[TriLUG] Geek....privacy and data security ------------was: Re: TriLUG Digest, Vol 3940, Issue 1

Christopher Johnson via TriLUG trilug at trilug.org
Mon Jan 17 20:26:51 EST 2022


Hopping on the train, but wanted to answer your question a little
differently.

I understand where your "small potatoes" comment/question comes from, and I
feel that your sentiment is partially correct. There isn't some elite
nation-state funded hacker collective spending "human hours" working on
breaking into your specific network. The attacks you are more likely to see
are going to be generic, targeting large swaths of people using automated
software-based attacks. Regardless, these attacks can still have some
surprisingly high levels of sophistication.

Here are the big ones for me:
*Links in emails: *This one is huge. Don't click links in emails. Even if
it comes from a legit source, it can be much safer to manually go to the
website and navigate where you need to go (e.g. most companies have big
links after you log in for paying bills, etc)
*Updates: *Didn't see this one in the previous replies and wanted to call
it out explicitly. Update your software regularly. Ignoring zero days, the
time between a company releasing a security patch and a hacker group having
a full exploit ready for that vulnerability gets shorter every day.
*Passwords: *This has been called out before. Don't reuse passwords. Ask
yourself "What would happen tomorrow if that website got hacked and they
sold my email/password combo to the dark web? What else can they access?"
*Multi-Factor Auth: *More a subsection to the password response. If
possible, add multi-factor auth options to all of your accounts.
*Protect your home network: *People have mentioned firewalls before, but
you should seriously consider what you allow to connect to your home
network. IoT devices (and other things that aren't "computers" that connect
to wifi) are notorious for not being easily updated and/or having really
serious flaws <https://www.cisa.gov/uscert/ics/advisories/icsa-20-343-01>.
Steve Gibson has a security podcast and talked about a home router solution
for isolating devices: https://www.grc.com/sn/sn-545.pdf

Hope that helps and am curious to see what others think.

Thanks,
CJ








On Mon, Jan 17, 2022 at 4:09 PM Brian via TriLUG <trilug at trilug.org> wrote:

> On 1/17/22 3:05 PM, Steve Litt via TriLUG wrote:
> >
> > As far as the firewall between the Internet and your LAN, keep in mind
> > that there's currently a security flaw allowing badguys to bust into
> > many storebought router/firewalls.
>
> Could you provide some links to more information about this flaw?  I'm
> not running a store-bought firewall, but want to make sure I'm not
> making the same mistakes in my homebrew firewall...
>
> Thanks,
> -Brian
> --
> This message was sent to: CJ <cdj2981 at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : https://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  :
> https://www.trilug.org/mailman/options/trilug/cdj2981%40gmail.com
> Welcome to TriLUG: https://trilug.org/welcome



-- 
Christopher Johnson
Email: cdj2981 at gmail.com
Phone: (716) 338-8839


More information about the TriLUG mailing list