Tag: mobile

Security Made Simple – Part 5

Your Handbook for Everyday Security

This series of articles is based on a handbook used as an outline for cybersecurity courses, viewed from a user perspective. The handbook, or these articles, is copyrighted by Vasco F. Gonçalves, working for SDNC sàrl.

Mobile Security Essentials

App Permissions

  1. Review App Permissions: Regularly check and manage app permissions on your mobile device to control what data apps can access.
    • Example: Review and revoke unnecessary permissions, such as location access for apps that don’t require it for their functionality.
  2. Permission Prompts: Pay attention to permission prompts when installing new apps and evaluate whether the requested access aligns with the app’s purpose.
    • Example: A photo editing app requesting access to contacts might be unnecessary and could indicate potential data misuse.

Wireless Security

  1. Secure Wi-Fi Connections: Avoid connecting to unsecured or public Wi-Fi networks, which could expose your device to security risks.
    • Example: Use VPNs when connecting to public Wi-Fi to encrypt data and enhance security.
  2. Bluetooth Awareness: Disable Bluetooth when not in use to prevent unauthorized access or attacks through Bluetooth vulnerabilities.

Remote Wiping and Device Management

  1. Remote Wipe Functionality: Enable remote wiping on your mobile device to protect sensitive data if the device is lost or stolen.
    • Example: Services like Find My iPhone (iOS) or Find My Device (Android) allow remote wiping to erase data if the device is unrecoverable.
  2. Device Tracking and Locking: Utilize features that enable device tracking and locking remotely to prevent unauthorized access.
    • Example: Geolocation services help track and locate the device, while remotely locking it secures personal data.

Best Practices for Mobile Security

Biometric Authentication: Use biometric authentication methods like fingerprints or facial recognition for added security.

Regular Updates: Keep your device’s operating system and apps updated to patch vulnerabilities and improve security.

Next, many expect that – we will speak about:

Understanding Crypto Wallets

Ignoring our online privacy, is it life threatening?

Do you know who has access …

  • … to your Digital ID?
  • … to your Digital Health?
  • … to your Digital Shopping?
  • … to your Travel Restrictions?
  • … to your Central Bank Digital Currency?

Chances are, the answer is
‘Don’t know!’

But there is something that can be done to secure your online privacy in our digital age.

In our increasingly connected digital world, protecting personal information has become a matter of utmost importance. Neglecting online privacy can have severe consequences, including identity theft, financial fraud, and cybercrime. In a world where technology and the internet play a central role in our daily lives, it is imperative that we take steps to secure our digital footprint and protect our personal information from exploitation by governments, corporations, and cybercriminals.

The collection and use of personal information by governments and corporations is a significant threat to online privacy. Governments can gather data through various sources, such as databases, surveillance programs, and data retention laws. This information can range from basic personal details to online behavior, purchasing habits, social media contributions, and even health records. The use of this information for national security or to monitor citizens’ activities often happens without their consent or knowledge.

Corporations collect personal information through tracking technologies, such as cookies and browser fingerprinting, and data-sharing agreements. This information is used for marketing and advertising purposes, such as targeted advertisements and personalization, without individuals’ consent or knowledge, leaving them vulnerable to exploitation and privacy violations.

The collection and use of personal information can compromise an individual’s online and physical security. As former NSA and CIA Director Michael Hayden famously said:

“We kill people based on metadata.” *

* What is metadata?
Metadata describes other data, often secret data, for instance, telephone numbers, to whom you spoke, how long you spoke, which country you called …

This highlights the importance of understanding the dangers of metadata and the need to protect our personal information.

We all experienced this nightmare since years, but more so from 2020 until today, and it still continues in certain countries! We just opened the Pandora box!

Open-source software is a type of software that can be freely accessed and modified by anyone. This makes it more secure and transparent compared to proprietary software. In the context of online privacy, open-source software can offer secure and anonymous ways to access the internet by encrypting the user’s data and hiding their IP address (a unique numerical label assigned to every device connected to the internet, used to identify and communicate with it). This helps to protect the user’s online privacy and personal information from being collected and used by governments and corporations. These last two identities use this type of software to protect themselves.

In addition to the use of secure e-mail providers and encrypted browsers, there are several other steps that individuals can take to protect their online privacy:

  • Use strong and unique passwords: Strong passwords are essential for protecting your online accounts from cyberattacks. Use a combination of letters, numbers, and symbols, and make sure that each password is unique to each of your accounts.
online passwords — pixabay.com
  • Enable two-factor authentication: Two-factor authentication is a security measure that requires a second factor, typically a code sent to / given by your phone, in addition to a password to access an online account, providing an extra layer of protection against unauthorized access.
  • Be cautious with personal information: Be careful about the personal information that you share online and documents that you throw away in the garbage or dust bin. Think twice before posting sensitive information, such as your home address or financial information, on social media.
social media — pixabay.com
  • Use a virtual private network (VPN): A VPN encrypts your internet traffic and protects your online activities from prying eyes. A local VPN can save you a lot of money too.
  • Keep software and systems up-to-date: Software updates often contain security patches that protect against new threats, so make sure that your software and systems are always up-to-date (Windows, Linux, MacOS, Android, iOS, …).
  • Be aware of phishing scams: Phishing scams are a common way for cyber-criminals to steal personal information. Be cautious of e-mails, SMS or messages that ask for sensitive information, such as passwords or credit card numbers, and always verify the source before providing any information. Even in the dating world (see my previous article).
  • Review privacy settings: Regularly review the privacy settings of your social media accounts and other online services to ensure that you are comfortable with the information that is being shared – they changed these settings often without telling anything.

In conclusion, protecting our online privacy has become increasingly important in our digital age, more so after 2020. The collection and use of personal information by governments and corporations, as well as the rise of cyberthreats, have made it imperative for individuals to take steps to protect their personal information and online security. From using strong passwords and two-factor authentication to utilizing privacy-focused software and VPNs, there are several measures we can take to safeguard our online privacy. It’s important to note that the risks to our personal information and security are real and ongoing, and that we must remain vigilant in our efforts to protect it. By being mindful of the threats and taking proactive steps to secure our online presence, we can ensure that our personal information remains protected and our privacy remains intact.

Are you looking for ways to ensure the privacy and security of yourself, your family, and your business?

Our training courses may be just what you need. Do not wait until it is too late. Our courses adopt a hands-on approach, prioritizing practical application over theory.

Get in touch with us at info [at] digitaltran.eu

After considering your application, we will share a link with you where we can in all security do our training. Groups remain small so that everybody can follow.

Here are just some examples where governments want to control everything with the help of social media (corporations):

Justin Trudeau Hijacks Canada’s Healthcare ...”
(link to the ‘Gateway Pundit’ with officials’ videos)

Here is a video about the internet censorship – is it coming?

Do you know what … ?

Pixabay

A dialog between friends.
Can one of them answer the questions on the picture?

“I know what she bought!”

“How do you know that? You can’t see through the paper bags, can you?”

“Let me do a list for you:

  • organic whole-grain bread
  • organic butter
  • organic tomatoes
  • lingerie
  • two intimate massage toys
  • a bride’s magazine
  • ironically also the book “Nineteen Eighty-Four (1984)” from George Orwell

That’s it. If you want, even I can pinpoint the exact location where these items were bought.”

“But some things are too personal to be known, as the massage toys and maybe also the lingerie. How do you know all of that? Were you behind her? Spying on her? Do you know her name?”

“No, I don’t know her name, she is known as ft-4552-7854-9654, but if you want I can have her name. I was not behind her, spying on her! I was sitting at my desk.

The secret is … ”

What is data collection?

Before revealing the secret, let’s have a look at what ‘data collection’ is:

‘Data collection is the process of gathering and measuring information on targeted variables in an established system, which then enables one to answer relevant questions and evaluate outcomes. Data collection is a research component in all study fields, including physical and social sciences, humanities, and business’ (Wikipedia: data collection).

How on Earth can someone collect data about the items that we buy?

Did you hear about ‘GPS’, ‘social media’, ‘credit cards’, ‘camera pictures/videos’, among other things. All these so-called technologies are connected to the Internet.

Who are those who collect our data?

The biggest collectors are Facebook (Meta), Google (Alphabet) and Amazon, or other contractors. These data is sold in data auctions, where governments participate actively to get a copy.

It does not matter, rich or poor, you are traced constantly (24/24 and 7/7) with your mobile apps.

You want free services, you have to SELL YOURSELF to these social media.

The Apps know everything about you:

  • all your contacts, even those secret ones
  • your exact name and those of your contacts
  • where do you exactly live
  • your health status
  • your debts
  • who you date
  • who you see in secret
  • in which hotel you sleep
  • when you get up
  • when you take your shower
  • what you eat for breakfast, lunch and evening meal
  • even your intimate conversations they know
  • your browser history
  • your search history
Source: https://twitter.com/session_app/status/1558688114633211904?s=20&t=amlMkZK6ba2rhnpaTR5kWw

Only by collecting this data, they can target you with ads (see Facebook and Whatsapp).

Is it legal?

Of course it is, since you signed their contracts by clicking ‘Accept’ or ‘OK’ (BTW, these contracts are too complex and almost nobody reads them). Here is an example:

yahoo.com

What is this secret?

To continue our dialog from above:

“… The secret is their mobile phones and the pre-installed or installed apps, coupled with the credit card payments and of course the GPS and/or Wi-Fi coordinates, and sometimes the GSM coordinates too.

So we might say that we spy their individual activities legally.”

Want to know how to protect yourself and/or your intellectual property?

Please take contact with us at:
” info [at] digitaltran [dot] eu ”
or through our contact form on
https://digitaltran.eu.

Cyberattacks on Linux? Can it be prevented?

How common are cyberattacks on Linux?
Can we do something about it?

More common than you think. Do not get fooled by the hype:

“Linux is secure, stable, and flexible. It’s the most secure OS in the world!”

Sadly, nowadays it became a marketing tool and does not correspond to the reality. It is still true that is better than Microsoft Windows regarding stability and flexibility, but Linux has more or less the same security issues as a Windows system.

An Operating System is as secure as the developer and user take care about their own clean security habits.

Let’s dive in and see how to counteract cyberattacks, just by taking some steps.

By doing some simple actions you may avert a serious disaster – public shame, getting fired, even go to court to explain ‘Why was I careless?’ where thereafter it is very difficult to get a new job.

First some small simple stats*. Areas used:

  • Web services: 96% of the top 1 million servers are run by a Linux system
  • Smartwatches
  • Aerospace industry
  • More and more workstations and file servers
  • Cloud services are run mostly by a Linux system

Major countries which are exposed to attacks are*:

  • USA
  • Germany
  • China
  • France
  • Hong Kong (not a country as per decree, belongs to China)

Now with the war, these stats could have changed. It was noticed an active increase in attacks.

It seems that non-ethical hackers have the upper-hand and get rich. Did I miss my vocation? Just kidding!

NEVER go that route because either you land in a grave, 6-feet under, or land in jail for a very long time!

What can be done?

1.During the installation process use strong passwords.
Many users, privately or at work, still use weak passwords as (cracked in less than a second):

“ I love you ”
“ 123456 ”
“ qwerty ”

Use a password manager (very easy to use). Personally I use one where in most web subscriptions I use over 700-bits passwords (an overkill but easy to setup and to use) – copy and paste!

Or use a long passphrase:
“Yesterday, I went in the evening @19:15 for a swim!”
Almost 190-bit password (takes decades to decode it). Of course do not use this passphrase. Use something that happened in your life, secret to you – easy to use and you will never forget.

A password or passphrase is a PERSONAL item and not to be given to anyone, including your boss!!! She/He wants it, ask for a Liability Release Form!**

In case you give it freely to your boss, it is the same you sign your resignation or she/he will put the blame on you for any mishap. Do not be afraid, she/he has access to your files you working on but with her/his own password. So it is traceable.

2. When you install a Linux or a Windows system the first thing to be done is ALWAYS – update your system:

– Graphical way:

     ‘Software’ → click Updates

– Through the ‘Terminal’:

Debian and Debian-based systems, for instance Ubuntu:

      sudo apt update && sudo apt upgrade -y

Fedora system:

      sudo dnf update -y

openSuse system:

      sudo zypper update -y

DO NOT FORGET to restart your system! Sometimes it is not required, but I always do it even for minor updates.

3. NEVER open an e-mail attachment if you do not know its origin!

By taking these three steps, you are protected about 95% of the time.

Still want to increase your chances of not getting hacked?

In most Linux systems, by default, the root account is locked. If someone has access to root, she/he can do everything in your system – the ‘god’ of all users!

During the installation create a normal account with administration privileges, hence the command word ‘sudo …’ + password to give access to root privileges – no activity, logged out automatically after a few minutes.

Generally every Linux system has an active firewall – that’s fine.

Another way to trap hackers, install ‘fail2ban’:

      sudo apt install fail2ban -y

      sudo dnf install fail2ban -y

On openSuse, just click https://software.opensuse.org/package/fail2ban, download and install it.

Restart your system!!!

Voilà, your got a protection of 99%. If hacked it has nothing to do with you but with the vendor.

In case you need more information or need some help in doing all these steps or even to further secure your server or workstation, do not hesitate in taking contact:

https://digitaltran.eu/#contact

* You may read in detail this article – very informative.

** More info, read this article.