Message from Fluxis in Cascadian Coffee Company #general


2017-06-23 15:37:43 UTC  

Factory*

2017-06-23 15:38:25 UTC  

Better safe than sorry if we're talking about computer security

2017-06-23 15:38:36 UTC  

Also using windows 10 is an instant gg on security

2017-06-23 15:39:03 UTC  

Anyone with metaploit can get into someone using windows 10 by simply googling proper commands

2017-06-23 15:39:22 UTC  

Which is why DNS + Tor on windows can up the security a few points.

2017-06-23 15:39:51 UTC  

I use windows 10 because I like to be able to play game every now and then.

2017-06-23 15:40:35 UTC  

I have this Mac running OSX for most games, and on my laptop I just use WINE to emulate windows games.

2017-06-23 15:41:21 UTC  

Well you must have a very good computer!

2017-06-23 15:41:23 UTC  

I don't lol

2017-06-23 15:41:28 UTC  

Also, real net security comes down to flashing firmware on your router

2017-06-23 15:41:58 UTC  

Here I'll make it easy

2017-06-23 15:42:27 UTC  

I've done this all before for a friend, it's really not that hard guys.

2017-06-23 15:42:41 UTC  

Assuming hackers here are your run of the mill script kiddies and not nation states, hackers can:

Use Remote Exploits to access your computer (hacking your computer).
Trick you into running exploits on your computer (viruses, malware).
Trick you into disclosing the credentials to your computer or web services (phishing).
Manipulate company employees into handing over your login details or control of your account (social engineering)
Guess the credentials to your computer or web services (cracking).
Break into web services and determine your credentials (hacking web services).
While hackers will always know about security problems before everyone else, they are less likely to use their brand new exploits against random people. High value targets (whether they be financial (paypal?), political (fbi website?) or lulzy (the fappening)) are much more likely to be their focus. Unknown exploits are valuable: They are obtained by hard work or paying for them on the black market. But the moment you use them, everyone will find out and patch the hole. So the hacker wants to make it count, he doesn't want to blow his one shot on something worthless.

2017-06-23 15:43:05 UTC  

Day to day attacks will be from relatively unskilled hackers (script kiddies) and deployed against ip address on the internet.

Occasionally a large internet service will lose it's password database to hackers e.g. twitch.tv. Sooner or later one of these headline hacks will affect you.

In response you can:

Keep your operating system and software up to date to cut down on remote exploits.
Use anti-virus and anti-malware scanning software.
Be wary about running unknown software or logging into untrusted sites (common sense 2016).
Run a restrictive firewall to allow only certain applications access to the network.
Use a password manager to generate random, secure passwords for your local computer accounts and web services.
Use a different password on each site. Knowing one password shouldn't make it easier to guess the others.
Give fake personal info where possible, so that info from one hacked account can't be used to break into other accounts by messing with the "Forgot Password" feature or calling and manipulating support/customer service.
Only use trusted web services, and give them as little sensitive data as possible.
If you shop online, try to delete Credit Cards when you're done using them, don't keep them saved in the account.
Use Two Factor Authentication (2FA) for higher value web services (banking, email).

2017-06-23 15:43:35 UTC  

Advertisers can:

Collect information when you login to them.
Track you across different websites you visit without logging into them.
Track you via GPS on your phone.
Track you online via WiFi on your phone.
Track you offline via WiFi on your phone.
Track you offline via credit/debit cards.
Track you offline via reward/membership cards.
Some of the security (or privacy) threats with advertisers are opt-in (i.e. you accepted it) and generally advertiser tracking isn't going to mess up your day. Problems arise when advertisers sell your information on to third parties (who in turn sell it to other third parties), go broke and auction off your data, get hacked or are victims of mass surveillance.

It's worth noting that their revenue models would be colossally damaged if everyone ran adblocking software.

In response you can:

Not create social media accounts, or create accounts with false information (although you'll still have the same friends, so are still opting in big time).
Disable third party cookies in your browsers.
Turn off GPS on your phone, or use a custom rom to limit which apps have access to your GPS.
Turn off WiFi on your phone, or use a custom rom to limit which apps have access to WiFi.
Turn off WiFi when you're out and about, especially in malls/shopping centres.
Use cash.
Debit cards tell your bank what you're buying and who from and where, and they sell that.
Credit cards tell VISA/Mastercard/etc what you're buying and who from and where.
Don't use reward cards. Most people never use the "rewards" and your privacy is worth more.

2017-06-23 15:43:42 UTC  

Wow, I feel bad because my computer is unsecured.

2017-06-23 15:43:47 UTC  

So you've already given Facebook your phone number and address and date of birth? They already know your schools and job and hobbies? Why close the gate when the horse has bolted?

You'll change jobs.
You'll move house.
Your interests will change.
Your friends will change.
You'll get married/divorced/have children.
You could even change your name or get married and change your surname.
Sure, the data they have today will still be valid in a week. But in six months? A year? Five years? The sooner you cut off advertisers from up to date information, the sooner it'll be out of date. Their databases will say you still like Linkin Park and Jackass unless you tell them otherwise. They'll also miss out on your patterns over time, not knowing the path of your history and making their future predictions inaccurate.

2017-06-23 15:43:58 UTC  

Your cell phone service provider can:

See what cell tower you are connected to whenever your phone is on.
See when your phone is switched off or out of coverage (they can't tell which).
See who you call and text, when and where, and for how long.
See who calls and texts you, when where you are, and for how long.
See your data usage metadata and perhaps "full take" data.
Sell you a phone preloaded with their applications, which have all kinds of permissions granted.
Cell phones are a big problem when trying to avoid location tracking. Without the cell tower your phone is only a phone when you have WiFi access, or not at all.

In response you can:

Use OTR in any instant messaging conversations. Install Pidgin and the OTR plugin for PC, and Xabber or ChatSecure for Android.
Use VoIP and data messaging instead of traditional calls and texts. Encrypted VoIP and messaging exists.
Convince your contacts to use VoIP and data messaging.
Install a firewall to restrict which apps have access to the data connection, or turn your data connection off completely.
Uninstall preloaded apps, flash a custom ROM or buy a standalone phone unlocked from any provider.
Leave your phone at home when you're going out.
Keep airplane mode turned on when you don't use your phone (you can have it automatically turn on whenever the screen is off).

2017-06-23 15:44:08 UTC  

While your ISP is able to collect your metadata and block access to websites, these are generally because of Government Policy. Some ISPs will offer a "family friendly" site blocking option which you can turn off. Remember that while ISPs can most certainly be nefarious, usually it's the laws that compel them to give up your data to security agencies that can do you in, as the ISPs really can't do anything about it, but comply.

Your home or business ISP can:

Provide you with an email service which they control (e.g. [email protected]).
Force you to use a modem which they retain root access to, which may also contain serious bugs.
Send you a modem that is configured by default to use their DNS, allowing easy logging of your traffic.
In response you can:

Use an alternative email service and/or use PGP.
Use OTR in any instant messaging conversations. Install Pidgin and the OTR plugin for PC, and Xabber or ChatSecure for Android.
Bridge your ISP modem to a router which you control (or just ditch your ISP modem for one you bought personally, if possible). $50 will buy you an OpenWRT compatible router.

2017-06-23 15:44:28 UTC  
2017-06-23 15:44:38 UTC  

Buy a cisco ios router.

2017-06-23 15:45:14 UTC  

Use Palemoon as default browser btw if not running TOR

2017-06-23 15:45:24 UTC  

Firefox sold out last year

2017-06-23 15:46:15 UTC  

I have to go now, please DM anything important guys!

2017-06-23 15:47:25 UTC  

For those who use android, (my fav part of tech is building up security on a phone OS)

2017-06-23 15:47:28 UTC  

Android replacements
Replicant: A project to completely replace all proprietary components of Android;
Custom ROMs;
CopperheadOS: a hardened fork of Android with PaX kernel patches and more.
Firefox OS: An alternative operating system by Mozilla that runs on some Android devices.

2017-06-23 16:07:17 UTC  

This chat has gone full autism. Time for some new rules.

2017-06-23 16:11:30 UTC  

this chat hasn't gone full autism, just one individual.

2017-06-23 16:13:25 UTC  

True. We'll get this cleaned up...

2017-06-23 16:14:38 UTC  

That's why we have admins 😃

2017-06-23 16:16:33 UTC  

heh no worries, I'm sure we'll survive.

2017-06-23 16:17:47 UTC  

Sorry for the autism goys.

2017-06-23 16:20:08 UTC  

maybe we should have a separate channel for cyber security?

2017-06-23 16:23:38 UTC  

"sickburns"

2017-06-23 16:27:22 UTC  

sickburns?

2017-06-23 16:41:26 UTC  

Et Tu, Judea?