[AT] OT - unsecured servers

Easley, Greg A. EasleyG at health.missouri.edu
Thu Jan 2 06:21:19 PST 2020 

Very good advice there.

I would add one thing to that - purchase a subscription to one of the commercial VPN services.


Greg

-----Original Message-----
From: AT [mailto:at-bounces at lists.antique-tractor.com] On Behalf Of Spencer Yost
Sent: Tuesday, December 31, 2019 9:13 PM
To: Antique Tractor Email Discussion Group
Subject: Re: [AT] OT - unsecured servers

Since cybersecurity is my line of work, I’ll jump in.  Do these things:


Always manually type the url - never click off an email or some other source.
2FA is always awesome(everyone should do this whenever available).
Close the browser, or at least each browser tab, when you are done.
Private browsing tabs with cookies blocked are great too but some sites don’t have authentication procedures that behave well with private tabs or cookies blocked so this is hit or miss.

As an added bonus always clear the cookies, cache, and local storage related to the website before you close the browser.  This will prevent any near-future malware infection from taking advantage of an valid session.

The lack of a secure private Internet connection should not be too much of a concern. The fact of the matter remains that after your traffic leaves your ISP at your home it’s on a public network as well. Between the HTTPS protocol and the steps above you should be fine.

The primary concerns are XSS and CRSF attacks(I’ll let you look them up). Both requires malware (or attempt to trick you into redirecting your attempts to login) and/or an active session for to take advantage of you.   So by following those steps you will thwart them.

2FA helps to thwart password cracking success.   That means even if someone has cracked your password (usually they have cracked a bunch because the site uses a digest hash that was weak - or worse the idiot site stores the password in plain text) they can’t log in without you knowing and confirming.

Of course, if you are already infected, school is out anyways and you have already been compromised and your money is probably already gone.   If it’s still there, you are good.

Waiting for the ball to drop.....

Spencer



Sent from my iPhone

> On Dec 31, 2019, at 8:38 PM, Mike M <meulenms at gmx.com> wrote:
> 
> Hi and Happy New Year,
> Going on vacation for a while in the Keys. I found out too late that 
> the place does not have wi-fi. I have some banking items to take care 
> of and am leery of taking care of it over an unsecured connection. 
> This is time sensitive and needs to be done. My banks both use 2 step 
> authentication does that help at all?
> 
> Regards,
> Mike M
> 
> _______________________________________________
> AT mailing list
> AT at lists.antique-tractor.com
> http://lists.antique-tractor.com/listinfo.cgi/at-antique-tractor.com
> 

_______________________________________________
AT mailing list
AT at lists.antique-tractor.com
http://lists.antique-tractor.com/listinfo.cgi/at-antique-tractor.com

More information about the AT mailing list