Physical security is an inherent part of information security. If an attacker can achieve physical access to your devices, you are already behind the power curve. Maintaining physical control of your devices is maybe the most important step you can take to protect your data-at-rest. However, there are some occasions when maintaining physical control is not possible or practical. One of these occasions is during hotel stays. Hotel rooms – and even their safes – are incredibly insecure (I’ll talk more about this in an upcoming post). They are usually the best alternative to lugging your laptop around to dinner, out of drinks, or for a day at a local attraction. Rather than leave my laptop (and other stuff) totally undefended, I use a video surveillance app called Sighthound to keep an eye on things when I’m away. Continue reading “Sighthound Video Surveillance App”
When I was a kid, people with tattoos were pretty few and far between. If you had ink there was a good chance you’d been in the military or jail. If you had tattoos on your hands, head, or neck you had almost certainly been to jail, or were, at very least, somone people didn’t want to mess with. These days a guy (or girl) with knuckle tattoos is just as likely to be a barista or art major as an ex-con. A recent Harris poll estimates that 1 in 3 Americans has a tattoo, and half of millenials have them. Continue reading “Tattoos, Tattoo Recognition, and Privacy”
I recently read an article that made me realize there is a fundamental rift in how I, and many of the readers here, look at computers, and how the general population does. It is only a very small subset of the population that considers security, even secondarily. And if they do, many don’t understand enough about it to implement it properly. The article in question asks if users should upgrade to the newly released iOS, version 9.3.3. Hold off on OS updates? Seriously?
In the past I have recommended Codebook Secure Notebook as an alternative to iOS’s native notes application. I even went so far as to recommend NOT using the native Notes app. However, I have recently completely reversed my position on this. A third-party app is no longer needed to secure your notes. Beginning in iOS 9.3.2, notes in the native Notes application can be secured with a password. When password protected, notes are encrypted with AES-128. This eliminates the need for a third-party application, which reduces overall attack surface. Taking advantage of iOS encrypted notes is extremely easy and intuitive. Continue reading “iOS Encrypted Notes”
I recently found a service that I enjoy using. It is called PrivNote and it allows you to transmit small bits of encrypted text via a URL. Here is how it works. First navigate to https://privnote.com. The very simple interface offers you a compose pane and prompts you to “Write your note here…” You enter your message and click “Create Note”. Your note is encrypted and you are given a URL that you can share with the intended recipient. Privnote does not transmit the link for you – it is your responsibility to copy it and paste it into an email, text message, etc. Once you have sent the note the real fun begins. Continue reading “PrivNote Self-Destructing Messages”
NATIONAL CYBER SECURITY AWARENESS MONTH
October is National Cyber Security Awareness Month. In honor of this month, I will be posting daily blog posts, much like I did during the Thirty Day Security Challenge. Unlike the Thirty Day Security challenge, I am looking to make this a bit more interactive. There will be giveaways and prizes in return for your participation and feedback. I have not totally decided on what topics and themes I will cover during this month. If you have suggestions, please feel free to get them to me.
I was recently aboard a military training facility that is used for a variety of training techniques, like close-quarters battle (CQB) and explosive breaching. On one of the breaching lanes I saw something interesting: a puck lock breached with high explosives. Puck locks do not have a visible hasp. They are one of the most mechanically secure padlock designs available. Since everyone loves explosives, I thought this would be an interesting pictorial post: puck locks vs high explosives.
At this point, my ultra-private iPod phone is setup and ready to use. If you choose to follow a similar course, it is important to define how you will actually employ the device before you start to use it. This will also dictate the tradecraft you should undertake to support your use case. As I see it, there are essentially two ways this device can be used. Both will make you more private and secure. It is up to you to decide how far you need – or want – to take it.
Today I will cover some padlocks that I use and personally recommend. Padlock selection should occur based on the threats they are likely to face. There are two basic threat models I use when selecting padlocks. The first is low-to-medium security applications. These locks will be robust enough against forced entry and offer some light protection against picking and other surreptitious defeat. The other is high security. The cost of a high security lock is justified in several instances: if surreptitious entry is a legitimate concern. They are also preferred for unattended containers. This might be your luggage†, your gym locker, or a shed on a vacation property.
At this point in the process, the iPod has been initally setup, and the settings modified to make it as organically secure as possible. At this point it is necessary to fund the iTunes account. Even if you only plan to use free applications, the account must be funded before you can download apps. The smallest denomination gift card you can purchase is $10 (I was unable to find anything below $15).