Security

From Noisebridge
Jump to navigation Jump to search
Noisebridge | About | Visit | 272 | Manual | Contact | Guilds | Resources | Events | Projects | 5MoF | Meetings | Donate | (Edit)
Guilds | Meta | Code | Electronics | Fabrication | Games | Sewing | Music | AI | Neuro | Philosophy | Funding | Art | Security | Ham | Brew | (Edit)
Security | Bay Area Hackers' Association | OHSNAP | Crypto | SecureDrop | Locksport | Password manager | Aaron Swartz | Security Camera | Edit


Security is a major area of interest to hackers of all stripes, be they creative hackers making stuff that they want to keep secure, or security hacker hackers specializing in securing by learning how to exploit security.
  • INFOSEC: Information security. Countermeasures against compromise of computer systems.
  • OPSEC: Operational security. Keeping one's visibility mouth shut and visibility minimal while limiting the leaking or inferring of sensitive information.
  • SIGSEC: Signal security. Countermeasures against eavesdropping or failure of radio communications equipment such as encryption and disaster radio.

Recommended INFOSEC Security Measures

There are a bunch of free things you can do to improve your computer security.

  • Password manager: Keep passwords secure, updated and remembered by using a password manager app you trust.
  • Vigilance: Never open links in unsolicited messages without checking the URL for likely phishing attack. Phising relies on looking official and making an appeal to your sense of urgency or excitement to motivate you to click. Not all phishing attacks require you to download and run or install a compromising executable. A messaging or browser exploit zero day could own you just by clicking a link. Be careful!
    • Beware USB Drives: Never pick up strange USB drives, smart cards or other storage devices and plug them into a secure system. This is a common pentesting technique to implant rootkits through compromised devices left around for a target to pick up.
  • Encrypted Messaging: Apps like Signal are good alternatives to regular text messaging as they offer stronger cryptography and privacy.
  • VPN: A VPN helps
  • Tor: Tor is an onion network that bounces traffic through multiple relays till it reaches the destination, creating additional layers of anonymization beyond a regular one-bounce VPN. It can be slower and is not immune to unmasking by state-level agencies that may control enough Tor nodes to find people, but it is better than using no VPN or a VPN alone.
  • GPG Keys: GPG / PGP is a free public key cryptography system for encrypting and certifying communications like emails.

Recommended OPSEC Measures

  • Pseudonyms: Limit how much personally identifying information is available to minimize doxxing risks. Keep things separate to protect the leakage of one nym with another.

Recommended SIGSEC Measures

  • Hambridge: Encrypted disaster resilient radio such as LoRa.
  • Burner Phones: Cheap disposable smartphones or dumb phones to communicate with less risk of being tracked.

Media

  • Security: When well defined objectives are met through the appropriate use of controls and defenses to deter and prevent vulnerabilities to assets. PDF of Introductory presentation by Stan Osborne at Omni Ballroom, 2015: File:Intro-20150127up.pdf