Category: Information Security

Trust Is Tops

• Only use trusted apps or software.Download apps directly from trusted app stores such as iTunes and software from well-known sites. Be especially careful of apps or software you’ve never heard of or malware posing as legitimate apps. If you’re unsure if an app is legitimate, check the ratings and reviews in the app store. If it’s a major retailer and it only has one review or a low rating, it might be a copycat.
• Don’t trust every search result.Just because you get dozens of search results for “free golf handicap spreadsheet calculator” doesn’t mean you should download each one to try them all.
• Office documents and spreadsheets are notorious for hosting malware within embedded macros. If you frequent forums or communities of interest, ask what software others have used.
• Beware of extras when installing software.Even legitimate software or browser add-ons can be accompanied by malware. Remember that every new app or software you install is a new potential entry point for cybercriminals. Be sure to uncheck extra software options unless you really need them.

Don’t Click That

• Beware of unexpected emails. IBM X-Force has observed scammers using fraudulent package tracking emails, for example, to spread malware such as Locky ransomware. Be cautious and wary of unsolicited emails.
• Double-check links. Scrutinise links in emails and social media posts. Hover over the URL to make sure a link directs to a legitimate website before clicking it.

Protect Your Passwords

• Don’t save your info. Yes, it’s a pain to retype your info every time you want to order something online, but you should never save your password or credit card information in retail or bill payment sites, especially those you don’t frequent.
• Use a special shopping email address and password. Have a separate email address just for retail websites and create unique passwords for each account. Use a password wallet to store your login credentials.
• Get creative with password reset questions.When filling out account information, opt for the password reset question that doesn’t involve public information. For example, don’t use your high school mascot, since that could be found online. Instead, pick a subjective question (favourite dessert, favourite song, etc.) and enter answers that only you would know.
• You can also create unique answers to each question and store them securely in a password wallet.

Control Your Credit Cards

• Opt for credit over debit cards. Use credit cards instead of debit cards whenever possible. Credit card providers offer protection if your card is compromised and won’t dock your checking account if there’s an issue.
• Use one-time credit cards. You may want to consider a one-time credit card when buying from a nontrusted or entirely new retailer. That way, you can avoid putting your personal card data at risk.

SSL / TLS / HTTPS

1. Is TLS fast yet – A great site debunking the myths of SSL/TLS speed cost
2. Firesheep – A watershed moment for SSL by demonstrating the ease with which unprotected traffic can be intercepted and sessions hijacked
3. Qualys SSL Labs – Tests a variety of attributes of the SSL implementation by pointing it at any URL
4. CloudFlare – Get SSL for free on any website
5. Let’s Encrypt – It’s coming, and it promises to fix the current mess that is CAs and configuring certs
6. Betsy’s free wifi – Shows a young girl standing up a rogue wifi hot spot
7. Chromium HSTS preload list – All the sites submitted for HTTP strict transport security preload (a depressingly small number of them)
8. HTTP Shaming – Sensitive data sent insecurely? Name and shame!

Continue reading “Some Security Links”