Monday, April 14, 2014

Security

For my friends and family who seem to have the worst luck having their online accounts hacked.  Here are some helpful suggestions…

Email

Our email address is attached to everything we do online.  Hackers see this as a way into taking over online identities and spreading viruses and malware.  Some simple rules to help keep your email and computer/smartphone safe:

  • Use antivirus geared for internet use.  ie: browsing, email, cloud, SaaS etc.   Don’t just go with a free version.  Invest in this.
  • Use strong passwords (something not easily guessed).  Use a tiered password system*.
  • Have a secondary email for junk you sign up for.
  • Do not click on links in email messages.
  • Be aware of phishing / spam emails and how to spot them.
  • If you have been hacked, change passwords as well as information on how to reset your password if forgotten.   ie: secret question  
  • Use a 2 step verification process.  ie: for Google users:  Google Authenticator (https://www.google.com/landing/2step/)
  • Also for Google users, setup gmail to use the inbox tabs and category labels to get organized. (https://support.google.com/mail/answer/3055016?hl=en)

Social Media

Most of us today are social butterflies and live on our computers and smartphones browsing Facebook, Google+, LinkedIn, or Twitter.  Again, some simple rules:

  • Do not add personal info on your profile settings.   Keep it simple.
  • Security and privacy settings – use them to the fullest extent.  Review them every time the social media site makes a change to their GUI or system. 
  • Review the authorized apps list just as frequently and delete authorizations you no longer need or use.
  • Do not accept random friend invites.
  • Do not like or comment on posts that covers a large base of people you do not know.  ie: “Like if you agree or Comment of you disagree”, “Like if you hate Obama, Comment if… whatever”  All this does is add you onto someone’s marketing list and makes you a target.
  • If the social media app requires you to re-login to share or post a comment / like it is more than likely a phishing scam.
  • Apps on the social media sites require permissions, read them.  Do not just hit the accept button.  There is no reason for a “game” to access your personal profile information and to post as you on your timeline.  Disable all app requests from friends.   Do everyone a favor, stop playing games on social media sites and delete all of these authorizations. 

Smartphones

Since I am a Linux nerd, I will talk about security on android phones.  I do not know enough about iOS to make recommendations, except for “use your brain” and “make smart choices”.  The list below is what I use for security on my Samsung GS3 and I’m sure there is more than one way to skin a cat so if you find something better, cool.  Share it!

  • Rooted device – My device is rooted.  However, I am still using the stock ROM.  I don’t see the need for a custom ROM (yet).  I have SU for a handful of apps that I like including Avast and Titanium Backup for the features.  In order to perform updates I have to unroot my device – at present I haven’t researched how to update a stock kernel on a rooted device yet. 
  • Avast – I have tried a few others and Avast’s security apps are the ones I like best:
    • Mobile Security and Antivirus – The name is self-explanatory.
    • Mobile Backup and Restore – I use this to backup certain information to a secure site.
    • Anti-theft – Google has a device management software that does the same thing but I find that I like this one better and still have the google device management as a backup.
    • Secure Line VPN – So the NSA is monitoring your traffic, new drones can hack into your smartphone (http://www.youtube.com/watch?v=Q3y18PRYvew), packet data can be intercepted while on open networks, and the list goes on.  This sets up your wifi connection as a secure VPN to an Advast server.  I mainly use this if I am on an open untrusted wifi connection.  ie: starbucks, hotels, etc.  This will slow your connection speed down some fyi.
  • Clueful – Apps on your smartphone require security permissions.  Usually when installing from Google Play you can review what those settings are (you do review them right?).  Clueful will tell you what category the app is in once installed by giving a color code to categories of High Risk, Moderate Risk, and Low Risk.  The app will also give you an overall score of how secure your device is.  Security permissions of apps can be viewed by category and individually.
  • Android Firewall – It is what it sounds like.  You can setup application profiles.  If you like an app that Clueful has identified as high risk you can setup the firewall to limit the actions of that app.  Don’t expect the app to operate normally after doing so of course.  The firewall has lots of features that you can read up on.
  • Google Authenticator – 2 Step verification for google products.  It adds an additional layer of security so a username and password is not all that you will need.  Read about the 2 step verification and Google Authenticator via the link I provided above.
  • Greenify – Not a security app per se, however, it has some security features that are useful.  Greenify can regulate the activity of apps on your phone.  Simular to a firewall only that Greenify will not allow an app to continue to operate to drain your battery.  Profiles can be setup for the apps running in the background.
  • Settings: NFC, S Beam, DLNA, Screen Mirroring, Bluetooth, and Wifi – I normally keep these settings off until I need them.
  • Isis Mobile Wallet – This app is endorsed by all the major carriers.. and it sucks.  I tried to set it up and my bank had to send me a new card because Isis was a security concern.  I currently use Google Wallet and it has more features than Isis.  
Cheers - Greg

Posted via Blogaway