A few more thoughts, sorry but I wanted to get the last post out before I had to go feed the horses; the ultimate EMP proof survival buggy (Read: hay burner…)
- If you are worried about email communications, should you be?: I think you should. It is not about covering anything unlawful, I’m not. It is about OPSEC. Much of the the correspondence in our group concerns our operational planning, I don’t want that in the wild. It concerns our training schedules and personal contact info, I don’t want that in the wild either. Do not use any web based email, or any free mail email service for that matter; it can be hacked, it can be monitored. If you must use a free email service (like gmail, yahoo, msn, hotmail, gmx, aol, etc) check it with a real mail client (like Thunderbird) and use encryption, not online encryption offered as a service mind you, but use PGP or GPG encryption from a client side plugin or external program (never check it with the web interface and never use it without encryption).Do not use a mail service that offers IMAP only and does not offer POP services, and make sure you never leave mail on the server. There is a little learning curve, but my 12 o’clock flasher wife can do it. We have a separate domain registered just for email addresses (no actual web page hosted). Each member has a thumb drive with Thunderbird portable installed with the enigmail plugin (BTW it will work in Linux with wine with some tweaking). These addresses are only for training correspondence, we do not co-mingle email. All email is encrypted (well) and all messages are signed with trusted personal keys. The software itself does not leave a significant footprint on the host and members are encouraged to use a VPN as well (free with some good antivirus programs, others are available for free our cheap). Domain hosting and registration are usually pretty cheap as well.
Even if you use a secure service (I use Hushmail for one of my corporate accounts) do not assume it is totally secure. Still encrypt everything that is totally important and trade keys in person from trusted sources. Never use this alternate email for online shopping, forums or social media. Just FYI, if everyone, and I mean every email user out there, used good encryption, the none such agency would not have the ability or resources to set up email collection and monitoring server farms. If you like a little light reading (snicker) I recommend ‘Applied Cryptography’ by Bruce Schneier. He also has a Crypto-Gram list-serv, that is not as technically difficult and covers a wide variety of issues dealing with security and and some constitutional issues dealing with them. Of course if really don’t care that someone could ferret out your home address, dox you, do some social engineering, showing up at your house, demonstrating at your training, etc. then keep using your gmail and Facebook.
- Re Operating System Security (Chris4): I am not trying to call you at all so please consider this constructive, but based on your admission that you are a builder I will assume that your full time gig is not in IT or ISS. I do applaud your concern and the research efforts you have put forth. While it is true that certain operating systems are notoriously less secure than others, you are missing the fact that half of the security flaws are based on the brain to keyboard link, also known as poor practices. A perfectly patched Windows box with vulnerable services disabled, good antivirus, good practices, encryption and a VPN is much more secure than a UNIX machine or clone that is set up incorrectly and attached to an improperly configured and unpatched router, and that includes BSD.To say that BSD is better than Linux is also slightly disingenuous. I have been using Linux since I got a floppy with Kernel version .6 when I first got back from the desert and have been using BSD shortly after that. There are multiple flavors (distributions) of each. The problem with Linux is there are some that are not as easy to patch with security updates as others for the non-tech types so they don’t get those updates, the same goes for BSD. Each distribution has its own mechanism for doing security updates, some are automatic, some are not. Some include vulnerable code, some do not, some are well maintained, some are not.
Again this is true for both Linux and BSD. There are certain distributions of each built for specific purposes, ease of use for the desktop user, general use, hardened server security, LAMP applications, forensic suites, multimedia streaming, process control and instrumentation, education, graphic design, embedded systems; and the list goes on. A Linux server, or desktop, is just as secure as a BSD system, if it is properly patched, maintained and monitored (such as checking the CISA database on a regular basis, etc.) I personally recommend that everyone move to Linux, UNIX or BSD at is far superior and secure (I even have my 12 o’clock flasher wife running her real estate office on Linux laptops).
Unfortunately there is the problem of hardware compatibility (in this area Linux far outstrips BSD) and Windows only applications. There unfortunately are not any FOSS solutions for everything and not everything can be emulated under wine or an equivalent. I myself have to dual boot Windows 7 for a few applications that I run. And don’t run a Mac; with all the extra money you spend you could buy another Smith and Wesson. Again, not trying to call you out, but I ran a statewide secure network for a government agency and am currently rostered in several courts as an expert witness in forensic data recovery and computer security so I have picked up a few things along the way. Keep researching though, seems like you have picked up more than the average person in the crowd.
Alright, I’m done now….
- This reply was modified 1 week, 5 days ago by Cyclone34.