The Thirty-Day Security Challenge has come to an end. Let’s quickly rundown what we covered: in week one we focused on securing your local machine. You updated it, set up standard user accounts, did a security and privacy checkup, and scanned it with antivirus and antimalware. Week two brought password managers, the first of Account Security Tuesdays, and internet browser security. The fourth week introduced two-factor authentication, VPNs, and smartphone security. During the fourth we week shifted to some personal privacy tasks like locking down social media content and requesting a credit freeze. If you did all (or most) of these tasks your security should be excellent. Even if you only did a few of these tasks you are almost certainly much better off than when you started. Unfortunately, security is never a finished job. New threats are constantly emerging, and new technologies are developed to mitigate them. Staying on top of security can be a challenge – especially if you don’t know where to look. That is why I wanted to close this out with some additional infosec esources. I have listed them in roughly my order of preference.
- Reddit Privacy (https://www.reddit.com/r/privacy): Reddit is essentially the front page of the Internet, and the privacy sub-Reddit is my favorite among all my infosec resources. It is an unending and constantly updated collection of links to breaking and recent news. The Privacy sub-Reddit is a great infosec resource for finding out about new tools and techniques, new attacks, political stories that impact things like encyrption and privacy, and more.
- Ars Technica Security & Hacktivism (http://arstechnica.com/security/): Ars is one of the most trustworthy and high-quality infosec resources available (in my opinion). Articles appearing on Ars are exceptionally well researched and vetted, and much more in depth than mainstream news sources.
- Krebs On Security (https://krebsonsecurity.com/): Fourteen-year Washington Post veteran reporter Brian Krebs delves deeply into the world of cybercrime – and blogs about it. This isn’t a great site to catch up on all the latest stories, but it is worth perusing occasionally as Krebs breaks stories that few others are looking for.
- Naked Security (https://nakedsecurity.sophos.com/): Written by Sophos (the anti-malware company), Naked Security covers a range of stories. Most deal with new attacks and attackers, but many also offer security advice.
- EFF Surveillance Self Defense (https://ssd.eff.org/): This is not a news site. Rather, it is devoted to high-quality tutorials on security topics. Take a look at the list of topics – there is something that will interest everyone. Ok, not every one…but definitely every security geek.
I hope you get some use out of these infosec resources. Thanks again to all of you who participated in the challenge! As I said Sunday, I will be pushing out an after-action review in a little over a week, so don’t forget to send me your comments, complaints, and suggestions, as well as your success stories!