Security & Privacy

Principle of Least Privilege

HTTPS SSL TLS

Training / Certifications

Privacy Tools

  • privacytools.io provides knowledge and tools to protect your privacy against global mass surveillance.
  • Panopticlick will analyze how well your browser and add-ons protect you against online tracking techniques.
  • IP/DNS Detect – What is your IP, what is your DNS, what information is sent to websites?
  • DNS Leak Test – When using an anonymity or privacy service, it is extremely important that all traffic originating from your computer is routed through the anonymity network. If any traffic leaks outside of the secure connection to the network, any adversary monitoring your traffic will be able to log your activity.
  • DNS Nameserver Spoofability Test: Can you trust your Domain Name Servers?

InfoSec Industry

  • Established to serve as a one stop site for access to the latest resources on information security as well as measures and best practices for the prevention of cyber crimes.

Password Managers

LastPass is a password manager. It helps you be more secure by making it easy to use a different password for every Web site.

  • LastPass uses: AES-256 bit encryption with PBKDF2 SHA-256 and salted hashes to ensure complete security in the cloud.
  • User data is encrypted and decrypted locally at the device level. Data stored in the vault is kept secret, even from LastPass.
  • The user’s master password, and the keys used to locally encrypt and decrypt user data, are never sent to LastPass’ servers, and are never accessible by LastPass.
  • LastPast Configuration
    • On the Login screen: Uncheck “Remember Email”
    • On the Login screen: Uncheck “Show My LastPass Vault After Login”
    • Under: Preferences > General: enable “Automatically Logoff when all browsers are closed for (mins)” and set the time to 1 min
    • Equivalent Domains: These are different domains that belong to the same entity. Also some Web sites my switch to a different domain for authentication.
      • Go to: My Vault > Account Settings > Equivalent Domains
      • Some “Equivalent Domains” to add to LastPass are:
        • comptia.org, certmetrics.com
        • nysed.gov, ny.gov
        • nycboe.net, nycenet.edu
        • apple.com, icloud.com, itunes.com
    • Make sure to:
      1. Export your encrypted LastPass Vault data on a regular basis: Tools > Export To > LastPass Encrypted File
      2. Download and keep a copy of the current LastPast executable. This will allow you access your exported data, if LastPass.com is not available or you don’t have Internet access.
  • SecurityNow! Episode #256: In-depth review and evaluation of LastPass (00:52:28 – 01:53:00). [Show Notes]
  • Review: LastPass password manager (thetechherald.com)
  • LastPass Review & Rating (PCMag.com)
  • Video: Why use LastPass?
  • Wikipedia Article on LastPass
  • Password Haystacks by Steve Gibson
  • Am I An Idiot for Still Using a Password Manager?
  • Five Best Password Managers
  • Busting Password Myths, Paul Ducklin and Chester Wisniewski take a look at the thorny issue of password rules and regulations.
  • How to choose a strong password – simple tips for better security
  • Random Word Generator
    • Using passphrases of 3 or more random words have proven to be more secure that random characters, as long as they’re long enough.

uBlock Origin

Disconnect

NoScript

  • NoScript Firefox extension provides extra protection for Firefox, Flock, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank), and provides the most powerful Anti-Cross-site scripting (XSS) protection available in a browser.
  • As NoScript requires user interaction to train it, you may want to do the following:
    1. Install uBlock Origin
    2. Install NoScript
    3. Go into Add-ons Manager > Extensions
    4. Disable NoScript, but, choose “No, just stop blocking scripts” when you see the Security Downgrade Warning.

Leave a Comment