2017 version - Computer Security

Discussions on technology and its application and implications in divorce

2017 version - Computer Security

Unread postby spritom » Mon Apr 10, 2017 1:41 pm

Computer OPSEC – Operational Security
The method of protecting your internal workings, drafts, thought-processes so they aren’t used against you.

True, the safest is not to use a computer (plus remember security of your papers), but in today's world, computers are a common reality.

Image

Why is NJ’s Tech Know-How at Zero?
I’ve seen it a number of times, NJ gives some sob-story to some coworker or friend. This person (or their brother or their boyfriend) is a tech-geek. The tech-geek may be on NJ’s side or maybe they were lied to about you. Maybe the computer/USB drive is taking to a computer store to work on “recovering” lost information. Either way, the tech geek needs only about 5-40 minutes to physically access the computer to do any of:
  • • Set up a keylogger that you wouldn’t see
    • o Keylogger’s are nasty little pieces of hidden software. It can log every one of your keystrokes, take screenshots every second or minute or whatever, and also record every one of your mouse-clicks. It is a little bit of an art-form to install one, but if a tech-geek gets one installed well, it’s possibly you would never know one is installed.
  • • Copy your USB drive
  • • Copy your entire hard drive
  • • Your USB hard drive is returned to its spot (unless they just steal it) and they have all the info. Plus if you’re saving your passwords in your browser, some browsers (like Firefox) can show those passwords to them. And since many people typically use the same basic password for most all their logins, your password to an innocent site might be enough for the tech-geek to be able to log into your private stuff, Gmail, banking, etc.

Solutions:
  • 1) Using a different computer away from home is about the best option. It slows you down as you can’t do your stuff as often/speedily.
  • 2) The “Bootable Live Operating System” plus Encryption is the next most secure if you have to use a computer inside the same house.
  • 3) https://www.youtube.com/watch?v=YIhYitXwJfE
  • 4) This uses the computer CPU, but not it’s hard drive (so any keyloggers on that computer won’t be running). You’re using the USB drive as your hard drive and running your own operating system off of the USB drive itself. Just remember to keep the USB drive with you at all times

Remedies:
If you’ve been using a computer in the house and you think you might have been compromised (or the info is on the computer and could be compromised later)
  • 1) Clean
    • a. Download a copy of ATFCleaner and run it
      • i. Click “Select All” and then click “Empty Selected”
    • b. Uninstall your current antivirus/malware software
      • i. Download and install a new copy of a different brand of antivirus/malware software
      • ii. Such as ZoneAlarm, AVG, Avast are some fair free versions. If the software also includes a “firewall” then that’s even better.
      • iii. The reason for this is that a keylogger needs to be “fitted” with some exceptions to the security software on the computer and by uninstalling the current security software and installing a different one, any keyloggers on the system would get caught
    • c. Run ATFCleaner again
    • d. Download a free version of Malwarebytes AntiMalware – Install it (uncheck the “Premium” option)
      • i. Run Malwarebytes, let it update, and do a full scan (20-30 minutes) Let it clean anything it flags
      • Uninstall Malwarebytes so somebody else doesn't know that you might be on to them
  • 2) Reset your browsers back to factory specs
  • 3) Passwords
    • a. From a safe computer (preferably one away from home), reset all your passwords to a completely new password.
  • 4) Online Security Questions
    • a. Redo your Security Questions for important web sites (your own bank account, etc.). Since your NJ probably knows your high school mascot, the name of your first pet, etc. then:
    • b. Make up a fictional first pet, high school, mother’s maiden name
    • c. Don’t forget what fictional names you made up for those security questions
    • d. Since your NJ will always know that information, get used to the idea of using your fictional Security Question Answers
  • 5) If you start using the house computer again, you’ll fall into the same risks again of your computer footprints being left behind. These remedies are to just clean your stuff off the computer then try to use one of the choices from the Solutions list.
New to all this? Read The List
TAC (The Acronym List)
Short-short version of what to do

跟猴子比丟屎
User avatar
spritom
Moderator Emeritus
 
Posts: 3196
Joined: Mon Oct 17, 2005 9:28 pm
Location: US

Re: 2017 version - Computer Security

Unread postby Havalu7 » Thu Apr 13, 2017 9:53 am

Wow good stuff spritom!
”No.” is a complete sentence.

Do not move out of your house.
User avatar
Havalu7
1K+ Posts
 
Posts: 1672
Joined: Wed Jan 27, 2016 10:43 am

Re: 2017 version - Computer Security

Unread postby HaltAndCatchFire » Sat Apr 15, 2017 2:19 pm

Great info. Building on top of it:

  • Enable a login password for your computer.
  • Configure your operating system to not auto-run executables from USB drives.
Those two steps when combined with encrypted filesystems keep any would be miscreants from installing a key logger.

Also, your smart phone is a computer and you should apply the same level of protection to it that spritom outlined.
The only way out is through.
User avatar
HaltAndCatchFire
50+ Posts
 
Posts: 92
Joined: Wed Apr 05, 2017 10:41 pm

Re: 2017 version - Computer Security

Unread postby TeflonDad » Wed Jul 19, 2017 1:09 am

Use LastPass to man age passwords.

Use "identities" for each device/computer (including kids phones). You can let each device only "see" some passwords, and lock it to the identity with just a pin login on phones/tablets. Great for sharing netflix and steam logins with the kids or a tablet.

Use 2-factor like Authy (Google Authenticator alternative) where you can.

Look into real 2-factor like YubiKey (you'll need to have at least 2 - one for backup. Most sites/windows have terrible fallback schemes (i.e. you lose your YubiKey). Watch for 2fer sales black friday. The neo has NFC if you're geeky to want 2FA on your Android phone. Otherwise, author and trust for 30 days (with pin) is decent.

2FA costs $12/yr at lastpass. Cheap. Love it.
The board is the sum of all of your great posts. Help divorced men be great dads!
Divorce help in a father friendly divorce forum. More tips on how to deal with your divorce at DadsDivorce.com
User avatar
TeflonDad
Moderator Emeritus
 
Posts: 4300
Joined: Wed May 02, 2007 8:41 pm
Location: Remarried Dad of 2 in STL - S17 S14

Re: 2017 version - Computer Security

Unread postby whatever_works » Wed Jul 19, 2017 9:02 am

Look into Keepass for storing your passwords. It is free, open source, and local computer only (not cloud based - which is good for some, bad for others).

You can store your database file in dropbox to access it from anywhere. The software is available for Windows, Mac and Smartphones.
whatever_works
500+ Posts
 
Posts: 530
Joined: Tue Jun 02, 2015 6:22 pm

Re: 2017 version - Computer Security

Unread postby nr552 » Wed Jul 19, 2017 10:45 am

Password protect the bios on your home computer-- on some you can set a "power on" password that won't let the PC boot up without a password.

Disable USB/CD boot option (or disable them all together if your bios has that ability)-- that with a bios password will prevent most people from getting into your "secure" PC (they'd have to open it up, remove the jumper on the motherboard to clear the bios/password, etc, but you can put a small key lock on most Dell/HP workstations nowadays to prevent even that.

On a counter intelligence idea-- open a facebook account with a made up name, yet put down your school/education that matches what your ex had. You'll be able to friend request a lot of classmates, then eventually your ex.. LOL. NEVER DO anything malicious, this just so you can keep an eye on things that may benefit your case. IE.. My ex posted she was in a relationship (which is public, but blocked to me)-- I snapped a screen shot of that and saved it in my file. When I went back to court re: spousal support termination due to cohabitation-- I flashed the screen capture to my ex's attorney, along with other evidence...they settled almost immediately.
nr552
500+ Posts
 
Posts: 647
Joined: Fri May 13, 2011 12:22 pm

Re: 2017 version - Computer Security

Unread postby TeflonDad » Sat Jul 22, 2017 11:27 pm

whatever_works wrote:Look into Keepass for storing your passwords. It is free, open source, and local computer only (not cloud based - which is good for some, bad for others).

The problem is that it doesn't sync. Or share only *some* of your passwords with, say, your kids phones. Because it is your account password you're sharing, be careful of account takeovers by the ex with the kids phones. Make sure you have/get one-time codes to access and recover your accounts.

With Lastpass, also lock the PIN in, each device has its own PIN, they don't know your master password, and can't change profiles/identities with just the PIN. Also fills in logins in the browsers and apps. Got my 12yo using it, and he's protected as he gets older and his own account when he's ready. I use Authy for my 2-factor wherever Google Authenticator can be used.
Save your codes, not in LP, to dupe or backup/recovery.

I backup Lastpass (by exporting it as a CSV file) monthly onto a thumb drive with TrueCrypt/VeraCrypt password protected mounted drive. I also store critical documents and scans on the TrueCrypt drive (custody papers, birth certificates, insurance papers, property and car titles, drivers license and passports). And those one-time recovery codes for gmail, facebook, etc. In regular text files on the TrueCrypt drive.
The board is the sum of all of your great posts. Help divorced men be great dads!
Divorce help in a father friendly divorce forum. More tips on how to deal with your divorce at DadsDivorce.com
User avatar
TeflonDad
Moderator Emeritus
 
Posts: 4300
Joined: Wed May 02, 2007 8:41 pm
Location: Remarried Dad of 2 in STL - S17 S14

Re: 2017 version - Computer Security

Unread postby whatever_works » Sun Jul 23, 2017 8:53 am

TeflonDad wrote:The problem is that it doesn't sync. Or share only *some* of your passwords with, say, your kids phones.


Teflon, the sync problem is solved by dropbox. Sharing passwords has never come up in my workflows. If I have to share a password, I would make it simple and then give it to the kids to remember.

To be honest, I don't use Truecrypt/Veracrypt any longer since locking/unlocking adds complexity and I then start to put off doing those activities - like writing my journal, etc.

I have now moved my journal to a new google account in a google doc. For a while I was using MS Word to password protect the file and store it in a dropbox folder. But for some strange reason even that seemed too tedious between different computers etc. Google docs is the perfect answer for this problem.

Just sharing these options to help others.
whatever_works
500+ Posts
 
Posts: 530
Joined: Tue Jun 02, 2015 6:22 pm

Re: 2017 version - Computer Security

Unread postby TeflonDad » Tue Jul 25, 2017 12:21 am

whatever_works wrote:
TeflonDad wrote:The problem is that it doesn't sync. Or share only *some* of your passwords with, say, your kids phones.

Teflon, the sync problem is solved by dropbox. Sharing passwords has never come up in my workflows. If I have to share a password, I would make it simple and then give it to the kids to remember.

That's the point of lastpass - teaching your kids to use strong passwords and different ones for everything, all the time.

So do your kids know how to download your Dropbox upload that only contains their passwords, (netflux, steam, etc) and not your bank or email? Don't you have to separate them all the time and then recombine them on your phone, etc? And repeat every time you change one?

Lastpass does all that sync stuff - for free! I pay the $12/yr for sharing to other lastpass accounts (family) and for 2-factor. And using it preps my kids for using good security practices when they get their own accounts (and can still share passwords if we want).

$12 a year and all that goes away for me. Not knocking doing things in a more complicated way, whatever floats your boat. LP is not perfect, but it gets more right than any other solution out there I've seen.
The board is the sum of all of your great posts. Help divorced men be great dads!
Divorce help in a father friendly divorce forum. More tips on how to deal with your divorce at DadsDivorce.com
User avatar
TeflonDad
Moderator Emeritus
 
Posts: 4300
Joined: Wed May 02, 2007 8:41 pm
Location: Remarried Dad of 2 in STL - S17 S14

Re: 2017 version - Computer Security

Unread postby Havalu7 » Tue Jul 25, 2017 12:30 am

That's good info TeflonDad!

I really appreciate the wide variety of stuff you can learn on this site.

Amazing.
”No.” is a complete sentence.

Do not move out of your house.
User avatar
Havalu7
1K+ Posts
 
Posts: 1672
Joined: Wed Jan 27, 2016 10:43 am

Next

Return to Technology and Divorce

Who is online

Users browsing this forum: No registered users and 3 guests