyre Google Plus: https://plus.google.com/u/0/108007903544513887227/about Warning I am exiting Facebook I no longer read the flood of e -mail which comes to me from it. 2 I have uploaded this document to here: http://www.scribd.com/doc/149569351/Cyber-Security-PC-Tips-Al-Mac From time to time, after adding more tips to my collection, I plan to upload a revised edition. July 04 mid-day, I uploaded version 0.2 = approx 9 pages with 9 chapters, encompassing safety tips for mixture of home PC, real life, on-line. June 23 evening, I uploaded version 0.1 = approx 4 pages with 3 chapters = Digital Safety; Security Checks; Privacy.
1/28/2014 12:05:39 PM
NEVER give out personal information over the telephone or online to someone you dont know, even if they are allegedly with some organization which you do know. Microsoft does not call ordinary people to help them with some alleged problem on their computer, when those people never contacted Microsoft in the first place. Anyone calling you who claims to be with Microsoft is probably either a crook, or working for a crook, unless you have had occasion to know some Microsoft employee personally. Because new scams viruses and hacker techniques are created daily, make sure your computer has up-to-date security software and/or hardware, which collectively includes anti-virus, anti-spam, firewall, detect compromised web sites, block unwanted downloads, block invasions of your privacy. Do due diligence to locate security services you trust, and learn how to access their help, so that when there is some security scare in the news, you can go to their site to verify you are protected, instead of relying upon the scaremongers. If you get an e-mail saying that some strange file name, on a computer, is evidence of a virus, so you need to delete it to be safe do NOT follow advice which came from a total stranger in a forwarded e-mail. It is another scam. You need that file for your computer to work properly. Learn how to check these things out. Avoid filling out forms in email messages. You cant know with certainty where the data will be sent, and the information can make several stops on the way to the recipient. NEVER click on links contained in emails you receive from someone you dont know, even if the email looks real. Recognize which of your contacts may or may not be wise to these risks. Some people receive and forward dangerous links, without thinking. If you click on a link in an email message from a company be aware that many scam artists are making forgeries of companys sites that look like the real thing. Verify the legitimacy of a web address with the company directly before submitting your personal information, which includes your sign-on password. If some information is confidential, sending it via e-mail, unencrypted, is risking a breach. e-mail is convenient but not safe. Dont trust email headers, which can be forged easily. Study the HELP on your email system, so you can figure out how to locate headers. Are you using some on-line site for backup, and dont visit there very often? I suggest you visit every few months, to make sure it is still active, because if management thinks 3 your account has gone inactive, they may close it & re-assign it to someone else. All your stuff is now gone for good. Any time you get some hardware or software which has built in default passwords, you 4 need to change them, and have a system for keeping track of your passwords. Some cell phones have a default password which is the same serial # as the cell phone, so anyone who finds list of customers and what cell phones they have, can hack into those phones, if the customers have not yet changed the passwords. This logic applies to all kinds of hardware.
There is no such thing as one simple computer security tool, which will protect you from all different kinds of attacks. You need to have a suite or package of different defense-in-depth, tools,5 to protect against different kinds of attacks, such as: Malware attached to e-mail Hackers trying to get past your fire-wall
3 4
1/28/2014 12:05:39 PM
Web sites with drive by malware infection.6 Scams delivered by phone, snail mail, e-mail, social networking. Breaches at places which have data about you.
1/28/2014 12:05:39 PM
awake and fully functional.8 Many vendors, of personal computer security services, also provide sites where people can run tests, to find out: Do I have up-to-date cyber security protection? Is it running correctly? Is my PC currently free of threats? Different sites provide different kinds of tests, different kinds of help documentation explaining the consequences of the tests. Typically if we find we have some problem, we research it, fix it, then go back and do a retest. One of my personal favorites is Shields Up,9 from Gibson Research.10 When you are at that site, check out some of his other services. You can test the security certificates of websites, to see if there is a man in the middle attack against you. Although Steve Gibson has had some research insights, he is mainly a technical commentator, explaining things with great skill.11 As with any writer, as technology evolves, we cannot possibly comprehend all the threats.
http://blogs.avg.com/consumer/internet-security-solution-working-correctly/ https://www.grc.com/x/ne.dll?bh0bkyd2 10 https://www.grc.com/intro.htm 11 https://krebsonsecurity.com/2013/06/web-badness-knows-no-bounds/ 12 I am on Windows XP. The process may be a bit different for people on other PC OS.
1/28/2014 12:05:39 PM
13 14
1/28/2014 12:05:39 PM
A risk with many sites is they add new features, which have security privacy implications. Ask yourself if you want this or that place to have your address or phone #, which they later may give out to advertisers. You NEVER want to give out enough info that some crook can later use to do identity theft against you. Another risk with sites we frequently visit, sometimes doing a mass update of their privacy settings, because they think they know better than us, what is in our best interests. Sometimes we have gone to a great deal of trouble to figure out the best settings, which are contrary to the mass update, which we were not told about, and suspect the real reason for the update was to make it easier for advertisers to get to us. After I have tweaked some security so it is the way I want it, I sometimes copy-paste the screens into a folder named based on the place with the settings, so I can compare screens later, to see if anything got changed other than how I wanted them. Many applications want us to agree to their Terms of Service, before we upload their software. I copy paste them into docs in a folder on my PC, named after the outfit and their application. In the business world, we dont have to agree to their TOS. We can have a separate contract between the company using the software, and the application provider, which supersedes the TOS associated with individual downloads. For a lot of this stuff, I am not an expert. I have accumulated some pals, to whom I can go for guidance when I get in over my head.
1/28/2014 12:05:39 PM
past domestic abuse relationship. Try to stay current on the laws, before using a false name for yourself. Just because someone asks for info about ourselves, we dont have to give it out, unless it is the government, and even then some government agents are ignorant. We all should know what they are allowed to ask for, like our name, and what we should not supply, like our social security #, unless it is the taxing authorities. An identity thief can rob us blind, and get us into prison, if all they have is our name, date of birth, and a few other facts. We might think we have given that info to a place which is not crooked, but it could be incompetent protecting that info from cyber crime breach. Any info posted about us, in public, will make its way into the search engines within about a week, so maybe jot down when we joined some site, new to us, or updated our profile privacy settings, then plan a week or so later to conduct this audit. We will need to use a computer other than our own, that of a friend or family, and we will need to know how to clear its cache etc. when we are done. If you are a Google user, you might want to review this advice about Google privacy settings.22
http://blogs.avg.com/privacy-and-policy/privacy-fix-check-google-settings/ https://www.schneier.com/blog/archives/2013/07/security_analys_4.html 24 I upload periodic revisions of that document to the same places where I am sharing this one.
1/28/2014 12:05:39 PM
25 26
10
1/28/2014 12:05:39 PM
Here is FAQ about it.29 Unfortunately this web page has white print on a black background, which is hostile to the eyes of older persons, such as myself. One of its optional features is to provide a security heads up about sites you visit. 30 If you enable the privacy alerts, PrivacyFix submits your current URL and technical information about trackers attempting to collect data on the page. Your URLs are not retained, nor is your IP address or any personal data. Then there is color coding GREEN for the site having high level of privacy protection, ORANGE for known issues, and RED # in a circle for new privacy issues. I believe this is shown via icon at far right of my tool bar.
http://www.privacyfix.com/start/faq https://privacyfix.com/start#welcome 31 Linked In now has sections for volunteer and hobby interests. I created my profile before this was added, and used dummy company names for me working at such interests. I need to restructure them to the proper places now allowed by Linked In.
10
11
1/28/2014 12:05:39 PM
Tracking o More than 1,200 companies make a practice of tracking me on-line. Wow, I have another ap which kills cookies. Maybe it is time tor review the settings there. Privacy Fix has a button to remove all cookies right now. o Ad tracking is on o Social widgets is on o A problem is that I have some free services, in which part of the cost of those services, is to let the outfits track me. I do not want blanket on-off, but rather selective permissions. Web sites o Web site data checked o PrivacyFix Alerts are on, but I can disable them
32 33
https://krebsonsecurity.com/tools-for-a-safer-pc/ https://krebsonsecurity.com/tools-for-a-safer-pc/
11
12
1/28/2014 12:05:39 PM
exposure to future data heists. Unfortunately, very few places still accept travelers checks. First, do not have all your money in one bank, which is also where your debit or credit card is located. Once crooks are able to drain one of your accounts at a bank, they may be able to drain them all. Depending on how your accounts are setup, the crooks can even drive the balance into the negative, then the bank comes after you to zero out the account. When someone's bank accounts get drained, it may be tough to pay the bills next month,. The inconvenience is potentially massive. Depending on the card issuer's policy, any money that comes out of an account may not be refunded right away. Federal law allows the bank to investigate, before refunding any disputed charges. While you are waiting on the bank, the rent may be due. Shoppers should consider the additional risk that comes with using a debit card vs. a credit card. People have better protection in credit card fraud than debit card fraud. If you promptly notify the bank which issued the card, the credit card losses can be limited to about $50.00. But if the debit card account is breached, you could lose everything in that account, and more. There are ways to check your bank balances, to catch unexpected deductions, then report them promptly to the bank. Be careful when using on-line, since your access to your bank account, can be breached if you are using a poorly secured connection, such as a mobile phone, or Internet connection which is not direct, between you and the bank, but have some ISP in the middle.
34
13
1/28/2014 12:05:39 PM
you tell?), we also get tin foil to wrap around them, in our wallets, or get metal envelopes to keep our plastic cards in, when not in use.
http://blogs.avg.com/news-threats/740-million-reasons-care-data-privacy-day/ http://www.staysafeonline.org/data-privacy-day/
13
14
1/28/2014 12:05:39 PM
places have flunked security tests, or which places have never been tested. So we need to figure out how to diversify our valuables, to avoid becoming overly dependent on one institution, which could fail us. Come up with a system for managing your passwords, which wont be lost if you have a computer crash, physical burglary, or untrustworthy associate. The system should be such that if a few of your passwords get breached, it wont be obvious to whoever did so, what all your other passwords are. For example, if you have a password system consisting of 1st letter of outfit, then some digits, then some letters, where same digits, same letters for all, someone only needs to breach you two places, to know all your passwords. For reasonable privacy, use different passwords, user account codes, for different sites where you do business, or engage social media. Thus, if your activity associated with a particular e-mail address is breached, only your activity with that e-mail account is breached, not all activity with all e-mail addresses you may use. You may use the same password for a bunch of sites, where you consider your participation to be public, free for anyone to access, so as not to have to remember hundreds of passwords. We also need to stay current on the law. Many on-line sites ask for more info than they need, because they want to make money either by marketing to us, or selling info about us, so many people lie when answering questions.36 It is becoming illegal to tell falsehoods about ourselves. If you have a cell phone with valuable stuff on it, learn how to do occasional backups, so that if the police seize it, and erase all contents, you can go back to your last backup. If the police stop you, be polite and cooperative. You have to tell them your name. If you are out driving on public highways, the 4th amendment does not apply to the interior of your car. The 5th amendment protection against self-incrimination only applies if you claim it.
36
http://customercommons.org/2013/05/08/lying-and-hiding-in-the-name-of-privacy/
14
15
1/28/2014 12:05:39 PM
With each method, there are similar scams, and also some unique risks. Here is a US postal site with general tips for detecting and defending against scams by mail or telephone.37
In my Disaster Avoidance collection on Google,40 check out Protecting Your Security On-line,41 aimed at people in repressive states who would like to post
15
16
1/28/2014 12:05:39 PM
stuff without drawing the attention of the secret police torturers. Maybe people, in nicer nations, can also learn something from this. Drone Terms search for clothing where I have links to clothing to make people invisible to drones and CCTV. This is a collection of definitions of drone terminology and other national security topics. Petraeus Gate if the director of the CIA cant have privacy, what hope is there for the rest of us? Those notes also have other hot political news which was happening contemporaneously to that scandal. Snowden Leaks explanations of what government is spying on, which I have figured out so far, from many contradictory sources.
I now need to wear glasses and a hearing aid. Also stuff falls out of our brains as we get older. A small risk exists that I might have an accident and suddenly lose them, or someone step on them, or I am away from home, and need to change the hearing aid batteries. So I have the following protections: At home, and in wallet contact info with the folks who issued my glasses and hearing aid, including precise prescriptions needed for both driving and reading glasses. An insurance policy on the hearing aid, to avoid high cost of replacement, just in case. My property insurance policy has a rider on it to protect me if I become a victim of identity theft. Theres a place at home to hold my hearing aid, when I take it out, to go to bed, bathe, etc. Theres also a bag in my jacket pocket to hold it if I need to take it out when away from home. That bag has a spare set of batteries, just in case they need to be changed, when it is not convenient to return home.
40
https://drive.google.com/folderview?id=0B9euafJH4bZMTA0YTM0YzktNTI0YS00NjVhLTg5NTItY2RiZjhiM2MzODkw&usp=sharing 41 https://drive.google.com/#folders/0B9euafJH4bZMTA0YTM0YzktNTI0YS00NjVhLTg5NTItY2RiZjhiM2MzODkw
16
17
1/28/2014 12:05:39 PM
thousands of companies have irretrievably lost $ millions in breaches, due to flawed contracts and flawed practices.
Have you managed to accumulate a decent sum of money towards your eventual retirement? Have you noticed that money in banks and credit unions are insured up to $350,000.00? That sum is going to go back down to $100,000.00 soon. The government has changed the schedule a couple times, so if your accumulation is anywhere close to $100k, or higher, I suggest you check out the particulars, and avoid having more in the bank, than it is insured for. This insurance is only in case the bank fails. It is not protection in case of identity theft. I have a rider on my property insurance policy = Identity Theft Protection. I suggest you check with your insurance company to find out if something similar is offered, and how it works. Do you have a bank account for savings, when you only occasionally are able to save anything? Even though it might be months, or even years between your ability to make significant additional savings, better do something to the account every few months. The reason is that a bank can arbitrarily declare an account as being inactive, which means they stop paying interest on the account, then after a few years, they can seize the money on these inactive accounts. So if you put something in a bank, planning to withdraw it 10 years later, it might no longer be there when the time comes. I found this out by accident when I notified my financial accounts of an address change. One savings account had received no interest for 2 years because the bank had declared it to be inactive. Banks can be owned by conglomerates, with branches all over the nation, with their profits going to stock holders. Credit Unions are local, owned by people in a community, with the profits going to benefit the local community. Both have parallel insurance systems, where the Credit Union insurance fund is better protected than the one for the banks. Check it out & verify this info, then ask yourself if your local community needs more help, which you can contribute to, by placing your funds in credit unions, instead of in banks.
http://whitepapers.theregister.co.uk/paper/view/3066/quick-guide-to-disaster-recovery-in-the-cloud.pdf
17
18
1/28/2014 12:05:39 PM
Stay Calm. Keep your hands where police can see them, such as on car steering wheel, so there is no excuse that we were reaching for something. Be polite, honest, firm. Recognize that the authorities can come to a conclusion that we have told a falsehood, which is a crime, so tell them the minimum needed, then let a lawyer do the talking on our behalf, that they need. That way, if they think something is a lie, it went thru the lawyer, not directly from our mouth. If you are driving & police signal you to stop, pull over as soon as it is safe to do so, turn on interior light, turn off car engine, open driver window, keep your hands where police can see them. Be polite, stay calm, dont lose your cool. Offer to show our identification, such as driver license, because that has much greater reliability to police, than what comes out of our mouth. Do not reach for pocket where it is, until asking police officer if thats Ok. You dont want to make any moves the police officer might interpret as reaching for a weapon. If you are doing photography in public, like with a cell phone camera, do not do it in a rude in-your-face manner, which can make police angry. Making police angry at you is really stupid. Also remember that a lot of places, open to the public, are really private property, such as shopping centers, office buildings. The right to do photography in public, means in public places, not necessarily in places open to the public, or us in the public spaces, photographing some private place. If you think anything was done inappropriately, jot down details ASAP, then consult a lawyer on what if anything should be done about it. There are people who claim to be the police, but are really bail bonds agents, or repossession agents, or some other false identification, and sometimes when looking for their targets, they come to the wrong people. See the ACLU guidance for ideas on what to include in your write-up.43 If there is an incident, an accident, and you are not in police custody. Ask witnesses for how to reach them, just in case, and supply that info to your lawyer or insurance agent.
http://www.aclu.org/drug-law-reform-immigrants-rights-racial-justice/know-your-rights-what-do-if-you
18
19
1/28/2014 12:05:39 PM
Police officer: May we search your home? Sir, I am not going to stand in your way . If you tell me what you are looking for, maybe I can help you find it. May I have a copy of your search warrant? Here is ACLU guidance on what people should do, if stopped by police, FBI, immigration officials etc.44 I have copied them, and then slightly modified what they say.
44 45
http://www.aclu.org/drug-law-reform-immigrants-rights-racial-justice/know-your-rights-what-do-if-you There was a death in family, where inheritance involved. I was a volunteer with a non-profit group, which planned a complex type of incorporation. Once upon a time, someone tried to frame me. 46 https://www.aclu.org/about-aclu-0 http://knowdrones.wikispot.org/ACLU 47 http://www.nacdl.org/about.aspx http://knowdrones.wikispot.org/NACDL 48 http://www.nacdl.org/impak/cms/members_online/members/findalawyer.asp
19
20
1/28/2014 12:05:39 PM
The National Lawyers Guild49 (NLG) has helped people who were engaged in what they thought they had a constitutional right to do, but got arrested anyway. Many people think they have unrestricted rights to protest grievances, go to government or other sites, and manage to get themselves arrested. Here is a collection of links to legal resources to help people who get into such a situation.50 I have done volunteer research work to help humanitarian volunteers, and activist volunteers, who can go into risky situations without enough advance thought, responding to some crisis or emergency. Many of them were unprepared for encountering realities with less critical infrastructure functioning, than they took for granted, or they had adverse interactions with people who have different beliefs about rights and responsibilities. You might ask me where else I have uploaded my tips, particularly in subject areas of interest to you. They evolve over time, because some cloud sites get shut down, and some get improved so much they cease to be usable.
49
https://www.nlg.org/ http://knowdrones.wikispot.org/National_Lawyer%27s_Guild 50 http://knowdrones.wikispot.org/Resources_for_Protesters 51 I have several separate documents on what we have learned, thanks to: Snowden leaks; various terrorist attacks, man made natural disasters, controversial actions of the government. 52 http://www.scribd.com/doc/149569351/Cyber-Security-PC-Tips-Al-Mac 53 PDF for version v 0.3 sharing was 111 k. Scribd reads up to 345. It had hit 100 reads 5 months earlier, some time in July. I also tried to delete an earlier accidental duplicate copy, which had had 38 reads. 54 http://www.scribd.com/doc/149569351/Cyber-Security-PC-Tips-Al-Mac
20
21
1/28/2014 12:05:39 PM
Version 0.3 was uploaded 2013 Dec 10, with 26 chapters, of which 22 had been updated or added, since the prior sharing, 17 pages, 48 footnotes. After uploading version 0.2, I adjusted all chapter headings to append date of last version (2013 July 04). I plan to change that to today each day I modify the contents of a chapter. That way people who get at a later version, can more easily see which chapters have been updated since. Version 0.2 of this was uploaded,55 to Scribd56 and Google documents,57 2013 July-04 mid-day with 31 footnotes, just over 9 pages, effectively doubling the amount of content which had been in the first public sharing. Most all chapters had had minor re-writes and additional text added. Version 0.2 was uploaded 2013 July 04, at which time it had 9 chapters, 10 pages, 31 footnotes Version 0.1 of this was uploaded,58 to Scribd 2013 June-23 evening with 9 footnotes, just over 4 pages, & the following Contents:
Table of Contents Digital Safety .................................................................................................................. 1 Security Checks .......................................................................................................... 2 Privacy ............................................................................................................................ 4
Version 0.1 was uploaded 2013 June-23, at which time it had 3 chapters, 4 pages, 9 footnotes.
55
The PDF for version v 0.2 sharing was 74 k. At the time of version 0.2 uploading, I adjusted the Scribd description, which took it from 4/5 to 5/5 visibility. By the time I was finished tinkering, Scribd reads were up to 73, probably 6 of them credited to me. 56 http://www.scribd.com/doc/149569351/Cyber-Security-PC-Tips-Al-Mac 57 Here is my Disaster Avoidance document collection on Google Drive Documents: https://drive.google.com/folderview?id=0B9euafJH4bZMTA0YTM0YzktNTI0YS00NjVhLTg5NTItY2RiZjhiM2MzODkw&usp=sharing 58 The PDF for the first sharing was 30 k. After version 0.1 got uploaded, but before I replaced it with version 0.2, there had been 69 reads of it on Scribd, probably 2 of them by me.
21