For a democracy, anarcho-communism, anarcho-capitalism or monarchy to be able work, force is needed to sustain such a system. Either a sufficient number of people who come together or a very strong (either economically or socially) individual or group. A sufficiently strong individual can control a democratic society regardless of the opinion of the majority (e.g. for the Czechoslovak Communist Party it was enough to gain “just” 31.2% of the votes in the 1946 elections to control the whole of Czechoslovakia for 40 years). Similarly, the concept of anarcho-capitalism is unsustainable unless it is possible to enforce the so-called Non-Aggression Principle. The Communists will not force the surrender of private property on a sufficiently strong entity.

Cryptoanarchists usually do not try to change society. Their goal is a level of privacy and security that ensures a sufficient degree of freedom. And the very degree of sufficient freedom is individual.

Thus, cryptoanarchy is a set of tools and techniques that help maintain a level of privacy and security that is achievable or targeted for individuals or communities. The basic tool of cryptoanarchy is information encryption. The use of such techniques that make it impossible for the person from whom to hide information not only to obtain the information, but also to learn about the existence of such information. It does not matter whether it’s communication, electronic data or a financial transaction. These tools do not necessarily have to be highly sophisticated or require powerful computer technology. Do you want to advise a classmate sitting next to you with a difficult exercise in an exam so that the teacher does not know, or do you want to tell your partner something very private, but you are surrounded by other people? You use a very simple technique – you whisper it to her/him.

This set of techniques and tools is not and probably will never be definitive. You can’t write a cryptoanarchy bible that would last forever. As society and technology evolve, so does cryptoanarchy. The need for privacy was different (perhaps none) in the early common society, different in ancient Rome, different today in the era of digital revolution, and different in the future (for example, when staying in spaceships or colonizing other space objects). Technologies that seek to detect encrypted information are also being developed. Encryption techniques that were considered secure twenty years ago are mostly unusable today, and can be broken in minutes. Asking when the cryptoanarchy will be “done” is similar to asking when the Internet will be done.

In addition, cryptoanarchy can disrupt any social system. It eliminates state and private courts, police and the army. If you do not know the perpetrator, you cannot try and/or remove him (close or kill) for breaking the law or the NAP (Non-Aggression Principle). Cryptoanarchy does not address the issue of a free or regulated market. The free market is actually an integral part of it. You can’t regulate something that the regulator doesn’t know about and can’t punish someone he doesn’t know.

Social systems are based on rights and obligations. The only natural duties are those that are instinctive. For example, the mother’s natural duty to take care of her offspring. And even that is not enforceable outside the social system. Everything else, both duties and rights, is an artificial construct that is enforced by the social system.

The only “right” that applies universally is the right of the stronger. Both in nature (living and non-living) and in society.

Why are we obliged to pay taxes, comply with court rulings and share our private data with rulers? Stronger so decided. In this case, the stronger is a sufficient number of people (which does not necessarily mean the majority) who are able to enforce these obligations under the threat of violence. This is not only true for human communities, examples can also be found in nature. Why is the ant queen (who is actually a slave) obliged to spend her whole life conceiving new generations in a small space deep in the anthill? Because if she resisted this obligation, the ant society would punish her. Such a queen would have a shorter life than the promises of politicians after the election.

There is no natural right to life. It was invented by human society and agreed (either voluntarily or involuntarily) to enforce it. As well as the right to personal property or a “dignified life”. In the wild, the antelope does not wield in front of the lion by the charter of fundamental rights and animal freedoms. It knows she has to run, it has not better option.

Cryptoanarchy is a tool by which an individual can avoid pressure from society to abide by the rules and/or respect the rights of others. Motives for this can be “good” or “bad” (but the evaluation is always individual). For a person who is used to following the rules set by someone else, this may sound like dangerous behavior, but it is again just an individual assessment. Often we can evaluate such unconditional compliance with the rules over time. Large sections of the (not only) German population found the so-called Nuremberg Laws in order and it was normal to abide by them. And today it seems incomprehensible to us. In the same decade, we can also look at, for example, current market regulations, the criminalization of drug users or the crime of treason.

This does not mean that the cryptoanarchist does not follow any rules and breaks all laws. Many factors play a role here, such as the question of one’s own security, morality or, for example, economic profit. And while it may not seem so at first glance, most people are not interested in harming. Why in the store, when the salesman isn’t looking, most (!) of us just don’t stick a bottle off the shelf into a bag? It is not because of fear of the law (and punishment). It’s because we have a kind of moral code encoded in us. Turning someone’s property just doesn’t work out for us, whether or not there’s a law.

Thus, the purpose of cryptoanarchy is not, as it might seem, primarily to break the rules. The purpose is to maintain a degree of freedom that is important to us and to protect ourselves and our loved ones from the dangers that can arise if someone who wants to (and can) use it against us accesses our information. History has shown us that this danger is not unrealistic.

The post Cryptoanarchy – To be safe to be free appeared first on DIGITAL SELF-DEFENSE.

1. Introduction

This document serves as a personal threat model focused on cybersecurity in the area of cryptocurrencies. Its aim is to identify potential threats and vulnerabilities and propose measures to minimize them.

2. Identification of Actors and Assets

Actors

• Hackers
• Regulatory Bodies
• Competitors
• Close Associates

Assets

• Crypto Wallet
• Transaction History
• Investment Strategy

Actors and Assets: Detailed View

In this part of the threat model, it is crucial to identify in detail the actors who could pose a threat and the assets they might want to compromise. Each actor and asset should be elaborated on, including motivations, capabilities, and methods of attack.

Hackers

• Motivation: Financial gain, reputational reasons, ideological beliefs
• Capabilities: Malware, ransomware, phishing attacks
• Attack Methods: Wallet infiltration, keylogging, SIM swapping

Regulatory Bodies

• Motivation: Oversight and regulation, ensuring compliance with laws
• Capabilities: Legal measures, access to public and private databases
• Attack Methods: Court orders, asset seizure, audits

Competitors

• Motivation: Gaining competitive advantage, financial gain
• Capabilities: Industrial espionage, social engineering
• Attack Methods: Infiltration, misinformation, market manipulation

Close Associates

• Motivation: Personal interests, possible financial gain
• Capabilities: Access to personal devices, knowledge of personal information
• Attack Methods: Using known passwords, accessing unsecured devices

Assets

Crypto Wallet

• Importance: High
• Attack Types: Phishing, malware, physical access
• Mitigations: Hardware wallet, 2FA, strong passwords

Transaction History

• Importance: Medium
• Attack Types: IP tracking, exchange compromise
• Mitigations: Use of VPN, decentralized exchanges

Investment Strategy

• Importance: Medium to High
• Attack Types: Social engineering, industrial espionage
• Mitigations: Limiting information sharing, using encrypted communication

3. Vulnerabilities

Using Online Wallets with Low Security

• Description: Online wallets are often targeted by attacks, especially if not properly secured.
• Actors: Hackers, competitors
• Attack Types: Phishing, brute-force attacks
• Mitigations: Switching to a hardware wallet, using 2FA

Unsecured Wi-Fi Network

• Description: Using unsecured Wi-Fi networks can allow attackers easy access to your data.
• Actors: Hackers, close associates
• Attack Types: Man-in-the-middle attacks, sniffing
• Mitigations: Use of VPN, connecting only to trusted networks

Using Outdated Software

• Description: Old or outdated software may contain vulnerabilities that can be exploited for infiltration.
• Actors: Hackers, regulatory bodies
• Attack Types: Exploitation of known vulnerabilities
• Mitigations: Regular software updates, application of security patches

Insufficient Two-Factor Authentication (2FA)

• Description: Absence or poor implementation of 2FA can lead to easy access to sensitive data.
• Actors: Hackers, close associates
• Attack Types: Brute-force attacks, SIM swapping
• Mitigations: Activation and proper configuration of 2FA

Insufficient OPSEC (Operational Security)

• Description: Insufficient OPSEC may include poor handling of passwords, keys, and other sensitive data.
• Actors: All
• Attack Types: Social engineering, phishing
• Mitigations: Cybersecurity education, use of a password manager

4. Attack Vectors

Phishing Attacks

• Description: Attacks that aim to obtain sensitive information through fraudulent emails or websites.
• Actors: Hackers, competitors
• Vulnerabilities: Insufficient OPSEC, using online wallets with low security
• Mitigations: Cybersecurity education, use of 2FA

Man-in-the-Middle Attacks

• Description: Attacks where the attacker eavesdrops on or manipulates communication between two parties.
• Actors: Hackers, regulatory bodies
• Vulnerabilities: Unsecured Wi-Fi network, outdated software
• Mitigations: Use of VPN, encryption of communication

Social Engineering

• Description: Manipulating people to obtain sensitive information or system access.
• Actors: Competitors, close associates
• Vulnerabilities: Insufficient OPSEC, insufficient 2FA
• Mitigations: Cybersecurity education, limiting information sharing

SIM Swapping

• Description: An attack in which the attacker gains control of the target’s SIM card.
• Actors: Hackers
• Vulnerabilities: Insufficient 2FA, insufficient OPSEC
• Mitigations: Use of hardware-based 2FA, high level of OPSEC

5. Measures

Using a Hardware Wallet

• Description: Hardware wallets provide a high level of security for storing cryptocurrencies.
• Actors: Hackers
• Suitable for: Protecting the crypto wallet
• How to Implement: Purchase a reputable hardware wallet such as Ledger or Trezor and transfer your cryptocurrencies to it.

Using a VPN

• Description: A VPN provides anonymity and security when browsing the internet.
• Actors: Regulatory bodies, hackers
• Suitable for: Protecting transaction history, securing Wi-Fi
• How to Implement: Choose a trusted VPN provider and enable it when connecting to the internet.

Activation and Proper Configuration of 2FA

• Description: Two-factor authentication adds an additional layer of security.
• Actors: Hackers, close associates
• Suitable for: Protecting the crypto wallet, securing online accounts
• How to Implement: Enable 2FA on all important accounts and use an app like Google Authenticator or a hardware key like YubiKey.

Cybersecurity Education

• Description: Education and awareness are key to recognizing and preventing attacks.
• Actors: All
• Suitable for: Protection against all types of attacks
• How to Implement: Take cybersecurity courses, read current news and articles, and participate in webinars and conferences.

6. Conclusion

This personal threat model is the first step toward ensuring my cybersecurity in the field of cryptocurrencies. I plan to regularly update this document and implement new security measures according to the evolving threat landscape.
“`

The post Personal Threat Model appeared first on DIGITAL SELF-DEFENSE.

Chappe’s Telegraph

In 1794, French inventor Claude Chappe came up with a system of visual semaphore telegraphs. By adjusting flexible arms placed on a tower (mast), it was possible to display letters, numbers and some special characters, such as the beginning and end of a communication or the deletion of the last character in case of a typo. In this case, rather “misbending”.

The individual towers were spaced apart so that one could be seen from one to the next. Thus, the message could spread from one tower to the next until it reached its destination. It is reported that the speed of the message was up to 500 km per hour.

In France, a network of Chappe visual telegraphs was built during the 19th century to serve the needs of the state (and especially the army). For example, there were 58 stations on the route between Paris and Brest. But ordinary citizens could not use the services of this communication network.

The communications even used end-to-end encryption. Since military secrets were being transmitted via the telegraph network, it was not very appropriate for anyone with a view of the telegraph tower to be able to read the communications. Thus, the sender and receiver had an agreed key with which to encrypt their messages. The tower operators along the way just repeated the encrypted message character by character without being able to decipher what the contents of the message were. The sender and recipient of the message thus had more privacy in 1800 than Facebook Messenger users in 2021 (more on messenger encryption here).

François and Louis Blanc

The Blanc brothers traded government bonds on the Bordeaux stock exchange. In such trading, speed of information is crucial – whoever has faster news from a central point of action (in this case Paris) has an advantage over other traders because they can better anticipate stock market movements.

Traditionally, news from Paris to Bordeaux was sent by stagecoach, which took five days. Some merchants tried to shorten this time by using carrier pigeons or hiring messengers. This was faster, but not significantly so. It was certainly not enough for the Blanc brothers. They knew there was a much faster way to communicate over long distances. But it was reserved for the army, and merchants could not use it. So most merchants continued to think about improving the aerodynamics of the pigeon. But the Blanc brothers were hackers (though they didn’t claim to be on Twitter, according to available sources). So they didn’t give up on the idea of using Chappe’s telegraph network.

The Plan

The telegraph operators were probably not the best-paid employees in France. So the solution might be good old-fashioned corruption.
But if the Blanc brothers wanted to send messages in the standard way, they would have to bribe all the operators on their way from Paris to Bordeaux. Which could get expensive.
So they had to figure out how to solve this expensive inconvenience.
As mentioned above, the system included a symbol to erase the last character – the operator writes down the characters as he sees them on the semaphore and if he sees the erase symbol, he simply erases the last character and moves on.
This is what the hackers decided to take advantage of. They will send secret messages by following “their” character embedded in a regular army message with an erase character. Anyone who sees the semaphore can see this character, but the terminal tower operator will erase it from the paper (or not write it at all). Thus the message will be passed on while leaving no written evidence of it.

Socks as a data carrier

There was one more problem to solve. On the way from Paris to Bordeaux, there was still a tower in Tours (about 200 km from Paris) where messages were decoded and forwarded on without error. So the messages had to be sent from here. And they must have gotten to Tours somehow unobtrusively.
Fortunately, there was no need to send some extensive novels (that wouldn’t even be possible in this scenario), just a few arranged signals. And so parcels were sent to Tours from Paris containing clothes. The type of clothing (gloves, socks, ties) that was marked in the accompanying letter indicated whether a title was falling or rising in the stock market, and the color in turn the amount of change.

Hack

The hacking may have begun. An accomplice in Paris, according to the changes in the stock market, put the clothes in a package and sent it to Tours. There, the bribed telegraph operator (he received a one-off 1500 francs for his involvement in the conspiracy, then 150 francs every month, plus a bonus of 20 francs for each message transmitted) sent a message with “errors” inserted.
At the tower near Bordeaux, another accomplice waited with a telescope, watching the telegraph and writing down the characters that were marked as erroneous. And thus the messages reached our merchants, who were several days ahead of the others.

Disclosure

The system worked perfectly for two years. A total of 121 messages (and packages of clothes) were sent this way. Surprisingly, the sudden wealth of the telegraph operators (the normal daily wage of an operator was 1.50 francs) did not arouse suspicion.
The truth only came out when one of the operators fell ill and confided the whole matter to a friend before his death.
Surprisingly, the Blanc brothers suffered no consequences. French legislation simply did not prohibit the insertion of one’s own messages into the telegraph system. It didn’t occur to the legislators of the time.
And so they were later to become successful casino operators (including the Monte Carlo casino in Monaco).

As can be seen from the first documented hacking attack, the weakest link in security tends to be human.

Resources:

https://fr.wikipedia.org/wiki/T%C3%A9l%C3%A9graphe_Chappe
https://en.wikipedia.org/wiki/Fran%C3%A7ois_Blanc
https://www.schneier.com/blog/archives/2018/05/1834_the_first_.html
https://gallica.bnf.fr/ark:/12148/bpt6k4393846/f1.item

The post On the Origin of Hackers appeared first on DIGITAL SELF-DEFENSE.

So who are the dreaded hackers, can I identify them and what do they have in common?

Hackers come from different backgrounds, different parts of the world and different social classes. You can’t generally say that the typical hacker is a twenty-five-year-old white guy, addicted to caffeine from energy drinks, who doesn’t get along with his peers and spends all his free time in a dark basement surrounded by computers.
What most hackers have in common, however, is the ability to use things in ways other than how they were intended and to circumvent obstacles. Whether it’s physical, technological or psychological.
In the beginning, it’s curiosity. How the world around us works, how different tools work and how the human mind works. And if the object of interest has any weaknesses in its design that can be exploited or abused (this is often a rather subjective assessment).

Opening the lock

When you want to open a classic lock, it’s a good idea to know how its mechanism works first. Then you can use the tools and techniques to open it without a key. Or you can simply use explosives. While this can be fancy, it has a few minor drawbacks. Someone may notice and have strange questions like if the door is yours, why you don’t unlock it normally, and where you got the untaxed explosive. Sometimes it can also be handy so that the owner of the lock doesn’t even find out in the future that it was unlocked (it’s pretty hard to lock after using explosives). Well, and it can also happen that the explosion will destroy what is behind the lock and what you are doing it for in the first place. Not to mention that if handled carelessly, it can radically reduce the number of your favorite limbs.
That’s why it’s quite handy to know that there’s a mechanism in the lock that can be opened fairly quickly, quietly, and without further consequence. Therefore, hackers are usually very familiar with the systems they are attacking. As we will show later, this does not mean that the hacker has to be a computer genius. There is room for hackers in almost every field.
After all, hacking isn’t just getting into places we shouldn’t. It can also be the ability to use things differently. For example, the recently popular biohacking is not about sneaking into (preferably) your own body and taking something there. Rather, we’re trying to improve the processes that happen there.
I’ll stick to describing hacking in the most familiar IT sector, but basically anything can be applied elsewhere in some way.

Hackers, fashion and the state

Because the world needs pigeonholes, hackers have also started to divide themselves into groups: black hat, white hat and grey hat. This designation was taken from Hollywood Westerns of the 1920s, where there was an unwritten convention that heroes wore white hats and villains wore black hats. At least that’s what Wikipedia says.

Black hat hackers are the equivalent of the negative heroes of the wild west. They use their knowledge to enrich themselves or harm their victims. A black hat hacker will break into your bank account and take your money, install a webcam tracking program on your computer or crash your company’s website.

A special subset of black hat hackers are state-organized hackers. These are usually employees or contractors of the secret services or military who are tasked with cyber attacks on targets outside the territory of the state. Compared to independent hackers, they have a big advantage in that they have access to the best technology or other resources and can thus afford attacks that are unavailable to others. But this topic deserves its own article. So more about that some other time.

A white hat hacker will also hack into your company’s website. But there is one significant difference. He will only do it with your permission. That’s why they’re also called ethical hackers. Why would you give your consent? Precisely because you want to know if your business is secure against such an attack. If a white hat hacker succeeds in such a penetration, he will do you no harm. On the contrary, you’ll get a precise description from him of what needs to be fixed so that no one else can get in. And you pay him for it. That’s called penetration testing. White hat hackers often set up companies to help their customers improve the security of their systems.

Grey Hat hacker – often claimed to be something in between. But rarely do you learn what it means to be something in between. Can someone be just a little bit of a thief? It’s more likely that the line between white hat and black hat is blurry. A hacker may pose as a white hat, but there is a suspicion that he is also using his knowledge and skill unethically. Alternatively, he attacks companies, organisations or even states without their consent or knowledge, but he is motivated (sometimes subjectively) by good reasons. He may be an environmental activist, a human rights campaigner or even a religious fanatic.

Legal versus ethical

At the same time, we need to distinguish between legality and ethics. Laws are different in different parts of the world. Here in Europe, for example, there are different rules almost every 500km. What is legal in Prague may be criminal in Vienna. And because the Internet has no borders, it makes it even more complicated for judging. In countries like North Korea, for example, any use of a computer is illegal in most cases. Therefore, it is not possible to judge hackers according to local national law. Especially at a time when nation states are starting to lose their meaning.

Blind shooters and non-state armies

There is another group. They are not hackers in the true sense of the word. More like wannabe hackers. They’re known as “Script kiddies”. Today, there are a large number of hacking tools on the Internet that are freely downloadable. And it can be tempting to look like a hacker in front of your buddy. It’s not difficult to download a program, press the imaginary “Hack it!” button. But the attacker usually gets nothing. Because even with these tools, you need to work with purpose and precision. On the other hand, even if he doesn’t gain anything, he can still do some damage (corrupt the database, delete important files, overwhelm the network, etc.). Therefore, it is important to protect systems even against such amateur attacks.

In the cyber world we can also find non-state organised hacking groups. They are actually small armies of hackers who have a common goal and try to achieve it by joining forces. However, this does not necessarily mean that these groups meet in secret places and carry out their attacks (ethical or unethical) from there. The individual members often do not know each other personally. They may be scattered all over the world, operating under aliases, and all they need to know about each other is their abilities. This ensures, among other things, their physical safety. If a member of the group is discovered, they can’t reveal anything important about their colleagues.

I want to become a hacker

A common question is how one can become a hacker. The answer is not simple and certainly not universal. Hacking is about learning and deepening your knowledge every day. Basically, anyone who is an expert in their field and has the desire to keep improving and delving into every detail can become a hacker. There isn’t even a clear line where we can say that we (or anyone else) is a hacker. While there are various courses and certifications, even that is not a prerequisite. A certificate doesn’t necessarily make you a hacker if you don’t keep doing it, and on the other hand, the lack of one (it costs time and money) doesn’t mean you’re not a hacker.

Well then, how do I open the lock?

It’s not hard and after practicing it can go fairly quickly. But this is just a basic technique, it’s more or less a sport (yes, there are competitions). Professional thieves hardly use it.

See the video for instructions, and I’ll tell you how to defend your digital locks

The post Hackers – who are we defending ourselves against? appeared first on DIGITAL SELF-DEFENSE.

Video sérii naleznete na tomto odkazu

Jednotlivé díly:

The post Videosérie Digitální Sebeobrany appeared first on DIGITAL SELF-DEFENSE.

Klávesová zkratka

1. V textovém editoru vytvoříme skript, který zavolá okamžité vypnutí počítače. Pro otestování prozatím zakomentujeme příkaz pro vypnutí a vložíme kód pro zapsání textu do souboru killswitch.sh:
   #!/bin/bash
t=$(date);
echo $t > /home/ross/tools/killswitch/test;
#sudo poweroff -f

2. Pomocí příkazu chmod nastavíme právo pro spuštění:
   $ chmod +x ./killswitch.sh
3. Zkontrolujeme práva:
   $ ls -al
total 12
drwx------ 2 ross ross 4096 31. led 16.23 .
drwx------ 5 ross ross 4096 26. led 15.35 ..
-rwx------ 1 ross ross 100 31. led 16.17 killswitch.sh

4. Nastavíme klávesovou zkratku, která zavolá náš skript. Toto se může lišit podle prostředí. Toto je příklad pro Gnome: Settings -> Keyboard Shortcuts -> + (úplně dole)
   1. Name: cokoliv
   2. Command: Cesta k našemu skriptu
   3. Shortcut: po kliknutí stiskněte požadovanou klávesovou zkratku
   4. Klikněte na “Add”
5. Test: stiskněte vybranou klávesovou zkratku. Nově vytvořený soubor test by měl obsahovat aktuální čas. Pokud ne, něco je špatně:)
6. Upravíme skript pro “ostrý provoz”:
   #!/bin/bash
#t=$(date;echo $USER);
#echo $t > /home/ross/tools/killswitch/test;
sudo poweroff -f
7. Pro zavolání příkazu sudo poweroff -f jsou potřeba administrátorská práva. To můžeme obejít vložením nasledujícího řádku do souboru /etc/sudoers:
   ross ALL = NOPASSWD: /sbin/poweroff
   (poweroff -f zabrání vyskakování potvrzovacích oken a vypne počítač okamžitě)
8. Uložíme rozdělanou práci a otestujeme klávesovou zkratku.

 Vypnutí po odpojení USB zařízení

1. Připojíme do USB portu zařízení, které chceme použít jako náš killswitch.
2. Spustíme monitoring připojení zařízení:
   $ udevadm monitor --property
3. USB zařízení odpojíme z počítače, v terminalu by se měl zobrazit výpis podobný tomuto:
   (...)
UDEV [18888.225725] remove /devices/pci0000:00/0000:00:14.0/usb1/1-2 (usb)
ACTION=remove
DEVPATH=/devices/pci0000:00/0000:00:14.0/usb1/1-2
SUBSYSTEM=usb
DEVNAME=/dev/bus/usb/001/038
DEVTYPE=usb_device
PRODUCT=950/6535/110
TYPE=0/0/0
BUSNUM=001
(...)
4. V textovém editoru vytvoříme pravidlo pro zařízení (jako root):
   $ sudo vim /etc/udev/rules.d/85-my_killswitch_rule.rules
5. Do souboru vložíme následující řádek:
   ACTION=="remove", ENV{PRODUCT}=="950/6535/110", RUN+="/root/killswitch.sh"(obsah proměnné ENV{PRODUCT} zkopírujeme z výpisu příkazu udevadm monitor --property)
6. Aktualizujeme pravidla (root):$ sudo udevadm control --reload-rules
7. Jako root vytvoříme v textovém editoru skript /root/killswitch.sh s tímto obsahem:
   #!/bin/sh
t=$(date);
echo $t > /root/test
#shutdown now
   (pozor, skript bude se spouštět pod uživatelem root! Pokud by se někdo dostal k tomuto skriptu, mohl by ho upravit a získat administrátorská práva. Proto musí být pro “běžného” uživatele nedostupný pro zápis.)
8. Přidáme atribut pro  spuštění
   # chmod +x /root/killswitch.sh
9. Otestujeme.
10. Ve skriptu odkomentujeme poslední řadek (vymazáním #).
11. Připraveno k ostrému testu.

The post Killswitch pro Linux appeared first on DIGITAL SELF-DEFENSE.

1. Set up automatic locking

Never leave your phone or laptop unlocked in a public place, such as a restaurant (café, bar) on a table.
Set your phone to automatically lock after a short enough time. 1 minute should be enough to keep it from taking too long, and on the other hand, it shouldn’t reduce your comfort of use too much.
Learn to lock your laptop every time you walk away from it. Maybe just when you get up from your desk in a café to get sugar. In Windows (and most Linux distributions), you can use the Win + L keyboard shortcut to do this. On a MacBook, the Command+Control+Q key combination should work the same way.

2. A good password or PIN is essential

Use a long enough and unique password or PIN to unlock your phone or laptop. Avoid “stale” passwords such as “password” or “iloveyou”. Similarly, a PIN of “0000” or “1234” is not a good idea.
Unlocking your phone using a gesture (connecting dots on the screen) can be risky, as your fingers will leave a mark on the screen.

Tip: Use passwords in Czech (Slovak).

3. Em key in the keyboard (see below).
   

   Watch out for public Wi-Fi networks

You know, you arrive in a non-EU country and need to read an email, post a photo on Instagram or find accommodation. And you don’t feel like paying for data roaming. So right at the airport, you find the nearest public (and free) Wi-Fi network and connect.
And you know what? Hackers know that people do this at airports. And it’s no problem for them to run such a Wi-Fi network called, for example, “Airport Free Internet” from their device. And then just wait to see who connects and start mining the data.
The same goes for restaurants or cafes. That’s why it’s better to pay extra for roaming. And if that’s really not possible for whatever reason, at least use a VPN. This will encrypt your data so that an attacker can’t read it.

4. Don’t tell the world your apartment or house is empty

The urge to boast to your friends that you’re enjoying your vacation is hard to resist, but try to hold on. A photo from Bibione or Mt. Blanc can be a great tip-off to a burglar, who will know that he won’t be disturbed during a break-in.
You can also upload photos to Instagram or Facebook when you return. Plus, you’re likely to enjoy your vacation a lot more without social media.

Tip: Be offline, it’s fine

5. Probably with photos of the kids

Photos of your kids from the beach that you share on social media may appear on sites where paedophiles congregate, it’s a big draw for them. If you want to share these photos with family or friends, send them via email or better still some messenger (ideally via Signal Messenger).

6. Turn off disk encryption

If you lose your laptop while on vacation, it’s definitely better if the data on the drive isn’t readable by someone who could misuse it.
On Windows, BitLocker does this, on Apple devices FileVault does it, and on Linux, LUKS does it. Alternatively, you can use the open source software VeraCrypt.

7. Letter controls and erotica

In some countries, customs officials may ask you for passwords to your devices or social media accounts. If you’re travelling to such a country, be wary of what you have stored on your device. There are countries where, for example, stored erotic content can get you into trouble.
Many people use a different (“clean”) laptop and phone when travelling to these countries.

8. Backup before your holiday

If you lose your device while on holiday, a backup of your files or contacts will definitely come in handy. Don’t underestimate it.

In the event that your phone or laptop is indeed lost or stolen, here are some tips on what to do to minimize the damage.

The post 8 tips for a digitally safer holiday appeared first on DIGITAL SELF-DEFENSE.

This increases the risk of losing or stealing these devices. And because the person who has just found out that he has lost his device often panicking (it’s a very stressful situation) and in the first moments is unable to calmly realize what needs to be done, it is good to have these steps ready.

Here is the checklist of steps that should follow after losing or stealing your phone or laptop. You can download it here (pdf), print it and check steps out.

1. Find location
   • Android: android.com/find
   • iPhone: icloud.com/find
2. Try to send sms to your phone
   • If messages appear on the display, you can give a message to a potential finder
   • iPhone: Lost Mode
3. Contact IT
   • It is necessary to block access to internal systems of the company or organization for accounts
4. Remote backup
   • If your phone has a remote backup application, back up now.
5. Lock and wipe
   • Android: At android.com/find activate lock and erase features
   • iPhone: At icloud.com/find select your device and wipe it.
6. Sign out of accounts
   • From another device, log in to your accounts where you are signed in lost device and log off those accounts on the lost device
     • Facebook, Twitter, Gmail, Alza etc.
     • Ask others to temporarily remove you from conversation groups (e.g., Signal, Telegram, Threema, Whatsapp, Slack, etc.) where sensitive information may occur (yours or others).
7. Change passwords on accounts that were logged on a lost device
8. Send your cryptocurrencies to the new address
   • If you have a wallet backup, restore it, create a new one, and forward there your cryptocurrencies
9. Contact your phone operator to lock SIM card
10. Block payment cards stored in device applications
    • Your credit cards may be stored in some apps or websites
11. Notify friends and/or customers
    • Your accounts may be misused for phishing attacks, tell your friends about this possibility

The post Lost or stolen phone/computer appeared first on DIGITAL SELF-DEFENSE.

While WhatsApp is end-to-end encrypted, an attacker could access messages by infecting an end device (phone) on which messages are normally visible.

In addition, an attacker did not have to rely on a faulty user step (such as clicking a link or opening an attachment), the software installation took place after an attacker start WhatsApp call. The user did not even have to accept the call, the malicious code already contained that call.
The call record could then be erased so that the user would not normally be able to determine whether he / she had been the victim of such an attack.
As mentioned above, the bug is already fixed, so it is highly recommended to upgrade to the latest version of WhatsApp.
Or just go to a safer Signal Messenger

Vulnerable Versions:

Android: v2.19.134 and lower, WhatsApp Bussines v2.19.44 and lower
iOS: v2.19.51 and lower, WhatsApp Business v2.19.51 and lower
Windows Phone: v2.18.348 and lower
Tizen: v2.18.15 and lower

How to update WhatsApp?

Android:

• Open Google PlayOpen the menu in the upper left menu
• Open My Apps and Games
• If WhatsApp was not automatically updated, the “Update” button is available. Otherwise, the update menu is missing, only the button to open is used instead.

iOS:

• Open the App Store
• Click “Update” at the bottom of the display
• If WhatsApp was not automatically updated, the “Update” button is available. Otherwise, the update menu is missing, only the button to open is used instead

The post 0-day vulnerability in WhatsApp appeared first on DIGITAL SELF-DEFENSE.

The post Cookies – otestujte se appeared first on DIGITAL SELF-DEFENSE.