Gandalf_The_Grey
Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 6,505
What to do?
Be aware before you share!
- When you’re uploading files for public use, make absolutely certain which files you’ve included in your bundle. Windows famously suppresses file extensions by default, making it hard to be sure which types of file you’ve selected. As shown above, Linux and Unix famously suppress “hidden” files that start with a dot.
- Where possible, get someone else to review your upload before you click [OK]. If you’re uploading your own code, for example, you’re probably feeling relieved and euphoric that your next release is out, or happy that the bugs you’ve been working on are now finally fixed. Reviewing your own uploads is like proofreading your own articles: you know what they are supposed to look like, so mistakes that stick out obviously to other people will often evade your notice entirely.
- Get in the habit of clearing your browser cookies regularly. The longer you leave it, the more personalised data about your browsing your cookie file will contain. Ideally, set up your browser to clear cookies and web data automatically on exit. That way you don’t have to remember to keep doing it by hand. It’s a small inconvenience for big peace of mind.
- Log out from sites as soon as you’ve finished using them. Yes, this is inconvenient, because you have to log back in, and enter your 2FA code, frequently. But when you formally tell a site like GitHub, or YouTube, or Facebook, that you’ve logged out, your current browser authentication tokens are automatically invalidated and therefore become useless to anyone who stumbles across them later on.
- Download your own uploads as soon as they’re public. If you regularly upload files to public repositories where others can fetch them, make a habit of downloading your own uploads (use a different browser, a different username or even a different computer if you can), as if you were an inquisitive member of the public. Review the contents of what you just downloaded, using a tool that you know shows you everything in the download, whatever its extension or filename. If you don’t check for rogue files, crooks are liekly to do it for for you.
Naked Security – Sophos News
nakedsecurity.sophos.com