In a few of my other blog posts I have already used the example of Gmail and https to improve security. But I feel with the recent improvements Google introduced that it is time to emphasize security and email again.
In an earlier blog entry I kind of promised to come back to explaining how I try to be more secure about how I browse using FireFox. So here it is. First of all there are two different ways I do this, one is on my Powerbook (laptop) which I bring with me and therefor has a higher risk being used by others (unauthorized) or worst case scenario: it can get stolen. And my Mac Pro in my computer room which doesn’t get used much by others, and when so, only by those who I trust. Regardless, in both situation, unknown people might try to hack into the system from the outside or steal traffic via sniffing and such. Preventing abuse is impossible, making it harder to do so is possible.
Over the last few years I have taken ‘being online’ a lot more serious, especially the security aspect. Trojans, rootkits, viruses, naughty cookies, xss exploits in sites and advertisements, and all that nasty stuff is now a day to day matter. Not to mention fraud, scams, spam and id-theft.
Particularly with being ‘on’ 24/7/365 because of high speed broadband internet. Participating in online communities, social networks, online loans, online banking, online dating and e-commerce, etc. brings risks with it.
Sure, you can run a bunch of software and addons to try and prevent all this, but it is a second level of defense. I think that it is more important to start at the beginning. Your first line of defense is your own browsing behavior.
Instead of just clicking dialog windows, links on sites, and entering details in forms, etc. As a user you should learn to take a second to read the screen, realize what is going on. And learn to say no. Don’t read emails you are not expecting, don’t follow links from emails. Don’t click on dialog windows that should not pop up; things like that.
Aside from trying to improve my online behavior I try to improve my own security, to lower the damage if something does go wrong. I am making sure I use hard to guess, long, and random passwords. One for each login. I try to make a unique less obvious login name if a web site supports this (and use a public obvious screen name so people recognize me easily still).
I do not follow links from unofficial sites that point to (claiming to be) official sites. I open a new tab and type out the url or use my bookmarks. I do the same with emails. I never click on email links, I load a browser and type in the url. This is to ensure I won’t accidentally click on a phishing link or xss exploit link for online banking, paypal, ebay, and such. As for email, I try to limit this to plain text email only. Avoiding html emails as much as possible to ensure no naughty script could get through a filter. And as for attachments, I don’t even open them unless I am expecting someone to send me something.
For web sites I try to not store the passwords (remember me off) on the laptop, but for convenience I do use this on the workstation. But, as an extra layer of security I turned on the master password feature in FireFox so no data is entered in any form unless I manually confirm this.
When I do browse to sites where I have to login and know that the information is privacy sensitive I try to use encrypted connections only. Before I explain that I want to add to this that I hardly ever (almost never) use a public proxy or some proxy / or a free VPN site or something like that to browse sites where I need to login. I simply can’t be insured that my data is not mirrored to some naughty admin who will abuse it. So, where possible I try to login using https. This has an ‘s’ in the url, instead of just http. The s means the session is encrypted over a secure socket layer protocol. Making the data unreadable to anybody snooping on the line (man in the middle idea).
Example, you could just type in your browser gmail.com and end up on your web mail. But I have a bookmark that brings me to https://mail.google.com and ensures my login is encrypted and my mail browsing / composing and reading session is encrypted.
Where possible: take and use https – gmail uses it, online banking uses it and most payment sites use it.
Talking about sites where you can buy stuff, make sure the line is indeed secured and your session is over https. Your browser will display a small lock icon in the bottom of the browser. Also, make sure that if you do enter your credit card details that you’re doing this on a third party official and well known CC processor site. And not in a normal web page on the companies own web site. Why give them your name, number and security code and expiry date? Do you really trust them?
At this point you probably think ‘wow this guy is paranoid’, and I might agree with you. But. I’ve slowly learned how to adjust my online behavior and it has helped me feel more secure and be more secure. Once you changed the simple things like unique passwords for accounts. Not clicking links in mails and from unofficial sites, using https where possible, etc. You will quickly find it is second nature. I don’t even think about it anymore really. And it helps me have more time to just open my mail client and read those emails I was expecting. Instead of browsing through 75% garbage and risking getting infected. I just delete the garbage on the fly.
So, have fun improving your online security. Well, it’s not really fun – but it helps make things easier for you. You will quickly find that you can identify the garbage and identify real emails (sites, logins, etc).
Feel free to register on the blog and leave a comment, suggestion or other feedback. And please come back to find another blog about how I secured my network / internet connection.
Update: Since 2010 I have moved to 1password, because of continues development, browser integration, and iOS support. Strongly recommended!
Since I’ve moved away from Windows I’ve found myself wanting to be more organized with the way I store important information such as logins to web sites, private web addresses, shell accounts and what not.
In the past I’ve either written it down (with the risk of finding out the o might be an O or a 0, or simply being unable to find the paper, or … finding out that password is now outdated. I’ve also just placed details into plaintext documents. This got spread over the directories on the computer, or even worse, spread over my local area network. A solution had to be found. If not only to get the information organized, but also to improve security.
After trying a few programs that promised a) security and b) autofilling-in forms, and c) have some unique features, I was simply not satisfied with the way they were doing things (or they were too expensive). A simple requirement is a single file encrypted backup, or the ability to create categories for personal, business, shells and web sites, or have unique custom fields so I could have an entry for url or ssh port, aside from just title, login and password. One of my friends Chris (chroder.com) also switched to the Mac and he started to use info.xhead. I gave it a try, despite the lack of motivation at this point. I was pleasantly surprised; it basically has everything I want (without going into detail on this: What I want more is the ability to optionally store a file with an entry).
The last few months I’ve been using it and started to get used to it. It is at a point where when I am not on a system where it’s installed that I really miss it and find myself troubled not having my details with me.
I’ve learned to simply take a few seconds and note down the information for a new blog login, a new shell account, a privacy detail from an email, and such, just to find out I have direct access to it from a central point. I also find out I keep the information up to date and that it is not a hassle finding it (in other words, it doesn’t disrupt my workflow).
The program is created by xheadsoftware.com and has a mac-feel to it. It’s easy to use, looks very clean and flexible, and properly integrates with Spotlight. It’s just $15, so certainly affordable to everybody. Once you open the program you can set it up the way you want to. Easy to manage categories, entries and items. I believe it uses 448 bit encryption method to ensure security. You secure the program with a single password. So if someone gets this very important (central point of information) file with your privacy details they will need a password too in order to get to it. Of course, if you forget that one entry password, you’re basically screwed.
A few additional cool features are .Mac support (so you can easily backup to .Mac and restore on another computer. Which I did for my powerbook) and data import. Other features that won me over is a one-click copy of data fields, and the easy instant search. About the import by the way. I’ve exported my FireFox form-data stored details with an add-on and converted this XML data to a CVS file with a spreadsheet program, and then imported it into info.xhead. It’s very cool, so I did not have to type-over those details or re-add all those details. However, it would have been nice if .xml import was supported.
Anyway, no more little files, little post-its, little entries on the whiteboard, outdated details on other systems, and what not. Just a quick little program to help me many times per day to get to my privacy data (that’s now also secure). Using the built-in password generator I have also improved my security since I am using a lot more unique passwords per login, that are very hard to guess, and are pretty damn long.
I don’t know what it is why having a Mac makes you want to be more organized with even the littlest of things like managing privacy details, but eventually it helped me speed up and smooth out my workflow. And that can’t be a bad thing right?
In a few future blog entries I will tell more about how I secure my system, network, and internet things such as email, ssl and FireFox.
Over the last six months I have spend quite a bit of time and money into updating my home entertainment system and my little office. Changes included upgrading my internet service provider account and purchase new hardware, and most recently replacing a few ugly wooden planks with a new, more shiny, bigger one. And there is more to come.
Let’s just call the computer room the office because it is from this room that I connect to the Internet using a dedicated workstation. And with dedicated I mean a computer system that does not change location, unlike the Powerbook which I move around with. I use the system as a hobby-, work-, and game station. It is nice to have a room like this and as work location where I can sit down and dedicate myself to doing work, and not be distracted by other things- keeping it separate from my living room. And if this office space is something I need to escape from I just pick up the Powerbook and continue what I was doing from my couch, dinner table, balcony or even from bed – or put it in my backpack and visit friends or family and Internet from there, or in their garden, wherever.
About a year ago I was on analogue television from UPC, had analogue phone from KPN and a small consumer broadband account from Chello. The costs were about EUR120 a month, and this did not even include the costs for placing phone calls. The Internet connection was around 2 to 4 megabit down-, and about 512 kilobit upstream. The TV had a limited amount of channels and the phone didn’t include any free services like voice mail or caller id. And I needed to save money to pay for increased bills and because I wanted to purchase new hardware like good speaker set or other computer parts, or just something like a whiteboard for the office. Earlier this year the UPC services changed their policy and offered a more expansive but more realistic broadband and introduced free upgrades to VOIP phone accounts and cheap introductions and upgrades to digital TV, etc. I looked into it and realized that upgrading my accounts actually saves me quite a bit each month. Currently I have a 20 megabit down-, and 2 megabit upstream internet broadband account with no traffic limit. Free VOIP phone account and almost 50% cheaper per minute costs for calling. Oh, and the VOIP has free calls between 19:00 and 07:00. And I now have digital TV with 120+ digital channels. All in one UPC account for EUR80 a month. And the costs for calling is around EUR5 if I make a lot of calls during the daytime. This saves me at least 50 a month. And in return I have better services like a faster Internet connection.
From the money I saved I purchase a few new things. Like a Logitech z-2300 THX certified 2.1 speaker set. Which was intented to be used with the Powerbook and PC, but after trying it out on my digital topset mediabox I am now using it dedicated for my TV system. Hopefully at the end of the year I have some money left over again to buy another set, perhaps investing now in a 5.1 surround system for the computers.
The other week my father helped me rebuild parts of my office. I starting with removing all my hardware and furniture, and cleaning the place up a bit. And we borrowed a big strong drill from the neighbors to drill some holes in the concrete walls where I needed to hang up some paintings, a plank and my new whiteboard. We put the whiteboard up and went to purchase the plank and placed the paintings on the wall again. In the meantime we also worked on repositioning a lamp in the livingroom. My two IKEA tables are back in the office again and the computer systems back in place. The electricity has been taken care off and there are less wires lying around and things like that.
The whiteboard was worth the money, I am using it daily now for planning and todo lists and whatnot. If you haven’t bought one yet, get one now. As great as a pen and paper might be. The whiteboard is easy and within reach. Easy to fix mistakes and helps with writing out an idea using different colored markers without running out of paper. And in the end I use Omnigraphl on the Mac if I need to share the idea and make it look pretty. No – some people might who swear by it, not me.
The next step is to actually clean and fix the PC but before I can do that I have to install a secure program on the Mac where I can collect all my passwords etc for reference. Otherwise if I format the PC and I forget to do that I will have a lot of trouble restoring all my access. I use hard to guess and remember passwords for every different login I have. And I have a big list of software licenses that have been purchased online, things like that. Right now the PC boots again so step 1 has been completed. And the Mac has been set up this week with SVN and Apache2, PHP and MySQL behind a secure setup. And the data from my PC ‘localhost’ have been moved to the Mac’s ‘localhost’. However, this week I won’t have time as I have to work quite a bit for vBulletin and my own web site – and I will not be home as much as I am now in the next few weeks, occupied with other events. The finalizing of the office and PC have to wait until the end of the month, unless I find some time inbetween.
I know, all in all it is not much. But I usually only do things in the house when I feel comfortable with doing them, and when I feel I have the time and motivation to do them. Little steps, improving each time, and eventually it will be like I want it to be. And right now I am quite happy with the improvements and progress.
Plans for the future are getting a new computer system as the current PC is breaking down, and 64 bit 4 quad is around the corner and I need a data storage server, and a media box and a switch to improve internal network speed and have access for when more people come over. But more about that in a future blog entry.
When I am done with the whole little office setup and the PC is fixed and put in place I will take some pictures and put them up.