FlyerTalk Forums - View Single Post - TSA Keeping Us Safe From Hackers
Thread: TSA Keeping Us Safe From Hackers
View Single Post
Old Dec 22, 2016 | 8:01 am
  #2  
dsdwe234sfd23
 
Join Date: Sep 2016
Posts: 45
My list for family
Skimmed that TSA article. Meh.

1) Stay patched. If your OS isn't being patched, complain to the vendor IN WRITING and get a newer device that does get patched. Also, complain to your representatives. Any OS provided to the general public needs 5 yrs of support.

2) When online with any network away from home or work, use a paid VPN. Period. This applies especially in airports, hotels, libraries, cafes, restaurants where you don't know the networking. If you are technology savvy, run your own VPN, just don't use PPTP. Stay with IPSec or L2TP or OpenVPN. This applies to commercial VPN providers which seem to default to the highly-cracked PPTP.

3) Encrypt all portable devices. Laptops, smartphones, netbooks. WHEN these devices are stolen or lost, you'll thank me. Use whole-drive-encryption with a 2FA device.

4) Backup everything you consider important. That should be everything, but some people might be willing to just backup data and settings.

5) Use long, random, passwords. Nothing is more important than length (20+ characters) and being random. Never use dates, words, names, places, l33t-sp34k.

6) Never reuse passwords. Basically, use a password manager to ensure all online accounts are using different, long, random, passwords. If you never have to type the password, why not use 50+, random, characters?

7) Have different email addresses for home, financial (banks/broker), and business uses. That is at least 3. Having a separate 1 for social networks would be smart too. Being able to read/send email with an account means all passwords can be reset.

Advanced stuff:
* Use two-factor authentication, but not SMS/phone as the 2nd factor. SMS is spoof-able.
* A chromebook is probably the most secure OS available today. It is possible to run ChromeOS without using anything from google, BTW.
* Replace the smartphone OS with an aftermarket OS that is maintained and patched for older devices not being supported by the vendor anymore. I'm looking at all the Samsung, Nexus devices specifically, which loose support 2-3 yrs after purchase.
* Watch out for cheap smart-phones. Many (most?) of these have pre-installed spyware capturing location, userids, contacts, passwords, web-browsing, etc.
* Run internet connected programs inside a sandbox or VM. firejail is handy for this, but there are other methods.
* For this crowd specifically, take steps to combat the "evil maid attack" against your encrypted devices.
* Always have a 2nd OS on netbooks/laptops to boot and show airport security people. It should only have enough OS to get online and use a web browser. Something like TinyCore would be sufficient. 1G storage needed at most, but 200MB would be enough.

Did I mention staying patched, using long, random, passwords, and having versioned backups? Those 3 things are the most important of all of them.
Last edited by dsdwe234sfd23; Dec 22, 2016 at 8:28 am
dsdwe234sfd23 is offline  
Reply