Abril 2016
 << <Jun 2017> >>


¿Quién está en línea?

Miembro: 0
Visitantes: 3

rss Sindicación

Anuncio de los artículos posteados el: 18/04/2016

18 Avr 2016 

Lock down your Mac, iPhone, and online accounts if you expect trouble ahead

A friend wrote for advice, as she has believes she might face unwarranted harassment for some work of hers thats going to be released. She wondered how she could best secure everything to do with her online identity before someone manages to wriggle inside her defenses.

Most people are reactive, waiting until a bad event to take actionwhether total loss of data in a hard drive crash, or an account being hijacked. Its great she was thinking about this ahead of time, and the advice I offered her is useful to everyone who finds themselves in that position, or just wants a security tune-up.

Tune up

Mac and iOS users are often a bit smug about the security of their devices. (I know I can be.) But because of Apples architecture, theres little to nothing you can do in iOS, and little to nothing thats useful in OS X.

Primarily, these good habits will serve you well: Dont open email you dont recognize, and if you do, certainly dont click any links or open any attachments. Dont click links on dubious-looking websites. Dont accept messages in iOS or OS X to install custom profiles when you havent sought them out. Being less credulous may waste some of your time, but avoid obvious problems.

The exploits that have affected Apples operating system in the last year were such that generally there was nothing you could do to avoid being taken advantage of. That sounds depressing, except that most of them also had obscure vectors, making them hard to implement in practiceand none were discovered in the wild or in forms that could spread rapidly.

What you can do in OS X, however, is install software that monitors what is talking to your computer and what service your computer is accessing. Ive used an older version of whats now NetBarrier X8 in the Internet Security X8 package from Intego, and Objective Developments Little Snitch. While I dont find any real value in anti-malware software, seeing what your system and software are up to can be reassuring.

connection request

Little Snitch can let you know which apps are trying to access the Internet and why.

This is also useful when youre on networks you dont know and trust, so you can see the kinds of behavior originating from the network around free game cheat youand potentially alert a caf owner or a store manager if you see someone engaged in malicious activity.

Further to this point, using a virtual private network (VPN) whenever youre outside your comfort zonewhich can include some kinds of activities on your home networkeffectively locks down your Internet traffic to anyone who can intercept data over a local Wi-Fi or ethernet network and at points between that and the other end of the VPN connection in a data center somewhere. Ive tested and can recommend both Cloak and TunnelBear, which offer varying packages and combos for limited or unlimited data and multi-platform support with a single account.

None of this assures that people cant break in, but it reduces points of weakness, and thats always good.

Lock down

Everywhere you can, enable two-factor authentication (2FA) or token-based logins. As Ive written about many times, most cloud-based and social-networking services now offer some variant of it. I use Authy to manage my Time-based One-time Passwords (TOTPs), which Google, Slack, Amazon, and other outfits offer. Some will only or optionally let you use SMS. Apples 2FA, upgraded last fall, relies on sending information to iOS or OS X devices registered to the same Apple ID, and using SMS or voice as a fallback. (After months of trying to get my Apple ID to support 2FA, I was finally able to disable the older two-step verification and enable 2FA.)

A second factor prevents someone who obtains or guesses your password from using that from anywhere in the world to log into your account. If your services offers login alerts, which warn you whenever a new device is added or a login occurs, enable that too.

Check all social networking, email, financial, and other services you use beyond 2FA to examine privacy options. Some networks will let people who have some information about you find out more, or look you up by email address, even if theres no public listing that associates you. They may be able to let a friend of a friend to obtain your phone number or physical address; you might consider wiping that data or further restricting it.

Most social networks now support two-factor authentication, including Facebook.

I also recommend changing your passwords comprehensively across all services you use. While its a pain, if you either cant recall the last time you swapped a password, or you use the same password at multiple sites, the time is ripe. I recommend a password management and sync system (I use 1Password) both to create strong, unique passwords and to let you access to them whenever you need them on whatever platform youre using. (1Passwords creators, AgileBits, have both family and business sharing options that can help you distribute passwords multiple people need; its great in families where spouses or parents/kids need to have access to the same password, too.)

Many hacks start with a weak link. Thats often a disused email address that you set or still use as a backup address at another service. To break into the more-important service, a cracker will poke at these weak links, break into an email address, then use a password reset or another option that allows them to use the email access as a knife to crack open the oyster of the service. So recheck all your backup/alternative email addresses associated with all your accounts as well.

Finally, while these arent per se computer related, I recommend you contact your cellular provider and your local home phone carrier (if you have one). You can typically put a lock or extra protection on phone accounts; theyre often a vector for attackers who use social engineering or online account management to try to shift your phone number, texts, or other services elsewhere, which can aid in identity fraud, accessing private information, or intercepting an SMS second factor.

Along these lines, you should also pull your credit reports at the three major credit bureaus, and consider putting a freeze on credit checks and issuance for every member of your immediate family. Opening cards in your name and other tricks to ruin credit is a common strategy for harassers. You should also look around for ratings of credit-monitoring services. I have free access to one after an online account breach, and its reliably informed me of all (so far legitimate) activity on my credit reports.

Its no fun to worry about these sorts of things, but its also a reality of our modern day. If youre concerned you might be targeted by a political, criminal, or social group, preparation will save heartbreak.

Admin · 13 vistas · Escribir un comentario