Loading...
Menu

Software Security For You

 

 

 

 

 

 

 

To my wife and daughter.

You mean the world to me.

 

 

Preface

 

This book is an attempt to educate people on software security with my 10 years experience in security industry.

 

This book is based on various security aspects that I came across while working passionately in software security industry. It has came from research and huge amount of reading on security trends. I have been writing blogs on this topic and this book is based on content from blogs and other references.

 

Inspiration for this book is driven by people around me who use internet and are unaware of long term implications if used incorrectly.

 

Who this book is for ?

*
p<{color:#000;}. People who use internet and keen to know the security aspect behind it

*
p<{color:#000;}. People who want to make security as their career and need a starting point

*
p<{color:#000;}. People who wish to protect their online presence

*
p<{color:#000;}. Teens who wish to know implications of their online behaviour as they use it everyday

*
p<{color:#000;}. Parents who wish to keep their kids secure online

*
p<{color:#000;}. This book is NOT for a security expert. Its for general public to make them aware about online threads and how to protect themselves

 

This book is split into three sections

#
p<{color:#000;}. Device protection to secure you

#
p<{color:#000;}. Online Privacy and security

#
p<{color:#000;}. Wi-Fi protection

h3<{color:#434343;}.

 

Author:

Mangesh Bhamre
Co-Founder and CTO, Open Netware
https://ie.linkedin.com/in/mangeshbhamre

 

Software Security is not one-stop shop!

 

Security is not one-stop shop and you get everything. It’s not about you install a product and forget everything about keeping everything secure. Here are numerous topics around security that you should be aware of to keep up to security.

 

Antivirus and Firewall: This is the most common term people think of security. It’s still valid, however it’s not everything. All of us now do things on internet and there has many more things to take care. You still need to worry about what you download/install or connect your friends pen-drive to your machine. Security products does great job here.

 

Web security: Internet is full of good and bad sites. You need to ensure either not to land on those or be careful about those. Good browser plugins do help in to give us rating and categorization. You need to keep an eye and ensure not land-up into unwanted sites. Security products does great job here. [+ Here is good read on it.+]

 

Social networking: This has become part of our lives now. You need to ensure whom you add as friend, what information you share with people, what photos/status you post. Social network is your identity to world and that can be used against you by anyone.

 

Privacy: Host of apps exposes your data/identity to world. Your Facebook/Whatsapp/Google+ info. Apps can access your GPS location and time. Apps have access to what you do on internet and songs you listen too. Google has access to all your info - your search, contacts, docs and much more. Your data/identity can easy be exposed to embarrass you. This is entirely in your hands.

 

Email Spam: You share your email and there you go with flood of emails all around the world. Security products and email providers do great job here. You still need to improve on this by marking emails spam if you see one. Phishing is common security issue that people fall – ensuring you validate who sent you email and review authenticity

 

PIN/Password: This is gateway to your account and all your data. It’s of utmost importance how you manage them and how strong your passwords are. Same password for multiple accounts is common problem. Two factor authentication is way to go ahead. Learn best practices around your passwords. Security products do come in handy to help you. However still in your hands to ensure end-to-end protection. [+ Here is good read on two-factor authentication+].

 

Mobile/device Theft: Mobile theft is on rise and governments are working on laws to help people. You still need to ensure you are prepared for it and follow best practices around it. [+ Here is good read on it to be prepared.+]

 

Wireless security: Wi-Fi & bluetooth is great however equally vulnerable. Which Wi-Fi networks you connect to, how secure your Wi-Fi network connection is? It matters as all your data goes through Wi-Fi and can be easily accessible to anyone on around you. Bluetooth exposes similar security issues and you need to enable/disable as you need to keep yourself secure.

 

Parental control: Kids are exposed to internet at early age and huge content on internet is just a click away. You need to setup good parental control products and keep an eye on internet usage to ensure kids are not exposed to bad content or more. Security products do come in handy. [+ Here is good read on it+].

 

Data backup: Photos/Videos and your data from various devices needs to be backed up to avoid losing them due to hard-disk failure. Hard disk/Pen-drives has life up to 5 years and can stop working all of sudden. Also with high resolution photos/videos with your latest phone/camera you need more space. You need to ensure your data is backed up from all devices and maintain securely as it’s your personal and private. There are multiple vendors around and you need to manage it well.

 

Operating System and browser updates: Bug fixes, Security fixes, performance fixes or new functionality and more reasons to keep your operating system and other apps up-to-date. Don’t turn off updates even though it’s annoying at times.

 

Mobile apps and permissions: Contacts/photos/videos/songs/location/messages/emails and more data resides in your mobile and everything is exposed to apps you install with permissions you grant to them. You need to keep eye on what you are installing and what all it needs to access. Any app with access for more than it needs is point of concern. Security apps do come in handy here; base rule still is to keep your apps under control to avoid exposing private-data/location/network to world.

 

Home network and devices connected: More and more network devices (TV/XBOX/Tablets/Phones/Laptops/Setup-box/etc.) are in home than it used to be five years back. Each of them has potential to run apps and data you store/share in your home network. You Wi-Fi router is one point of contact to setup and secure all. There is no good security solution to manage them all and it’s in your hand to ensure security.

 

Phone number and calls: Similar to your email address, your phone number is also exposed to world and it would be hardly anyone not getting unwanted calls or messages. There are apps to block calls/SMS and do-not-call registry to secure. There are good practices around this to follow.

 

Surely more things will come-up as technology grows up. There will be more things to take care from security point moving ahead; technology will surely catch-up and assist you along the way. Do keep reading and follow best practices on security to stay ahead.

 

 

 

Password – The weakest factor online

 

Passwords has been a proven way to protect your account and keep your info secure and private.

Passwords are common and we do use it everyday. Access emails, your system, Facebook, unlocking your phone, access bank online, and many more. An average of 10 passwords are used by any individual (like you) everyday as per reports.

 

With internet and the number of things you can do online, password has been a common practice. To play a game or post review, you need an account and thus the password. Concept of an account has been strongly developed in internet so that you can log back in anytime and continue to access the information back where you left. An account maps your work, activity on that website which can be saved and later referred back. Now that there is data associated with you account, websites wants to protect users data and thus the password which forms the easiest way to authenticate a user.

 

Hackers and malware are on their peak and always looking for access to your account more than anytime before. Password thus has became the weakest factor online. Your privacy, your work, your money, your data and your friends are all maintained by a password.

 

Password statistics:

*
p<{color:#000;}. 90% of passwords are vulnerable to hacking. More details here.

*
p<{color:#000;}. With top 10,000 most common passwords, 98% of accounts would be accessed

*
p<{color:#000;}. 70% of the people do NOT use unique password for different websites. Report here.

*
p<{color:#000;}. Around 82% of people have forgotten password used on a website

*
p<{color:#000;}. 80% of people do not change bank card PIN. Report here

 

Here are top 500 passwords which forms the 80% of the passwords. Bigger the size, more frequently they are used.

 

 

 

 

Why username and passwords required everywhere?

 

Why a website that you just need to provide review/rating about hotel/movie/restaurant needs you to create a new user account ? There are many such scenarios where in account creation is just not required, however users are forced to do so.

 

In most of the cases password does make sense, however in many of the cases, password ideally is an overkill; websites do have commercial reasons attached to force users to create account or access their site using Facebook/Google+ profiles. Every company wants to grow their user base and that directly maps to their profits and business. No wonder why a site that is just asking you to provide a review/rating also needs you to register as user.

 

Thus looking at web trend, passwords are more going to be asked by websites and you are going to create either new accounts or use your Facebook/Google+ profiles to register. Either of this puts you in trouble as to maintain a good password for new website or keep an eye on usage of your Facebook/Google+ profile by this website.

 

Everyone wants your email ID. Almost all websites now uses email ID as user name. You activate website functionality by validating your email address and thus website gains your email address to send more stuff or remind to revisit the site. Thus account creation becomes the primary requirement on such websites and this is common trend with big and small players on web.

 

 

Same passwords for multiple sites?

It’s hard to remember strong passwords and that tends to use same password again and again on different websites. A very common trend that needs a change. Using right tools and practice it’s doable. Below are some techniques to help you generate strong passwords and either remember them or maintain them securely.

 

Email ID as user name :

Email address as username is common trend. Your email ID is known to world by different ways and thus half of the info about credentials is exposed. The other half is your password. It then becomes mandatory for your password be strong enough to fight hackers around world as they already know your email ID.

 

Many of us use 1 or 2 primary email IDs. We share these IDs with people to communicate and use same for user name. Thus your email ID has become part of your identity on internet and you share it freely with friends and many offline registrations forms. Any one that now has your name and email ID can give a try to hack your accounts with most common passwords available online.

 

 

Strong password difficult to remember ?

 

Here are some techniques to create strong passwords and remember them

*
p<{color:#000;}. Create a passphrase rather than just a password. It can be your favorite line from book or song. There are plenty of songs that you love and sing

*
p<{color:#000;}. Be creative and imaginative to create unique characters that don’t exist

*
p<{color:#000;}. Use Book title, serial name or food dish

*
p<{color:#000;}. Combination of Multiple cities/places

*
p<{color:#000;}. Combination of company names, car models or sports person

*
p<{color:#000;}. Combination of name, place or year

 

Avoid using these for passwords

*
p<{color:#000;}. Wife, girlfriend, mom, kids, pets names

*
p<{color:#000;}. Place where you live

*
p<{color:#000;}. Date of birth of your favorite people

*
p<{color:#000;}. Common passwords

 

 

Listed below are tools to help you generate strong passwords and maintain them. These tools have been proven and are industry standards which you should leverage to ease out creating strong passwords and then remembering them.

 

Google and Facebook as common method to login:

Social network has provided a new and unique way of login and that is leveraged by many websites. You don’t need to create account on every websites, however use Google+ or facebook login method provided on third-party websites. These websites integrate with social networking authentication mechanism to validate a user and then provide you access to functionality.

 

It’s a easy and quick way to gain access to website content/functionality without creating new account. However you have to be careful here are you are exposing lot of data to these websites than you should be. Your email ID, name, where you live, your friend list, your work place, and also an option to post on your wall when they want. That’s too much of info for too little. You may better end up creating a new account rather than giving access to above info to be secure.

 

One advantage with Social authentication is that you can go back to facebook/google+ and revert the access to third-party apps/websites anytime. those apps will never be able to gain your updated info or friend list or post on your wall. But they do have your old info which you can not revert.

 

Better ways to solve the password problem:

 

Two factor authentication –

In simple terms you can consider two factor authentication as “Two Locks” for your account. You need to open both the locks before your get into your account. And to open two locks you of course need two separate keys.

 

Two factor authentication is security process in which you use your userID+Password and physical token. It’s “something you know” and “Something you have”. E.g. If you wish to login to your email account, your email ID & password is what “You know” and an addition short numeric code(Verification code) that is available on your phone which acts as “You have”.

Two factor authentication has became industry standard to protect your account and now is provided by many websites. Here is my detailed blog on two factor authentication http://softwaresecurityforyou.blogspot.com/2014/04/securing-your-account-with-password.html

 

Lastpass and Keepass – Password managers you need

Lastpass is a browser plugin that manages(stores) your passwords and provides strong security model around itself to avoid exposing your passwords to other. It allows you to create strong passwords by auto-generating complex passwords and then maintaining them for you. Anytime later you revisit that site and navigate to login page, it will populate your username/password once you enter master-password. www.lastpass.com

 

You just have to remember one password after that; and that is of lastpass itself. Lastpass provides good integration with websites and browsers. Also all your data is encrypted and maintained online and thus your password storage is available for you anytime. They provide web and mobile app for ease of use.

Ensure you use two-factor authentication with lastpass to make it max secured and give you peace of mind enough though all your passwords are stored online.

 

Keepass & KeepassX password manager –

 

Keepass is free, open-source and easy-to-use password manager. It maintains data locally in encrypted fashion and also has master-password to access all your passwords. KeepassX is linux version of it.

Keepass provides strong password generator functionality and maintenance of it. It create a file that you can take it with you and use on other computer. Keepass is purely local installation and does not talk to server or sends your passwords to server.

 

Security model used by Keepass and its functionality has gained high number of award and is very well known by professionals around. http://keepass.info/index.html

 

 

 

Best practices about passwords :

*
p<{color:#000;}. Create unique passwords for every website

*
p<{color:#000;}. Don’t write down your password

*
p<{color:#000;}. Don’t share your password with anyone

*
p<{color:#000;}. Don’t store password on public computer

*
p<{color:#000;}. Change your password every 6 months

*
p<{color:#000;}. Use two-factor authentication for your important web accounts

*
p<{color:#000;}. Change your password immediately, if you think it is compromised

*
p<{color:#000;}. Don’t use common passwords. Create strong passwords

*
p<{color:#000;}. Use password managers

Conclusion:

With Internet, your accounts can be accessed globally and that’s great. However hackers around globe too can give it a try to hack your account and steal the info and you will never notice. With more accounts required online, you need to have a long term strategy to maintain passwords and follow practices around it. Above article list the ground rules that everyone on internet should follow to maintain high level privacy & security.

 

 

 

Securing your account with password only? That’s not enough anymore – Use two-factor authentication

Using userID and password only to login to your account is old method to ensure security to your account(email, bank, facebook, etc.). It has been reported numerous times that passwords can be stolen, leaked, cracked, captured, sniffed & guessed. Bad guys (may be your own people with bad motives) are trying hard to get your password and get into your account to steal data/money/identity/photos.

You need to protect your account with something more than just UserID and password. Strong password is not enough to protect your account and you need to go beyond that to make your account secure.

What is two factor authentication ?

In simple terms you can consider two factor authentication as “Two Locks” for your account. You need to open both the locks before your get into your account. And to open two locks you of course need two separate keys.

Two factor authentication is security process in which you use your userID+Password and physical token. It’s “something you know” and “Something you have”. E.g. If you wish to login to your email account, your email ID & password is what “You know” and an addition short numeric code(Verification code) that is available on your phone which acts as “You have”.

h3<{color:#434343;}.

h3()={color:#434343;}.

h3<{color:#434343;}.

h3<{color:#434343;}.

h3()={color:#434343;}.

h3<{color:#434343;}.

Why two factor authentication?

According to security research, two factor authentication drastically reduces the risk of your account getting exposed or hacked by anyone. Anyone who knows your userID+Password, now cannot open your account unless they enter the code which only you have it(on phone or physical).

Banks, enterprise business, and small/medium business already got this started early on and now lots of online companies provide this feature for free to users to increase level of security around your accounts. Your data & identity is equally important as your bank account, which you don’t wish to lose.

Why anyone can’t break into your account with two factor authentication ?

By adding a second lock to your account it gets hard for anyone to crack your account. Numeric code is usually generated every time and it keeps changing. Anyone who has your userID & password also now needs this numeric code to open your account and that’s not with them(unless your phone/device is lost).

Google Authenticator – An Android and iOS app to generate verification codes on your phone

 

h3(((((((((<{color:#434343;}.

*
h3<{color:#434343;}. Google provides a generic phone app on android/iPhone for users to setup and use two factor authentication. Install “Google authenticator” from Google Play and follow steps to setup.

*
h3<{color:#434343;}. Note that ‘Google Authenticator’ is not just for your google accounts, it’s generic enough to help you setup two-factor authentication for numerous other websites too. A good example here is “Lastpass” which integrates well with Google app and makes your master password/account in Lastpass safe.

h3<{color:#434343;}.

Who all provides two factor authentication?

In addition to your bank, lots of companies on web offer it. Google, Facebook, Microsoft, Lastpass, Apple, Dropbox, Evernote, Yahoo, Linkedin and many more. And this is all for free. So go and secure your account now.

Here are some services that support two-factor authentication, with instructions on how to enable it -

*
h3<{color:#434343;}. Google/Gmail – Google provides six digit verification code via sms or by Google authenticator app. You can enable it by following steps from here – http://accounts.google.com/SmsAuthConfig

*
h3<{color:#434343;}. LastPass – Most important service that you should enable two factor authentication. Here are steps – https://helpdesk.lastpass.com/security-options/multifactor-authentication-options/google-authenticator/

*
h3<{color:#434343;}. Facebook calls it as ‘Login approvals’ and provides couple of ways to setup. You can get verification code via sms or setup google authenticator or via facebook app itself. See https://www.facebook.com/settings?tab=security

*
h3<{color:#434343;}. For your favorite services apart from above search google or have a look here – http://lifehacker.com/5938565/heres-everywhere-you-should-enable-two-factor-authentication-right-now

h3<{color:#434343;}.

 

h3<{color:#434343;}.

10 Ways your computer can get infected by viruses and how to avoid that

 

Getting infected by Virus on your laptop/desktop is easy as you read below. There is no one good way to be protected against all of them and thus you need to be cautious enough to keep your data and laptop secure. On other hand you don’t need to be super paranoid or require geeky skills to be protected – just be aware about your actions and apply common sense.

 

1. USB/Pen-Drive:

The biggest reason to get infected is using extensively using USB/Pen drives to share data across multiple machines. This is the most exploited method use by viruses to spread and autorun on machines when inserted.

 

This is not restricted only to USB/Pen-drive, but all devices that exposes USB interface to connect to computer. E.g Camera which provides USB to copy photos/videos to your computer, or your mobile phones to copy music/files, Kindle to copy books and external hard-disk that host huge data.

 

Any USB/Pen-drive when connected to computer auto-runs set of files and viruses gets the entry point into computer. Viruses hooks on to auto-run applications and launches themselves to run automatically to then infect the machine. Alternatively a machine which is infected monitors any new USB/Pen-drive connected to machine and copies itself to USB to spread itself.

 

With USB port becoming standard for mobiles/ camera/ kindle/ mouse/ speaker/ keyboard, viruses can hook on to any of those and spread themselves easily.

 

 

 

Solution-

*
p<{color:#000;}. Disable Windows Autorun to start programs automatically. This will prevent any virus to start as you insert the infected Pen drive. Here is a short video https://www.youtube.com/watch?v=U6ubWhGVF2U

*
p<{color:#000;}. Always run a Anti-Virus scan when you insert the pen-drive before you start using it. If you have good Anti-virus, most likely it will start as soon as it detects new Pen Drive and prompt you to start scan

*
p<{color:#000;}. Avoid extensive use of pen drive to transfer data between 2-3 computers. If you wish to share file within home, use network storage or web(Google drive, dropbox etc.). Ensure you scan files once you download them from any sources

*
p<{color:#000;}. Avoid connecting your Pen drive to any public computer for data exchange

*
p<{color:#000;}. If you find a Pen Drive in public places then there are high chances that it’s left behind for infecting machines. Avoid falling into traps with free Pen Drives lying on the road

 

2. Downloading applications from any sources:

Windows comes with predefined apps and that’s enough for most of the time, however if you are extensive user of your computer, you need good editor, or image editor or video editor, movie player, good browsers, and lots of free goodies available online. There is no one good trusted location that is available and thus most of us has to download apps from various sources. With Windows store and app store, it’s getting better now that people only visit couple of places to download and install apps.

 

However with Windows OS there are huge set of apps that are not available on store for users to download freely and use securely. Many apps still needs to be downloaded from web and then manually installed. This will continue for good long duration and not going to change in a year or so. Result is viruses getting downloaded and installed by you.

Of course there are rich set of applications which are open-source and free and are maintained by developers around the world which ensures no malicious code gets into products and provide secure applications. Problem here is source from where you download – if it’s available from well known open-source websites then that should be good enough as the site ensures first level of safely. However if you download same application from a totally different location, then it’s not guaranteed that it’s equally good. Trusted source matters most from where you download. Open-source apps can be modified by hackers and recompiled to be hosted on their sites; which you may download.

Solution:

*
p<{color:#000;}. Scan for all downloads with Anti-Virus

*
p<{color:#000;}. Never download apps from untrusted sites

*
p<{color:#000;}. Most of websites provide download verification method (signature) which you can use to ensure the file you downloaded is same as provided by manufacturer and not modified on its way

*
p<{color:#000;}. Check for online apps instead of locally downloaded version. If you wish to edit images or videos, there are websites that provide you free online editing with rich set of tools online. You don’t need to download and install image editor at all to risk your data and computer

*
p<{color:#000;}. While downloading files, ensure your browser is not flagging red alert for website

*
p<{color:#000;}. Clean up your download folder regularly. Your downloads may be legitimate, however an infected Pen-Drive may write to programs downloaded and when you execute those app, viruses gets loaded. This is about avoiding good applications (downloaded) getting injected with bad code and giving an opportunity for viruses to hide.

3. Email attachments:

This is another critical point of exploit by viruses/hackers. Emails with intuitive/catchy subject line and an attachment is likely to be opened up by users. Attachments can be anything like a image(jpg/png/bmp/etc), document, ppt, xls, PDF, exe, bat, com, msi, zip, inf, gzip and more. In many cases you will never notice anything suspicious as you open the file and execute it and it may still do the damage behind the scene.

Solution:

*
p<{color:#000;}. Never open email attachments from unknown person/banks/institutes

*
p<{color:#000;}. Download and scan with Antivirus if it’s must for you to open up attachments

*
p<{color:#000;}. Avoid forwarding emails with attachments

h3<{color:#434343;}.

4. OS and application updates:

Hackers around the world target OS loopholes to get into your machine or Apps that are installed on your computer to get into as backdoor entry. These are security holes that are unintentional and not found by OS developer (e.g. Microsoft) or application developers (e.g. Adobe). Hackers target these security issues and create viruses that exploit them. As more and more security issues are found in wild, they do get patched up and you get a software update based on those. Major reason for software updates are performance issues, security issues and new enhancements.

With more and more apps you download and install on your machine, there is high likely that some or the other app/OS will have a security issues and there will be patch available from vendor to address those. If you disable auto-updates then you are keeping these security holes open for viruses to get into your computer and do their job.

Solution:

*
p<{color:#000;}. Always update your OS and apps that you use.

*
p<{color:#000;}. Keep the OS with minimal set of third-party apps that are must for your usage.

*
p<{color:#000;}. Do notice newer update alert and ensure you download and install them if required

5. Browser plugins / add-ons :

Browser plugins/Add-ons and toolbars that hook onto your browser has access to all that you do online. Every email, every password you type can be captured by add-ons/toolbars. The most preferred way you get these addon installed is by installing third-party products that does one thing, but installs toolbars for their partners. These unwanted/unused toolbars sit in your browser and can do all sorts of things behind the scene. You need to be extra cautious with any toolbar/add-on that gets into your browser. The most nasty viruses hooks onto browsers and hide underneath; they may not have any UI elements or icons and still do all malicious their job behind the browser.

Solution:

*
p<{color:#000;}. Review installation of any application. Installation wizard generally provides a hint to what it’s going to install on your browser. Turn the check-box off to avoid installation

*
p<{color:#000;}. Review all installed toolbars/add-ons/plugins/extension on your favourite browser and keep only the one keep the one you use

*
p<{color:#000;}. Use Google Chrome for that matter to enable/disable add-ons.

*
p<{color:#000;}. Use Private browsing to disables unwanted add-ons during your secret work

6. Visiting malicious websites:

You may visit a website to download a cool screensaver or wallpaper, or may just visit to read an interesting articles, or view all kinds of photos. And we all that we navigate using search results that google/bing and other search engine gives us. Not all websites are safe to browse. There can be array of attacks that can just happen by visiting a website. E.g a download may start automatically, or your Facebook may start showing posts that you never posted, or more similar activities. With newer web technologies (HTML 5), browsers and websites can do more behind the scene which you may not notice and leave your laptop infected.

Solution:

*
p<{color:#000;}. Use browser add-on that provides you website rating in the form of red/green/yellow status. You can safely visit websites with green status and avoid navigating to red. Checkout WOT and McAfee Siteadvisor add-on

*
p<{color:#000;}. Don’t be click master on your IM links, email links, website links if you are not sure if they are safe. It may just take one click for bad to happen on your laptop

*
p<{color:#000;}. Install adblock plus browser add-on. It not only blocks all ads, but also filters out any websites that can perform task behind the scene

*
p<{color:#000;}. Configure OpenDNS for free and prevent against fraudulent websites.

h3<{color:#434343;}.

7. Pirating software / movies / music:

We all love movies, music and games. Many of us download it for free using torrent. In addition to piracy of copyright content you are promoting hackers and viruses to spread if you do download using torrent. Torrent as technology is great, and there is nothing wrong with torrent in itself. It is the content you download/share which matters most.

Many of the movies and music needs special codecs and applications to be installed first before you can play on your laptop. These codecs are by and large bad. You download and install a codec and then you find the movie is not playing and was waste of time and resources; behind the scene your laptop is already infected and working against your.

Latest or best movies are often promoted by hackers/virus writers for you to fall in trap and make it easy for them. It’s a carrot!

Solution:

*
p<{color:#000;}. Review what you are downloading using torrent

*
p<{color:#000;}. Review the file format and scan it with anti-virus before you take any action

*
p<{color:#000;}. Do not download any extra audio/video codec to make the movie play

*
p<{color:#000;}. Prefer Youtube/Netflix and other popular methods to watch movies online safely

8. Fake anti-virus that pops up and tell your machine is infected:

As you browse internet, you land up in popup saying you computer is running slow or is infected with red big icons. These are just websites that render webpages and show up fake alerts. If you click and download then your laptop is the prey. Fake Anti-Virus looks exactly like McAfee/Norton/Kaspersky/Other and scare you with fake virus alerts or promise you to improve your computer performance. All that is just to get you download and install their product which does totally different thing. Here is a good article to read about -

[+ http://www.microsoft.com/security/pc-security/antivirus-rogue.aspx+]

Solution:

*
p<{color:#000;}. Use adblock browser add-on to avoid any popups and ads.

*
p<{color:#000;}. Never download any app from these fake popups

*
p<{color:#000;}. If you need to install Anti-Virus, then go to popular Anti-Virus vendors like McAfee / Norton / Kaspersky / Trend micro / or the one recommended by your technical guidance. If you don’t buy medicines on your own and do consult doctor then why not do same for your laptop/network before you install an Antivirus? Do search on internet and read before you download and install legitimate Anti-Virus/Firewall. Below are some good references for you to compare and help you select right AV for you

9. No Anti-Virus(AV) and firewall or NO up-to-date virus signature :

As you read above, in all of the instances you need a good Anti-Virus/Firewall installed and enabled. You also need to keep it up-to-date as most of the Anti-Virus products download latest virus signatures to detect newer viruses that are found.

Windows 7 and Windows 8, comes with Microsoft Windows Defender & Firewall by default. I would recommend a non-Microsoft solution here as they are the experts in security industry and huge amount of research go in to make better security products. If you look av-comparatives.org (an independent AV testing organization) and their reports they don’t mention Microsoft AV/Firewall anywhere.

http://www.av-test.org/ is another independent AV testing and its one of the most important certification/rating that Anti-Virus companies look for. You now should be able to review yourself which AV is good enough and where to download from.

10. Using Windows XP:

Yes using Windows XP is known to be worst for security and can get your machine infected easily. Its an old OS and not designed for security in mind. Microsoft has stopped supporting Windows XP this year and will not patch for any security issues reported. You need to upgrade to newer Windows OS.

Switch to Ubuntu Linux or Windows 8 for better security. If your computer is old enough then likely Win8 will not be supported due to minimal hardware requirement. Do install Ubuntu or any other Linux distribution as detailed here.

Conclusion:

As you read, there are various ways your computer can get infected. You need to keep an eye and be aware of actions you take and implications on your computer/data. Setting up good Anti-Virus, using right browser with add-ons and following best practices listed above should keep your computer/data secure.

 

Is your Antivirus working ?

 

If you are using Windows/Linux/Mac then you would have installed an Antivirus(AV). If not then better get one and setup. It’s too easy for a machine to get infected and it has been reported that malware and viruses are on their all-time high.

 

Here are some reasons why you need Anti-Virus

#
h3<{color:#434343;}. You connect to internet and download/install files

#
h3<{color:#434343;}. You exchange data with your colleagues or friends via pen-drives

#
h3<{color:#434343;}. You connect your machine to different Wi-Fi networks

#
h3<{color:#434343;}. You use shared folders or use torrent for file sharing

 

 

How to know if your Antivirus is working ?

Any Anti-Virus product generally operates in three modes to give you full protection. Here is gist that you need to know before you proceed

 

#
h3<{color:#434343;}. Real time scanning (RTS) – In this more Anti-Virus product is active under the hood and constantly monitoring files that are open/written/closed/downloaded. AV product will scan them immediately and flag an alert if there is any virus detected

#
h3<{color:#434343;}. On-Demand scanning – User initiates virus scanning whenever required. Generally available with right-click scan option on files/folder. This forces AV to re-scan all files that you think may be infected

#
h3<{color:#434343;}. Scheduled scan – This is periodic AV scanning done to ensure nothing is missed out. A fallback and automated way to scan your machine once a week at given time

There might be more scanning modes to provide more granular functionality depending on AV product you use.

 

To ensure your Antivirus is running you need to check if all above methods of scanning and making sure everything is setup correctly to avoid any data loss or issues.

 

Check 1: Is your Antivirus subscription active ?

As you know there are paid and free AV products out in market and each of them has pros/cons. For a free product it may only function for certain period and then ask for registering/purchasing of product. For paid AV product, it may expire as per your subscription timeline and may not be fully functional. In either cases you need to ensure you have active protection. There might be more business conditions for any AV product to stop working or reduce its effectiveness and you may not notice it. Most of the products do show up alerts to warn user to renew or buy subscription.

 

Secondly, most of Antivirus vendor tie-up with laptop/desktop manufacturer to provide free AV for certain duration. Thus AV comes by-default with your new machine and is functional (You may need to signup for an account). However there is time limit and you need to renew/buy subscription to keep it running beyond it, else AV functionality is ineffective.

 

Open your Antivirus product and check if it shows RED or GREEN (most of AV vendors use these colors to indicate issue or non-issues). Check for subscription expiry and its validity. If all ok then great, else it’s time to renew your subscription. There should be links in AV products to buy or renew and all will be good after that. Do perform a full scan once you buy subscription to ensure nothing was infected in case your AV was non-functional.

 

 

 

Check 2: Download a dummy virus!

Don’t panic! It’s only to check if your AV is running Real-time scan and effectively detecting viruses. There will not be any damage if you download the one said in images below. Anything other than that should be strictly avoided. It’s a simple test that is also used by AV vendors to perform test in their environments.

 

Navigate to website shown below and visit ‘Download anti-malware test file’ page.

 

 

Scroll down a bit and copy text shown in box similar to below image.

 

 

 

Open notepad on your machine and copy this text and save file on your desktop. Give any name to it. Say ‘SampleTest.txt’

 

 

 

If Real-time scan is functioning then it should detect this action of saving the file and prompt an alert or clean up the file immediately. That’s the PASS for you’re your AV. Be assured that AV you have installed is running and will catch any viruses if it finds. It’s a very simple test and you may use it anytime to double check if everything is fine.

 

In case your AV does NOT alert or delete the file (in few seconds) then that’s an issue. Close notepad and open same file again and double check if AV is detecting. If it’s not then something is wrong with your AV and you need to take action for it.

 

*
h3<{color:#434343;}. Uninstall and reinstall the product

*
h3<{color:#434343;}. Buy other Anti-Virus vendor product

Ensure that you run above test again after you install the AV product.

 

Check 3: Checking if on-demand scan is functioning (Optional)

You can test On-Demand scan (Right click and scan file/folder) same way as above. Only difference is that you will need to explicitly turn RTS off (Be careful to turn is ON again once you do the test). Switching off RTS will avoid cleaning up sampleTest.txt file immediately and will give you a chance to run ‘Right click scan’ option on file.

 

Check 4: Latest updates installed ?

 

Every AV product needs to Virus-Signature info to detect and clean viruses. This info is updated by AV vendors on daily(ideally) basis. Your AV product should download up-to-date signatures to give you max protection against latest viruses. Check for “Last update date” or similar option in your AV product and make sure its current. If not force an product update.

Check 5: Better and consistent way to test AV – Install ‘McAfee Security Scan Plus’ (MSS+)

Another way to test AV (on Windows) is to install a small free product from McAfee (an Intel Company) named ‘McAfee Security Scan Plus’. You can download it from here.

Features -

 

#
h3<{color:#434343;}. Checks for Antivirus and Firewall status on your machine periodically

#
h3<{color:#434343;}. Alerts user if RTS is off or, virus-signatures info (info required by AV product to clean viruses) is old and need and update

#
h3<{color:#434343;}. Alert user if AV is not installed or not active. Provides a purchase link to McAfee product if status is red

Note – It’s NOT a full Anti-Virus product. It is lightweight application to help users to keep their Antivirus and Firewall up-to-date. Please read in details here.

Here are some screenshot

h3<{color:#434343;}.

h3<{color:#434343;}.

h3<{color:#434343;}.

Use these browser plugins to keep yourself safe online

Your browser is the point of contact to internet and *the* most vulnerable spot. In addition to which browser you use, its most important to use it with right set of apps (plugins). Plugins are apps that run within your browser and enhances your browsing experience.

Using random plugins can expose all your browsing history and data to external world. Every plugin has access to all your web history and data that you send. All your usernames, passwords, emails, and chats can be accessed by plugins. So make sure you monitor your usage of plugins in your browser.

Plugins can also ensure your safety online. Here is good list of plugins that improves your online experience and keeps your safe.

I am using Google Chrome as reference browser to demonstrate various plugins. Almost all of the below plugins are also supported on other browsers (Internet explorer, FireFox & Safari). Google Chrome claims to be most secure browser plus it's fast and comes with great user interface - try switching to chrome if you haven’t tried it yet. Each tab in Chrome is separate process and that helps on security and memory management - *the* feature that I like most in chrome.

HTTPS Everywhere – Encrypt all your communication on web automatically. Your browser uses network protocol to fetch web pages from internet. This protocol (HTTP) is unsecured by default and all communication happening can be sniffed over network. HTTPS takes this web protocol to next level by adding encryption. It uses secret keys to encrypt data between your browser and web to ensure no one in middle can see or change what you are doing.

Installing HTTPS ensures that any website that also supports secure browsing is used automatically. You do not need to do anything extra once you install it. This plugin will do the job of connecting you to secure channel whenever available.

Install HTTPS Everywhere via this link -https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp?hl=en

SiteAdvisor & WOT – Both of these plugins are great in categorizing web page as ‘Red’, ‘Green’, ‘Amber’ or ‘Grey’(unknown). Red indicates unsafe and you should avoid navigating to those sites. Green is for safe sites that are tested and confirmed by security vendors. Amber/Yellow color indicates possible issues and gives it as warning. Grey is for new websites that are still unknown and not categorized.

WOT and SiteAdvisor show red/green/amber & grey icons next to links in browser and help you right away before you move to dangerous website. It updates your search results, social networking pages and emails to ensure that all web links are tagged for ratings.

SiteAdvisor comes from McAfee and Intel company. McAfee (And other security vendors) does job of visiting millions of websites for security/safety and categorizes given site/web-page for users. Great amount of research and work is done behind the scene to provide such kind of easy to use functionality for users. Websites are tested frequently enough to keep the categorization up-to-date and ensuring no users are infected due to stale reports.

Content from websites is constantly scanned to ensure you don’t get spam-emails, virus downloads, automatic downloads, script execution to take your identity, third-party links referenced from those sites and more.

Download and Install SiteAdvisor from -http://www.siteadvisor.com/download/mac.html?q=promo

Installing WOT – [+ https://chrome.google.com/webstore/detail/wot/bhmmomiinigofkjcapegjjndpbikblnp?hl=en+]

DoNotTrackMe – Plugin that disables websites for tracking you. When you visit a website, it can write into your machine the time and date you visited with your id. It can then track back your history and monitor what you do on websites. Someone on web knows what exactly you do on and can use it for their advantage. Good way to disable this is by using ‘DoNoTrackMe’ plugin. It disables tags(cookies) that are used by websites and thus protects your privacy.

This plugin also provides email blocking functionality by providing a dummy email and links to your emails. You can stop receiving emails by blocking dummy email-address and free yourself from spam.

Install DoNotTrackMe – [+ https://chrome.google.com/webstore/detail/donottrackme-online-priva/epanfjkfahimkgomnigadpkobaefekcd?hl=en+]

AdBlock – Disable annoying ads shown on search result, websites or facebook. It blocks all unwanted

traffic and improves your browsing experience. Its not purely a security related plugin, however as it blocks ads you are ensured of showing content from unwanted websites and thus tracking you

Install Adblock from – [+ https://chrome.google.com/webstore/detail/adblock/gighmmpiobklfepjocnamgkkbiglidom?hl=en+]

Sign into Chrome to sync plugins – Google chrome provides this functionality to sync your bookmarks, history and plugins in browser. Do sign in chrome to ensure all your plugins are also available on other computers which you use and don’t have to re-install them.

 

 

 

Use Bookmarks for Bank websites!

 

Online banking is preferred way for bank transactions and we hardly visit bank building. Most banks do provide android/iphone apps to take it further. Bank websites are here to stay and do provide rich set of services for customers; and here lies the security issue. You need to protect you identity while logging in and prevent using your credentials on any other fake websites.

 

Use browser bookmarks to open bank website:

Always visit your bank using a bookmark on your browser. Simple practice can save your money

*
p<{color:#000;}. Never search for bank URL in google or any search engine. You may land up in fake website

*
p<{color:#000;}. Never search bank website URL in emails, you might open fraudulent email with URL pointing to site that looks similar to your bank. You may end up entering credentials and give away access to hackers

*
p<{color:#000;}. Do NOT bookmark ‘Sign in’ page as it can change, always bookmark main website of bank e.g. https://www.hsbc.co.in, you can then follow the ‘Sign in’ page from there. Just Bookmark bank website once and use it thereon!

 

 

 

Secured Bank website:

Ensure you open up bank website that starts with https:// (secure) and not http:// (non-secure). When you bookmark website make sure it points to HTTPS secure link. All banks should be using secure mechanism on their website. Bailout if you see non-secure version of website. Note – There might be cases wherein base bank page is non-secure, however ‘Sign in’ page will be secure – keep an eye when you login.

 

Do NOT login if web certificate shows red/yellow alert:

Trusted web authorities issues digital certificates to bank for their websites. If certificate matches the website you are visiting then no issues. However if certificate granted is for different website and webpage claims that its for your bank then a red alert message is shown by browser as below. There is something surely wrong. Do NOT login and enter your credentials. There are high chances that your username/password may land up in hands of third-party website which can then be used on real bank website.

 

 

 

 

These rules are of course not just for banks, but for any website that you think should be securely accessed. e.g. email/stock website/social networking/etc. You know it better for that matter now.

Why switch to Ubuntu Linux?

 

Ubuntu (http://www.ubuntu.com/) is Linux distribution which is FREE for use. It’s a general purpose OS which comes with set of default application for you to get started immediately. It has built is apps for document, spreadsheet, presentation editing and browser (Firefox). Ubuntu is Linux version which is known for security and stability. Linux is Open-source operating system built by huge set of developers worldwide and has been most successful for last 23 years. Linus Torvalds is the person behind building Linux OS, which has made so many technology things possible around us.

 

There are other variations of Linux (called as Linux distros). These are different vendors which package linux with different requirements. Some popular Linux distros are – Fedora, Linux Mint, Open Suse, etc. Here is good site to visit to know more about Linux distros – http://distrowatch.com/

 

Performance advantage with Linux:

Linux works great on old PCs and you should be able to clearly see performance improvement over Windows. Linux uses resources diligently and give max performance on your hardware. If your hardware/machine is really really old(7+ years) then try other Linux distro like Lubuntu ( http://lubuntu.net/) or Puppy Linux – http://puppylinux.org/

 

 

Screenshot showing office applications on Ubuntu 14.04

 

\

Screenshot showing lock screen of Ubuntu

 

Screenshot showing Software Package Manager from Ubuntu 14.04

 

 

Where all is Linux used ?

Open source & free nature has brought huge attention to Linux across globe. All major websites run on Linux (facebook, google, twitter, wikipedia, and many more). Your android has Linux OS underneath. Your TV, washing machine, Wi-Fi router has been built on top of Linux OS. You can connected to Linux already by one or other way.

 

Why is Linux secure ?

 

#
p<{color:#000;}. Any one can see the source code of Linux and that makes it most secure. Any new code is reviewed by developers around the world. No commercial software company can afford as many developers on single project has been working on Linux for last 23 years.

#
p<{color:#000;}.

#
p<{color:#000;}. Program are run on normal user and not admin(root) user. Any access to damage your system will require admin access and that is not what all applications run with. Keeping access to minimal makes the OS secure.

#
p<{color:#000;}. Its design and architecture is based on Unix which has been around for 41 years now.

#
p<{color:#000;}. Huge set of applications are available via Software package manager in Linux.

**
p<{color:#000;}. All apps are build from source and deployed on servers for you to use for free.

**
p<{color:#000;}. You do not (generally) need to visit any third-party website to download and install an app.

**
p<{color:#000;}. This eco-system makes it Linux secure as no unknown sources are executed on your machine.

**
p<{color:#000;}. Entire concept of app-store (Apple/google) has been inspired from linux package manager.

**
p<{color:#000;}. It provides updates for OS and for all apps and that’s a great benefit on Linux.

**
p<{color:#000;}. Also security is built around about this to ensure valid packages are downloaded & installed and users does not need to worry about

#
p<{color:#000;}. Networking stack (Communication layer) of Linux prevents viruses from propagating. Networking stack is conservatively build and firewall is at heart of Linux to make it secure.

 

 

Does that mean there are no Viruses on Linux ?

1. No. That’s a myth. There has been viruses reported on Linux and Ubuntu has documented it well for users to know about. Here it is – https://help.ubuntu.com/community/Linuxvirus

 

2. Linux makes it hard for viruses to reproduce and spread due to its architecture and that prevents it out-break on Linux. Here is great article on Anti-Virus from Ubuntu – https://help.ubuntu.com/community/Antivirus

 

3. There are Anti-Virus applications for Linux and it’s a good practise to install and run them. You would not like to host a windows virus on your linux machine and allow it to spread on other windows machines around right ?

 

 

Where can I get Ubuntu and How can I install it ?

 

*
p<{color:#000;}. You can download 32/64 bit Ubuntu from here http://www.ubuntu.com/download/desktop/ . If your desktop/laptop is fairly old then download 32bit version of it.

*
p<{color:#000;}.

*
p<{color:#000;}. Here is step-by-step guide to install Ubuntu – [+ http://www.ubuntu.com/download/desktop/install-ubuntu-desktop+]

*
p<{color:#000;}.

*
p<{color:#000;}. You can install Linux beside your Windows XP/Win7/Win8 without causing any problem. Its called dual boot. You can keep both OS on your computer without causing any problems (unless you mess-up with installation).

 

 

 

Don’t open short URLs if you get from unknown / untrusted sources!

 

Many of us on internet have already came across short URLS/links that when clicked take it actual webpage. In many cases you would have wondered what this link is and where is it going to take me? e.g. http://goo.gl/dFr2Xp which point to my another blog article.

 

 

 

What are short URLs?

URL shortening is technique used on internet to shorten the long URL/link to a smaller one and that redirects to actual URL when clicked. Its very useful in many cases, e.g. for twitter wherein message length is small and you wish to share a link. Or you bought a book and it has website references using short URLs.

Long URLs are the way websites are developed and needs extra descriptive parameters and values that needs to be passed. E.g. see URL for this blog above, it’s the way blogger creates a link based on blog title. By shortening URLs, it becomes easy to pass on and type without errors

Advantages it brings in:

 

*
p<{color:#000;}. Short in nature and easy to type in from non-digital media (books, billboards, banners, posters, etc.)

*
p<{color:#000;}. Takes small size and looks neat instead of long URLs

 

List of popular services that provide short URL:

http://bit.ly

http://tinyurl.com

http://goo.gl (From Google)

http://t.co (From Twitter)

 

Issues due to short URL:

Don’t know what’s hiding behind the short URL: This is one of the most dangerous part of short URLs. It may be a safe link and serves the purpose for you, or it may land up in malware and unwanted websites which you never wished to visit. There is no way for user to know if you may face any issue by clicking a link. This is the main advantage which is exploited by hackers and malware writes to hide behind a cute looking URL.

 

There has been many more services which has been closed down just due to the fact that users used it extensively to redirect users to po-rn or malicious websites.

 

If short URL comes from unknown/untrusted sources, it’s better to not click/open it.

Privacy issue : With four to five major players in this field of short URL, and many websites/users using it, it poses privacy issues to users. Web Servers providing short-url can track you as user and collect info about you to know which sites you visit and pass on this info to third-party. It can track your computer address (IP), links you clicked over time and your behavior with short-urls.

 

TinyUrl.com was known to distribute Spyware: Not all short-URL services are safe and you cannot trust them. Tinyurl.com has been known for distributing spyware as per wikipedia reports. Files may get downloaded automatically as you navigate with short-url and if you open them, it monitors all your actions and note the keys you type in.

 

Websites have stopped using short url in post: Wikipedia and few more websites have stopped using short-urls due to above reasons. Any short URLs entered get ignored and post cannot be saved.

 

Solution :

 

*
p<{color:#000;}. Don’t be click master. Avoid clicking on short URL believing everything is going to be safe.

*
p<{color:#000;}. If you get short-URL from unknown/untrusted sources, then better not click it.

*
p<{color:#000;}. Do not click short URLs in SMS, IM, Whatsapp, emails, blogs and Facebook post.

*
p<{color:#000;}. McAfee also offers short-URL service which can be accessed using this link, You can create your own short URLs safely. http://mcaf.ee/

 

 

 

10 Reasons to use Google Chrome for Security

 

Internet Explorer has been there for good long time now and each version has exposed security vulnerabilities. What that mean to user is that any website that you visit can take control of your computer remotely and can do anything without you noticing it. Microsoft has recently (26th April 2014) notified users about flaw in Internet Explorer [+ https://technet.microsoft.com/en-US/library/security/2963983+] . Here is why its time to switch to better options for free.

 

As internet has matured new web technologies have immersed. Modern browser has been developed to meet those needs and keep users safe. Google Chrome and Firefox has grabbed market share from IE with due its appealing functionality over IE . Today FireFox has released their new version 29 which has refreshing looks, boost privacy and provides new customization. Try it! https://www.mozilla.org/en-US/firefox/new/

 

Why Google Chrome:

Google Chrome has became popular since it launched in 2008 and is the fastest growing browser. Its based on open-source project called Chromium which is driven by Google and people around the world.

 

Here are some notable features from security point that strongly suggest using Google Chrome or Chromium -

#
p<{color:#000;}. Secured Tabbed browsing – All new browsers supports browser tabs to visit different websites in different tabs. In Chrome each tab is separate process running on your system which makes it secure. Web-page from one page cannot infect or access data from other. Chrome has made best use of OS security functionality to extend to browser

#
p<{color:#000;}. Auto-updates in Chrome ensures you get latest fixes and functionality. As a user you never need to force update or worry about it. It’s a patented technology from Google to update their products silently and automatically

#
p<{color:#000;}. Plugins/add-ons to enhance secure browsing. [+ My other blog+] details about security enhancing Chrome plugins that you should be using. Most of these are also available in Firefox also

#
p<{color:#000;}. Chrome maintains blacklisted (Phishing & malware) websites for protecting users. Users are warned if they are visiting these websites which gives in-built protection without any other plugins

#
p<{color:#000;}. Google promotes security research on their Chrome browser and offers bounty if people find security issues in their products. Good few issues has been reported and addressed quickly by Google. Open-source nature provides access to source code that people around world can use and can dig deep to find vulnerabilities. Both of these programs give higher confidence of security

#
p<{color:#000;}. Chrome scans files that you download for viruses. A built in virus protection in browser just works

#
p<{color:#000;}. Security warnings/alert when web-certificates of websites mismatch, an indication of doggy website. If a website claims like your bank website, however has red warning alert from Chrome, then that’s likely fraudulent website

#
p<{color:#000;}. Parental controls with in browser – An In-built parental controls to secure your kids online is available for parents to configure. Here is guide available for same – [+ http://www.howtogeek.com/177958/use-supervised-users-to-set-up-parental-controls-on-a-chromebook-or-just-in-chrome/+]

#
p<{color:#000;}. Private Browsing” mode or “Incognito” mode as in Google Chrome. No traces are left behind when you browse in private mode. No history, no temporary files, no web cookies to track users and no cache. Files you explicitly download do remain. [+ Here is my other blog on it+].

#
p<{color:#000;}. Google Sync – A feature that allows you to login to browser using Google account and then sync your bookmarks, extensions/plugins, history and other configurations. This makes it easy for users to give consistent experience on different machines. All your bank/important website bookmarks are available to use on new machines if you switch between devices.

Oddly, there are some websites that need Internet Explorer only. You will have to stick with IE in those cases and user other for rest.

 

Other notable browsers include Opera & Safari from Apple. They too do great job in many aspects of security as listed above. However Google Chrome is it’s way ahead.

 

Note – Chromium is Open-source version of Google Chrome. Both share same code base. Google Chrome gives a touch of Google branding and more suited if you heavy use Google account, which most of us do.

 

 

 

 

5 Reason to use Linux on Pen Drive

 

By now you would have heard about Linux Operating system (OS), (if not then do a quick read here). Open source and free nature of Linux has given birth to many Linux distribution, each catered for different reason.

 

Linux has matured, stabilized and grown so much that its the most used operating system in world now. Huge number of servers has Linux, Your TV, setup-box, Washing machine, Wi-Fi router, Android, Car, Camera, Flight entertainment system, and many more system run Linux under the hood. This is all capable due to building blocks that open-source and Linux has provide for developers.

 

This blog talks about customizing Linux and installing it on Pen Drive and using it for various reasons. If you are new to Linux then you will have to read some more articles around Linux and give a try to install and run couple of Linux distros. You will learn lot in the process and know how system works. If you are Intermediate/geek then lot of things below will come easy to understand and work on.

 

 

Linux Distros/Distributions – As pointed above, Linux comes in various shapes and sizes and people have customized it to make it run for various purposes. Many software engineers around world have tweaked Linux and created a new distro. Check out Ubuntu, Linux Mint, Fedora and more here. http://distrowatch.com/

 

Why Linux ?

 

*
h3<{color:#434343;}. Secure by default. It’s a modern OS and implements the right architecture to make it secure

*
h3<{color:#434343;}. Customizable – Linux is the most customizable OS I have ever seen. Look at the number of distros and UI options it provides to user. You can get easy to use Linux (Ubuntu / Fedora or Mint) or get a raw Linux that you can setup yourself if you are geek.

*
h3<{color:#434343;}. Free apps via ‘Software repositories’. Huge set of apps available for free with single place to install. You can be sure of security and price as it’s installed from one place from trusted source

*
h3<{color:#434343;}. Linux is the most worked on Operating system by developers around the world. Source code is open to all can that benefits Linux to get issues fixed rapidly

*
h3<{color:#434343;}. Fast – Installing Linux on any laptop/desktop can make you realize how fast your system responds to you as compared to Windows. No unwanted software, best usage of hardware resources, and customization to suite low & high-end hardware. Try installing Linux on your old laptop to give it a new life.

*
h3<{color:#434343;}. Free & Open source – It’s totally free and open-source. You can use Linux distros for personal and commercial purposes for free. Open-source nature has attracted developers around globe to work on cool technology and make it better everyday. You get advantage of fast pace development of Linux which no other operating system in world provides.

*
h3<{color:#434343;}. It provides building blocks to make your own Linux catered for specific usage. Look at various devices Linux runs in and that should give you a picture how Linux can be shaped and made to work in variety of hardware

 

 

Why YOU should learn/use Linux ?

1. Linux is not for geeks. Ubuntu / Fedora / Mint Linux has been developed for everyday use and you can just start using it with all set of applications installed for you. Apps similar to Word, Excel & PowerPoint all setup for you and you don’t need to pay to anyone to use it. No license or fees required!

 

2. Linux is way to go forward as it provides ton of customizations. You will be using Linux in one or other form and learning/using Linux will help you in long run

 

3. Buying Windows machine with all set of third-party apps preloaded is going to charge you more. If you are buying new laptop, go for OS free machine and then setup Ubuntu / Fedora / Mint. You will avoid all unwanted apps and promotional software

 

Give it a try with Linux Live CD:

All Linux Distros provide mechanism for users to try out Linux before you install it – That’s called Linux Live CD. You need to download a CD format of Linux and burn it on CD/DVD. You then need to reboot your machine with CD option and you should be able to test drive Linux on your machine. Running Linux-Live does NOT impact your machine in anyway. You can then decide to install if you are happy with the applications and user interface.

 

 

 

Screenshot showing Ubuntu 14.04 LTS

 

Here are five reasons why you should install Linux on Pen Drive and use it.

 

1. Scan and Clean Windows Viruses:

Windows viruses can go deep and infect badly. Viruses can hide themselves and no one can find them (e.g. rootkits). These can be better cleaned by loading Linux OS and then scanning your Windows machine. AntiVirus programs on Windows can detect Windows Viruses and clean them up. Install ClamAV or AVG Linux AntiVirus on your Linux Distro and scan all mounted drives, then reboot to cleaner version of Windows.

 

2. Boot your desktop environment on public/friend’s computer for privacy:

 

Once you get Linux on your Pen Drive, you can boot to your own Linux environment using USB boot. All modern computers (5-7 year old) do provide boot option which you can enable. Linux from Pen Drive will boot up with all your apps. This will not impact the host Windows OS. There will not be any traces left of browser history or passwords or your files on your friends PC as you operate on your own Linux environment.

 

As you own your Linux environment, you can have all your favourite apps and thus you don’t need to install/uninstall any software on friends computer – I think it’s a better way to just use the machine as keyboard and screen and not all the software/OS.

 

3. Boot to safe environment (No keyloggers):

With Linux Distro and applications you install from ‘Software repository’ it’s unlikely that your Linux environment can get infected with Keyloggers. Keyloggers are viruses which capture all your keyboard inputs and sends to server, this will include all your emails, username, passwords and credit card info that you enter online.

 

Booting from your Pen Drive Linux, no keyloggers from public/friends computer will run and that will ensure everything you type will be safe and not be passed anywhere.

 

4. Backup Data from hard-disk if it fails to boot Windows:

Hard disk are not lifelong. They come with their max age of usage and using beyond is risky. If your Windows PC is old enough then there are changes that hard-disk can fail and your data may get trapped. Your Windows machine may not boot up and you may not get a chance to backup. Good way to give it a try is to boot using your Linux from Pen Drive. Once your boot Linux, you can try mounting your Windows drive and repair it. You may be able to see files and be able to copy them to external hard-disk. Booting from USB come to rescue when your data is in risk.

 

5. Save your Laptop/data from theft:

If you can carry entire Linux environment with you in Pen drive then you don’t need a laptop. You can use any public/friend’s computer for sometime and boot to your favorite environment. A good way to avoid carrying laptop/tablet and risk of getting it stolen in public places.

 

If you lose your USB, your data on it still can be secure enough. You can encrypt your user’s home drive while installation and thus to open any file, it will need a password. For a thief or anyone your drive is just a blank USB which can be reused.

 

System requirements before you start: Minimum 2 GB Pen Drive & 1 GB of RAM

 

How to Install Linux on Pen Drive & use it:

Here is step by step guide to install Ubuntu Linux on Pen Drive. I would prefer using Lubuntu OS, as its stable and lightweight [+ http://www.ubuntu.com/download/desktop/create-a-usb-stick-on-windows+]

 

Once you create USB drive with Linux, reboot your machine and select USB boot from your boot setup. Here is how.http://lifehacker.com/5991848/how-to-boot-from-a-cd-or-usb-drive-on-any-pc

 

 

 

Disable apps that you don’t use and can’t uninstall

 

You got a brand new Android mobile ? Great. Got lots of app pre-installed ? Yeah. Mobile manufacturer (Samsung/LG/Asus/HTC/Nokia and others) pre-install loads of apps by default. They partner with other app developers to promote apps and make money in turn. Great business sense to pre-install and get people use those apps with ease.

 

There are apps that are common and people do install it eventually (e.g. Gmail/facebook/Whatsapp). It make sense to install it by default and make it available for people to start using right away on their new phone. However there are ton of other apps that mobile manufacturers pre-install and that is annoying to users.

 

As a user you may never use these pre-loaded apps. Just an example, I got Samsung S4 (from phone service provider) and it came with 80 odd apps, out of that I never ever used 40 apps! That’s huge set of apps pre-loaded. It may vary based on which phone you buy, however its obvious that new mobiles does comes with good number of pre-loaded apps – which you never will use!

 

Pre-installed apps can run in background and has all permissions:

Even though you never use all those pre-installed app, they are still there and running behind the scene. Each app has permission granted to them and can read/write your SD card, has network access, can intercept phone calls/sms and do much more. Result – Privacy/security issue in addition to battery drain which you never notice.

 

User can’t uninstall preinstalled apps:

Problem with these pre-installed apps is that user cannot remove them. They are installed in system space/partition and thus locked by android/mobile vendor. Users cannot uninstall it. You are stuck with those 40+ odd apps!

 

You can remove those apps if you root your phone. However rooting is not recommended and not easy way for anyone to try out. Rooting is a process of gaining admin access to your phone and with that access you can do all things on your phone. There are ways to root your phone and you can find steps on google to do so. However its not straightforward and it voids your phone warranty.

 

Best way to solve this is to disable pre-install apps!

Navigate to Settings > Application Manager and open up apps that you don’t not use. Mark them as disabled and here you go. These apps will not run or update any more. Will not carry out any function and will not read/write data or use your internet. Result – a safe phone to use.

 

Basic security concept used here is – less the number of apps, less is the security risk. Same concept applies to your new laptop/tablet too.

 

Its not that user don’t have option about pre-installed apps. You do – go ahead and review apps that you don’t use and disable them.

 

Warning: Do make sure you are not disabling any system apps. Do try to run the app that you plan to disable and check if it’s not a android-system app.

Advantage you get –

 

#
h3<{color:#434343;}. Better security / privacy by keeping minimal apps running

#
h3<{color:#434343;}. Improved battery performance

Why you need to understand mobile app permissions ?

 

Android has been successful due to huge array of apps available and ease of download for users. Open nature of android helps app developers to develop various kinds of apps and do magic. Installing an app shows permissions required for an app and that gives us a hint what this app can do/access from your smartphone/tablet

 

App permissions are access that an app is requesting before you download and install it. If you grant the access, app downloads and has all required permissions to run. No permissions are asked thereafter unless additional permissions are required to update newer version from Google play.

 

Android platform provide granular permission set for apps. Based on what an app does, it defines which permissions are required and does let android-platform know about those. As a user you get to know these permissions when you opt to install the app and before you download it.

 

It depends on app what permissions it needs. If you are just installing a game, then it may ideally not need any permissions. However if it needs to show ads then it needs internet access.

 

 

 

 

Why you need to worry about app permissions:

 

*
h3<{color:#434343;}. Android apps or mobile apps in general have much more control over your mobile and can do anything it wants. Imagine you download a game and in addition to the play, it uploads all your photos/videos from mobile and sends to third-party website ? Or track your exact location and capture all your private info and notify others about it without you knowing anything.

*
h3<{color:#434343;}. Fake apps – All top games on Google play has a copycat app which can unwanted stuff behind the scene

*
h3<{color:#434343;}. Pre-Installed app can have more permissions than required – Huge number of apps come pre-installed on your phone which you may never use. These apps can have all permissions and you may never notice them doing anything. Even though you don’t actively use them, they can run behind the scene and do all damage. Pre-Install apps can’t be uninstalled as they are marked as system apps. You can still go ahead and disable those apps. This blog post of mine provides more details

*
h3<{color:#434343;}. Mobile malware/viruses has grown high. Here is report from Mcafee http://www.mcafee.com/us/security-awareness/articles/state-of-malware-2013.aspx

*
h3<{color:#434343;}. It’s been reported that apps request for 33 % extra permission than what they need. This hints of something fishy in the app

 

Here are permissions that are available for any android app to use.

 

Network access :

Can connect to internet to upload/download data. It can be app specific or from your mobile

 

Phone calls/SMS:

Can make phone calls or send SMS. Can read/write SMS

 

Your Location:

Can access your location via GPS. Apps can exactly know where you are at any point

 

Storage:

Can read/write all of your data on phone and sdcard. Photos/videos/songs/

 

Account access:

Can access your gmail account for email-Id, name, phone number, contacts and friends.

 

System access:

Can scan files, change lock screen, change enable/disable settings on phone, start on phone restart.

 

Hardware controls:

Can access camera and take photos, vibrate phone, use NFC, accelerometer

Payment access:

Can request for purchases within apps

Providing access to some or all of the above android-permissions to any app may be harmful in anyway. Your data/identity/location and more info is available for apps to use and send to outside world. You need to revisit permission thoroughly before you install.

 

How to prevent surprises on mobile ?

*
h3<{color:#434343;}. Review permission of apps you install. Be careful if apps demanding too many permissions

*
h3<{color:#434343;}. Review app permissions for pre-installed apps and disable them

*
h3<{color:#434343;}. Install Mobile security Product that scans for malware and highlights you. Try McAfee Mobile Security – Award winning mobile security for FREE. This is security app and thus needs more permissions to scan and fix issues on your mobile – Go ahead and install with confidence.

*
h3<{color:#434343;}. Do not install apps from unknown sources. Prefer only Android Google Play to download apps

*
h3<{color:#434343;}. Check if you are not downloading fake version of popular apps. Check for download number and reviews around it. Do a quick check on correct version of app

*
h3<{color:#434343;}. Uninstall / Disable apps that you don’t use

*
h3<{color:#434343;}. Keep eye on data-usage, battery-usage by apps. Navigate to

**
h3<{color:#434343;}. Android Setting > Data Usage > List of apps showing network/data usage

**
h3<{color:#434343;}. Android setting > Battery > List of apps that consume battery

*
h3<{color:#434343;}. Read reasons for permissions needed by app on Google Play store. Many developers do detail out this info to be transparent.

Know the unknown phone caller with TrueCaller

You got a phone call from unknown number and you wonder who the person is. A very common scenario for all of us; with marketing calls on rise you never know if its sales call or important call that you should be attending. You wish to keep your phone silent and block all unwanted calls? Solution is to use TrueCaller app (Android/iPhone).

Know who called you:

TrueCaller maintains a huge database of contacts and help your display name and phone number of people who called you, even if that contact is not in your phone book.

Truecaller integrates with phone-call to show name and number of person if it’s unknown and helps you decide to receive the call or reject it.

In case you get a miss-call from unknown number, TrueCaller show you name/number of this caller. You don’t need to return a call or text back to know who the person is.

How does TrueCaller gets this data:

As per TrueCaller, they get it from public sources, yellow pages, people who wish to submit info about people from whom they got calls. TrueCaller do NOT use your phone book to send info to them for their usage.

When you register to TrueCaller, your number gets added to their database. People can know that you call calling, if they too have TrueCaller installed. You too get advantage to let people know that your are calling them even if people don’t have your contact details in their phone book.

Block unwanted spam calls & Text :

Marketing and sales calls are common. You may register to ‘Do not call me’ and avoid people calling you in first place, however its not standardise and globally available. You may still get spam calls. Best way to avoid spam calls is to use TrueCaller. It guards you with regional spam list and blocks all calls/message.

You can add custom list of contacts that you wish to block for calls/text.

TrueCaller database for spam numbers will continue to grow as users around the globe submit data, you will get the benefit of it and all unwanted calls get blocked automatically.

Privacy on Truecaller:

Your are exposing your name and number on TrueCaller. They get a valid phone number which is maintained in their database. Even if you don’t install, your contact details may get added by your friends or third-party as they interact with you. You can always choose to remove your contact details from TrueCaller website by visiting here -

You are installing an app that gives away your name/phone-number to public website. You need to configure in such a way that only your friends should be able to search you and not general public. Enable below settings in TrueCaller after you install it.

TrueCaller request for login using facebook/google credentials. I would recommend NOT to use facebook/google+ account as it post status on behalf of you on your facebook wall. Also it can get access to all your Facebook data (friend's/location/email) which is too much of ask by TrueCaller app.

How to get TrueCaller:

Download TrueCaller on Android/iPhone/Windows phone http://www.truecaller.com/

How to be Anonymous online – Privacy on public network & computers

Browsing online brings in privacy and security issues. Browsing on public network or public computer, brings in higher level of privacy issues. What you browse, emails you send/receive , what you chat, your username/passwords all can be known to others by going online on public network/computer. Of course you don’t want all these to be known by others and used against you. So don’t use public network or public computers at all?

Solution is to use “Tails Linux” operating system running on your USB drive(Laptop/Desktop). Its that easy. Tails(The Amnesic Incognito Live System) is a Linux distribution crafted for privacy and security. It’s built on free and open source software that everyone can use. Tails Linux gives privacy to anyone anywhere.

Tails Linux is around five year old and built on top of Debian Linux which itself is known for its high security standards. Purpose of Tails is to provide ready to use Operating system for people which is secure out-of-the box. Below are the notable scenarios that are covered by Tails and why its getting popular(700,000 people use Tails daily).

Screenshot of Tails Linux

Public network anonymity:

Public Wi-Fi is everywhere and will continue to grow. Café, Airports, Hotels, Restaurants, Malls, Bus/trains and many more public places that Wi-Fi is readily available for people to connect, and people do use it actively.

Tails use “Tor Network” which is free software and open-network that helps people against network tracking and analysis and give privacy. Network traffic travels across multiple networks and it becomes hard for anyone to track source machine. A unique method now used widely for privacy. More on Tor network is here -

As you reboot laptop, Tails connect to Tor-network and from there on any site you browse will not know which machine/location you are browsing from. No one on web can track you back to the public Wi-Fi that you are connected to.

Hiding Machine fingerprint:

Every network device has a unique address called MAC address. It’s built into your hardware and is unique globally and does not change. This MAC address is known to all Wi-Fi routers around you even if you are not connected to it. This machine-fingerprint is used in many ways to track users. Read my Wi-Fi tracking article for details. Anyone can track your entry and exit in an area based on MAC address just because you have Wi-Fi enabled on your devices (Smartphone/tablet/Laptop).

Tails solve this problem(on laptop) by changing MAC address every time you boot the machine. Random MAC address is generated every time and makes it difficult for anyone to track you back. This is enabled by default and done automatically behind the scene.

Website anonymity:

Websites you visit, plants a cookie in your browser to track it for future reference. Once you go back to that website, it exactly know when was last time you visited the site and can map all your activities on that site. You then start getting a personalized by showing you content that you may like more – This is to engage user on their website and in-turn make business (ads, marketing/promotions). Websites thus captures your behavior on their site and this data is generally shared/sold across web-sites. All your browsing history is thus tracked and maintained by websites.

Tails boots as Live Linux CD and thus every time you start the machine it gives you a fresh OS which seems to be booting first time. Any website cookies that are planted gets wiped out as no data is persistent by default. It’s similar to private-browsing mode in OS. Websites will consider you as new user and will be not be able to track you based on your earlier visits thus giving you privacy.

Also as pointed about with ‘Tor-network’, websites you visit cannot track back the source, making it hard to filter our area specific info. You will see totally different web content on same website, when you browse using Tails OS as compared to your regular OS. Websites, use network address (IP address) to track sources, this address will be different every time you visit a site, making it hard for website to track you.

Encrypted email and chat:

Email and chat are common way of communication on internet. However every email or chat message you send/receive is known by your email/chat provider(google for example). You cannot keep a conversation private with current mechanism. Somewhere somebody can read your content and can be used against you.

Tails OS provide Email and chat client applications that provides privacy. You can encrypt emails/chats and send it to intended person. Only that person will be able to read the content and no one else will. Also, receiving person can be sure enough that it’s coming from you and no one has seen/modified the content in between. Tails OS provide Clawn Email and Pidgin chat client that ease out setup for privacy (PGP – Pretty Good Privacy) which works on secure public/private key concept.

Virus protection:

Tails is Live Linux CD which means nothing can persist once you reboot. Even if you get infected by virus as you browse, no viruses can continue after reboot. Secondly Linux is secure by design which makes it hard for Virus to infect and live long. Lastly administrator account is disabled by default in Tails which ensure that no access is granted to anyone by anyway. This makes it rock solid OS and you don’t need to worry about Viruses.

Tails is built on top of Debian Linux which ensures that no malicious code is built into OS in first place. No malicious code can get into open-source software as it’s been reviewed thoroughly by multiple people around the globe to keep it secure. This adds to the confidence of a strong and secure OS that Tails inherits.

You cannot download & install any software. It might seem as limitation, however that brings is safety as no third-party untrusted app can go unnoticed. Below is set of apps preinstalled for you to use an for most of the cases that should suffice regular user.

Secure/Encrypted Storage:

You may have data that you wish to carry with you and work on that data. May be some confidential data or personal photos that you wish to read/see. Windows OS does not encrypt any data on your hard-disk by default and that leaves your data available to people if your laptop is stolen. Your data is most important to you and with mobile/laptop theft it can land up in wrong hands.

Tails OS address this issue by providing a mechanism to create encrypted storage/volume on your USB with a strong password. You can then load this volume with password and read/write it. If you wish only to read the content then Tails load this data in read-only mode and no damage can be made in case something weird happens.

Key logger protection:

Accessing public computers for any kind of browsing is risky as it can record all your keyboard inputs (emails, username/password and chats) and send it to unintended people. These keyboard tracking can be done by software or hardware mechanism and called as keylogger. There are applications that can capture all your keyboard inputs and store it for later use, or there can be hardware key logging devices that might be connected. In any case keylogger is hidden from you and silently listening to you.

Tails solve this by providing a on screen keyboard that you can use for username/passwords or any sensitive info you are typing. No hardware can trace that; and as there is no keylogger software that is installed or can be installed, no question of software tracking.

Browser protection:

Browser is what you extensively use online and that needs to be secure enough. Tails run version of Mozilla Firefox browser called Iceweasel which is built for security. In addition it has built in security plugins to make every network connection secure(HTTPs Everywhere and NoScript).

Rich set of applications to server you:

Surely you may need more than this browser or email/chat client on OS to use. Tails provide you with full set of Office like apps to use. It has OpenOffice apps as replacement for Word, Excel and Powerpoint.

KeepassX is installed as password manager for offline storage of your passwords. KeePassX is open-source, award winning app for password management and has all required functionality you need. You can maintain your passwords on encrypted storage and use it with KeePassX.

Other minor features:

Tails can bootup looking exactly like Windows XP. User interface (Wallpaper, Icons, buttons) is rendered like XP which can deceive anyone around you to think you are using old XP machine which can be easily hacked (actually not). XP looks also can also help windows user feel like home and don’t need to worry about Linux underneath.

Tails OS is loaded in RAM memory and gets cleaned up as you reboot. No traces are left behind on hard-disk. Even RAM memory is forcefully zeroed up to clean up and leave no traces on reboot (there are instances where in RAM memory can be accessed after few seconds on machine shutdown).

Tails OS showcasing XP look and feel

Download and Installation

You can install Tails on USB/Pen Drive or CD and boot your machine using same

Here is download link. Here is [+ installation guide from Windows+]

Conclusion:

Tails Linux brings in rich set of functionality to give you privacy from various aspects. Protects your data and prevents you from getting tracked. On the top, its free for anyone to download and install.

 

Use “Private browsing” mode for security reasons

All modern browsers support “Private Browsing” mode or “Incognito” mode as in Google Chrome. No traces are left behind when you browse in private mode. No history, no temporary files, no web cookies to track users and no cache. Files you explicitly download do remain.

Private browsing mode shield you only on local machine; your Internet service provider or your company can still know what your are browsing. Private-browsing still make sense from security point as explained below.

Here are good reason why you should use private-browsing mode

*
p<{color:#000;}. Public computer usage – You are using a public computer and accessing your email/Facebook or bank accounts. Use private mode. No history, no passwords will be stored back for others to use.

*
p<{color:#000;}. Temporary login to friends machine – Logging in from friends/colleagues machine to do a quick email/Facebook/etc. check. Leave no traces for friend to see.

*
p<{color:#000;}. Login to bank website – Accessing bank account for any transaction? prefer private browsing as all plugins get auto-disabled and no unknown plugin records your keystrokes or monitors your web page and data posted to bank site.

*
p<{color:#000;}. Privacy from google search – If you sign into chrome then all your search results are stored by google. If you wish to keep some privacy over what you search, use private browsing mode. Google or any other search engine will not be able to map search back to your account; of course you will be restricted to search non-adult content

*
p<{color:#000;}. No auto-fill history – You don’t wish your username, search fields, or address get added to auto-fill history; private-browsing make sense.

*
p<{color:#000;}. Privacy while accessing porn. Self explanatory as you don’t wish to leave everything in history.

Browser plugins and Private-Browsing mode – Browser plugins are apps that run as part of your browser to enhance your internet experience. Plugin as they are part of browser has access to each web page you browse, content of the page, and data you enter (email and passwords). With private browsing all plugin get auto-disabled and that’s great. You can enable a plugin selectively if you wish to. Ensure you enable only minimal set of plugins to keep risk low.

Starting browser in private-browsing mode by default – For any of the above security reasons or more, you can always start browser in Private-browsing mode by default. Here are ways to get browser auto-start in private mode – http://lifehacker.com/5530828/start-any-browser-in-private-browsing-mode

3 Key privacy settings in Facebook you should care about

Facebook is now the social networking norm and everyone connecting to internet is on Facebook or soon will get on it. No big deal with having a Facebook account and actively using it daily. Kids start Facebook at 13 (officially) and will go till you are alive. It’s going to capture all your life events and map it in its timeline.

You are one of those Facebook users who share things, who over-share or under-share. But you do share! If you don’t then your friends share info about you by means of tagging. Ultimately there is info about you shared directly or indirectly.

There is ton of info that can be shared and people do share it without a second thought. And this gets into Facebook permanently(even if you delete your account). This info can then be used by public/friends and is no more private.

Knowing that you will hold Facebook account for lifetime, it’s important to review privacy settings and manage who can see your shared info. Here are the key privacy settings that you should set

h3<{color:#434343;}.

1. Who can see my stuff?

Manage who can see all that you post on Facebook with this settings. Mark it to ‘Friends’ only when you share instead of public. Facebook also allows you to control this settings per post that you share so keep a close eye on what you are sharing and whom do you wish that to be seen. Do review your existing post for friends/public sharing.

h3<{color:#434343;}.

Facebook > Settings > Privacy

h3<{color:#434343;}.

h3()={color:#434343;}.

Review sharing option when you are about to post your new photo or status

h3()={color:#434343;}.

h3<{color:#434343;}.

h3<{color:#434343;}.

2. Manage photos that your friends tag you in:

Photo tagging feature is great. It lets your friends tag you in photos they share. Good thing Facebook does is that it lets you control your photos before it gets to anyone. You can get selectively in adding photos to your timeline even though your friends shared those publicly. Each photo a friend shares of you can be allowed/hidden by you before it gets seen by anyone. Unless you allow, no one will see those or appear in any search results by your friends.

h3<{color:#434343;}.

h3()={color:#434343;}.

h3<{color:#434343;}.

h3<{color:#434343;}.

3. Review how others see your timeline:

Facebook provides mechanism for you to see how others (public/friends) see your profile. It is very useful to know how your profile/timeline looks when third-party or your friends see it. It will help you hide few things or promote few things in case you missed category.

h3<{color:#434343;}.

h3()={color:#434343;}.

h3<{color:#434343;}.

h3<{color:#434343;}.

h3()={color:#434343;}.

h3<{color:#434343;}.

h3<{color:#434343;}.

 

h3<{color:#434343;}.

Your Online Privacy is at risk !

What is Online Privacy and why anyone should care about it online?

Online Privacy is about you and personal privacy concerning your data the way it’s stored and used by third-parties, and displaying that via internet.

With internet age, your data is captured every moment with what you do online and is available for companies to use and share with others without you noticing it and that’s the reason why you should care. Your identity and data is not only yours anymore.

Google the web king:

Every google search you do after login to google is stored. Google exactly know what kind of info you are looking for and what was your search history which it can relate and then show new results. Search done on webpage/tablet will also show up on phone and vice-versa.

If you have android then you can also see that “Google Now” will show related blogs/articles around your search. E.g. if you search for a name of place then few minutes later you will see a short map with time to travel to that destination will be shown. It’s a great personalization and very useful to user. However it’s a way to show that your search queries are stored and processed for various purposes.

Every Android user ideally has Google account and that is the way Google brings in gmail / youtube/play and other services to user. All your emails are now with Google and they exactly know what you do and your personality traits. Ads shown by Google are defined by context of your emails.

You use youtube, and it knows which videos you watched, what you like and what you are likely to view. It show all that closely matches your taste to you and removes all other clutter.

Google alone brings huge issue of privacy online, and it’s hard to stay away from Google for all the services that you use.

Here is Privacy Policy of Google that details what information is collected, how they plan to use and choices Google provide to update this information. https://www.google.ie/intl/en-GB/policies/privacy/

As per policy Google collects name, email, phone number, credit-card, address, search query, your photo, you IP address, OS, On Android – call log, sms logs, hardware settings, device unique IDs, browser type, browser language, browser cookies to uniquely identify a, user’s location via GPS/Wi-Fi/Mobile-tower,

Google does accept as per their policy that they share this info with partners/companies/individuals outside Google.

Google does a good job of providing us ways to view our web history and then remove items from them. You can also stop recording web-history. https://history.google.com and you see it all there. You can see all you web history of search, image search, maps, finance, travel, books, videos and more.

Facebook/Social network:

You got facebook account and Facebook knows what you share, your friends, your chat, your likes and dislikes. Your close friends, your relatives and your affairs. Facebook can track you every webpage you visit (via like/share buttons on those pages). Even user who don’t have facebook accounts are also tracked by facebook. Facebook recently acquired Whatsapp and thus all chat communication is now known to facebook.

Photos and Videos you like or comment are with facebook. You get tagged in various photos of your friends and all that is with facebook.

It uses this info for showing ads to you. This info is also shared with other companies for various reasons. Here is Facebook Privacy Policy https://www.facebook.com/about/privacy/ . Here is good read on understanding Facebook privacy policy – [+ http://www.digitaltrends.com/social-media/terms-conditions-facebooks-data-use-policy-explained/#!GWyjH+]

LinkedIn:

If you are working, then it’s high chance that you have a LinkedIn account with all your info about employer you work/worked for, peers, projects, achievements, skills, recommendations and much more. Anyone can exactly find what you work on and your skillset without you noticing it. It’s good and bad. LinkedIn is great for professionals to showcase skills and connect to peers across, however the data we pour in there is huge. Again this data is available to anyone for ads or personalization.

In addition to LinkedIn, employers do search for social networking and other sites to know more about you before they interview/hire you. And with companies sharing your data, your scores are defined before even you get to interview.

 

Whatsapp/Viber/IM chats:

Whatsapp and other messengers has sprung up due to smartphone and always on connectivity. Around 500 million users are hooked on Whatsapp alone. Text, Videos and photos are widely shared in 1-to-1 or Whatsapp groups. This info is with whatsapp and now with facebook. Data of 500m young people!

ISP/Government surveillance:

All your data and websites pass through your internet service provider and then on the routers across globe. All this data is tracked and monitor by vendors at various levels. Your ISP, you state/country and all intermediate internet gateways on the way.

Governments can ask for any of the website companies to share data about a user for any kind of investigations. Your emails/chat/photos/videos/likes and other data can now goes in hand of government without your consent.

Governments exactly know your income and expenses, credit/debit cards you hold, things you buy and from where you buy.Which place you visit and how often you visit. They can even tell you your monthly income/expense and categorize each item and tell you how much you spend on hotel/ restaurant/ grocery/ medicine / flights or movies you watched.

Calls/SMS:

Skype/Viber and all telephony companies know whom you talk to and how long, even if you delete all your call log or history. All this is available as data to investigate and reuse for various purposes.

Your phone provider knows where you are so as to connect and ring your phone for incoming call. This info is maintained as you walk/drive.

Music/Books:

If you have kindle/e-book reader then amazon knows which books you read, what’s your reading pattern, which books you are likely going to read and show those. It also knows your reading speed and show how long you are going to take to complete a book.

Spotify and many other music players provide free music service with ads. Great to listen on phone/laptop. You login to these services via Facebook/Google accounts and all that info is captured. You personal favorites, playlist and more.

Photo/Video:

Google/Dropbox/facebook knows which camera you got, where you clicked photos, how many photos you clicked and what’s your photography skills look like.

Smartphone the privacy killer:

You got smartphone and it captures all your info, place you visit, websites you navigate, apps you install, games you play, songs you listen time you wake up, chat you do on whatsapp and banks you hold your accounts. It knows how many steps you walk/run daily and how many calories you burnt. Android/iPhone capture all that you do with your phone and most of it does get sent back.

Hotels/Malls/Shopping:

With malls providing you cards to gain points and redeem, exactly knows who you are and what you buy. Which fruits you eat and how healthy you eat. By just entering malls they know you are in using your smartphones wi-fi. How much time you spent in mall and which shop/section you spent most of the time.

Malls you visit first time also knows about your just due to the fact that you have smartphone with Wi-Fi enabled. They capture all your info, shops you visit and time you spent. Is that your first time in the mall or a returning visitor. Your smartphone keeps searching for known Wi-Fi hotspots and that helps Wi-Fi sniffers to know about your and can track you.

Almost all hotels now provide Wi-Fi and that forms the entry point of monitoring who connects or who is nearby hotel. What time you came in and how long you stayed.

Other Internet services that we often use:

You use netflix or other movie streaming and it knows what you are watching.

Notes you take on Onenote/Evernote/Google Keep and other sites are available on cloud.

Tripadvisor and other travel sites exactly know places you like and hotels you visit, they show what’s you likely going to book in your next travel destination.

Modern day cars are connected to internet and keeps track of how you drive, places you visit, FM and songs you listen to and more.

Data backup:

Everyone is concern about backup and don’t want to miss photos or documents they have been working. All of this data again goes to cloud services like google Drive or Dropbox or box.net or Amazon. All your data is surely safe to be available for restoring in case you lose your device or your hard-disk fails.

However you are now giving your data to keep in some other hands and that’s all unknown to you. All your private photos/ideas/your work/music and much more is backed up on cloud and managed by someone whom you don’t know. Surely this data will be scanned, processed and maintained in a way to make more sense to you and others.

Stolen/lost devices-

50% of theft happening around world is about mobile/tablet/laptops. All of these are data centric devices and points to your identity.

Reflection of your data on ads/personalization:

Ads you see on internet relate to you more than ad on TV. Google/Facebook/Apple/ other know exactly what you do online and show ads that you are likely to view or interests you.

All of these data is collected behind the scene and sold from one company to another without your consent or knowledge. Companies make most of it to give you personalized service on their websites and try to engage you most.

Even with private-browsing modes enabled, your internet service provider, state government, your company knows exactly what you browse. This dump is maintained for long time to refer back.

Personalization based on your data is great, however huge amount of data is been collected about you every hour/day and stored forever. You never know how it can be used against you or processed for you to provide unique internet experience for you that may be different than reality.

Best Practices:

A good solution is not to use internet at all, however that’s not practical as it brings in so many advantages which we have been enjoying. However we should be aware about above listed things and make sure you follow some best practices to keep a tab on your privacy.

You need to be careful on what you do and how you interact with technology that constantly follows you. Here are some good tips

#
p<{color:#000;}. Use two-factor authentication to ensure you have high level of protection around your account and no one can hack your account to get all your data. Here are details about two-factor authentication -http://softwaresecurityforyou.blogspot.ie/2014/04/securing-your-account-with-password.html

#
p<{color:#000;}. Review your web history on google and keep it minimal. May be block web-history recording from google. Review it athttps://history.google.com

#
h3<{color:#434343;}. Review privacy settings on facebook. Remove unwanted access to apps and fine tune who see your shared info

#
h3<{color:#434343;}. Use Private-browsing mode if you are searching and don’t want google to capture that, of course don’t login to browser or google

#
h3<{color:#434343;}. Be cautious about what you share/like/comment online on social media

#
h3<{color:#434343;}. Disable Wi-Fi/Bluetooth if not in use

#
h3<{color:#434343;}. Uninstall unwanted apps that you don’t use on smartphones

#
h3<{color:#434343;}. Ensure you have Anti-theft apps on your mobile devices and you wipe data remotely using them if you lose it. Setup PIN/Password on your mobile devices.

#
h3<{color:#434343;}. Review your usage of internet and data sharing

#
h3<{color:#434343;}. Ensure online accounts for data backup are safe and not exposed

#
h3<{color:#434343;}. Avoid connecting to public Wi-Fi hotspots or use VPN solutions to encrypt all communication.

#
h3<{color:#434343;}. Use Tor for additional privacy from ISP and intermediate gateways

#
p<{color:#000;}. Setup Google Alert on your name. Visit http://www.google.com/alerts enter your name, and variations of your name, with quotation marks around each. Select how frequently you want alerts (daily is probably fine for most of us) and where you want them sent. Now onwards if your name appear anywhere on public internet and google finds it, it will notify you.

Stay safe online!

Secure your confidential emails using PGP encryption

Email is the here to stay for long time, though we have moved to chat, voice call, video /skype calls, twitter and Facebook messages. Good amount of information is communicated over emails and that is part of our daily routine.

Many times we do need to send confidential information via email and we do share critical info using email. This info is then maintained on servers forever – one copy on your account and other on receiver’s account and can be read / sniffed by people who owns the servers/data. Also servers are backed up and they do ensure users emails are not lost in case of any failure. In practice your confidential info has many copies around the globe that can land up in anyone’s hand.

h3<{color:#434343;}.

We all do use popular email services like, gmail/outlook/yahoo/etc. and they do provide secure login over HTTPS/SSL. Email you sent is encrypted from your computer to gmail (as example) server. This email is then forwarded to receivers email server in clear text(unencrypted format) and can be sniffed by various networking tools.

h3<{color:#434343;}.

Web emails (Gmail, yahoo, outlook, etc.) store your emails as you draft/compose them. Every line you type gets backed up immediately. Any confidential info that you typed gets stored on server and even if you remove/delete those lines, there is already a backup created on servers to refer for Google (example). Thus even if you wipe out confidential content from your email before you send, it’s still now maintained on server forever and you can’t remove it!

How do you then send confidential info that only receiver can read it ? How can you ensure that you email stored on servers is encrypted ?

Solution is to use PGP (Pretty Good Privacy) technology which was invented in 1991 by Phil Zimmermann. Yes, it’s been long time that technology to secure emails is available, however it’s complicated setup that keeps people away from usage. There are right set of tools available for you to make it easy and send secure emails right from your browser.

h3<{color:#434343;}.

With extensive internet usage in our daily routine and our data in cloud, you need to protect your confidential data in all forms. You need to manage your confidential data the way it’s transferred & stored. PGP comes in handy here and learning it will help you in long run.

How it works?

PGP uses modern day Public-Private key encryption model combined with conventional secret key for faster encryption. People who wish to send secure emails, need to create a public & private key pair using tools(listed below). Public/private key is nothing but a big mathematical value used to encrypt and decrypt a message. Public-key part of it can be shared with everyone whereas private-key part is to be stored securely and not to be disclosed to anyone. Any message/text, encrypted by public-key can be decrypted only with Private-key is the rule.

h3<{color:#434343;}.

To use PGP, you need to first generate public-private key pair. You then need to share your public-key to people so that they can encrypt their message using your public-key and you can then decrypt that message using private-key. If you wish to send secure email, then you need to get receiver’s public key for encrypting the message.

In PGP, a session key or secret-key is also involved. This is to speed up encryption/decryption of your email. This secret-key is generated randomly when you send email and is only used for that email communication. Secret-key is then encrypted using receiver’s public key.

h3<{color:#434343;}.

h3()={color:#434343;}.

What do you achieve using PGP ?

*
h3<{color:#434343;}. Only receiver can read your emails

*
h3<{color:#434343;}. No one with access to email servers can read / decrypt your emails or modify it

*
h3<{color:#434343;}. Your data is secure while it’s transferred from one server to another

*
h3<{color:#434343;}. With additional PGP setup, you can ensure that the email is coming from trusted friend and that no one on the route has seen or modified it.

h3<{color:#434343;}.

What are high level steps that I need to take ?

*
h3<{color:#434343;}. Create Public-Private Key pair using tools

*
h3<{color:#434343;}. Share public-key with friends

*
h3<{color:#434343;}. Store Private-key securely and no one should have access to it

*
h3<{color:#434343;}. Use PGP tools to encrypt emails and send it

h3<{color:#434343;}.

Mailvelope as browser extension tool for PGP:

There are couple of client side tools that you need to use to create public/private keys and then use them in local email client(outlook/thunderbird/etc.). Instead of that there is a better option – Mailvelope. This addon is available for Chrome and Firefox. https://www.mailvelope.com/

Mailvelope has resolved the complexity behind PGP and made it easy for everyday internet users.

How to secure you public/private keys:

*
h3<{color:#434343;}. You should be using password manager for storing your passwords. These password managers generally provide secure notes or text boxes for additional notes. Use them to store your public/private keys. Do export keys from Mailvelope and store them in your password manager.

*
h3<{color:#434343;}. Do not setup Mailvelope on public computer. Uninstall mailvelope if you no longer use laptop to send / receive emails

h3<{color:#434343;}.

 

h3<{color:#434343;}.

Malls track your visits by Wi-Fi tracking

How does Wi-Fi works ?

Wi-Fi is preferred wireless way of internet connectivity on mobile devices. We connect to Wi-Fi at home/office/cafe/Hotels and public places to get fast internet connectivity and do all stuff using it. Usage of Wi-Fi has spread fast with smartphones/tablets as compared to laptops couple of years back.

Wi-Fi uses network name (SSID) and shared-password to connect and that makes it easy for users to get internet without much hassle. Once you connect to a network, your mobile device remembers the network and tries to auto-connect to it whenever it’s available.

Mobile devices store all this Wi-Fi network info and use to auto-connect on periodic basis so as to provide preferred connectivity; and all that happens behind the scene. May be it’s your android/iphone/blackberry/windows phone/tablet all work same way. Your phone tries to connect to Wi-Fi automatically.

You can see list of Wi-Fi networks connected by your device going to settings > WiFi

What is Wi-Fi tracking ?

Your phone continuously searches for Wi-Fi networks to auto-connect. To do this, it has to broadcast network signals/packets on air and check if network name stored on your phone is available. Thus your phone constantly sends signals(packets) via wireless (air) and waits for response from your Wi-Fi router. If Wi-Fi network is available then it auto-connects to it.

Your phone has unique address (MAC) and that is used when Wi-Fi signals are sent out. This address does not change and can be effectively used to identify your phone uniquely; and so also you.

Every time you visit a mall/hotel they can track your visits. With minimal set of Wi-Fi equipment’s anyone can track you using these Wi-Fi signals that are sent out from your mobile device. They can exactly know when you came in and how long you were around. As your phone constantly sends Wi-Fi signals which has your unique (MAC) address, anybody can identify your presence in a area without you connecting to any of Wi-Fi networks.

Malls/Cafes/hotels are setup-ed with Wi-Fi devices that can track your presence and then record this data for commercial/non-commercial purposes. There are companies that develop sophisticated equipment’s and websites that can help malls/cafes to know more about you and your visiting patterns. This is exactly called Wi-Fi tracking. Your movement is tracked easily by just the presence of your phone along with you.

How can it be used against you ?

Just by mere presence of mobile device with active Wi-Fi can track you and your movement around an area. You do not need to do any action or connect to any network, and still you can easily be tracked.

This info of yours and your pattern of visiting a place can be used for commercial purposes by malls/shops. They know how often you visit and where you ponder around, which section of mall you visit and how long you spend time around your favorite place in mall. This can be used by malls to know what people like and what sales more and what to market more.

This brings in privacy issue as your presence is tracked by people easily without your notice. You pattern of visits is tracked, If this data is exchanged with others then all your data is exposed and can be used for good/bad reasons.

Currently this method of Wi-Fi tracking is been actively used by various malls around world.http://nakedsecurity.sophos.com/2013/05/09/nordstrom-tracking-customer-smartphones-wifi-sniffing/

Seattle police department has setup network that can track all people with mobile devices in city. Read here -http://www.rawstory.com/rs/2013/11/10/seattle-police-department-has-network-that-can-track-all-wi-fi-enabled-devices/

Wi-Fi tracking thus can be done by anyone with minimal setup. This info can then be partnered with other vendors doing same things and can result in tracking you around multiple places which hurts people’s privacy.

Your phone broadcast info where you live, where your work and which hotels you visited

As pointed above, all your Wi-Fi network info you have been connected to is stored by your mobile so that it can search for it and connect later. This list of networks is also broadcasted every time your mobile tries to connect to any Wi-Fi network.

With Wi-Fi equipment’s in place, anyone can find which Wi-Fi networks you have been connected to earlier and can detail out all (network SSIDs) which can in turn tell the exact place. Wi-Fi network info are also mapped to actual location by Google and that info is available. Thus a clear loud announcement to everyone around you to know about your home, work and hotels you visited.

How to prevent it ?

A simple way to protect yourself is to disable Wi-Fi when not in use. By disabling Wi-Fi, no wireless signals(packets) will be sent out and thus no tracking can be done. There are apps that can do this automatically.

Remove unwanted Wi-Fi networks you no longer need. Navigate to Settings > Wi-Fi > Network list to clean up on regular basis. Remove any Hotel or café Wi-Fi network that you no longer plan to visit. This keeps the list minimal and avoid announcing places you visited earlier.

Avoid connecting to public Wi-Fi unless it’s must to do so. Public Wi-Fi act as way to lure people and collect their data on network. Avoid those traps and stay secure.

Is there App to protect you ?

McAfee(Intel Security) has developed an innovative Android app called ‘McAfee Safe Wi-Fi’. Its free app and does not require any registration. Small app that solves Wi-Fi tracking problem. You can download from here – https://play.google.com/store/apps/details?id=com.mcafee.safewifi

 

Improve your Online Privacy using Privacy On Top

 

table<>. <>. |<>.

I don’t believe society understands what happens when everything is available, knowable and recorded by everyone all the time” – Google Chairman Eric Schmidt [+ told+] the Wall Street Journal 8-14-10.

We know where you are. We know where you’ve been. We can more or less know what you’re thinking about;” – Google Chairman Eric Schmidt 10-1-10 per the [+ Atlantic+]. |

Privacy problems with today’s internet:


#
p<{color:#000;}. Your ISP knows everything about your online activity


#
p<{color:#000;}. Websites knows you physical location and have data about you. Can trace how often you visit and more


#
p<{color:#000;}. You are constantly watched and your data is been recorded

table<>. <>. |<>.

“Even if you’re not doing anything wrong, you are being watched and recorded” – Edward Snowden |

Online Security Problem:

#
h3<{color:#434343;}. You could land up in phishing website that looks exactly like your bank website or facebook or the one you frequently visit and end-up giving your credentials


#
h3<{color:#434343;}. Identity theft is a serious issue and anyone who doesn’t take precaution is putting themselves at risk of becoming the next victim.

table<>. <>. |<>.

I always tell people that if you haven’t had your identity stolen already, you will,’ ‘There are just so many outlets and so many ways it can happen.” – Mike Sullivan, director of education for Take Charge America |

h3<{color:#434343;}.

 

h3<{color:#434343;}.

Multi Device Problems:


table<>. <>. |<>.

Average number of devices per person is 2.5 in developed countries” – statista |

#
h3<{color:#434343;}. No centralized way to get online privacy or security


#
h3<{color:#434343;}. Each device needs to have some kind of app/installation if we wish to stay secure


#
h3<{color:#434343;}. Management cost of protecting all devices is high


#
h3<{color:#434343;}. There are devices which connect to Internet, however there is no control over installing any security software. e.g. TV, XBOX, Apple TV, Chromecast and other boxed devices.

Solution: Privacy On Top

h3<{color:#434343;}.

Solution: Privacy On Top

Privacy on top is the feature rich firmware/software for your Wi-Fi router which offers online privacy and security to connected devices.

It exposes two separate Wi-Fi from the router, one Wi-Fi for online security and other for online privacy/anonymity.

Privacy On Top is built using open source OpenWRT operating system that runs on Wi-Fi router. OpenWRT turns your ordinary router to smart router by providing customizable functionality.

Privacy On Top uses TOR Network for privacy. TOR protects you by bouncing your network traffic around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Visit TorProject for more details on how Tor protects you online.

Privacy on Top also gives you advantage of OpenDNS and DNScrypt. Which in simple words means online security. OpenDNS helps prevent identity theft, blocks phishing sites and bad websites. It speeds up your existing internet connection. You can visit OpenDNS for more information about how you can get online security with it.


table<>. <>. |<>.

Anonymity is valuable for all the reasons. It protects privacy, it empowers individuals, and it’s fundamental to liberty” Bruce Schneier, Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World |

h3<{color:#434343;}.

table<>. <>. |<>.

Securing the device is not enough anymore, you need to secure network. Centralized network security solution to protect all home/office devices is future” – Mangesh Bhamre CTO, Open Netware |

Why Privacy on Top?

ONLINE PRIVACY

What you do over Internet can be easily tracked by interested parties like your ISP, government, websites you visit, hackers etc. Your online privacy is at stake. Your physical location can be exposed and your browsing patterns can be learnt as you use Internet.

ONLINE SECURITY:

You are not safe online. Many times, you come across phishing sites or unnecessary ads bothers your security. Who knows, your ISP or hacker may be sitting in between you and your sites and reading the data you send over internet.

CUSTOM FEATURE RICH FIRMWARE

Your existing firmware offers only limited set of features which are developed by your router’s manufacturer. Also existing firmware is vulnerable to common attacks. Your router is way too smart device than you think it is. The only thing lacking in that device is smart operating system. Using new firmware you can your router with full throttle.

How to get Privacy On Top ?

Open Netware has built an android app that can be [+ downloaded here+]. App guides you to detect, install and setup your Wi-Fi router with new firmware.

Privacy On Top App does following steps –

#
h3<{color:#434343;}. Pre-Install check to see if you are connected to Wi-Fi and that required disk space exist to download firmware


#
h3<{color:#434343;}. Detects router based on MAC address and Web Interface


#
h3<{color:#434343;}. Downloads appropriate firmware and installs it using web interface on Wi-Fi router


#
h3<{color:#434343;}. Reboots the router and setup up new SSIDs with new password


#
h3<{color:#434343;}. Connects you to newly configured Wi-Fi

h3<{color:#434343;}.


table<>. <>. |<>.

Privacy On Top is unique solution to your privacy and security at home/office/travel. All your data gets encrypted as it leaves from your Wi-Fi router ensuring no one can snoop it” |

What is TOR and Why we use TOR Network to get privacy?

Tor is free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security. Read more here.

Reference – https://www.torproject.org

TOR is trusted name in anonymity and privacy. Your data gets encrypted between Wi-Fi router and TOR-exit nodes and thus all kind of network traffic is been protected from ISP and intermediate gateways.

Using TOR does not log any info similar to other privacy techniques e.g VPN and thus TOR is our preferred way of providing privacy.

Who use TOR?

#
h3<{color:#434343;}. Family & Friends – People like you and your family use Tor to protect themselves, their children, and their dignity while using the Internet.


#
h3<{color:#434343;}. Businesses – Businesses use Tor to research competition, keep business strategies confidential, and facilitate internal accountability.


#
h3<{color:#434343;}. Activist – Activists use Tor to anonymously report abuses from danger zones. Whistleblowers use Tor to safely report


#
h3<{color:#434343;}. Media – Journalists and the media use Tor to protect their research and sources online.


#
h3<{color:#434343;}. Military and law enforcements – Militaries and law enforcement use Tor to protect their communications, investigations, and intelligence gathering online.

Reference – https://www.torproject.org

What is OpenDNS / DNSCrypt & Why we use it ?

OpenDNS is company that provides secure DNS (Domain name system) service. In simple terms, they categorize websites as good and bad. If you are trying to visit a website that is bad then OpenDNS blocks you from visiting that site.

#
h3<{color:#434343;}. It provides protection against phishing thereby blocking you from visiting fraudulent bank websites .


#
h3<{color:#434343;}. In addition OpenDNS makes browsing faster and smarter.


#
h3<{color:#434343;}. OpenDNS and DNSCrypt is free. You can get more features of OpenDNS if you upgrade for premium account.

[What is OpenWRT & Why we use it?
**]Privacy On Top firmware is built using open source Linux operating system called OpenWRT. It is secured and community of people help is to make it secure everyday.

We have further secured Wi-Fi router by taking care of all common attacks known to newly purchased router.

#
h3<{color:#434343;}. Wi-Fi passwords are long and complex.


#
h3<{color:#434343;}. Password for admin is auto-generated when you setup the router and is unique and long enough for any sorts of login attacks.


#
h3<{color:#434343;}. Wi-Fi security is set to highest encryption standard i.e. WPA2-AES

[Privacy On Top Website:
**]http://privacyontop.com/[
Android App Download Link:
**]https://play.google.com/store/apps/details?id=com.privacyontop.app


table<>. <>. |<>.

Privacy On Top is Centralized way of protecting all your network devices at home” |

2 Important settings for your Wi-Fi router

Wi-Fi has been successful due to its ease of setup, speed it provides and area it covers. Its perfect for home usage and most of us enjoy that daily. Various network devices (Smartphone, Kindle, Mac, laptops, tablets, XBOX) are Wi-Fi enabled and we connect them happily to Wi-Fi router to get internet access.

Wi-Fi however comes with two security issues. Wireless nature of Wi-Fi can hide all the security holes that a Wi-Fi router has opened up behind the scene.

Here are two must have settings for Wi-Fi router –

#
h3<{color:#434343;}. Wi-Fi network password – That encrypts all data going from your device to Wi-Fi router and nobody around can sniff what goes on wireless.

#
h3<{color:#434343;}. Wi-Fi router password – This is the password that you use to login to Wi-Fi router to configure using web interface. This is the point which is most forgotten about and can cause major security issues.

1. Wi-Fi network password set to WPA2: With newer Wi-Fi routers, it comes in with unique password setup that you have to use on smartphone to connect. This password is generally printed below the router and ready for you to use.

Wi-Fi network password is secret key that is used between your phone and Wi-Fi router. Communication done over wireless media needs to be encrypted so that no one around you can sniff the wireless signals to see what you are doing. There are 3 encryption standards (WEP, WPA and WPA2) and the best one to configure is WPA2.

You can easily find out if your Wi-Fi connection is using WEP / WPA / WPA2 by navigating to Wi-Fi settings on your phone/tablet and opening Wi-Fi network details you are connected to. If it says WEP/WPA then it’s better to change to WPA2. You will need to login to your Wi-Fi router and change the settings. This depends on router you are using and you will have to google how to setup WPA2 on your router make. A sample Linksys method is shown in below image.

WEP & WPA are older standards and can be cracked by your neighbors in 15-30 minutes to gain free internet access or see all your shared files on other machines. WPA2 comes with highest encryption standards and said to be un-cracked.

2. Wi-Fi router Web-Page password: This is the login password to configure your Wi-Fi router. All of the routers comes with pre-defined default password. You can look at default password of your router here. http://www.routerpasswords.com/

With default password available in public, it’s becomes easy to crack the password, and all that can happen as your browse internet at home. Here is a recent [+ report on Chameleon Virus+] that infects Wi-Fi router.

A website can change the software/firmware on your router as you browse and reset all settings. New software/firmware may take 1-2 minutes to reboot your Wi-Fi router and then it can do all sorts of things which you may never notice. It can provide backdoor to your network to anyone, or can be used as email server to spam other users on internet, or it can change your web pages to show mode ads dynamically. And many more things. Wi-Fi router is small enough (3-4mb) and thus downloading and installing that on router may just take couple of minutes to make it work as required.

Easy way to protect your Wi-Fi router is to change the default password to something strong. Changing the password on router depended on device you got. You need to search for “Changing default Wi-Fi router password for “ or refer user manual for your device.

Changing default password on router makes it difficult for anyone to modify the software on router or change settings on it dynamically. In case you forgot the router password, you can reset the router using ‘reset’ button on it. Refer router manual for details.

Here is sample page to change router password for Linksys router

Some other settings that you should also consider :

#
h3<{color:#434343;}. Change Wi-Fi network name from default to something more meaningful

#
h3<{color:#434343;}. Change Wi-Fi password once in six months

Monitor which devices connects to your router:

If you have android device then you can install app that can scan your Wi-Fi network and list the number of devices connected. Download and install ‘Net scan’ free app from Google Play.

If you think there are unknown devices, then it’s time to change Wi-Fi network password and reconnect all your known devices with new password. Anyone outside/neighbors will get kicked off as they don’t have your new network password to connect.

h3<{color:#434343;}.

Secure all your devices with parental controls for free!

Internet is cool, However there are websites that you do NOT want your kids to browse. And there are new websites every day that spring up with content that is inappropriate for kids. As a parent you cannot keep adding websites to block list in browser everyday! You need to have a system working in background that provides up-to-date protection.

h3(<{color:#434343;}.
… And there are devices that your kids use. Tablet, iPad, Phones, Smart TV, Kindle, Desktop/Laptops, XBOX and other gaming units. You can’t keep track of all of them – cannot setup protection on all of them! Or its tedious.

There is a simple way – Setup OpenDNS on your Wi-Fi router at home! Every Wi-Fi Router has support to change DNS settings. Here are the details.

OpenDNS is world’s largest internet security network.

*
h3<{color:#434343;}. They provide free web-filtering to consumers. Check out “OpenDNS family shield product” free for consumers

*
h3<{color:#434343;}. It blocks adult content, and makes your internet faster and reliable

*
h3<{color:#434343;}. DNS (Domain name system) is used by browsers(and apps) to resolve website name to actual web-server. By redirecting all DNS queries to OpenDNS, makes it possible for you to block/filter web content

*
h3<{color:#434343;}. You can then go to openDNS.com and find our reports about your kids browsing patterns.

Wi-Fi Routers – Most of the houses now use Wi-Fi routers for internet connectivity.

*
h3<{color:#434343;}. All devices listed above has network connectivity and you probably have already connected all those devices to your Wi-Fi router to browse or play online.

*
h3<{color:#434343;}. Wi-Fi router is thus a single point that you can setup/enable web filtering. If it’s done here then all devices gets the benefit and you no longer need to configure each device.

*
p<{color:#000;}. OpenDNS can be setup on any Wi-Fi router. Details below

*
h3<{color:#434343;}. If you don’t use Wi-Fi router, you still can setup web content filtering by setting up openDNS on your device directly

Comparison Paid Vs Free (OpenDNS & Wi-Fi solution) Parental control products

*
p<{color:#000;}. Security vendors like McAfee, Symantec and others do have Parental control products. They do granular web filtering and provide higher level protection. E.g. Page level web filtering against domain level web filtering provided by OpenDNS.

*
h3<{color:#434343;}. OpenDNS comes with other advantage of blocking inappropriate content on all devices as you setup protection on Wi-Fi routers. You do not need to install and configure on each device. Security products has limitations to support on set of devices and not all. E.g. you cannot install parental control on TV, Kindle Reader, XBOX, etc. (to my knowledge)

*
h3<{color:#434343;}. Paid (Product installed on device) products provide protection on the move as it is installed on your device. OpenDNS is configured on Wi-Fi router and thus limits you to protection only at home

*
h3<{color:#434343;}. With Wi-Fi solution, kids can still access all web content on Phone/Tablet with 3G network and disabling home Wi-Fi network. Paid products does come handy here.

*
h3<{color:#434343;}. Paid (Product installed on device) brings in performance delay while browsing as it has to check for every page. OpenDNS promises faster page loads.

*
h3<{color:#434343;}. Conclusion – Current solution explained here about OpenDNS & Wi-Fi compliments Parental control products from security vendors and provides greater level of protection.

Here is step-by-step guide to do this. Seven easy steps to start protecting kids online. For Free!

Step 1 – Sign up on OpenDNS

Visit & sign up on http://www.opendns.com/

Step 2 – Follow steps on openDNS website to setup and configure DNS IP address on your router

You need to open your router webpage (generally http://192.168.1.1 or http://192.168.0.1) and change primary & secondary DNS IP addresses to the one given below.

If you are not aware of router password, then search for default router passwords here – http://www.routerpasswords.com/

Step 3 – Navigate to OpenDNS Dashboard to configure your network

Step 4 – Add your home network to your account

Add IP address shown from top of the page to the input boxes.

Step 5 – Customize web content filtering High/Moderate/Low/None

Note that all devices(that connect using Wi-Fi) will get blocked for inappropriate content. In case as adult if you wish to browse the content then you can disable it temporarily and set it back ;-)

Step 6 –Test if all works

Try navigating to any adult content! Alcohol website http://www.guinness.com/

You should see below page in browser or any device at your home. Hurray it’s working!

Step 7 – Monitor your network over time

OpenDNS website provide good statistics about blocked sites and sites visited over time. Visit it and keep an eye on what’s your network usage.

Relax and be assured that OpenDNS is working in background protecting all devices on your network the way you configured it.

That’s it for now! You can read latest updates at http://softwaresecurityforyou.blogspot.ie/

Thank you!


Software Security For You

This book is an attempt to educate people on software security with my 10 years experience in security industry. This book is based on various security aspects that I came across while working passionately in software security industry. It has came from research and huge amount of reading on security trends. I have been writing blogs on this topic and this book is based on content from blogs and other references. Inspiration for this book is driven by people around me who use internet and are unaware of long term implications if used incorrectly. Topics covered 1. Device protection to secure yourself - Password management, Security Softwares, Browsers, Plugins, Tools & Operating system security, 2. Online Privacy and Security - Facebook privacy settings, ISPs & website tracking, Android permissions, Anonymity, secure & private email, 3. Wi-Fi protection - OpenDNS for online security, Wi-Fi router settings, Parental protection using Wi-Fi router

  • Author: Mangesh Bhamre
  • Published: 2015-10-23 20:05:26
  • Words: 21890
Software Security For You Software Security For You