iSD in the Tech Age!
Net-self-defense, we spend an exorbitant amount of time on our physical defense training and then we forget that our lives are in just as much danger of "Grave Financial Harm" or Financial ruin (Death) as if we are attacked by a street predator. Research and studies show, from the security experts in this field, that Anti-virus and Firewall suites only catch about 5% of the threats out there and those same folks tell us that it is in all probability worse at the Enterprise levels.
My goal here is to educate myself, and by proxy, pass on what I learn to others so that each individual who is connected at any level can take steps to achieve some semblance of security in their electronic on-line lives. We are so deeply imbedded in modern technology that to not take appropriate actions to learn iSD or internet self-defense in the technological age is just foolishness.
My goal is to provide enough of a foundation that readers, like me, can take the appropriate actions, i.e., apply those fundamental principles of technological methodologies to safeguard one of the more important, actually critical, strategies and tactics to defend ourselves from grave economical harm or even economical/financial death or ruin from nefarious predatory hacking processes.
Nothing in this blog is definitive, it is meant to set a foundation of knowledge, understanding and awareness so that you are not one day blindsided by some effort to steal your very life out from underneath you so fast you feel like you have been hit behind the ear and knocked into a daze of confusion, fear and finally anger where your tech-life falls apart and ruins your real life utterly, completely and with no light in sight down that dark, empty and black hole.
Thursday, March 31, 2016
Tuesday, March 29, 2016
Monday, March 28, 2016
Friday, March 18, 2016
|Click for larger view.|
Thursday, March 17, 2016
Tuesday, March 15, 2016
Monday, March 14, 2016
Wednesday, March 9, 2016
- Solid, individual site, password of complexity, disciplined, strategy: Create passwords of high security length and complexity for each and every site you connect to …
- On-Off discipline: Create the habit of doing a daily first logon and a daily log-off, i.e., at least when you go to sleep and when you wake the next day.
- Limited Release: Be conscious of the dangers when releasing personal data and especially any data no matter how remote that would allow access to such personal data as banking, etc.
- Site Connectivity: Keep each site you access separate and individual, don’t allow connectivity between sites and don’t share site security across each site, i.e., avoid single sign-on connectivity.
- Frequent Updates: don’t use auto update except to set it for daily, always go in at first login and run update; always go in before last logout to run update again.
- Beware of Everyone: Doesn’t matter if friend or foe, make sure you check, verify, validate and observe before taking any actions such as responding and clicking emails, etc. Be aware of the sites you visit and sites to which you receive recommendations to visit - they all, no matter how relevant to your life, are potentially and surreptitiously a danger. Assume before clicking that the danger is real and how you can validate before clicking its safety to you, your data and your life. In the iVerse, everyone is to be suspected and everything you do and receive and encounter is to be suspected at a higher level as well. Look at this one as a, “Count to ten before clicking,” tactic and strategy.
- Reality Check: remember that any thing and everything electronic is exposed to spoofing. Consider it necessary to make sure you can still do things with your fingers, i.e., like the old days when you had to learn math, addition-multiplication, etc. tables and how to figure things mathmatically in your head. You have to still make use of your head, i.e., as example, using that paper map in lieu of the GPS because those signals as well as others can be spoofed too.
- Invest in two distinct and separate systems: Use one exclusively, if you insist on using the Internet for such personal things, for handling specific personal things such as banking and storing personal information, etc. Connect the sensitive safe system to the internet, manually by pluggin and unplugging the network cable when working and when not. Use the other susceptible system with no personal information or data to surf the web, visit web sites and download apps and programs for testing to ensure safe and secure. Never, ever and under any circumstances do you use, display or process personal information and data on anything other than this secured system. Not on your cell phones, iPads or other system that is portable.
- No-wireless Connectivity: Do not use remote free wireless connections for anything other than simple web searches to find things then move elsewhere to actually make clicks and decisions and only after thoughtful validating informed decisions on proceeding. Save all the personal data and information processing for that secure home system that is separate from other connections and with its own unique passwords, etc. No emails, no social media and nothing that would expose you as to personal information.
- NO GPS: Turn off all your GPS systems regardless. Make sure your mobile devices have no information of a personal nature including any emails, accounts, etc. Use free emails and change them often along with passwords and use those only for social interactions and keep it simple and personal information free. Use GPS jammers in your automobile when you cannot disconnect or disarm the GPS provided in many new vehicles today. Use maps or research journeys, travels and vacations so you can use paper maps from AAA to navigate to your destinations. Use free computers stations with guest accounts to search out restaurants, etc. when on vacation.
- Screen Reality Checks: Make sure any information derived from views on computer screens are validated by some other source, i.e., call information and get a phone number to call and verify data viewed on screens. Screen data is hackable and you need to verify and validate data from those sources. Do NOT trust what you see, seek validation from other reliable sources including calling directly “ON A LAN LINE” if possible because you can be spoofed on cell phones and wireless devices as well.
- Password Storage: Never use one password as previously stated, use one unique for each login then store those unique and complex passwords in a non-electronic form, i.e., a card or paper hidden on your person not easily found even in a body search. Electronic password protection apps or programs are also weak in security and subject to hacking making for security breaches.
- No external drives, i.e., CD’s, DVD’s or Thumb: Make sure you don’t use such devices on your secure personal security computer and workstation because it is easy to insert a thumb drive and have it automatically drop malware, etc. onto the hard drive breaching your security and transferring all your personal and financial data to data brokers, hackers and other nefarious individuals.
- Feedback Forms: Avoid them like the plague, simply delete them without viewing, etc. Don’t hover over links and don’t click them. If you wish to provide feedback from a seller, etc., then manually go to an open computer, log in to the site by manually entering in the URL and then find the feedback form and make a feedback comment, etc.
- “FREE” Apps: just say no to free apps because free is not, “FREE!” If you just have to have that free app then make sure you read the, “ENTIRE ToS.” Why, because that free app is going to have code that will scrape and extract your data and send it off to what ever data broker has an agreement with the developer or app provider.
- In Screen We Trust: remember, everything we perceive through all the forms of electronic information is subject to being nabbed, changed and redisplayed according to the whims of those who code the code.
- Touch ID: avoid it like the plague, the promotions to use this feature in our iVerse is just a ad selling effort telling you that the unique feature of human fingerprints, no one set alike, is simply a way to manipulate you into thinking and feeling more secure by using it yet what you are actually depending on is the underlying software code that runs and records our fingerprints. That code is flawed and means when you have malware, keyloggers, etc. implanted via malicious efforts of criminal elements it is now able to send your fingerprints to the underworld of nefarious folks bent on taking advantage, etc.
- Password Security Apps: great apps, I used one for a long time and then I realized that screens belong to the coders and even with its encryption once you open the app to view the passwords the screen can have its data recorded by a snapshot jpg and then transmitted to nefarious characters. My recommendation, go back in time and write them down and store them in your wallet. If you lost the wallet you have time to get the passwords changed unless …
- Code the Written Passwords: when you write them down, use a code for the application or web site, etc., so even if lost it would make if difficult thus not worth their time to figure them out (Oh, but they could enter it into a computer then write a sub-routine to use it along with your personal information stolen from your wallet to find the account but that takes time, time to change them all)
- Tor Substitutes: there are substitutes available that will allow you to anonymously access the iVerse but not the dark-verse that Tor tends to work over. Buyer or Downloader Beware is critical for those instances are also open source and vulnerable to any coder who joins and contributes to the code.
- Beware the Download: Regardless of the source it is always a good idea to approach each instance with caution as even the most reliable product is about code and even the most proprietary sources still are subject to being exposed to the coder’s universe and therefore subjected to compromise.
- Encryption: make sure your efforts in the iVerse is encrypted. HTTPS is ok but not infallible. Even the storage of information on your computer or other device should be secured through adequate encryption methods. Encrypt your backup; encrypt your cloud account; encrypt files on your various computer devices; use a variety of secure locations; make regular backups; encrypt your passwords and passphrases; DO NOT USE 4 numeric pin to secure anything; keep all software up to date; use multi-signature to protect against theft and have a backup lan for your peers and family.
- Reputation: do business only with people and organizations you know and trust, or who have an established reputation.
- When in Doubt: be prepared for problems and consult with expert authorities such as security, etc., before making any downloads or click that mouse button, etc.
- Logging: WARNING, your IP address can and often is logged. You should consider hiding your device’s IP address and secure you WiFi signal with a strong encryption/password/passphrase, etc.
- CAUTION: use deliberate caution when upgrading or installing security fixes and DO NOT ASSUME notifications are anything other than spoofing attempts. Like other notifications, i.e., IRS, etc., they will not use pop-ups or warnings within your browser to notify or warn you, most software has automated methods to check and notify about upgrades and security fixes and patches. Assume anything else including email and/or text message notifications as false spoof oriented high jacking attempts.
- eCurrency Models and Products: remember, it is your money and how you use such services is critical to safeguarding your funds. As a start point of information review, read and understand the knowledge provided by the leading, at this time, currency system - BITCOIN but do so with caution.
- Follow and adhere to "Surviving the Internet of Things" and "Personal Internet Survival Actions."