FAO Quotables

"But being right, even morally right, isn't everything. It is also important to be competent, to be consistent, and to be knowledgeable. It's important for your soldiers and diplomats to speak the language of the people you want to influence. It's important to understand the ethnic and tribal divisions of the place you hope to assist."
-Anne Applebaum

Friday, March 25, 2011

How to Protect Your Security Online- Save this report for your records and share!

Fellow Navy FAO GP passed this on to me and its a great document!  Click on the title of this blog post to read the document in full.  You should be able to save/view it to your google docs so you can refer to it indefinitely, or just download a pdf version.  I've included some highlights below.  For those of us here in the United States much of it may not be necessary but for FAOs/Servicemembers abroad there is a lot of ESSENTIAL information here. 

A PRACTICAL GUIDE TO PROTECTING YOUR IDENTITY AND SECURITY ONLINE
AND WHEN USING MOBILE PHONES FOR CITIZENS IN THE MIDDLE EAST, NORTH AFRICA AND BEYOND


Gmail now has HTTPS as its default setting, but you need to turn it on for Hotmail if you haven’t already been prompted to turn it on (go to Account > Other Options > Connect Using HTTPS > Use HTTPS Automatically).


  • Some accounts are compromised via lost password recovery systems. Be sure your security questions and answers for your accounts are not simple and easy to guess.




  • Instant Messaging:
    Skype and Google Chat inside HTTPS-secured Gmail are good options if you believe that your accounts will not be targeted by hackers. A much more secure option is using Pidgin to access a number of chat clients (Google Talk, etc.) with the Off The Record (OTR) plug-in -- this ensures that even with your encryption keys, any previously logged data will be worthless.

    Secure your online presence in other ways:
    We recommend you turn GPS tracking off for programs such as Twitter and Bambuser unless it’s temporary and critical to an activist project you’re working on. Even if the GPS is not displayed, it is critical to disable the collection of this information in your web browser or other client.

    HTTPS:
    An excellent and easy-to-use add-on you should use is HTTPS Everywhere. This is a Firefox add-on that “forces” a site to use HTTPS if available. Downloading this should be one of the first things you start to use in order to have end-to-end encryption for sites such as Facebook, Twitter, Google Search, and more. It will also reduce your vulnerability to having your passwords captured when sharing open or unsecured wifi networks.

    • If you haven’t already, download the most recent version of Firefox. Then download HTTPS Everywhere and/or Force TLS, restart Firefox, and set preferences. Note: HTTPS Everywhere has a number of default sites that that can be customized. Force TLS involves more customization, requiring the user to create a list of sites to force HTTPS.
    • If you use Google Chrome, download KB SSL Enforcer Extension. (Note: This is not as effective as the add-ons for Firefox mentioned above. There are still some bugs with SSL Enforcer, and links are known to break.)
    Doing this as soon as I get home!

    Facebook: Although the Firefox add-ons described above force HTTPS for a number of sites, if you use Facebook often, it’s also a good idea to ensure that Facebook is set to HTTPS as a default, especially if you access it on multiple computers.

    • In order to enable HTTPS for Facebook, go to Account in the top right corner > account settings > on settings tabs, select account security “change” > check box next to “secure browsing (HTTPS)”
    • The use of some games or other facebook add-ons will disable the use of HTTPS.
    Whoops, I wasn't doing this either!

    • In order to enable HTTPS for Twitter, click on your Twitter handle in the top right corner > settings > scroll to the bottom of the page and check the box next to “Always use HTTPS”.
    • Note: Changing your Twitter account’s setting to “always use HTTPS” does not currently force HTTPS on mobile devices as well. Until this is fixed, always go to https://mobile.twitter.com.
    Wasn't doing this either.

    When your phone is on, it is constantly communicating the following information with towers nearby:

    • The IMEI number – a number that uniquely identifies your phone’s hardware.
    • The IMSI number – a number that uniquely identifies the SIM card - this is what your phone number is tied to.
    • The TMSI number, a temporary number that is re-assigned regularly according to location or coverage changes but can be tracked by commercially available eavesdropping systems.
    • The network cell in which the phone is currently located. Cells can cover any area from a few meters to several kilometers, with much smaller cells in urban areas and even small cells in buildings that use a repeater aerial to improve signal indoors.
    • The location of the subscriber within that cell, determined by triangulating the signal from nearby masts. Again, location accuracy depends on the size of the cell -- the more masts in the area, the more accurate the positioning.
    It is important to note that if you think you are being tracked, it is not always enough to switch SIM cards, as you can be tracked by the ID (IMEI) of your mobile device/handset alone.

    No comments:

    Post a Comment