Physical security is an inherent part of information security. If an attacker can achieve physical access to your devices, you are already behind the power curve. Maintaining physical control of your devices is maybe the most important step you can take to protect your data-at-rest. However, there are some occasions when maintaining physical control is not possible or practical. One of these occasions is during hotel stays. Hotel rooms – and even their safes – are incredibly insecure (I’ll talk more about this in an upcoming post). They are usually the best alternative to lugging your laptop around to dinner, out of drinks, or for a day at a local attraction. Rather than leave my laptop (and other stuff) totally undefended, I use a video surveillance app called Sighthound to keep an eye on things when I’m away. Continue reading “Sighthound Video Surveillance App”
When I was a kid, people with tattoos were pretty few and far between. If you had ink there was a good chance you’d been in the military or jail. If you had tattoos on your hands, head, or neck you had almost certainly been to jail, or were, at very least, somone people didn’t want to mess with. These days a guy (or girl) with knuckle tattoos is just as likely to be a barista or art major as an ex-con. A recent Harris poll estimates that 1 in 3 Americans has a tattoo, and half of millenials have them. Continue reading “Tattoos, Tattoo Recognition, and Privacy”
I recently read an article that made me realize there is a fundamental rift in how I, and many of the readers here, look at computers, and how the general population does. It is only a very small subset of the population that considers security, even secondarily. And if they do, many don’t understand enough about it to implement it properly. The article in question asks if users should upgrade to the newly released iOS, version 9.3.3. Hold off on OS updates? Seriously?
In the past I have recommended Codebook Secure Notebook as an alternative to iOS’s native notes application. I even went so far as to recommend NOT using the native Notes app. However, I have recently completely reversed my position on this. A third-party app is no longer needed to secure your notes. Beginning in iOS 9.3.2, notes in the native Notes application can be secured with a password. When password protected, notes are encrypted with AES-128. This eliminates the need for a third-party application, which reduces overall attack surface. Taking advantage of iOS encrypted notes is extremely easy and intuitive. Continue reading “iOS Encrypted Notes”
I recently found a service that I enjoy using. It is called PrivNote and it allows you to transmit small bits of encrypted text via a URL. Here is how it works. First navigate to https://privnote.com. The very simple interface offers you a compose pane and prompts you to “Write your note here…” You enter your message and click “Create Note”. Your note is encrypted and you are given a URL that you can share with the intended recipient. Privnote does not transmit the link for you – it is your responsibility to copy it and paste it into an email, text message, etc. Once you have sent the note the real fun begins. Continue reading “PrivNote Self-Destructing Messages”
NATIONAL CYBER SECURITY AWARENESS MONTH
October is National Cyber Security Awareness Month. In honor of this month, I will be posting daily blog posts, much like I did during the Thirty Day Security Challenge. Unlike the Thirty Day Security challenge, I am looking to make this a bit more interactive. There will be giveaways and prizes in return for your participation and feedback. I have not totally decided on what topics and themes I will cover during this month. If you have suggestions, please feel free to get them to me.
I was recently aboard a military training facility that is used for a variety of training techniques, like close-quarters battle (CQB) and explosive breaching. On one of the breaching lanes I saw something interesting: a puck lock breached with high explosives. Puck locks do not have a visible hasp. They are one of the most mechanically secure padlock designs available. Since everyone loves explosives, I thought this would be an interesting pictorial post: puck locks vs high explosives.
I have previously written about multiple secure messaging systems. On the text/IM front I have covered Signal, Silent Circle, Wickr, and Threema. For voice communication I have talked about Signal and Silent Phone. Email options I have covered include ProtonMail, Tutanota, and old-fashioned PGP. I am sometimes asked why I cover so many different systems. Even I have recommended picking one or two and sticking with them. From a blogging standpoint, I want to give the reader as many options as possible. From a personal/actual-use standpoint, my reasoning is slightly different. I feel there are good reasons to employ redundant secure messengers. Continue reading “Redundant Secure Messengers”
At this point, my ultra-private iPod phone is setup and ready to use. If you choose to follow a similar course, it is important to define how you will actually employ the device before you start to use it. This will also dictate the tradecraft you should undertake to support your use case. As I see it, there are essentially two ways this device can be used. Both will make you more private and secure. It is up to you to decide how far you need – or want – to take it.
Today I will cover some padlocks that I use and personally recommend. Padlock selection should occur based on the threats they are likely to face. There are two basic threat models I use when selecting padlocks. The first is low-to-medium security applications. These locks will be robust enough against forced entry and offer some light protection against picking and other surreptitious defeat. The other is high security. The cost of a high security lock is justified in several instances: if surreptitious entry is a legitimate concern. They are also preferred for unattended containers. This might be your luggage†, your gym locker, or a shed on a vacation property.