Drone with RPG-7 anti-tank grenade attached used by IS to target Syrian regime forces. This one was a dud. pic.twitter.com/nhgmr8oVlI— Beyond The Levant (@BeyondTheLevant) December 10, 2016
Saturday, December 10, 2016
Somehow I Don't Think That Drone Has Been Registered With The FAA - ¯\_(ツ)_/¯
Check Out This Old School Intelligence Community Surveillance Detection Video
Note: Dude, again, I am not an intel dude. NOT my lane.
A few days ago, I wrote an article about how political parties could deal with a hostile foreign intelligence service actively targeting them for exploitation. One of the techniques I recommended revolved around avoiding physical surveillance. The video below goes into a lot of detail regarding surveillance detection routes. It appears to have been a declassified intelligence community video from the 1970s(?). This is for purely entertainment purposes. If you think you need to add this to your repertoire, then I suggest doing two things:
- Hire a professional to teach you. A video is no substitute for actual training. That said, the materials in this are dated and I would imagine any serious surveillance would have a suitable counter to any SDR. However; this sets a nice introduction into the topic.
- If you need this and you're going against any significant intelligence threat, you might be already screwed. Seriously.
Resource
This guy seems to know a lot more than I do on this stuff.
I Got Two-Factor Authentication For Days - 12 To Be Exact
Note: I am not a cyber or infosec dude. Never have been. Never will be probably. It's not my lane. That said, I try my best to find good advice in these lanes and share them when possible. Your mileage will certainly vary.
So the Electronic Frontier Foundation (EFF) is having a "12 Days of 2FA" thing starting December 8. I may not agree with the EFF on some things but they're advocacy for a more private and secure Internet is something I am all for. Making folks more aware of the benefits and techniques necessary to enable two-factor authentication is awesome in my book. I'm not a tech dude but I will tell you a little about two-factor and why you should do it on EVERY SINGLE FREAKING ACCOUNT YOU HAVE THAT ALLOWS FOR 2FA.
Definition
- The EFF has this to say:
- Relying on more than a password to secure online accounts is so important because passwords are relatively easy to steal or compromise. Passwords can be vulnerable to eavesdroppers on cafe and airplane wifi, to tech company data breaches, and to phishing attacks. Add in a second factor, though, and an attacker needs more than just your password to access your accounts.
- That second factor can take several forms, including:
- A one-time verification code sent to you via SMS text message
- A time-based one-time password (TOTP) generated by a dedicated app, like Google Authenticator and Authy
- A download-able, print-able, hard-copy backup code
- A hardware token, like a Yubikey
The Benefits
- If passwords are compromised in a breach, there's an additional layer of defense for the attackers to overcome.
- It nullifies a lot of brute force attacks. Even if you "guess" the right password, you still have to overcome 2FA.
Final Word of Advice
- Having 2FA is NOT an excuse for a crappy password or for password reuse. Let's be clear - we all have passwords we've reused. That doesn't mean we should. In fact, we should remedy that as soon as possible.
- Get a password manager
- Register with sites that allow for
- Lots of characters in passwords
- Take security seriously (bug bounties, HTTPS, limited account enumeration, etc.)
- Monitor your logins
- Most major sites will show the IP of your last login. Monitor this regularly to ensure your credentials haven't been compromised.
GREAT FREAKING RESOURCE
Subscribe to:
Posts (Atom)