(C) Daily Kos This story was originally published by Daily Kos and is unaltered. . . . . . . . . . . Basic computer security [1] ['This Content Is Not Subject To Review Daily Kos Staff Prior To Publication.'] Date: 2023-12-10 A few days ago, I posted about a newly revealed computer security vulnerability, and the comments made it clear that I should have provided more context about computer security concepts. I’m not an expert, so I’ll try to keep this short and point you to where you can get more information. Please recommend better resources in the comments if you know of any. The basic facts of computer security: 1. Everyone is a target 2. Simple habits can mitigate most risks, without in-depth technical knowledge or special equipment. A good starting point for tips to protect yourself can be found at the UC Bekerely Information Security Office. While thinking about computer security, the main question you need to ask yourself is “Who do you trust to have access to your computer?” A big part of computer security (and information security more generally) is being aware of scams. The consequences of getting scammed is increased by the presence of these all-purpose information-handling machines in our homes and offices. You don’t need a deep understanding of the machine in order to avoid being scammed. However, if you want to use your computer to it’s full potential (for instance, by installing or removing software), it’s good to have a basic understanding of computers so that you can judge what software is essential and how much access you are providing to the people whose software you are running. How computers work, and security considerations: Why and how your computers would be attacked? Many people neglect information security, thinking “I’m nobody important” and “I have nothing embarrassing to hide”. But just like with your physical security, the only thing that matters is that someone else might want something you have or consider you an obstacle to their goals. There are several types of attacks that could target our computers, which could be driven by a variety of motivations: Break your computer: The simplest goal of an attacker would be to prevent you from using your computer. This could be nothing more than a prank by some vandal, or you could be targeted because the attacker hates you for any number of reasons. A more sophisticated attack may be paired to a ransom note, claiming that the attacker can undo the damage if you pay up. Take over the computer: Some attackers will try to take over one computer as part of a bigger scheme targeting a third party. They may want it as a zombie for their BotNet, or they may be trying to cover their tracks as they probe a more valuable computer’s security features. Impersonation — Identity theft. By obtaining formal credentials like passwords, attackers can impersonate you to organizations that use those credentials and enable subsequent attacks. Look into 2-factor authentication to make this more difficult. Impersonation — Social/computer network infiltration. We all have connections to influential people, sometimes directly, sometimes indirectly as ‘friends of friends’. An attacker who is targeting that influential person (or a valuable computer) often starts by attacking a person on the fringe of the target’s social network, or a computer within the same computer network. This strategy was used by the PRC to spy on the Dali Lama. The more they know about a person, the more easily they can impersonate or trick that person. Information gathering: Sometimes the goal is passive information gathering — particularly industrial espionage to learn business plans or obtain technology documents. Blackmail/defamation: The most high-profile computer security breaches involve attempts at blackmail and or defamation, the DNC Hack being a well known example. This attack does not require that you actually have dirty secrets that can be revealed — lies can be made more believable by embedding them in a shell of true facts. Traditionally, we were concerned with criminals, but nation-states have ever increasing capability and willingness to deploy these attacks. The newest threat is that powerful people in the USA are scheming to establish a dictatorship. Imagine the damage that could be done by a script-kiddie version of the Proud Boys, 100 times larger than Anonymous, egged on by major politicians, powered by machine learning, and possibly supported by a billionaire and rogue members of law enforcement agencies. Additional resources: PBS Digital Studios video crash course in computer science. From Mark Rober’s channel, there’s an amusing video about how he teamed up with Jim Browning and Trilogy Media to retaliate against an international phone scammer network. The “Reply All” podcast had likewise investigated call-center scammers. The Darknet Diaries podcast tells stories about computer security breaches. Cybersecurity Game for kids from Nova Labs Hacking for Lawyers: Course materials (including video lectures) from a hands-on class teaching lawyers the basics of computer hacking. Find information security professionals on the Fediverse: Mastodon accounts (Google doc where people added themselves) Infosec.Pub — a Lemmy discussion board (similar format to Reddit) Internet Privacy resources: Privacy is related to security, but more difficult to achieve: Thoughts on password management. Parting thought: You can't click a phishing link if you never check your email. [END] --- [1] Url: https://www.dailykos.com/stories/2023/12/10/2210401/-Basic-computer-security?pm_campaign=front_page&pm_source=trending&pm_medium=web Published and (C) by Daily Kos Content appears here under this condition or license: Site content may be used for any purpose without permission unless otherwise specified. via Magical.Fish Gopher News Feeds: gopher://magical.fish/1/feeds/news/dailykos/