Miss the olden days of Caller ID, where a caller's number (with name!) would magically appear after the first ring or so? I miss that feature when I get a call from a number that's not already in my contacts list (although I must admit that Google's Project Fi does a nice job on proving a name for some calls I receive that don't match existing numbers in my contacts list).
A friend of mine recently clued me into a cool online site for phone number lookup: https://www.twilio.com/lookup (Twilio actually provides many call-related services, lookup being just one of them) You go the web site, plug in the phone number, and Twilio will attempt to tell you the name on the account, the carrier associated with that number, if the number is associated with a mobile or land line, the originating country for that number, and more:
It's worked pretty well for the handful of numbers I've tried so far. And it seems they allow free lookups (at least a handful, anyway), but the paid model is a modest $0.01 per lookup (not shabby).
Saturday, June 24, 2017
Saturday, June 17, 2017
Traveling Securely
With the summer break here, vacation time is kicking up. Whether you're traveling across town or around the world, there are steps you can take to protect yourself and reduce your "attack surface" (i.e. the ways you are vulnerable). Below are some suggestions (not an exhaustive list here) for your consideration, applicable for both personal and work-related travel (and even your day-to-day when you're not traveling!). Obviously I don't know everyone's needs/requirements, these are just some general thoughts. And links-to or discussion-of specific products/services shouldn't be taken as an implicit endorsement, rather just as examples. 😊
Travel Light (a.k.a Don't Bring What You Don't Need)
This applies to both tech and non-tech items. Don't need your checkbook? Don't take it. Not visiting the remote work office? Leave your work ID and/or access badge(s) at home. Passport not required? (this one might be tricky these days...) Don't pack it. Not doing work while on vacation? Leave the work laptop locked up at home or in your office desk. Reducing the items you're carrying not only makes your bags lighter, it's "one less thing" to worry about losing or getting stolen (and the subsequent stress of phone calls and emails you'd be faced with making in such a circumstance).
Protecting What Comes With
This can be (and is!) a long list of stuff. It'd be a lot for folks to follow every suggestion below, but the more you follow, the better-protected you'll be. And this is not to suggest that the baddies out there will come at you from every possible angle (well, unless you're really that interesting of a person! I, myself, am not...), but evil-doers just need one weak spot to get at ya...
- update the OS, applications, and AntiVirus definitions on your devices before you go
- keeping your laptop, phone, tablet, etc. devices updated will prevent folks from taking advantage of older bugs/vulnerabilities to gain access to your device
- securely back up your data before you go
- if a device gets stolen or seized by a government official, you'll still have a copy
- only charge your devices from your own chargers and/or battery-packs
- you'll avoid "juice jacking" this way, but if you absolutely must charge off something you don't own, use protection (or a cable you own that you are certain is a power-only --no data-- cable)
- don't connect unknown devices to your devices
- that USB drive you found on the hotel lobby floor doesn't contain anything worth the risk of infecting your laptop, trust me
- securely delete sensitive data from portable data devices
- don't leave that copy of your tax return sitting on your USB thumb drive
- disable wireless technology that your devices aren't using (Bluetooth, WiFi, NFC, etc.)
- the fewer you use, the fewer ways for an attacker to get at you
- don't connect to unknown, unsecured/"open", or poorly secured networks
- ideally use networks you know which are using WPA2 for security
- connect to a VPN when using public, hotel, and airport networks
- VPN offerings like Tunnel Bear are affordable and work on Windows, macOS, iOS, and Android
- avoid logging into personal accounts from devices other than your own
- keyloggers or credential stealing software might be present, but even a leftover cookie from forgetting to log out of your gmail is all someone needs
- use multi-step authentication (good) or multi-factor authentication (better) for your device and online logins
- there's a slight difference between the two, but doing either one of them is better than using neither of them
- ensure your stored data is encrypted
- modern operating systems (both computer and phone/tablet) make this super easy to do, where you won't even notice the data is encrypted (but someone stealing your data will notice when they can't decrypt the data to read/use it)
- store items which contain a passive RF component (e.g. U.S. passports, work badges, drivers licenses) or an RF transmitter (e.g. fobs for keyless push-button ignition vehicles) in a protective case/enclosure
- prevents attackers from reading your passport info as they brush (or drive!) by you or from stealing your vehicle while you shop
- keep an eye on your accounts that you're using for payment while traveling
- if using credit or debit cards, beware of account-info-stealing skimmers and shimmers on ATMs, gas pumps, and the like
- be aware of your surroundings when entering credentials or viewing sensitive information
- is anyone looking over your shoulder, or maybe there's a camera installed somewhere (like in the shimmer article link above)
- always log out of online sites/services when you're done using them
- in the event someone obtains your device, your logging out from these sites prevents them from accessing those accounts
- always lock your device when not in use
- it might be annoying to unlock that tablet every time you use it, but it will keep a thief from easily getting at your sensitive data
- enable "find my device" capability on your devices
- has helped find many stolen/lost devices over the years
- enable "remotely wipe my device" capability on devices which contain sensitive/personal data (or have the credentials stored to access sensitive/personal data)
- in the event you can't find the device (or it's not practical to try and retrieve it), use this tack to erase your data from the device so you don't worry about others getting ahold of your data
Protecting Your Person
Decidedly shorter list here (because I'm less knowledgeable in this area), but a few points for your consideration:
- prefer "known secret" (e.g. password, drawing pattern, image sequence) credentials to biometric (e.g. fingerprint, face recognition) or device-based (e.g. USB/Bluetooth/NFC device possession)
- while it is convenient to unlock your phone with your fingerprint, it is usually more difficult for the U.S. government to legally compel/force you to unlock a device if it is secured by "something you know" (e.g. a password, an unlock pattern, etc.) rather than "something you are" (biometric) or "something you have" (NFC keyfob)
- carefully dispose of items containing sensitive/personal/account information
- securely shred them or carry them home with you to securely dispose of later
- know your rights
- check out the American Civil Liberties Union and the Electronic Frontier Foundation
But All This Sounds Like a Hassle!
Yeah, it kind of does. But it you choose a few items here to implement in your life and get use to them, then add a few more, get used to those, etc., hopefully they'll be second nature before you know it (and your data, devices, and life will be more secure!). As the old adage goes: "an ounce of prevention is worth a pound of cure."
Sunday, June 4, 2017
Firing Things Back Up...
This month marks one year that I've been back to working in the security space. I've been having a ton of fun and constantly absorbing stuff (part of the "fun", yo), and also thinking on how I might share some of what I've learned in a consumer-friendly fashion. So, hey, what about my dinky blog space I've been neglecting for years?!? Sounds good!!! :P
Starting today, I plan on posting somewhat-regular (not more often than weekly) entries on different aspects of security, with a particular focus on personal security. Take note: I do NOT purport to be any sort expert, and anything offered here is strictly MY PERSONAL OPINION (and subject to change, particularly with the shifting landscape that security tends to be). That said, I'm open to other's thoughts and questions folks might have, just hit me up in the comments!
Onward!
Starting today, I plan on posting somewhat-regular (not more often than weekly) entries on different aspects of security, with a particular focus on personal security. Take note: I do NOT purport to be any sort expert, and anything offered here is strictly MY PERSONAL OPINION (and subject to change, particularly with the shifting landscape that security tends to be). That said, I'm open to other's thoughts and questions folks might have, just hit me up in the comments!
Onward!
Subscribe to:
Posts (Atom)