Libertarian Cybersec
Practical tips for leaders
Giulio Mazzanti
Website Associate
2018 ESFL TOP100 Retreat
28th August 2018
Libertarian Cybersec
Practical tips for leaders
Giulio Mazzanti
Website Associate
2018 ESFL TOP100 Retreat
28th August 2018
-
No complex stuff :(
-
Both security and privacy suggestions
-
We can't cover everything in details (links)
Go through this presentation again for getting all the links:
What do I mean by cybersecurity?
Broad definition for leaders:
Defending your online identity, reputation, possessions and privacy.
Defending your identity and reputation
Millions of cases of identity theft every year.
Often done by stealing your private data in various way (that we will cover).
Our info can be used to do transactions on our name, or even do frauds.
Defending your possessions
Most of our financial lives are now conducted online.
I use/access/type in my PayPal account/Bank account/credit card at least twice a week.
And I'm a Bitcoin user..
Defending your SFL Data
Defending your privacy
We are familiar with the "Nothing to Hide" argument used by Statists to justify surveillance programs.
There is a lot of data that we want to hide from criminals (but in general from everybody) of course: passwords, credit card numbers, identity numbers.
It turns out you would want to hide something also from your local fiscal authorities (criminals)...
Criminals
"Posting pictures of recent, large purchases? Giving status update of your global excursions? Tweeting about things happening in the office? If you answered yes to any of these questions know that the IRS is using all these social media sites to look for suspicious patterns and tax payer information."
https://goo.gl/my6iT1
And in your country?
Tip #1:
Manage your passwords properly
Common problems with passwords:
- Passwords are too easy to guess
- Bruteforce and Dictionary attacks
- Password reuse across websites
Check if you have been pwn'd
Remember at least a single, complex password well and use a password manager.
Password Managers
-
1Password
-
KeePassXC
-
Master Password
Advantages of passwords managers
- No password reuse
- You can generate infinite complex passwords without remembering them
- Easy type-in with browser extensions
Don't use Chrome/Firefox password manager
- They are unencrypted
- Anyone with your pc has access to your passwords
- If syncing, any browser synced has your passwords
Creating a strong password
EFF Password generation guide
https://www.eff.org/dice
EFF provides a very long list of words (numerated)
You roll a dice (or random.org) 5-times to choose a word.
You repeat that for six words and you have a very strong passwords
remix
brigade
broadcast
sadden
shelter
hamster
51324
14152
14212
52532
54121
33312
Tip #2:
Encrypt your communications
Try to avoid non-https sites
- Check for https and green mark on the top-left
- HTTPS/Green lock -> Your communications with the site are not interceptable
-
Identity on the certificate
- By a certification authority, important for known sites (like PayPal)
HTTPs Everywhere
Forces websites to use HTTPS when available
VPNs
Encrypts all your communications (also on non-https websites) Doesn't allow your ISP to see who you are visiting
Has to be choosen carefully if privacy is important (your VPN can see who you are connecting to)
VPNs
-
Mullvad (my favourite: doesn't have accounts)
-
ProtonVPN
Tip #3:
Use 2FA
2-Factor Authentication
-
Partly protects you against stolen passwords
-
Available on most modern websites
-
Various apps for the cellphone: Google Authenticator, Authy, andOTP
Tip #4:
Check who you are talking to and
what are you telling them
Social engineering
The first cause of breaches and unauthorized access
Required reading for homework: https://goo.gl/H5EcTC
Phishing
- Think before you click on or open anything.
- Think before you type in your password somewhere.
- Think before you send someone data or sensitive information.
- Think before you reply to an email that asks for sensitive data or information.
“Safety is as simple as ABC: Always Be Careful”
“Amateurs hack systems, professionals hack people.”
Tip #5:
Choose the right chats and
emails for protecting your communications
Chats
Whatsapp is pretty secure (but leaks metadata)
On Telegram at least use secret chats (but they rolled out their own cryptography -> Bad.)
Use Signal if you care about the privacy of what you are saying
Emails
For encrypted emails a commercial solution like Protonmail works well
If you want to get advanced learn about PGP, GPG or S/Mime
https://ssd.eff.org/en/module/how-use-pgp-windows
https://ssd.eff.org/en/module/how-use-pgp-linux
https://ssd.eff.org/en/module/how-use-pgp-mac-os-x
Tip #6:
Start caring about your online privacy
Follow this guide to improve your privacy across the web
Let's block those Ads
Privacy badger -> Blocks tracking ads
AdNauseam -> Even more evil. It starts clicking every tracking ad, ruining their statistics
Check out how much Google knows about you
Click on "Activity Controls" to limit the kind of data it's gathering.
Check your privacy options on Facebook too
"View as" to check how your profile is seen by various people.
Try to think what impression you want to make to the public.
Tip #7:
Secure your device
Install an antivirus (on Windows mainly)
- Avast
- Bitdefender
- Avira
..many others (thousands of guides online)
Keep your OS/apps updated
New security issues are discovered continuously. Security updates are necessary for your security.
Full disk encryption
-
Available on all newest operating systems (Windows, Mac OS X, various Linux distros, even mobile phones)
- If they steal your computer they will not have access to your data
Think of how many personal information you have on your devices
Full disk encryption
Little extra to avoid bloatware
Final tip:
Keep exploring
Questions?