Human Security

These security help pages include a lot of fancy talk about encryption. Ultimately, however, all this wizbang cryto-alchemy will be totally useless if you have insecure behavior. A few simple practices will go a long way toward increasing your security.

Save the world with better passwords

Σχεδόν πάντα οι κωδικοί είναι το πλέον αδύναμο σημείο σε ένα σύστημα ασφαλείας. Για τον λόγο αυτό, το πρώτο βήμα προς την μεγαλύτερη ασφάλεια είναι η βελτίωση της πρακτικής των κωδικών.

Τι να αποφύγετε:

  • Μην διαλέγετε μια λέξη που μπορεί να βρεθεί σε λεξικό ή ένα συνηθισμένο όνομα! Οι κωδικοί είναι συχνά εύκολο να σπάσουν, επειδή οι περισσότεροι άνθρωποι διαλέγουν έναν κωδικό που είναι παραλλαγή μιας λέξης που βρίσκεται σε λεξικό. Απλά δεν υπάρχουν τόσες πολλές λέξεις στις ανθρώπινες γλώσσες: είναι εύκολο για έναν υπολογιστή να τις δοκιμάσει όλες! Αυτό περιλαμβάνει και λέξεις όπου έχετε αντικαταστήσει συγκεκριμένα γράμματα με αριθμούς. Για παράδειγμα, το “L0V3” είναι εξίσου εύκολο να σπάσει όσο και το “LOVE”.
  • Μην χρησιμοποιείτε τον ίδιο κωδικό για όλους τους λογαριασμούς σας. Επίσης, μπορεί να είναι καλύτερα να γράψετε όλους τους κωδικούς σας σε ένα ασφαλές μέρος, παρά να χρησιμοποιείτε τον ίδιο κωδικό παντού.
  • Ποτέ μην πείτε σε κανέναν τον κωδικό σας, ειδικά αν σας το ζητήσουν.

Πώς δημιουργούμε έναν κωδικό ο οποίος είναι ισχυρός αλλά ταυτόχρονα εύκολος να το θυμόμαστε; Αυτό μπορεί να είναι αρκετά δύσκολο. Υπάρχει τρεις γενικά αποδεκτές μέθοδοι:

1. Χρησιμοποιείτε ένα ασφαλές αποθηκευτικό μέσο για κωδικούς

Μην προσπαθείτε να θυμάστε κωδικούς. Αντίθετα, μπορείτε να παράγετε τυχαίους κωδικούς για κάθε μια διαφορετική υπηρεσία και ιστοσελίδα που χρησιμοποιείτε, και να τους αποθηκεύετε σε ένα ασφαλές αποθηκευτικό χώρο για κωδικούς.

2. Κωδικοί

  1. Ξεκινήστε με πολλές λέξεις που μπορείτε εύκολα να θυμάστε.
  2. Μετατρέψτε τις λέξεις αυτές σε μη-λέξεις (για παράδειγμα, αφαιρώντας το πρώτο γράμμα κάθε λέξης).
  3. Προσθέστε μερικά τυχαία κεφαλαία, αριθμούς ή σύμβολα, και τελειώσατε.

Για παράδειγμα μπορείτε να μετατρέψετε το “I Eksegersi Den Einai Eikona Stis Eidiseis” σε “ieDeeSe” και μετά να προσθέσετε μερικούς τυχαίους χαρακτήρες “ieDeeSe!42”

3. Κωδικοί φράσεις

  1. Διαλέξτε μερικές τυχαίες λέξεις που μπορείτε εύκολα να θυμάστε. Είναι καλή ιδέα να αναμείξετε λέξεις από διάφορες γλώσσες και λέξεις που δεν υπάρχουν σε λεξικά.
  2. Βάλτε τις λέξεις μαζί και φτιάξτε μια μεγάλη φράση. Αυτή θα είναι μεγαλύτερη, αλλά ευκολότερη να την γράφετε.

Για παράδειγμα:

Common internet scams

Keep your software up to date

To be written.

Be cautious on shared computers

Logout: make sure that you always logout when using web-mail. This is very important, and very easy to do. This is particularly important when using a public computer. Don’t leave your computer unlocked and unattended.

Avoid public computers: this can be difficult. If you do use a public computer, consider changing your password often or using the virtual keyboard link (if you use for your web-mail).

if you share a computer with friends, create multiple logins which keep user settings separate. You should enable this feature, and logout or “lock” the computer when not in use.

Avoid personal information leaking

Personal information leaking caused by Social Engineering is a very embracing topic, because of the uses for good or not so good reasons, so we will write down not to explain what Social Engineering is, or to list reasons someone would use it, instead, we will give some basic tips to identify and avoid such approach when needed. Afterall, it is all about build your own human firewall against “things” that seek for your information for any nefarious sake.

The tips are:

  • *Identify social engineering approach. Learn through real cases, reports, documentaries, etc. about the different methods used by social engineers today, also these applied in identity theft. There is a lot of books and articles out there;
  • *Creating an awareness program for personal safety. Create and attend events (like CryptoParty, or any underground neighborhood meetup), dynamics or culture (like that we do here) that will engage people, causing a deep interaction with the theme and creating awareness about preventive measures.
  • *Create awareness for the value of your information sought by social engineers. How important to you is your name, your phone number, your e-mail password or simply your favorite color? Create an inquisitive sense about providing information, investigating the applicant with questions to determine exactly who needs the information, exactly what information and for what purpose, ask where the applicant comes from, what kind of place he or she want to send the information.
  • *Develop scripts that bypass the social engineer steps. Practice director answers to investigate the applicant’s information, something that encourage the applicant to reveal more of his identity and purpose. Always ask why the applicant wishes the requested information. Remember that you don’t need to correct anyone that don’t need to have a true information, don’t be afraid to say “no” or ask for space to think about the subject, if it seems something important. Eliminate your own doubts the maximum as possible. An example, if someone requested to enter a restricted office, check the credentials of the applicant even before state whether such office is or before providing any other information, even corrections about where to go.
  • *Don’t consume information you didn’t requested. Be aware of people using disasters to appeal an emotional request.

See also the book “Social Engineering: The Art of Human Hacking” by Christopher Hadnagy which is available online.

Feel the love of free and open source software

Why should you use GNU/Linux over Windows or Mac OS? There are a number of reasons, one of the biggest is that the large quantities of viruses, trojans, back-door programs, security bugs, targeted government hacking, and other exploits over the years make them very difficult to trust, especially because you are not given the opportunity to look under the hood to see if what is going on is ok. The software is proprietary and closed source, that means you are trusting your private information to a corporation whose sole focus is profit, not the security of your personal information and whose methods you are unable to audit for yourself.

OS X suffers from similar issues that windows does. While it is based on Unix (of which Linux is a “clone”), a large portion of the operating system is not open source and thus not available for third party review. Its increasing popularity has been resulting in increasing viruses and exploits (though still far fewer than windows) and its corporate culture of authoritarianism is reflected in the structure of the operating system. OS X also includes the built-in “feature” to remotely activate the webcam which, as a feature regardless of the OS its on, has been shown to be used for other purposes.

GNU/Linux, however, is composed primarily (and can be made exclusively) of software whose source can be obtained and audited by essentially anyone, it has been built by a community of people for years. Its history is filled with few viruses and user-level exploits. Linux is also an easy to use operating system that supports a wealth of older hardware that makes this level of security accessible to the average individual.