Operations Security

I have been asked a lot of times questions that fall under the general topic of OPSECΒ . I have been using some practices quite some time that work well, so I’ll be talking about them. Β Some tools will be referenced, some not. Just bear with me.

Everything falling under security is pretty much power redistribution thus it must be treated that way. Because of the ability to redistribute power you need two things, knowledge and responsibility.

How to protect personal data?Β 

I could write a phd about the subject but a few quick tips. ENCRYPT, ENCRYPT, ENCRYPT SOME MORE.Β Do you have a few files to encrypt only? My guess is not. If you want to be totally protected encrypt your whole HDD/SDD/USB stick, whatever. Encrypting some files is cool etc but your OS logs everything you do. An Archaelogist (Forensics guys) can read the logs and get your ass busted. ENCRYPT your OS.

What happens if the feds raid my house? If you are using your encrypted OS, your password is stored in the RAM somewhere. A complete memdump will give away your pass, a hash of it or some clues. Usually people don’t want this to happen. An easy workaround is to create two encrypted OSs. The first is the dummy, the second is your main OS. In such a case, boot the dummy ;). They will dump a key that will be of no use πŸ˜‰ Btw I made an assumption here, you know which cryptosystems are secure and which are not. If this is not the case, well, you better start digging.

How to protect my communications?

I am a happy ownerI used to be the happy owner of a smartphone until the company pushed a crappy update that drains my battery faster than I can imagine. Anyway, as such I use my phone to check my mails. Every now and then I deal with 0days or I transfer money from my bank account etc. As such I have to make sure that there’s no eavesdropper around, same thing applies for my laptop. How do I do this? I’ve set up an SSH in my home. Every time I connect to the internetz I hide my ass behind my SSH which is connected through a trusted VPN which leads to TOR nodes. Ok, that’s too much security but even if something fails I have another options ;). If I can’t use my tunnels I use publicly available one. You better start doing the same.

Assume now that you are in a public cafe. What do you do if you want to fuck with eavesdroppers? Easy. Grap a USB wifi adapter. Script it so that it frequently changes SSID and information. It’ll take some time for the eavesdropper to figure what’s going on πŸ˜›

Physical Protection 101

This was a part of a conversation I had with a scene whore. How do you protect your laptop from physical attacks? It’s called two factor authentication and it works, something the user has (usb stick for example), something the user knows (password). If your laptop supports fingerscanning then you can extend the authentication to something the user is (fingerprint πŸ˜‰ ).

You leave your pc without locking your screen? Take the usb stick with you and the pc is locked. Advancing this scheme, lock everything your bios allows you to lock so that the PC boots only from a certain HDD. There is an attack there but the attacker must have physical access to your PC, know how to dissassemble it etc (CMOS battery removed πŸ˜› ). Another option if you hate usb sticks is pinging your phone. If your phone is not near, PC is locked etc.

I lost my PC/Smartphone etc. Now what? Shit happens and assuming you didn’t do anything of the above or you did but it was bypassed, you can always track your pc/smartphone etc πŸ˜‰ There are tons of free software out there that do that for you and they allow you to delete data, make noises, photograph the thief etc.

Have fun.

iz out

Leave a Reply

Your email address will not be published. Required fields are marked *