Month: November 2017

Utilities for Secure Internet Use

A recent case forced us to put together a coherent list of utilities everyone should be using to avoid internet problems.

The first and most important utility is LastPass. LastPass is a container for passwords. You use it on your phone, tablet, and PC. You make up one really good passphrase you can remember easily, and let it take care of the horrible complicated passwords that keep your bank account safe. Nobody likes to type in a complicated password, so they don’t use them, and their accounts are at risk because of weak password choices. LastPass does the hard work for you.

Next, we pair LastPass with Google Authenticator. Authenticator is a free utility for two factor authentication, probably installed on your phone already, or available from either the Android appstore or iTunes. Two factor authentication means you have something in addition to your password. You can use it with all your social media accounts and probably your email. Without your password AND your Authenticator token, nobody can access your stuff, which is great! You’re safe!

Next, set up LastPass to use Google Authenticator, and viola! You are a hard target for internet criminals!

The last piece of the puzzle is integrity, or proving you are you, not some imposter. For that you need to set up an account at Keybase.io. In keybase, you set up a key pair for encryption and digital signing. Sounds way more complicated than it is. Plus, once you have a keybase account, you can prove you are you on all your social media and websites like 9gag.

A fringe benefit of keybase is the ability to send encrypted messages.

As with all security utilities, ensure you have your data backed up before you turn on security features, especially encryption! And be sure to read the fine instruction manuals.

Now, what’s a good passphrase for LastPass? Not your favorite movie quote, at least not without some extra work. Here’s some examples of high quality pass phrases, none of which you should use, because they will all now be publicly known!

  • Ferry my horse sun* 2 the far shore for $5.
  • Left. No, right. No, left! YOUR OTHER LEFT!!
  • I had a gr8 password, but i forgot it. :,-(
  • Tension, apprehension, and dissention have begun! Not!

And that is the only thing you’ll need to remember, from now on.

Idle Time Mining

Most forensic shops have several very powerful machines for the business. Much of the time, these machines sit idle, doing nothing in between cases. Consider putting those thoroughbred boxes to more profitable use by mining virtual currencies. The additional income can smooth can flow curves, be used in purchases, and help heat the office in Winter.

Seriously. 

Mining operations can be run from different boot disks while the machines aren’t doing anything. It’s pretty easy to set up, and the heating benefits are no joke.

You could cut your office heating bill and get some coins out of the deal.

Besides, virtual currency forensics is going to be huge business. Get involved now.