I Got Two-Factor Authentication For Days - 12 To Be Exact

Note: I am not a cyber or infosec dude. Never have been. Never will be probably. It's not my lane. That said, I try my best to find good advice in these lanes and share them when possible. Your mileage will certainly vary.

So the Electronic Frontier Foundation (EFF) is having a "12 Days of 2FA" thing starting December 8. I may not agree with the EFF on some things but they're advocacy for a more private and secure Internet is something I am all for. Making folks more aware of the benefits and techniques necessary to enable two-factor authentication is awesome in my book. I'm not a tech dude but I will tell you a little about two-factor and why you should do it on EVERY SINGLE FREAKING ACCOUNT YOU HAVE THAT ALLOWS FOR 2FA.

Definition

• The EFF has this to say:
• Relying on more than a password to secure online accounts is so important because passwords are relatively easy to steal or compromise. Passwords can be vulnerable to eavesdroppers on cafe and airplane wifi, to tech company data breaches, and to phishing attacks. Add in a second factor, though, and an attacker needs more than just your password to access your accounts.
• That second factor can take several forms, including: 
• A one-time verification code sent to you via SMS text message 
• A time-based one-time password (TOTP) generated by a dedicated app, like Google Authenticator and Authy
• A download-able, print-able, hard-copy backup code
• A hardware token, like a Yubikey

The Benefits

• If passwords are compromised in a breach, there's an additional layer of defense for the attackers to overcome.
• It nullifies a lot of brute force attacks. Even if you "guess" the right password, you still have to overcome 2FA.

Final Word of Advice

• Having 2FA is NOT an excuse for a crappy password or for password reuse. Let's be clear - we all have passwords we've reused. That doesn't mean we should. In fact, we should remedy that as soon as possible.
• Get a password manager
• Register with sites that allow for
• Lots of characters in passwords
• Take security seriously (bug bounties, HTTPS, limited account enumeration, etc.)
• Monitor your logins
• Most major sites will show the IP of your last login. Monitor this regularly to ensure your credentials haven't been compromised.

GREAT FREAKING RESOURCE

• https://twofactorauth.org/

INFOGRAPHIC: The Cybercriminal Underground

TrendLabs, a leading information security firm, published this really awesome infographic about the cybercriminal underworld. It's certainly worth a look.

                                                    (click to enlarge)

HOW-TO: Make Your Own Faraday Cage

Unbeknownst to many outside the security arena, mobile devices are nothing more than really cool listening devices. In my first few blog posts, many moons ago, we covered how hackers could exploit vulnerabilities inherent with Bluetooth to take control of your phone's microphone.  There is also speculation and evidence that it is now possible to turn both the camera (front and rear) and the microphone to get full video. With GPS, if a hacker gains electronic access to your phone, you have a device even the KGB would envy.  As a security professional, there are times when you need to have conversations without having to worry about eavesdropping.  Standard procedure in most high-security areas is to immediately surrender your phone, in order to prevent electronic eavesdropping.  Devices are then placed in a container to ensure no data is transmitted received to or from the device.  This container is known as a faraday cage.  It blocks the transmission and reception of all electronic devices as well as acts as a shield against electromagnetic pulse attacks.  There are several places you can go online that have faraday bags.  However, I found an article that walks you through constructing your own faraday cage for $15.

Here’s How to Build Your Own with About $15

Supplies

This is probably my most simple DIY project to date. All you need is an aluminum garbage can with a nice and snug lid along with a cardboard box.

Step One: Cut the Cardboard

From the bottom flaps to about the middle of the box you’re going to want to cut some slots about 8 inches wide. This just makes it so that the cardboard can conform easier to the shape of your can.

Step Two: Insulate Can with Box

You’re going to make a tube with your cardboard and slide it into the can. Go ahead and press against the edges of the can to make sure it’s right up against it. That way you have more room inside.

Step Three: Make & Place the Base Insulation

By tracing the bottom of the can on some extra cardboard, you’re going to cut out a circle that will fit in the bottom of your insulation. Then just push it down inside your can. You want this to be a tight fit.

Step Four: Tape the Insulation 

Tape in the creases where the base meets the sides of the insulation. Also tape along the cuts you made in the cardboard. Whatever you put inside of this cannot be touching the metal can – only the cardboard insulation. Taping these weak spots just ensures nothing gets past the cardboard to touch the metal.

Step Five: Trim the Excess

Just go around the edge of your can with a box cutter to cut off the excess cardboard insulation sticking out of the top.

Step Six: Put On Your Lid

Once you’ve put in all of your radios and other gadgets, you’ll just fit on your lid nice and tight.

There are many, many different designs and concepts for homemade faraday cages. This is just one of them. If you happen to find a design that calls for the use of wire mesh instead of solid metal, be sure to get some with the smallest holes you can find. Remember, you want the openings smaller than the electronic waves that will damage your stuff.

Read more: http://saltnprepper.com/faraday-cage/#ixzz2JitUSUi1