Ethen Tso PRO
Security Defender & Developer。Free and open。ethen@anotherdream.tw
General Information Security defense
Security Consultant
Defense / Forensic / Analysis
SOC "Tier All" Engineer
"Monitor"
Free and Open
ethen @ VSSecurity.com.tw
Your Enemy is trying to DESTROY your faith
Who
Big Power
Lots of Money
Hacker army
Monitoring everywhere
We even know themselve better then they do“
Employee in NSA
Profit oriented
Hire hackers
User tracking = profit
Backed by Government
©Undertale by Toby Fox
Oh thats cute
What you talk,
What you think,
What you have,
What you prefer,
What you want,
What you do,
What you believe,
What you trust,
Where you are,
When you have a date....
Modify what you write,
Trash your reputation,
Screw up your plan,
Fake your identify,
Playoff your relationship,
Trapped you in law,
Flush your property,
Forge your experience,
Affect your choose,
Change what your believe...
For the future we trust
Then
They can control what I do
They can control what I see
They know where I go
They know me but hard to trace
They didn't notice me
Anything they take is harmless
Street to street, land to land
You can't control
Monitoring / Fake Info everywhere
Encryption is important
Your Kingdom, your responsibility
Can control your LIFE
SPYs (Malware) is waiting
put your DATA to the company/Gov
Your personal data is their business
Hard to refuse
Malicious / Monitoring Network
Public network
Non-secured network
Untrusted Installation source
Non-patched Operation System
Old un-managed system
Public Service
Web browsing
hacked partner/family
Advanced Persistent Threat, APT
Data selling
Non-secured WebSite / APPs
Hacked by some one
Government take data without notification
Social Engineering
USB
Operation System
Update Service
Repair service
....
You should keep in mind
Incoming call? new friends?
free WIFI? USB left on parking lot?
A secret between more than two is no secret
Choose reliable network
Use VPN when using un-trusted network
Choose your ISP carefully
Firewall is basic equipment
Trust only if...
Choose right vendor
Only install APPs you TRUST
get files form OFFICIAL way
Cautious of PERMISSION you give
keep
Personal device / accounts
PERSONAL
BadUSB, thunderbolt DMA
Patch as fast as possible
subscribe Security MailList / news
good password policy
Know your own device
the REPUTATION of the service provider
notice how they handle your data
read Agreement carefully
choose the info you give
use independent idetification & password
login notification
2 step authentication
build your own service
Commercial VPN Service?
Tor?
Buy a VPN router?
Build your own?
Caution: never use PPTP again!
Proxy is not private!
Double Encrypt in tunnel
Amazon has VPN service
some vendor can blocking traffic if VPN is not connect
data leakage between network switching!
https://netaidkit.net
or build your own
https://pi-hole.net/
Signal / Telegram
OpenPGP Email security
Encrypt your file before send
Build your own
Any Question?
ethen@aurigasec.com
China software
America Device
USB / Thunderbolt / 1394
Device Clone is easy
a pic / web browsing can hack you
hackers spread backdoor with cracker
Local network can do a lot
Fake WIFI / Cellular station is common
Updating service is a official backdoor
You don't have to provide anything
Mass surveillance by the government
Targeted attack from the government
Collecting data
Associate data to human
Ranking
Drill down by human
HTTPS
Check certificate
plain-text password?
Read EULA
https://www.grc.com/fingerprints.htm
NoScript
uBlock
Update!!
Know the URL
Seal web browser/Mail in VM
prepare spare VPN
say no to free USB charger
don't leave your device alone
FaceID / TouchID
No safe network
prepare lots of VPN spare
prepare non-VPN solution
No China 3C device
Never buying 3C in china
don't bring un-necessary sensitive data
hold the sensitive data, even government take the device and password from you
The most powerful tracking in the world
Never give your pin code to others
Full device encryption
If possible, don't bring your own device
pack your data in encrypted tar
offline storage
if use NAS, store in encrypt disk and isolated network
RAID or Duplicated backup is needed
NEVER sync sensitive data to cloud!
https://github.com/sakura26/killallbtn
All VPN is illegal in China!
TOR is trackable by NSA!
TOR is blocked in CHINA!
SSH is a good alternative, but too geek
OpenVPN is great, but blocked in CHINA
SSLVPN is good, but not stable in CHINA
L2PT is easy to identify
ask your MIS
many Router have OpenVPN Server
rent a VPS as a server
Meraki
*don't forget sealing your VPN guest in isolated network
http://anonymouse.org/anonwww.html
http://www.spammimic.com/
http://anonymouse.org/anonemail.html
https://10minutemail.com
https://protonmail.com/
less data, less tracking
Break the connection
Hidden in crowd
multiple accounts / device
annoy with Noise
another option: totally open
incognito window not helping you actually
choose browser carefully
choose your plugin carefully
eat cookies
know the URL
change IP (proxy/VPN)
Release data to the world
Hide data in non-sensitive Info (Steganography)
Hide data in your device
if possible, get your own device
or, use VM to create your env
or, create tmp id with tmp mail
encrypt data and put to public space
get data back when you are in safe
Use TAILS Linux or something else
https://tails.boum.org/
VM can bypass many things....
By Ethen Tso