Web Security 101

[bertfixessome]

Have not been here for a while but the Hyjacked thread shows me that a lot of you are pretty lax when it comes to cyber security.
Now if you have a Google or face book account in your real name then forget it you are already perminantly compromised .
If not then there are a few things that one can do to make life difficult for internet criminals
1) do not use free email hosts like Yahoo / Gmail / AOL etc as your principle email host, for jooining forums or social groups , sort of OK.
The old addage of if it is free then YOU are the product applies to all free mail hosts.
Pay to get an email only account with any ISP you like , and this does not have to be the one you use to access the www with and by prefference should be a different one .
When you sign up they will all give you an account name and email address generated by them .
It will usually be some sort of jibberish like 1four4pqt@sleasebag.com.
Never ever use this address for anything other than setting up other email addresses.
Most of these accounts will offer some where between 10 to unlimited email addresses plus aliases for each of them .
Now set up you email accounts and do not use your real name in any of them.
For your personal communications use something that your friends & family would associate with you like "redford52@sleasebag.com" etc
Then set up another one for dealing with government departments like "thievingratbags9@sleasebag.com"
And another for each & every financial instution you deal with , including paypal and use a different address for ebay / amazon etc .
Another for organizations who have no valid reason to demand an email address like "stickybeaks9@sleasebags.com"
Then some more for forums like this one like "opef123@sleasebags.com"
I think you get the idea
Never use a real single word in the name because web bots will go to an ISP and send emails with every word in the dictionary as the account name plus every known name @ that isp fishing for real live email accounts .
For supposedly more secure log ins that require a phone number, buy the cheapest SIM only plan with a phone number .
Activate the account then remove the sim card and never put it back in unless you need to use that number and turn off SMS if not answered
Thus when it gets checked, it will appear as a real number but not available .

Anything where your real name is not vital ( like this forum ) put your name in backwards or inverted so if that forum is hacked you get messages that look real but have your name spelled backwards or inverted so you know that "unclaimed tax refund" email is spam because your name is backwards and it came in via an email address that the IRS does not know you have.
This is not as difficult as it sounds and works very very well.
In the past year Medibank down here got hacked and since that time I have had dozens if not hundreds of emails with my real name & address in them supposedly from every bank down here ( including both of mine ) , the vehicle registration department, the tax department etc etc.
All of them appeared to be genuine, but they were sent to the wrong email address for the sender so I know they are fakes .
The other thing is even when an email looks genuine I ignore it for about a week to see if the same email appears in another address so again I know it is fake .
And of course never ever click on any link, open a new browser window or use a different device to contact the sender if you think it is ligitimate .
In my case I run 4 browsers and 3 email clients on my main computer.
Then all of the hobby interests , motorcycling, fishing etc are on an old computer that is only used for that purpose, when I have the time to catch up on my motorcycling buddies or fishing pals .

As for 2 step authentications, IMHO all that does is link your real name with your real phone number , hackers treasure chest ,( hence the reason for joining with a fake name & unused phone number ) and while I am sure everyone does their very best to keep this information secure , in reality it is not secure and never will be so if you treat it as being vunerable from the start then you are even less unlikely to wake up one morning by the moving van with the people who think they have just bought your house or to find all your money is gone & all your accounts are frozen the evening of a public holiday or have the bailiffs at your door because you have not paid back that $ 2,000,000 loan that YOU did not take out .

 

[bertfixessome]

Cyber security 102
If you use a computer to access the WWW ( and you should rather than your phone ) use the multi users feature to set up a new administrator ( parent if you like ) account and then convert your account to a child / std users that does not have root access.
This means any time you click onto a link that tries to load something into your computer, it will either not be allowed to run or you will get a warning that "XYZ want to get root access type in an administrators password to proceed " or some thing similar .
While this can be a PIA when you are trying to do a softwear update or download say mediacat and again if you try to run mediacat for the first time, it prevents hackers sneaking in routines to zombie your computer or install things like key trackers .

If you do not need to be connected to the www then disconnect .
Hackers will be most active when they think you will not notice them like when you are asleep so say 12 midnight to 5 am local time.
SO before you go to bed turn off your modem or turn off your computer or turn off the Wi-Fi. ( harder to do with the phone particularly if you use the alarm to wake you in the morning )
Turn them back on before you go into the kitchen to make your morning coffee and everything you need to know will be there ready for you to read while you sip your brew .
And do the same when you leave the house, if you are not there you do not need to be connected to the WWW

Modem names and passwords
Apparently over 95 % of all home owners leave their modems set to the default settings ( Administrator-Admin -administrator-admin) and this allows hackers a massive hole to jump into your system so change it and do not use the modem name / model no or your name .
If hackers can not get past your modem they can not get into your computer, think of it as a 6' barbed wire fence .
Easiest thing for males is to set the modem name to your vehicle and the password to your number plate + the model year , HACKERS KNOW HOW MANY CHARACTERS ARE IN EVERY LICENSE PLATE ON THE PLANET , so don't just use the plate number alone .
Vin numbers are also good because they are long & apparent random character strings .
Some might use the plate numbers of a couple of vehicles , easy to remember and right outside if you forget .
The same applies triple fold to wi-fi names & passwords .
Right now there are 27 wi-fi networks the mac has found and if I had an easy to get app, I could log into most of them .
This is very important as pedophiles will hack into YOUR computer to download child porn so when the FBI do a trace they will find you & kick your door in at 3am, usually with a news team right behind and regardless of weather you can prove your computer was hacked or not your local community will forever have you listed as a pedo the vigulanties will do things like burn your house down .
This happened 8 years ago to an iron worker who was obviously innocent as if a $ 100,000/pa worker could afford hundreds of images & videos at $ 10,000 + each but he was beaten to a pulp on several occasions the house was burned down & when he moved the new house was burned down and eventually his wife & kids left him because they could not take the persecution any more .

When I set up my user account I put my age in as 3 years old, a fake name and fake address .
the address has the wrong street number and another word in the street name so for the times that auto fill fills in an online form it is easy for me to modify it to the correct one .
Down side is some online sales apps will not let you buy booze , order guns or ammo , visit "adult sites" etc

On the subject of passwords ( don't you hate them ) I have a problem with any & all password managers.
If for no other reason, they are an obvious target for hackers and the default one supplied with the computer are hacked the day the operating system is released .
Remember if it is easy for you then it is easy for criminals as well .
My favourite method for storing them is on a USB stick as a screen shot so even if it gets hacked into there is no text to read just image files .
And call it something other than "passwords" like work photos or accident photos or crash images .
Easier for some forums like this one as the log in window will show both your user name & password.
for sites that do not show the password then make a text file with the password then take a screen shot of that and store it on the drive
Rename the 2 images with names that will appear in sequence like img.1234 & img1235
On the mac, I have sticky notes so I can type the password into a note, move the note over the log in window then do a screen shot of them together .

And on this subject, delete any password confirmation email you have been sent as well and remember to remove them completely ( empty trash / wast basket etc .

 

[Kiwioilboiler]

Wow.

 

[bertfixessome]

IT is up to you to set yourself up securely
In the days of plug & play it is all too easy to to just connect the plug ,power up & let the device set itself up then go do whatever you wanted to do in the first place .
If you have a mac, use File Vault but remember the encription only protects you data if your computer is stolen and your hard drive is plugged into another device to try & recover the data on it .
While your computer is switched on any one who hacks into it can read everything .
Like fitting an alarm on your car.
Nothing will stop a dedicated criminal but if you make it too hard they will go & scam some one else .