Does anyone here follow the NSA's advice?

[509322]

Aren't you forgetting someone? OPM.
The compromised data included SF-86 forms which contain intimate details so on and so forth DOD. Grrrrrrrrr!!!

All government systems have been, are, and will be successfully hacked.

If you don't want to expose your personal data to system breaches, then don't work for the government.

One does not need to hack OPM systems to get government employee records - even those employees with security clearances. The OPM has established methods where someone other than employees can get records - but that leaves a paper trail that can serve as evidence in prosecuting criminal cases involving government employee data.

And that's just a start of the things needed to protect personal data.

 

[ispx]

did any one here notice that the source of the OP, the .pdf was published in july 2013?

 

[Exterminator]

Link to a source and not a pdf file.
Nevertheless the source link is old and has been removed.

 

[Andytay70]

You must be an idiot.

The listed points are similar to what any other computer security expert may suggest.

I take offense at people calling me an idiot!
Out of the whole thread you are the only one who has called me so!
If i called you or another member of staff an idiot would get banned?.

 

[ispx]

11. Change your passwords frequently with a password manager.

seriously this is coming from the nsa?

Don't you think that the people who hack computers would know how to secure them too?

have a look here : Hacking Alert - Dark Web Hosting Service Hacked, Some Data Was Stole

if the dark web can be hacked the normal web would be a piece of cake. say good morning to 2017

 

[509322]

seriously this is coming from the nsa?



have a look here : Hacking Alert - Dark Web Hosting Service Hacked, Some Data Was Stole

if the dark web can be hacked the normal web would be a piece of cake. say good morning to 2017

All systems are hackable no matter what - including the NSA's - except the system that you keep perpetually unplugged.

 

[Ink]

I take offense at people calling me an idiot!
Out of the whole thread you are the only one who has called me so!
If i called you or another member of staff an idiot would get banned?.

You're saying good advice from the NSA should be ignored, because they're the NSA? What about security advice from Google, Microsoft or Chinese-government? According to what you're implied earlier, they cannot be trusted because they spy or sell your data?

Click Report if you felt overly offended.

 

[Andytay70]

You're saying good advice from the NSA should be ignored, because they're the NSA? What about security advice from Google, Microsoft or Chinese-government? According to what you're implied earlier, they cannot be trusted because they spy or sell your data?

Click Report if you felt overly offended.

I gave my opinion same as everyone else.
What i did say/mean was "I" personally wouldn't take their advice?
As for reporting you, why would i do that? But like i said in my last post if i called you or another member of staff an idiot i probably would get banned or warned if i'm lucky.

 

[DeepWeb]

All systems are hackable no matter what - including the NSA's - except the system that you keep perpetually unplugged.

The CIA has tools to hack those as well by piggybacking on USB drives and then transmitting data through fan noise. CIA Tools to Spy on Offline Computers with USB Drives Leaked - ExtremeTech

In the end, the government hires the smartest security researchers on this planet because it rewards them generously. Anything that runs on electricity can be hacked if you pay someone a million dollars.

 

[509322]

The CIA has tools to hack those as well by piggybacking on USB drives and then transmitting data through fan noise. CIA Tools to Spy on Offline Computers with USB Drives Leaked - ExtremeTech

In the end, the government hires the smartest security researchers on this planet because it rewards them generously. Anything that runs on electricity can be hacked if you pay someone a million dollars.

Don't make yourself a target of a CIS\NSA investigation and they'll basically leave you alone. There have been unjustified investigations, we all know this, but there aren't too many. Anybody who is investigated, even by local policy, that turns out to be innocent will tell you "It suxx !"

 

[ForgottenSeer 58943]

They have a lot of fun stuff, but most all of it has a countermeasure.

For example many years ago (before Snowden disclosures) we became aware of sniffing of ambient EMF in an environment to exfiltrate data. The countermeasure in that case was to inject EMF chaos into the room, a phasing negative ion projector proved sufficient. Some other sensitive equipment was quite easily disrupted by a true randomized pink noise generator. (not predictable white noise BTW) 60Hz electrical lines can be used to snoop. KVAR works for some of it, MxDNA type devices work for filtering other technologies out relating to 60Hz noise variances. Years ago we found ultrasonics being used so an electrical engineer I know designed ultrasonic emitters to chaff the ultrasonic frequency spectrums in use. Other technologies related to microwaves are readily disrupted by ambient microwave scattering based off the metallic-resin coating used in military stealth tech. The list goes on and on..

Unfortunately nobody really knows all of the things that could cause you to become a target. It's a mystery to everyone but them apparently.. These days, HTTP/HTTPS access from your gateway to RU IP addresses might be enough to trigger an interest, who knows. Maybe working for some specific person, organization or whatever may trigger it. If you are a privacy freak and use VPN's and such maybe you'll draw interest? Either way, it's good to practice security and privacy with the idea you 'may' at some point come onto the radar. Why make it easy for people to abuse your absolute right to privacy? Or we could just basically assume they may leave us alone and accept the fact that they are violating their mandate.

 

[EASTER]

The CIA has tools to hack those as well by piggybacking on USB drives and then transmitting data through fan noise. CIA Tools to Spy on Offline Computers with USB Drives Leaked - ExtremeTech

In the end, the government hires the smartest security researchers on this planet because it rewards them generously. Anything that runs on electricity can be hacked if you pay someone a million dollars.

LoL

I been saying all along since Windows 98SE, and this was directed at malware makers who were sort of just in their infancy back then, and it goes like this.

"What possibly will they come up with next to poke their noses into these machines or fudge them, hijack the electrical currents?"

Well, apparently in some places they do just that now. What's that old saying? Build it and they will come. I will do one better.

Build it and then publish or dispense it all over the map and they'll do more than that.

Point is there are certain methods and creative one's to steer clear of trouble network-wise as well as O/S system that channels over them, but those system's absolutely have to be fashioned in such a way as not be anywhere near tied in with the whole freaking so-called global interconnectivity system.

We all see, hear, and read everyday what that result returns.

 

[212eta]

Does anyone, here, follow the N.S.A. advice?

Frankly, I do Not Trust the NSA, CIA etc.

However, I find MalwareTips a Trusted place to take solid advice on Security, Privacy etc.

 

[Andy Ful]

Here is my NSA like config:
1. Application Whitelisting : Hard_Configurator (built-in Windows SRP).
2. Control & limit administrative privileges: Hard_Configurator.
3. Limit file-sharing: disabled.
4. Use a cloud-based antivirus: Windows Defender (Win10) + forced SmartScreen for files not downloaded from the Internet (Hard_Configurator).
5. Enable anti-exploit features: Windows 10 built-in, Edge for browsing, Universal Applications for media and document viewing (App Container), Office Online (document editing), disabled unused services (ESO utility from sordum.org).
6. Use a HIPS: No need in this configuration in the home network.
7. Use a Secure baseline (configure group policy): Hard_Configurator 3.0.1.0 (SRP, blocked scripts, disabled remote access, protected ShellExtensions, disabled SMB).
8. Use a service that blocks domains known for malicious content. Adguard DNS.
9. Update your software: yes.
10. Segregate your network and functions.: no machines in my network can communicate with the others (disabled HomeGroup services, disabled remote access).

There's no any 3-rd party, real time security software in the above config. Hard_Configurator only configures the Windows Registry to apply Windows built-in security.

I am slightly paranoid about security, so additionally have ShadowDefender on boot.

 

[Andy Ful]

And another near-NSA config based on Comodo Firewall (Windows 7, semi-locked config):
1. Application Whitelisting : Comodo Firewall (CS-settings).
2. Control & limit administrative privileges: Comodo Autosandbox has this ability for unrecognized applications.
3. Limit file-sharing: disabled (reg tweak).
4. Use a cloud-based antivirus: Comodo File Lookup (cloud-based Application Reputation Service).
5. Enable anti-exploit features: CF Autosandbox, Google Chrome (Sandbox), Office Online (document editing), disabled unused services (ESO utility from sordum.org).
6. Use a HIPS: No need in this configuration, in the home network (some HIPS are still active in CS-settings).
7. Use a Secure baseline (configure group policy): No need in this configuration, in the home network.
8. Use a service that blocks domains known for malicious content: Adguard DNS (or Google Chrome add-on).
9. Update your software: yes.
10. Segregate your network and functions.: no machines in the network can communicate with the others (disabled HomeGroup services, disabled remote access).

I used a similar configuration on one of my computers before migrating to Windows 10.

 

[Andy Ful]

And another near-NSA config based on Avast (aggressive mode) and Sandboxie paid (Windows 7):
1. Application Whitelisting : not typical - based on Avast Application Reputation Service + Sandboxie can whitelist applications in sandboxes.
2. Control & limit administrative privileges: Sandboxie has this ability in sandboxes.
3. Limit file-sharing: disabled (reg tweak).
4. Use a cloud-based antivirus: Avast.
5. Enable anti-exploit features: Sandboxie, sandboxed Web Browser, sandboxed vulnerable applications (media, documents, etc.), Office Online (document editing), disabled unused services (ESO utility from sordum.org).
6. Use a HIPS: Sandboxie for sandboxed applications.
7. Use a Secure baseline (configure group policy): No
8. Use a service that blocks domains known for malicious content: Adguard DNS (or Google Chrome addon).
9. Update your software: yes.
10. Segregate your network and functions.: no machines in the network can communicate with the others (disabled HomeGroup services, disabled remote access).

My wife used a similar configuration before migrating to Windows 10.

Edit.
Whitelisting in the sandbox, makes it very strong, because one can put only a few applications on the whitelist and block everything else (that is not possible outside the sandbox).

 

[Andy Ful]

Near-NSA profile similar to 'bo elam' config from Wilderssecurity forum) :
1. Application Whitelisting : Sandboxie (paid).
2. Control & limit administrative privileges: Sandboxie.
3. Limit file-sharing: disabled.
4. Use a cloud-based antivirus: no.
5. Enable anti-exploit features: Sandboxie, almost all applications run sandboxed.
6. Use a HIPS: Sandboxie.
7. Use a Secure baseline (configure group policy): Sandboxie restrictions.
8. Use a service that blocks domains known for malicious content: Adguard DNS (or Google Chrome addon).
9. Update your software: yes.
10. Segregate your network and functions.: no machines in the network can communicate with the others (disabled HomeGroup services, disabled remote access).

Bo elam extreme Sandboxie:
"Whenever I download something like a video, PDF or whatever. And it doesn't matter where I download it from. If that file its gonna run in my computer, its gonna run sandboxed until the day it gets deleted. The only question really is, In which sandbox is it gonna run? And that depends on the location of the file. All this is done naturally by using Forced programs and Forced folders as well as a sandboxed Windows explorer."
Sandboxie Acquired by Invincea