Posted on

Q: Does it matter what VPN I use?

Q: DOES IT MATTER WHAT VPN I USE?

A: It is a critical decision which you use.

The reason one uses a VPN is the privacy of one’s internet communications and activities. Choosing the wrong one could expose all of this to the VPN provider, and then to others who will pay for the info.

In addition, some are much faster than others.

Choose wisely grasshopper.

Currently, my personal preference is perfect-privacy.com. Located in Switzerland (government-supported extreme security), they don’t keep logs, allows all of your devices to be on VPN, and they use the latest VPN protocol IKEv2.

Posted on

Q: Someone is trying to hack into my account. I’m getting Google notifications all day long. What can I do?

Q: SOMEONE IS TRYING TO HACK INTO MY ACCOUNT. I’M GETTING GOOGLE NOTIFICATIONS ALL DAY LONG. WHAT CAN I DO?

A: First, any password can be broken, garnered, or stolen. It’s just a matter how determined the criminal is and what resources are available to them.

US-CERT (one of the primary groups designated to figure this stuff out for the government) recommends a minimum 15 character password for administrative accounts, and a minimum of 8 for non-admin accounts.

Functionally, isn’t your data every bit as important to you as an admins is to them? This is why I recommend the minimum of 15 for everyone.

Next, implement Google two-factor authentication. This will block the criminal even if they gain your password.

At that point, let them try all they want, it’s not gonna happen.

Posted on

Q: Is there any possibility of tracking Tor Browser?

Q: IS THERE ANY POSSIBILITY OF TRACKING TOR BROWSER?

A: Absolutely, and it is done by our own, and most likely other governments. There have been several high-level arrests made for both drug sales and child porn by tracking and identifying individuals through the tor network.

Can an individual do the same? Yes, if they have the resources to set up a large network of tor nodes.

Posted on

Q: How do you make your Facebook profile hack-proof?

Q: HOW DO YOU MAKE YOUR FACEBOOK PROFILE HACK-PROOF?

A: It’s really quite simple – and Facebook provides all of the tools to do so in under 30 minutes. Just log in to Facebook, and head on over to Log into Facebook | Facebook.

The most important issues are:

  • Strong password. US-CERT (one of the two Federal groups who is tasked with IT best practices) recommends a minimum of 15 characters. There really isn’t a need for complexity, such as using upper, lower, numbers, and special characters (although that does help). Length is the important factor.
  • Enable Two-Factor Authentication. In the event someone does find your password, this makes it impossible for them to log in without the code sent to your phone

The rest of the security settings are primarily about limiting what others can discover about you.

https://www.quora.com/How-do-you-make-your-Facebook-profile-hack-proof/answer/Marc-Mintz-4

Posted on

Q: Why do some VPN providers request that you disable the firewall to use VPN?

Q: WHY DO SOME VPN PROVIDERS REQUEST THAT YOU DISABLE THE FIREWALL TO USE VPN? HOW SAFE IS IT TO DISABLE THE FIREWALL WHILE ON VPN?

A: To be blunt, because they have either improperly developed their software, or there is some shady business going on.

Your Firewall is a first-line defense for cybersecurity. Do not turn it off. I’ve never worked with a quality VPN provider that required this. Currently, my personal favorite is perfect-privacy.com. This is because they allow all of your devices to be on VPN (not just a few), provide excellent step-by-step setup instructions, and they are among the few VPN providers that are using the most current standard – IKEv2. I find this to be superior to any of the other VPN protocols available.

Posted on

Q: What are the possible security risks when implementing file synchronization?

Q: WHAT ARE THE POSSIBLE SECURITY RISKS WHEN IMPLEMENTING FILE SYNCHRONIZATION?

A: In addition to all of the security risks present for any mobile device, computer, and server, there are a few other issues to be watchful of:

  • All data must be encrypted during transfer.

  • All data must be encrypted at rest (in storage).

  • Devices at both points need to be secure from physical access.

  • Any computers and Mobile devices involved in the synchronization must have full disk encryption, quality antivirus which is kept up-to-date, users logging in with non-admin accounts, and application whitelisting to prevent malicious apps.

If you are looking at file synchronization with a cloud service, I’m fond of Google G-Suite for Business. They meet and exceed any security requirements, even for HIPAA and SEC, with a price-point that is highly competitive.

https://www.quora.com/What-are-possible-security-risks-when-implementing-file-synchronization/answer/Marc-Mintz-4

Posted on

RIP AOL IM. Time To Rethink Communications

encrypted communications

RIP AOL IM. TIME TO RETHINK COMMUNICATIONS

AOL announced today they are putting AOL Instant Messenger to rest on December 15, 2017. AOL IM had a great 20-year run. Although it started the genre, it never worked at keeping current with technology. Now that Verizon has acquired AOL/Yahoo, it is no longer seen as a viable product.

Which gives us a perfect opportunity to rethink our communications–be it instant messaging, voice, email, or video calling.

There are hundreds of communications tools available, each attempting to carve out their unique niche. As our communications often contain private or sensitive information, each of us should be aware of the security pros and cons of the communication option we are using.

In the case of almost all SMS, texting, or instant message apps, there is no privacy to the communication. Not only does the cellular provider see and record all messages, but the app developer may have access. And since there is poor or no encryption, criminals, government, business competitors, and the neighborhood cranks may all be listening.

There are a handful of apps that do provide necessary military-grade, point-to-point encryption. Our current favorite is Wire (https://www.wire.com).  The Wire solution offers everything that I look for:

  • Easy setup
  • Military-grade encryption
  • Point-to-point encryption (no cellular or internet provider in the middle)
  • Cross-platform (Android, iOS, macOS, Windows, and web browser)
  • Free
  • Automatic self-destruction of messages
  • Pull-back messages
  • Group messages

In addition, Wire also provides:

  • Encrypted voice calling
  • Encrypted video calling

No matter which instant messaging service you are currently using, I recommend trying Wire for the highest level of security and privacy for your communications.

Posted on

Cyber Security Awareness Month Celebration

THE PRACTICAL PARANOID CELEBRATES CYBER SECURITY AWARENESS MONTH

Our good friends at the Department of Homeland Security have declared October to be Cyber Security Awareness Month. In celebration of the festive occasion, TPP is offering 40% discount off all Practical Paranoia Security Essentials (PPSE) Live! book versions through October.

For four years PPSE books have been the #1 best-selling, easiest, most comprehensive guides for high school and college cybersecurity courses, as well as DIY for home and business systems.

Written with the non-technical computer and mobile-device user in mind, but covering the detail needed by the IT professional, each book (Android, iOS, macOS, and Windows) takes the user by the hand with illustrated step-by-step instructions on how to secure every aspect of their device.

TPP stands behind every book with a 100% satisfaction guarantee!

Order your Live! edition now for 40% discount. 

PPSE are available in paperback from all fine booksellers,
kindle format from Amazon,
and Live! from TPP.

Practical Paranoia Security Essentials #1 Four Years Running
Posted on

Q: What Should I Do With My Hacked Gmail Account?

Google

Q: WHAT SHOULD I DO WITH MY HACKED GMAIL ACCOUNT?

A:

  1. Change your password to a strong password (minimum 15 characters).
  2. Do not use this password for anything else.
  3. Enable Google 2-Factor Authentication.
  4. Done.

All information that has been harvested from your account is water under the bridge. You may need to do some damage control, such as changing all of your passwords.

Original post: https://www.quora.com/What-should-I-do-with-my-hacked-Gmail-account/answer/Marc-Mintz-4

Posted on

Practical Paranoia macOS 10.13 Update: Encrypt Documents for Cross-Platform Use With Zip

Cybersecurity is everyones business

PRACTICAL PARANOIA MACOS 10.13 UPDATE: ENCRYPT FOLDERS AND FILES FOR CROSS-PLATFORM USE WITH ZIP

Practical Paranoia macOS 10.13 Security Essentials has just released an update to chapter 17 Documents. The updated section is Encrypt Folders and Files for Cross-Platform Use With Zip.

macOS and Mac OS X have long included the ability to compress, archive, and encrypt documents folders in zip format. macOS 10.13 has removed the ability to encrypt these items in AES 256. As AES 256 is the gold-standard of encryption, we can’t just sit by and do nothing!

The section has been updated, removing the command-line instructions to encrypt zip, replacing it with using a free, drag-and-drop utility called Keka. Keka provides the easiest (and did I mention free) way to encrypt your documents and folders to military-grade standards. And since zip is an industry standard, your encrypted items may be used on Android, iOS, Windows, and macOS.

The updated chapter may be downloaded here.

Practical Paranoia macOS Security Essentials Quick Look

Purchase Practical Paranoia macOS Security Essentials Kindle, Paperback, and Live!

Posted on

Q: Is there a way to collaborate encrypted documents using iPhone or Android?

Q: IS THERE A SIMPLE PROGRAM OR WEBSITE THAT WILL ALLOW ME TO COLLABORATE ENCRYPTED DOCUMENTS WITH OTHERS THAT ARE USING IPHONE OR ANDROID?

A: Sure. Google drive with google doc files. Encrypted in transit and at rest.

Original post: https://www.quora.com/Is-there-a-simple-program-or-website-that-will-allow-me-to-collaborate-encrypted-documents-with-others-that-are-using-iPhone-or-Android/answer/Marc-Mintz-4

Posted on

Q: Are all iCloud email addresses safe for important emails?

Q: ARE ALL ICLOUD EMAIL ADDRESSES SAFE FOR IMPORTANT EMAILS?

A: Apple email sends and receives using encrypted protocols. However, you have no certainty if encryption is present from the point between Apple and the other person. Because of this, you cannot consider Apple email secure. The same is true for almost every other email service.

Therefore, with very few exceptions all email is insecure.

The solution is to encrypt your email end to end. There are several options to do this, the most common being: PGP/GPG, S/MIME, and now Virtru.

You could also use an email provider that is built from the ground up for security. One of the better is protonmail.com.

Original post: https://www.quora.com/Are-all-iCloud-email-addresses-safe-for-important-emails/answer/Marc-Mintz-4

Posted on

Q: Which argument can I give someone who doesn’t care if the NSA violates privacy, by saying “I don’t have anything to hide”?

Q: WHICH ARGUMENT CAN I GIVE SOMEONE WHO DOESN’T CARE IF MICROSOFT, THE NSA, OR WHOEVER, VIOLATES PRIVACY, BY SAYING “I DON’T HAVE ANYTHING TO HIDE”?

A: Ask them for their bank account credentials, and their email password. Then ask if you can have possession of their phone for a day/week/month.

They have nothing to hide, so why the concern for you to have this information.

It’s not about having nothing to hide. It’s about security and privacy.

Original post: https://www.quora.com/Which-argument-can-I-give-someone-who-doesn%E2%80%99t-care-if-Microsoft-the-NSA-or-whoever-violates-privacy-by-saying-%E2%80%9CI-don%E2%80%99t-have-anything-to-hide%E2%80%9D/answer/Marc-Mintz-4

Posted on

Q: Can someone make calls from my iPhone remotely?

Q: CAN SOMEONE MAKE CALLS FROM MY IPHONE REMOTELY?

A: “Can” they do it? I’m sure it can be done. “Have” they (or anyone) done it to iPhone? I haven’t seen any documented instance.

It is far more likely that someone has spoofed your phone number – calling someone while making it look like the call came from your phone number. This is a trivial task to do.

Original post: https://www.quora.com/Can-someone-make-calls-from-my-iPhone-6-remotely/answer/Marc-Mintz-4

Posted on

Q: Is your email address searchable on LinkedIn?

Q: IS YOUR EMAIL ADDRESS SEARCHABLE ON LINKEDIN?

A: If you are asking if in my case is it searchable, yes it is. My LinkedIn account is business only. No personal info that wouldn’t be quickly found with an internet search.

If you are asking a general question, this is a preference setting within LinkedIn. You have the option to turn this off.

LinkedIn, Google, Facebook – all social media – exists for one reason, and one reason only. That is to monetize information about you. You are the product. These services typically know far more about you than your spouse or mother.

And each now offers ways to stop or at least limit the information that can be harvested. Within their preference settings, you may configure how your information is shared and accessed. In the case of internet searches, I strongly recommend using DuckDuckGo.com (which can be made the default search engine for most browsers).

Posted on

Q: How can a consumer prevent Equifax from capturing their personal information?

Q: HOW CAN A CONSUMER PREVENT EQUIFAX FROM CAPTURING THEIR PERSONAL INFORMATION?

A. The simple answer is, you don’t. This is the nature of cybersecurity, advertising, and digital life.

What you can do is to ensure that your own house is in order. This includes:

  • Validating your bank accounts, credit card statements, and other financials monthly.
  • Checking your 3 major credit reports monthly.
    • If there is anything incorrect, immediately submit correction paperwork.
  • Freeze your credit.
  • Ensure that your own computer storage and backup are strongly encrypted.
  • Ensure you are using secure email.
  • Ensure your home/business network is secure (this may take an IT security consultant to verify)
  • Ensure your phone is secure.
  • Use only strong passwords – a minimum of 15 characters, with a mix of uppercase, lowercase, numeric, and special characters. Complexity is not important – length is.
  • Never share your passwords.
Posted on

Q: Can simply clicking a website give you a virus or malware?

Q: CAN SIMPLY CLICKING A WEBSITE GIVE YOU A VIRUS OR MALWARE?

Absolutely. I see it almost every day.

I recommend the following to help shield your system and yourself from malicious sites:

  • Install only vital browser extensions. Beware of any extension.
  • Install trafficlight from Bitdefender extension in your browsers
  • Only log in to your computer with a non-admin account (Standard/Normal or Child/Parental Control account).
  • Do not install Adobe flash or java.
  • Use a different password for each site.
  • All passwords should be “strong” (minimum 15 characters)

Original post: https://www.quora.com/Can-simply-clicking-a-website-give-you-a-virus-or-malware/answer/Marc-Mintz-4

Posted on

Are You Ready for iOS 11?

ARE YOU READY FOR IOS 11?

iOS 11 has just been released. Are you and your company prepared to secure your device, data, network, and identity when it arrives on your iPhones and iPads?

Practical Paranoia iOS 11 Security Essentials is the go-to guide to fully securing the home and business mobile devices. Written for the non-technical user, while covering everything expected of the IT professional. We have eliminated all of the technobabble, and included easy, step-by-step illustrated guides for every area of security for your device.

Available now in paperbackKindle, and our new Live! Online editions.

Download QuickLook.

Practical Paranoia iOS 11