Everyday is Cybersecurity Awareness Day

Topics in this category pertain to planning. Discussions include how to prepare yourself, your family and your community for catastrophes and what you plan to do when they hit you.

Moderator: ZS Global Moderators

MPMalloy
ZS Member
ZS Member
Posts: 4567
Joined: Mon Aug 22, 2005 2:48 am

Re: Everyday is Cybersecurity Awareness Day

Post by MPMalloy » Tue Sep 17, 2019 7:32 pm


User avatar
JayceSlayn
* * *
Posts: 655
Joined: Wed Mar 05, 2008 3:07 pm
Location: North Carolina

Re: Everyday is Cybersecurity Awareness Day

Post by JayceSlayn » Wed Sep 18, 2019 8:08 am

I'd like to make a few comments on browser extensions, and maybe a plug for one or few relating to cybersecurity.

Most modern browsers already include a baseline of decent security against common kinds of attacks or security risks by default. You obviously still have to do your part to not visit unknown links/sites, double-check the URL and site every time your are asked to enter credentials, etc.

There are many browser extensions that claim to help with privacy, ads, or security, but I try to be very cautious about the ones which I install. Reducing your attack surface by having fewer extensions, and only ones from sources you can reasonably trust, are good steps. Also, monitor the news or vendor websites for updates to your browser and any extensions you have - if you learn of any vulnerabilities disclosed, stop using them immediately until they are patched, and double-check your versions are current.

Some extensions that I use and therefore advocate:
  • LastPass: Yes, it recently had a vulnerability disclosed where it could leak (ironically) the "last password" it filled in, but that has been patched in the latest version already. Compare this to the advantage of having unique passwords for every site, which allows you to compartmentalize any potential leaks from either your own browser or third-parties, and that is still a benefit in my mind. Turn on two-factor authentication for your LastPass account (and every other account that allows you that option)!
  • HTTPS Everywhere: This extension with its "Encrypt All Sites Eligible" mode helps to ensure that you are only ever requesting to use a secured connection wherever you go, and blocks you from using unencrypted connections. Some sites (or short links) still don't have HTTPS versions for whatever reason (no good reasons I can think of, it's easy to implement), and even if they are just a blog or news or something, I just don't visit them anymore.
  • NoScript: This extension blocks the execution of JavaScript from any domains which you don't explicitly set to Trusted, or Temporarily Trusted. It is very useful, but it will also initially break most sites you visit. You may need at least a broad idea of how JavaScript is used on websites to effectively decide how to use this extension.
  • Privacy Badger: Published by the EFF, which is the leading non-profit advocate for online privacy, this extension attempts to block trackers which do not conform to their ideals of user consent, while also trying to avoid breaking trackers which are less invasive.
Rahul Telang wrote:If you don’t have a plan in place, you will find different ways to screw it up
Colin Wilson wrote:There’s no point in kicking a dead horse. If the horse is up and ready and you give it a slap on the bum, it will take off. But if it’s dead, even if you slap it, it’s not going anywhere.

MPMalloy
ZS Member
ZS Member
Posts: 4567
Joined: Mon Aug 22, 2005 2:48 am

Re: Everyday is Cybersecurity Awareness Day

Post by MPMalloy » Wed Sep 18, 2019 4:18 pm

JayceSlayn wrote:
Wed Sep 18, 2019 8:08 am
I'd like to make a few comments on browser extensions, and maybe a plug for one or few relating to cybersecurity.

Most modern browsers already include a baseline of decent security against common kinds of attacks or security risks by default. You obviously still have to do your part to not visit unknown links/sites, double-check the URL and site every time your are asked to enter credentials, etc.

There are many browser extensions that claim to help with privacy, ads, or security, but I try to be very cautious about the ones which I install. Reducing your attack surface by having fewer extensions, and only ones from sources you can reasonably trust, are good steps. Also, monitor the news or vendor websites for updates to your browser and any extensions you have - if you learn of any vulnerabilities disclosed, stop using them immediately until they are patched, and double-check your versions are current.

Some extensions that I use and therefore advocate:
  • LastPass: Yes, it recently had a vulnerability disclosed where it could leak (ironically) the "last password" it filled in, but that has been patched in the latest version already. Compare this to the advantage of having unique passwords for every site, which allows you to compartmentalize any potential leaks from either your own browser or third-parties, and that is still a benefit in my mind. Turn on two-factor authentication for your LastPass account (and every other account that allows you that option)!
  • HTTPS Everywhere: This extension with its "Encrypt All Sites Eligible" mode helps to ensure that you are only ever requesting to use a secured connection wherever you go, and blocks you from using unencrypted connections. Some sites (or short links) still don't have HTTPS versions for whatever reason (no good reasons I can think of, it's easy to implement), and even if they are just a blog or news or something, I just don't visit them anymore.
  • NoScript: This extension blocks the execution of JavaScript from any domains which you don't explicitly set to Trusted, or Temporarily Trusted. It is very useful, but it will also initially break most sites you visit. You may need at least a broad idea of how JavaScript is used on websites to effectively decide how to use this extension.
  • Privacy Badger: Published by the EFF, which is the leading non-profit advocate for online privacy, this extension attempts to block trackers which do not conform to their ideals of user consent, while also trying to avoid breaking trackers which are less invasive.
I don't have any experience w/LastPass, although I did hear about the vunerability. Nothing & no one is immune.

I use HTTPS Everywhere & I have used privacy Badger. There easy to use. You will need to do your homework w/NoScript. I've had better luck w/uBlock Origin.

And yes, keep extensions to a minimum. If you do the Mozilla, learn you your about:config. :)

Post Reply

Return to “Contingency Planning & Preparation”