Home network safety tip: keep most devices on the “Guest” network

Home network safety tip: keep most devices on the
Malware from the manufacturer means bad times for everyone

It would be great if the stories of products sold by major retailers with baked-in malware were relegated to decades past, but the issue hasn't gone away. The Electronic Frontier Foundation reports that a low-budget kids tablet by Dragon Touch was sold on Amazon for the better part of a year despite having possible malware preinstalled from the factory.

There really is no clear and obvious way to prevent any instance of factory malware, but one thing that could help quite a bit is to keep your networks separate.

This is an example of a router with guest network functionality built in.
(See online!)

Many home routers these days offer "guest networks" which are intended to let houseguests or visiting friends access your Internet without exposing your home computers and files. It's convenient and easy to set up along with your normal network. But the best part is that you can use the same trick to keep untrusted devices away from your important data!

You'll need to look in the manual, instructions, or a handy Youtube video if you need help for your specific router (or buy a new one if your current one doesn't support it), but, once configured, it's simply a matter of asking: "does this device/thing need to connect to my home computers or backup systems? If "no", put it on the guest network!

Bottom line, you might have several computers and maybe a printer/scanner on your home network for file sharing or backup purposes, but why let the Playstation or Echo in the same space? They can still access the Internet on the Guest Network and that's really all they need

Moving forward, always put phones, tablets, and any other device stays segregated on the guest network where, if they become infected, they can't damage your real computers and important data.

Tags: ,

Time to re-evaluate my browser strategy. Time to be Brave

Time to re-evaluate my browser strategy. Time to be Brave – The Geek Professor
Brave. The privacy browser

Keeping up with security and privacy topics when your work is only tangentially related and life sweeps you away (so you don't have time or energy the rest of the time) is not easy. That's why your best chance for getting an upgrade is finding the time to focus and experiment OR finding the right article at the right time… and I hope this will be that for you.

I've tried to focus this article on how most people use the Internet most of the time. For extreme folks, there are other options including Lone Wolf and Tor, but for everyone else, keep reading:

Hate having to read an entire article for the answer? Here's the bottom line: I use Firefox for websites with logins (except social sites), Brave for regular Internet (and social sites that constantly lead out to the Internet), and a little bit Edge as backup and personal brand segregation.

The brief background

Why is this necessary? Because companies are doing everything in their power to get into your business. They track where you go, what you click, what you're interested in, or just what they THINK you're interested in based on your browsing and clicking patterns. Besides being creepy and unwanted, it creates problems.

What happens when someone else uses your computer or you look something up for a friend or family member? Now their interests get mixed with yours causing you to see ads and recommendations that aren't remotely relevant. And what happens when you accidentally click a bad link in a chat or email (it happens to the best of us)? Many attacks are based on the idea that you're logged into your email or bank in another tab of the same browser (this is called cross-site scripting). And what if someone buys ad space and puts malicious code in or (or it's just rude and obnoxious)?

To reduce risks, annoyances, and invasion of your privacy while keeping things extremely simple, the pro tip is browser segregtation

Generally speaking, you can break down your Internet use into two or three main categories:

  1. Actual browsing. Searching, clicking, exploring, etc.
  2. Account-based web applications. Email, banking, shopping, etc.
  3. Social and personal brand. LinkedIn, Facebook, Twitter, and other things connected to your professional image.

Let me explain each in more detail.

Benefits to browser segregation

Browsing

When you're browsing around the Internet, you want the toughest browser around because you could end up anywhere at any time. Click a bad link, type a url wrong, or just browse around normally where sites attempt to identify you individually, track you, invade your privacy, and put you at risk due to poorly managed scripts and advertisements. As your default browser, this is the one that will load if you accidentally click the wrong thing in a Discord chat or any other app on your computer.

This is also the one you want to use for your private social accounts and any other app that is so closely tied to the general Internet that its nearly indistinguishable from open Internet anyway. Things like Reddit and Pinterest or alternate accounts for Twitter and Facebook that aren't tied to your identity.

Basically, you need your A-game browser – the best of the best – when out in the wilds of the open Internet.

Account-based Web Applications

This is where you keep your login-based accounts like emails, banking, shopping, and so on. If it's not a semi-Internet site like Reddit or Pinterest and it requires a login, keep it in your secondary browser.

Granted, sites like Amazon are very invasive as well, but much of the way they spy on you requires that you're out browsing the internet and not staying on a handful of specific websites. Additionally various types of attacks depend on you browsing around and taking a wrong turn while your tasty bank account or email are open in another tab of the same browser. Using separation this way largely prevents that too.

Don't overcomplicate it! For many people, keeping your logged in accounts and open browsing separate is good enough, but if you want to see why I use a third, read on.

Identity Accounts and Branding

In my case, I chose to have one more separation where my identity is known and my reputation at stake. To make sure that I don't cross wires and rant about how much I hate the VI editor on my branded-Reddit page, I keep them segregated too.

LinkedIn, Reddit with my professional name, Kickstarter, Twitter (if it survives into 2024 and beyond), my official Facebook (if I ever decide to make one) – basically, I keep these in a third browser because:

  1. I want to keep a third more standard browser around in the rare cases where sites refuse to load in anything else
  2. I can visually tell if I'm in the wrong place because of the different browser. That helps me think twice about what I'm going to post since it's tied to me individually.

Which browser and why?

For identity-based Internet

I'll cover this first and only briefly since only some people will be using the 3rd-level browser. I use Edge because it's one of the three major-supported browsers and will work for any site that doesn't like deviations from the norm. Also, it's not Chrome (the worst for privacy invasion).

For account-based Internet

For this one, I chose Firefox. Firefox is nowhere near the privacy-focused and community-friendly browser it used to be, but most of the ways it sucks now require being on open Internet. It's still going to be supported by major websites and you shouldn't have any trouble using your accounts with it.

For open Internet

I had been sleeping on this one for a while and heard bad things in the past, but read and watched videos and did some research. I determined that, as of this posting, Brave is the best browser for privacy online. It has a built-in adblock function and VPN (the first is free, the VPN you have to pay for, but not a big deal). It's nicely presented, fast, and works everywhere I've tried it so far.

Brave is also building a privacy-based search engine which is something DuckDuckGo has been known for, but even DDG has some issues that Brave does not. If the Brave search isn't working for you, Google and DDG are still there. Brave does use some kind of cryptocurrency gimmick, but that's optional and doesn't get in the way enough that I see it as a dealbreaker.

Summary

For best safety/security/privacy, use at least two browsers and mentally separate your activity online into "log-in account stuff" and "everything else" (and maybe a third for "anything that I use my real name for"). Tags: , , , ,

Man Hunts and Beats Teen for Mocking Him Online

(Image is in the Public Domain)

For anyone who's participated in forums, online games, or any other system where you can communicate with random strangers, you've probably encountered people who make you angry. Some are just people who you don't get along with legitimately, and some are "trolls"; people who toy with others for their amusement.

What makes people trolls is generally the anonymous nature of the Internet. Sadly, this is often a perceived anonymity only. Just yesterday, I found a post I didn't agree with and wanted to comment on it. Since the author had locked comments, I did a little web research and found her real name, school, e-mail address, and other sites she posted to. I was only looking for some means to contact her, but the information was fully filled out on these sites with no protection at all.

Imagine her shock to find out how easily she was found (and to be honest she called me quite a few names at first though we did have a good conversation after that).

Sadly, most people don't realize how difficult it is to be truly anonymous. The only things keeping you safe in many cases is that you've never given anyone enough reason to look you up. And now we get to the real story.

Online games can be tense and frustrating. For example, the first time I played an online competitive game, I was completely crushed in seconds and insulted repeatedly for my efforts. I chose to stick with offline gaming but others weather the storm and build their skills to the point they can keep up and even be good enough to win.

However, there are just going to be times that someone is better than you. That's frustrating enough, but when they're rude and insulting, it can be maddening. And for context, understand that the people who are the rudest are often younger males who believe they don't have to "pull any punches" since they don't have to face the consequences of their actions (an idea that was excellently portrayed in Disney's Pinocchio).

My point is, this kid was being an ass with abandon. What was his opponent going to do? Hunt him down and hurt him? Turns out the answer was yes.

And believe it or not, there's a lot of support for the attacker online. The sad fact is that there are still consequences for what we do, even if we're online. Similar to the adive every parent must give to their children of how posts last forever, we must also teach our kids not to draw undue agression. After all, how do you know whether the person you're "Teabagging" has the ability and desire to come after you in person?

Tags: , , , ,

Citibank Unable to Afford Secure Web Design

Really Citibank?

When I teach, I explain how most of the breaches and problems you hear in the world aren't about clever hackers or sophisticated attackers, but instead about weak security. This has just become my new go-to example.

Basically after you logged into your account as a Citi customer, the URL contained a code identifying your account. All you had to do was change around the numbers and boom, you were in someone else's account.

What that means is that if you were to look at the address in your bar at the top of the browser, it contains the name of the website you're on and (as is typical) a whole lot of other junk like this:

http://www.citibank.com/account.asp?were=dumbbell&we=shouldhaveknownbetter

One of the values in the "lots of other junk" area told Citibank who's account to show. If you just entered any random number, the website would think you were the user with that ID and show you their page. Given that this kind of issue is one that security professionals have known about and handled for more than a decade apparently large (and rich) companies can somehow manage to forget the basics.

Source

Tags: , , , ,

UK Immigration Officer Put Wife on No-Fly List

This is awesome terrible. Apparently a UK immigration officer added his wife to the no-fly list when she was out of country effectively stranding her.

Based on the lack of details and the fact that she could have just taken a ferry not an airplane, this story doesn't really seem that likely, but it's making the rounds and the most important issue here is that the possibility of a single government official working alone abusing the system. While important security databases are poorly controlled, these kinds of abuses are possible.

Speaking of, I found a supposed copy of the no fly list online. Check it out!

Tags: , ,

Researchers Steal Cars With Wireless Ignition

(Image is used under the Pixabay license)

If you read this site much, you probably know I have a "guilty till proven innocent" attitude when it comes to new technology, particularly wireless technology. That's why it's no surprise to me (and hopefully no surprise to you), that they've discovered they can break into and steal cars that use wireless entry and ignition.

The researchers tested a few scenarios. An attacker could watch a parking lot and have an accomplice watch as car owners as entered a nearby store. The accomplice would only need to be within eight meters of the targeted owner's key fob, making it easy to avoid arousing suspicion. In another scenario, a car owner might leave a car key on a table near a window. An antenna placed outside the house was able to communicate with the key, allowing the researchers then to start the car parked out front and drive away.

Companies need to stop with this high-tech gadgetry until they commit to hiring brilliant security experts to design these systems for them. Even then, using simple wireless radio transmissions that any regular joe can produce with less than $500 of equipment is just a bad idea.

Tags: , , ,

Israel Airport Security is Good Because of Profiling

You know a good way to spot a terrorist? Look for someone who looks and acts like one (like they do in Israel)!

I know this ridiculous concept of banning profiling came out of the dark days of racism where people were profiles on things that didn't matter like the color of your skin. But that doesn't mean that profiling is wrong.

People profile all the time and they should. If you walk out to your car late at night and there's younger male with ratty clothes staring you down while sharpening a machete, should you keep walking since you "don't want to offend him by running the hell away"?

Give it a rest folks. If the TSA didn't have to give kids and the elderly the same attention as someone who's actually likely to be a terrorist, imagine how much smoother and simpler flying would be.

Tags: , , , ,

Yahoo Accounts Are Easy to Hijack

There have been some high profile hacks of Sarah Palin and Grady Sizemore and the best defense is to not use real information when answering challenge questions.

Just make a Privacy Alias and use it for places that want your personal information, but don't really need it. Of course, if you use an encrypted file to store passwords, you don't have to make an alias at all. You can just store completely new made up challenge answers for each site.

Tags: , , ,

Mint Data Lets You See Anonymous Purchase Trends

I've never liked Mint.com. Not because they're bad at what they do (they're not), but because you have to give them too much access to take advantage of it. So you get a little money management help, so what? You have to give away your password to do it. Not only that, Mint is (surprise, surprise) using all that juicy data you provide for their own purposes.

For now, it seems that they're not actually telling you who purchased what, but there's no telling when and if they'll start selling your valuable personal data to 3rd parties. Until then, showing truly anonymous purchase information is kind of neat so long as they don't take it further than that.

Tags: , ,

Hijack A Facebook Account in One Click

(Image used under: Creative Commons 2.0 [SRC])

Ok so maybe not ONE click. But someone has put together a simple tool that you can use to take over the active sessions of anyone within wireless range of you. Hang out at the Starbucks free wi-fi and you'll be able to control the Facebook or other accounts of people nearby. It's an attack that was always simple to do for those who know how, but now any idiot can do it with a simple new interface.

By the way, they mention a few protections from this at the bottom of the article, but here's one more.

Tags: , ,

Loading...

If you want to learn more about my professional background, click here to learn more.

Check out one of my guides/tutorials:

computer security Tutorial
|INDEX|next: Spyware Scanners

Security Software

Make sure you have a up-to-date Anti-Virus Program to protect you against bad websites or files.
Sometimes spyware gets in your computer and the anti-virus won't stop it. Use a spyware scanner to find and remove spyware and adware.
Use a software firewall to detect bad code on your computer when it tries to connect to the Internet.
Always keep your system up to date with security patches or none of the rest of your security software will matter.
Use an encryption tool to protect your important data when storing or transmitting it.
Switch to Firefox for your web browsing and you'll be better protected from Internet threats.

Safe Computing Practices

Don't get tricked by fake alerts or clever webpages into downloading viruses or spyware!

... or check out any of my other guides and tutorials by clicking here!

Anti-Virus

A virus can come from files, e-mails, web pages, or even devices you plug in (like thumbdrives or printers) and destroy your files or your computer once they get in. An anti-virus is software designed to detect and prevent that from happening.

[Click for full description]

Spyware Scanners

Learn how to detect and remove spyware and adware using a free scanning tool.

[Click for full description]

Software Firewall

Learn what a firewall is and why you want one on your computer.

[Click for full description]

Operating System Updates

Make sure to keep your operating system up-to-date with security patches or else none of the rest of your security software will be able to protect you.

[Click for full description]

File Encryption

Learn how to protect your important files on your computer or when transmitting them with free tools for file encryption.

[Click for full description]

Mozilla Firefox - Internet Browser

There are many browser choices out there. Read why I think Firefox is one of the best.

[Click for full description]

Fake Alerts

Maybe you've done everything right and you're computer is sufficiently fortress-like, but then you or someone in your family falls for a simple scam that tricks them into directly installing the bad guy's virus! Learn how to spot and ignore fakes!

[Click for full description]