1. No category

HOW TO SURVIVE
IN THIS CRAZY
CYBER WORLD
a semi-satirical, unofficial, politically incorrect, brutally honest,
yet, fairly comprehensive, step-by-step(ish) guide
(with an unnecessary amount of punctuation)
BY:
ALEXANDER SHULMAN
(a generally horrible hum an being)
JUNE 2014
PREFACE
The world is a scary and violent place. The world-wide web is even more so.

More than 160,000 new malware samples appear every day.1 (from Panda Security)

In the last 12 months, half of all American adults were hacked.2 (from Ponemon)

In the last quarter of 2013, 17 out of every 1,000 computers were infected with malware.3 (from
Microsoft)
Those are scary facts. But, these, I think, are slightly more alarming:

79% of all of those notified did not take any action after finding out.4 (From idRADAR)

Out of all infected systems, 95% were infected because the user clicked on something they
shouldn’t have.5 (from some place I can’t remember)
That means it’s not just the bad guys who are in the wrong. Yes, I’m talking about you, dear reader.
But, it’s ok (not really, but we’ll get there). I understand that most people just don’t know what they
can do. And so, without further ado, enter this guide.
With this (unfortunately, lengthy) step-by-step guide, I hope to provide some clarity on what even the
most technically-challenged of us (well, of you, really) can do to prevent themselves from becoming a
victim of technological malice, as well as to provide some tips on keeping yourself and your electronics
happy.
Now, I’m going to be upfront: this guide is kind of Windows-centric. Two reasons – 1) I hate Apple,
and have worked with/researched their stuff nowhere near enough to consider myself an expert on it.
2) Unix/Linux people tend to know this kind of stuff already.
However, a lot of things I will talk about in this guide are not just applicable to Windows systems.
OBLIGATORY INDEX FOR QUICK CLICKING AND PERUSING:
1) To do before we set off on the grand adventure .........................................................................2
2) Connecting ............................................................................................................................ 8
3) Cruising through the internets ............................................................................................... 10
4) Passwords ........................................................................................................................... 12
5) Social media ........................................................................................................................ 14
6) Email .................................................................................................................................. 17
7) Going Mobile: The Wide, Open World ...................................................................................... 19
8) Travelling ............................................................................................................................ 22
If you don’t have the time to be edumacated and just want a short list of things to do, click >>HERE<<
1
http://www.net-security.org/malware_news.php?id=2776
http://money.cnn.com/2014/05/28/technology/security/hack-data-breach/
3
http://www.networkworld.com/news/2014/050714-malware-infections-tripled-in-late-281377.html
4
https://www.idradar.com/sites/default/files/docs/idRADAR%20Quarterly%20Consumer%20Research_June20141.pdf
2
5
Cannot, for the life of me, remember where I read that… but I totally did…
1
1) TO DO BEFORE WE SET OFF ON THE GRAND ADVENTURE:
A) ANTIVIRUS
Have one. There are plenty of free choices out there, so there is no excuse not to have one. But, not
all antiviruses are created equal. If you google “Best Antivirus,” you will get about 74,200,000 results,
with many claiming to be “the one.” In the end, it all comes down to independent testing. While
performance tests do vary from month to month, top contenders tend to remain toward the top as a
rule of thumb.
Now, there are some who say antiviruses are useless because they, at best, block 99% of all viruses.6
But, I think that blocking 99% of threats is better than not blocking any at all. So, girls, let’s talk
‘options.’
As of mid-May 2014, these were the best choices:
PAID SOLUTIONS

Bitdefender Antivirus Plus (2014) | $39.95
http://www.bitdefender.com/solutions/antivirus.html
According to the many, many mentions on their site, they are
number 1 this year. According to independent testing, they
are correct. And, with the quality and number of features in the
package, I’m obliged to agree.
Also, it looks kinda cool 
Feature list from their site: Antivirus and Antispyware, Bitdefender Safepay™, Security Report,
Wallet, Bitdefender Autopilot™, Online Privacy Protection, File Shredder, Two-way Firewall,
Parental Control, Cloud Antispam, Secure Online Storage, Device Anti-Theft.

Norton AntiVirus (2014) | $49.99 | http://us.norton.com/antivirus/
In the past (2008-2012), the Norton brand went from a beloved savior to the hated
villain as their products turned from “I will defend your system” to “… so that even
you can’t use it.” Since then, they got better. Folks at Norton rewrote their product
from the ground up and have returned to, once again, being the contender they
once were.
Feature list from their site: Keeps you safe when you surf, shop and bank online,
Protects you from social media scams, Stops both today's and tomorrow's online
threats, Blocks infected and dangerous downloads

Webroot SecureAnywhere Antivirus (2014) | $39.99
www.webroot.com/us/en/home/products/av
This is a surprisingly tiny, and very easy to use, program that goes about
protecting your system in a slightly different way. If it detects something really
serious it cannot fix, it creates a secure communications channel to HQ, where an
actual human being assists in getting the bugger off your system.
Feature list from their site: Detects and blocks known and unknown viruses and
threats, "Ridiculously fast scans" keep you protected without interruptions or
slowdowns, Real-time anti-phishing blocks fake websites that trick you into
entering personal information and threat shields warn you of potentially infected
websites before you visit.
6
http://gcn.com/blogs/cybereye/2014/06/antivirus-useless.aspx
2

Kaspersky Anti-Virus (2014) | $39.95 | http://www.kaspersky.com/anti-virus
While I’ve personally never used it (because it’s made by the Soviets), Kaspersky
tends to consistently get very good reviews in independent testing. Also, the
company is quite active in the antivirus community with their education and
research projects, frequently finding and publicizing new threats that endanger us
all (they are probably the ones creating them… >_>)
Feature list from their site: Antivirus protection, Preventing the exploitation of
software vulnerabilities, Protection against screen lockers, System Watcher, Web
protection, URL Advisor, File Advisor, Anti-phishing protection, Minimal
consumption of PC resources, Rapid start-up, shutdown and reaction times.
FREE SOLUTIONS
While there is a general sense of “you get what you pay for,” there are some very good free AVs one
can get.

AVG AntiVirus FREE 2014 | http://free.avg.com/us-en/free-antivirus-download
AVG tops my list (and independent test lists). I’ve been using it for a couple of
years now, and have no complaints. Not as feature rich as the paid counterparts,
but it does what it’s supposed to.
Antivirus, Link protection, File shredder. That's what you are getting for free. And, unless you
absolutely need to have parental controls and various bells and whistles, this is a fantastic choice.

Avira Free AntiVirus (2014) | Free | http://www.avira.com/en/avira-free-antivirus
#1 contender in September of last year, Avira recently slipped to #2 spot (just barely).
Avira uses “Cloud-based protection” during its scans, so you need a frequent connection to
the interwebs to take full advantage of its capability. What you get: Advanced Real-Time
Protection, AntiAd/AntiSpyware, Browser Tracking Blocker, Website Safety Advisor (as a
Firefox/Chrome extension). Avira is a very good choice if you are “always on.”

Avast! 2014 | Free | http://www.avast.com/index
… is also one of my personal favorites. Free version gives you the Antivirus, Antimalware Protection, Anti-spyware, and Anti-rootkit. It’s a little bit more difficult to
navigate at first, but it is also a very solid choice. Of these three, I do think Avast
has the best customer service, if you need to reach out to an actual human… but that is a
personal opinion.

FortiClient 5.0 | Free | http://www.forticlient.com/
Forticlient comes with several features that make it awesome: AntiVirus, SSL VPN, Web
Filtering, IPsec VPN, Application Firewall, Two-Factor Authentication, Vulnerability Scan,
WAN Optimization. The reason why it’s further down on the list, is that, while having a
collection of really good “how to” videos, it does require quite a bit of technical know-how to
operate.
One thing of note:
Companies need moneys to exist. And, while these are all truly free, they are peppered with links
encouraging you to “buy this to make it even better.” Buying it does improve the product, as it gives
you more features (detection/cleaning rates stay the same, however) … but then, if you want
features, may as well start out with a paid product.
3
ALSO
Malwarebytes Anti-Malware 2.0 | Free | https://www.malwarebytes.org/downloads/
According to PCMag, “When other antivirus products fail, tech support agents
turn to Malwarebytes Anti-Malware 2.0.”7 While I don’t know if I agree with this
100%, Malwarebytes is definitely a good program to have on your computer
‘just in case.’
Also, if you think your computer is infected and you can’t install one of the
abovementioned products (because, sometimes, viruses block you from installing an antivirus
program), you can give Malwarebytes Chameleon a go: https://www.malwarebytes.org/chameleon/. It
is awesome.
ALSO ALSO
>> NEVER DO THIS <<
7
http://www.pcmag.com/article2/0,2817,2455505,00.asp
4
B) SPRING CLEANING
As we use our computers more and more, they tend to get filled up with random crap; temporary files,
remnant artefacts, unused programs… they all slow down your computer. Once in a while, (optimally,
more frequently than once a year during actual spring time), it’s a REALLY good idea to clean stuff up a
bit. Also, when you get a new computer, nowadays, it usually comes pre-installed with a LOT of stuff
you either will never use, or just plain don’t want on your system. So, let’s clean those up a bit.
Note: I list these things in the order I do them when people ask me to un-screw their computer. Some
people would prefer to do the last step first, and then proceeding with the list. Some people don’t
bother doing the first step at all. … It really comes down to preference.
OS FEATURES
I will start with a very important principle of cybersecurity:
system hardening, or “locking doors you do not use.”8
You see, there is a lot going on behind the scenes in your
computer… a lot of doors opening and closing to allow for
day to day operations. A lot of it is good; making your
computer go on ticking. However, the more stuff you have
going on, the more doors you have open. Sometimes, you
have open doors without even realizing it.
Let me give you some examples:



Let’s say, at home, you have a printer connected directly
to your computer. It’s connected by USB cable, and you
are the only one using it. Do you really need your
computer to keep open the door marked “print using the
internet?”
Don’t have a touchscreen monitor? Why have “Tablet PC
Optional Components” enabled? You can’t use any of
those features anyway.
When was the last time you actually played Minesweeper
or Purble Place (whatever the hell that is)? Those games
can also keep doors open.
Why do I keep talking about doors?
One of the ways bad guys try to enter your system is
through those openings. So, let’s close ‘em up!
There are a ton of guides and videos out there on how to do it, and all of them can be found by
Googling. Here’s a link just in case you’re lazy:
https://www.google.com/search?q=Turn+Windows+features+on+or+off
A couple of things:


Turning a feature off does not uninstall it. If you disabled something and later find that you need it,
you can always turn it back on.
If you are not sure if you need a feature, simply Google it’s full name to learn what it does. If
you’re not using it, there’s no harm in disabling it.
8
Yes, I’m trying to describe open ports and innate application vulnerabilities. I know it’s not the best analogy.
Tech savvy gurus: just move along, dammit.
5
UNUSED PROGRAMS
LOOK AT THIS.
Does it make you cry? It makes me cry.
Nowadays, most new computers come pre-installed
with stuff you just don’t need or want. Also, most of us
tend to install stuff on our computers… which we end
up never using. This makes most people “cyber
hoarders.”
It’s ok. The first step is admitting it. I’m here to help.
Uninstalling a program you will never use has a freeing
effect, allowing both, yourself and your computer, to
breathe just a little bit better. (It’s also going to close
some doors those programs might have open.)
Now, doing this can be scary for some. Thankfully, there are videos.
9
University of Michigan-Flint has a quick walkthrough for Windows 8, 7, and XP:
http://www.umflint.edu/helpdesk/perm/windows/how-to-uninstall-a-program-on-windows-7-xp-andvista/
Anyways, now you know how to. But, what should you uninstall? A couple of tips:

Sort by Publisher (just click once on the Publisher tab)

Unless you are specifically uninstalling a Microsoft program, ignore ones where Microsoft is listed as
publisher

If the Name says “toolbar” or “browser add-on,” it’s probably safe to remove

If you are unsure about something, just type the name exactly how it appears into Google to learn
more about it
CCLEANER
Extra big picture for an extra awesome product.
Literally, “Crap Cleaner” … from when we were less politically correct, back
in the day. Fantastic program. What it does is scan for various system files
and keys that are no longer needed by your system and deletes them to
free up space and remove possible confusion.
According to the Piriform website, “CCleaner is the number-one tool for
cleaning your Windows PC. It protects your privacy online and makes your
computer faster and more secure.” I’m going to tell you, that statement is
true. I’ve been using this program for many, many years, and have not
had a single complaint with its performance.
Very easy to use, very difficult to mess up. I’m a firm believer this should
be on every Windows computer.
Get it here: https://www.piriform.com/ccleaner
9
If you are using an Apple, I will once again recommend you smash it with a hammer. Usually fixes things.
6
DEFRAGMENTATION
(SKI P THI S STEP I F YOU ARE USI NG A SOLID STATE DRIVE (SSD))
From time to time, you should pamper your computer a bit… let it de-stress, and generally unwind…
give it the spa treatment, if you will.
You see, as you use your computer, files are constantly being written to the hard drive. Usually, they
are placed wherever there is space for them (think: 16-year-old’s bedroom). Defragmenting, or
“defragging” as the cool kids call it, is the process that takes each of those randomly-placed files and
puts them next to their long-lost relatives. This makes your computer not work as hard when it needs
to find something.10
Operating systems tend to have native capability to defragment: Windows has “Disk Defragmenter”
program; OSX has a “throw against the wall” function (I’m told); and Linux has a “defrag” command,
though, due to the way Linux/Unix operating systems work, it’s really not needed.
Windows Disk Defragmenter is a silent worker. But, if you want something graphically pretty (perhaps,
dare I say even, sexy), and with customization options out the wazoo, there are other defrag options
available:

Defraggler | Free | https://www.piriform.com/defraggler
By the same people who make CCleaner, is a defrag program that gives you options. Most defrag
tools only allow you to defrag an entire drive. Defraggler lets you specify one or more files,
folders, or the whole drive to defragment. It also has an option to defragment free space, which
improves Windows' performance when writing new files. (Trust me, it’s kind of a big deal.)

Auslogics Disk Defrag Free | http://www.auslogics.com/en/software/disk-defrag/download/
Also a top contender with lots of great features and customizations. One feature that separates
it from Defraggler is that they have a “portable version” as a single, 3.7Mb .exe file that
doesn't require installation and can be run directly from a USB drive
Note: If you are running Windows 7 or higher, you may already have defragmentation automatically
turned on (usually set to run at 1AM on a Wednesday). The defrag window should tell you.
ACTUAL CLEANING
Yes, as in, actually cleaning the thing. No, not just dusting off the outside and calling it a day. The
inside bits as well.
As you use your system, dust tends to gather up inside, caking on top of various components and
making them heat up more than they normally do or, in case of the fans, not move the precious cool
air around as well. This tends to have effects on system performance.
The prospect of opening up a computer can be scary for most, but I’m about to put your fears at rest.
Meet your new best friend: Compressed Air. It has so many uses! Clear dust from electronics! Scare
the crap out of household pets! Turn it upside down and supercool your beer! (do be careful with this
one) 11
Cleaning your laptop is quite easy. Here, watch this 2-minute video:
http://www.youtube.com/watch?v=EWwejCKVGOY
If you have OCD (or, CDO, since it has to be alphabetical), several hours, and a desire to make your
laptop even cleaner than how you received it from the store, this 11-step guide is for you:
http://www.wikihow.com/Clean-a-Laptop
Cleaning your desktop is also easy. Turn it off, unplug it, pop the hatch, and blow compressed air on
anything that looks dusty. (depending on where you live, be ready for a big dust cloud.) Voila, you’re
done. (It may take a few go-arounds, depending on how dirty it was)
10
Ok, settle down tech-heads, I know that’s not quite what happens, but you try explaining this to your grandma.
Get it here: http://www.amazon.com/b?node=3012916011. They even have a 220+MPH “hurricane” version, in
case you want to blow your face off. (The writer of this guide provides the information “as is” and will not be held
responsible for blown-off faces, frozen-off “bits,” or pets with PTSD.)
11
7
2) CONNECTING
Assuming you actually followed the above, your computer should be
nice, and clean, and happy. So let’s talk connections.
Connecting to the internet is analogous to setting off on a grand
adventure toward a magical land containing all of the knowledge of the
human race … and pictures of cats. Getting on the internets can be
accomplished using a private (ISP) or a public (public WiFi) connection.
With a private connection, you pay an Internet Service Provider (ISP) to
give you a dedicated line that is your and yours alone; you then have an
option of sharing it via WiFi and such. On top of giving you a personal
access to the internets, ISPs work with various other important internet people to ensure the integrity
of your communication, making sure the bits actually make it from A to B. With a public connection
(usually, free public WiFi), before getting to the part where ISP whisks your data away, your
information has to go through a bit to which other people are also connecting. Passing through this
zone can actually put your information as risk, as security configurations for this zone tend to be at the
mercy of whoever is providing the WiFi access, and are not usually anywhere as stringent as the
security configurations required of the ISPs by various regulations.
Think about it as a swimming pool. In your private pool, you are nice and safe and can do as you want
without people seeing/judging you. In a public pool, which is generally crowded and generally
disgusting, can still do those things, but people will judge… and, also, you have no way of knowing who
is currently peeing into the pool… or who is there “just to watch.”
Thankfully, there is a way to protect one’s information when connecting to a public access point.
VPNS
A Virtual Private Network (VPN) is a computer program that works by creating a secure communication
channel between your device and another device in a known safe zone (ex: not in the public pool) in
such a way that all communications between yourself and that device are encrypted. VPN also offers
several other benefits besides encryption.
A 2-minute video with a brief overview of what a VPN is and does
can be found here:
http://www.youtube.com/watch?v=rFg7TSwVcL4
(Courtesy of CyberGhost)
There are a multitude of VPN services out there, both paid and free. While I
could recommend some that I personally like, http://www.bestvpn.com does a
great job in breaking it down; sorting VPNs by price, features, compatibilities,
and other criteria.
One thing it doesn’t really cover is free VPNs. Usually, I would not recommend
a free VPN as they tend to have two things in common:


12
They tend to require mid-to-high level of technical expertise, as they
require one to configure all connections by hand.
They provide no guarantees. The contact information of providers of the "device in a known safe
zone" are rarely disclosed, so it is usually impossible to know if the individuals providing the other
device are not themselves monitoring the communications.
However, there are two I will mention: FortiClient 5.0 (previously discussed in the antivirus section)
and CyberGhost (www.cyberghostvpn.com/en). Both of these offer a free VPN service that I can
confidently call safe, and CyberGhost is actually easy to use.
12
Fear my l33t clipart skillz.
8
PROXY
A lot of people confuse proxies with VPNs, so I’d like to take some time to briefly address them.
People use a proxy to hide their identity on the internet, and, sometimes, bypass some firewalls that
may be restricting their browsing. Most proxies are free, so it is a very popular choice among the “free
internet” crowd. The biggest difference between proxies and VPNs is that proxies DO NOT ENCRYPT
YOUR COMMUNICATIONS.
An example: After hitting the proxy server, it would be hard to know that it was you
who was actually looking for those My Little Pony pictures (for anyone sitting between
you and that proxy server, there would be no problem in finding that out).
However, if you used a VPN, those people wouldn’t even know that you are secretly a Brony.
I hope that cleared some stuff up.
THE BROWSER CHOICE
Microsoft frequently pushes out updates to their Internet Explorer browser. The rolling joke among the
cybersecurity community is “Oh look! It now lets you download [another browser] faster!”
Let’s face it; especially with the additional bad rep recently circulated through the news, IE is far from
the best choice for an internet browser. Maybe, one day, Microsoft realizes this and does what Norton
did by completely rewriting it. But, I won’t hold my breath.
To be considered a good browser, it must fulfill the following criteria:



Be simple to use
Hog as few computer resources as possible
Have the ability to keep you safe from malware and third-party tracking
With those requirements in mind, Google Chrome (www.google.com/chrome) and Mozilla Firefox
(www.mozilla.org/en-US/firefox/new/) are the two biggest contenders in this field, with Safari and
Opera bringing up the rear.
Personally, I’m a fan of Chrome, sometimes play around with Firefox, and loathe the fact that some
government sites only play nice if you’re using Internet Explorer. In the end, the choice is up to you.
With both Chrome and Firefox being as customizable as they are, it really comes down to personal
preference.
If you’re curious about what the world is using, here are the numbers (world survey Jan2014)13:
Chrome
34.95%
Internet Explorer
30.275%
Firefox
18.00%
Safari
8.70%
Opera
1.925%
Other
6.15%
Bottom line: You have options.
13
http://en.wikipedia.org/wiki/Usage_share_of_web_browsers
9
3) CRUISING THROUGH THE INTERNETS
Well, now that your computer is all clean and ready to face the great vast expanses of the interwebs,
let’s take a look at how we can keep it that way. But, before we get there, let’s have a quick lesson
about the internets.
Every page on the internet is made up of elements, each using various languages and resources to
display the information on the site.



HTML (Hypertext Markup Language) makes up the base of every web page, staying what things
should be displayed on the page.
CSS (Cascading Style Sheets) are all about what the elements on the site look like; what font for
the text, color, etc.
Javascript/Flash allows you to actually view those cat videos and click those pretty buttons.14
SCRIPTS
91% of web exploits target Java.15 (CISCO) If CISCO says it, it must be true. So, how can we protect
ourselves from this Java threat? After all, I wants my daily dose of cat. Answer: Easy.
Script blockers are addons one can install in one’s browser to block Java scripts from being run. Once
set up, these block all scripts on every site you visit, unless you tell them not to do so.
Now, I’m not going to lie… they are a bit of a pain to use at the very beginning. Every first time you
visit a new site, chances are that it will be blank or drastically stark until you tell the blocker to allow
the site. As the interwebs is a complicated place, and a page can use resources from different websites
at the same time, usually, you will have to allow several sites to display their content.
Example: On YouTube, you may want to allow youtube.com, google.com, and ytimg.com (the site that
displays YouTube images/video previews) while blocking everything else.
Sounds like a pain, but, the blockers remember your choices and will continue to unblock the allowed
sites from that point on. So, really, it’s a one-time inconvenience, and you can always change your
mind and block/allow previously allowed/blocked sites.

Chrome: NotScripts
https://chrome.google.com/webstore/detail/odjhifogjcknibkahlpidm
dajjpkkcfn
I’ve been using it for several years now, and it is, by far, the
handiest security extension I’ve had the pleasure of installing.
Unfortunately, the set up is the most complicated part of using it as
it requires you to create a password and save it into a particular file
on your computer. But, once you do, you will immediately notice a
difference.

Firefox: NoScript
https://addons.mozilla.org/enUS/firefox/addon/722
Works on the same exact premise.
NoScript is easier to set up; it only
requires you install it before being 100%
operational. If you’re using Firefox, this
extension is a must have.
14
15
Yes, this is a gross generalization. Please don’t kill me.
http://www.cisco.com/web/offers/lp/2014-annual-security-report/index.html (Registration required)
10
Ad block
Tired of those ads with all their blinking and sound playing and popping up in random windows? Well,
do I have a solution for you!
Adblock Plus https://adblockplus.org/ is a browser extension available for every
browser out there.
ABP works on the same principle as the script blockers mentioned above, but
targeting ads.
Personally, I think this should be included in every browser as ads tick me off.
But, I also understand that a LOT of sites rely on profits from ads to stay afloat
and continue to provide their awesome content. So, what makes this browser
add-on awesome is that it lets you configure itself to block all ads in the world or
to allow ads to display on some sites (to show your support for your content
providers).
One more thing about this topic: Sometimes, besides being annoying, ads can carry viruses. By
blocking ads, you stop that method of attack as well. … Just something to think about.
WEB OF TRUST
From the Web of Trust website16:
Web of Trust (WOT) is a website reputation and review service that helps
people make informed decisions about whether to trust a website or not. WOT
is based on a unique crowdsourcing approach that collects ratings and reviews
from a global community of millions of users who rate and comment on
websites based on their personal experiences.
WOT works in a very simple way - it shows website reputations as traffic lights next to search results
when using Google, Yahoo!, Bing or any other search engine. They are also visible next to links in social
networking sites like Facebook and Twitter and email like Gmail and Yahoo! Mail as well as other
popular sites like Wikipedia. By clicking the traffic light icons you can find out more information about a
website’s reputation and other users’ opinions.
It’s free, get it here:
Chrome: https://chrome.google.com/webstore/detail/bhmmomiinigofkjcapegjjndpbikblnp
Firefox: https://addons.mozilla.org/en-US/firefox/addon/3456
16
https://www.mywot.com/en/aboutus
11
4) PASSWORDS
The world runs on passwords, with username/password combinations being
the most common, and widely accepted, way of authenticating access to
one’s account … and we forget them so, so frequently.
Ok, I will admit it. A lot of the fault lies with security admin people.
You see, it’s just so much easier to require you to create a ridiculously hard
to guess password than to have *us* expend *our* time out of *our* lives
that we can be spending watching cat videos. You understand, right?
I’m glad you do!
And, now that we all realize that no one is to blame, we can safely proceed
with the rest of our lives.
All jokes aside, though, unfortunately, the problem with crazy passwords
requirements is not going to go away anytime soon. So, let’s talk solutions.
THE PROBLEM 17
But! Before I get there, I should really mention some mistakes that a
LOT of people make that can place their accounts, their information,
and, sometimes, themselves in danger.18

Writing down passwords
Who can possibly remember that crazy password? I better jot it
down, but on the back of this Post-It note that I will keep next to
my computer, because no one ever actually looks at the sticky
side. Ooh! Maybe, I’ll hide it under my keyboard; no one will
ever look there! I r smart.
Actually, no. I’m sorry to say, but those are all very old tricks, and people have been doing these since
the invention of passwords … and have been getting their passwords stolen and used against them.
You see, as soon as you make your password physical-manifest, you are making it possible for other
people to see it. Stop doing it! If you can’t, and absolutely must have it written down somewhere,
continue reading; I’ll give you a better option in a bit.
 Reusing passwords across websites
An average human being with access to the interwebs has a membership with multitude of sites, and
having a different password for every one of them is … difficult, so many people don’t. Which is bad.
As a general rule of thumb, one can break down those sites into two categories: critical and noncritical.
Critical: I will cry if someone gets into this account and does stuff. (Bank accounts, Facebook, etc)
>> make sure to have different, unique passwords <<
Non-critical: I won’t cry if someone gets into this account. (www.canadianliving.com)
You can use one password. It’s not “great” to do, but it’s acceptable.
 Pattern-based passwords
With the stupid complexity requirements, people have figured out that they can makes lines, or shapes,
or patterns on the keyboard, while randomly pressing the shift key, and call it a complex password.
And, you know, it looks like a complex password. So, why not?
Well, hackers know people are doing this. So, pattern-based passwords are actually the first on their
list to try when hacking your account. STOP DOING IT!
17
18
There are volumes of books written about passwords. I’m just listing the most common errors I’ve encountered.
Especially, in the case of a disgruntled ex.
12
THE (A) SOLUTION
Let’s look at what would be considered a strong password: 01J&Jw^aH. Try to remember it. Kinda
difficult, right? What if I told you it is actually a beloved childhood rhyme about two intrepid
adventurers and their quest for water? Still nothing? Ok, let’s break it down.
J&J: Jack and Jill
w^: went up
aH: a hill
01: It’s the first line of the rhyme.
And, when the time comes for you to select a new password, just go with the next line.
*explosion noises*
Mind … BLOWN
*explosion noises*
But, yeah. It’s that simple.




Pick a random book you normally have handy
Pick a random page to start
Come up with a couple of rules: capitalize all nouns; turn every ‘and’ into &; turn every money,
cash, or dollar reference into $; etc …
… And, there you have it! Easy, right? 19
THE (ANOTHER) SOLUTION
Password managers are awesome. Pretty much, what they are, are programs you can install on your
computer/cellphone/whatever that remember your passwords for you. Not only that, they come up
with crazy passwords for every different site you go to (so, now you have unique passwords for every
site), and give you options to auto-fill-in the information when you get to the site’s log-in page. To
keep your passwords safe, they encrypt them so only you can use them. All you need to do is
remember is one master password which is used to decrypt all of the others. Most of them also come
with several other really cool features (like, let you know if a site was recently hacked and you should
change your password.) Here are the top contenders in this field:

Dashlane | Free or $30/yr | https://www.dashlane.com
is my personal choice, and have been using it since its infancy. For free, you get several great
features. Only listing the two big ones (shamelessly stolen from their site):

Password Manager: Automatically import your passwords from any
browser into your secure password vault. Save any missing passwords
as you browse. Make passwords right within your browser. Get
automatic alerts when websites get breached. And with their autologin, you will never have to type any password on any of your devices
again. It’s that simple.

Digital Wallet: Securely store your payment details in Dashlane’s online
wallet. Get express checkout and flawless form filling everywhere you
shop online. Automatically capture receipts of all your purchases.
Always have your digital wallet on you, and never have to store your credit
cards on sites that you don't completely trust.
For $30/year, you get the ability to sync across multiple devices and the ability to access your
passwords through a secure web portal for when you are travelling/don’t have your device handy.

1Password | $50 / $70 for family license | https://agilebits.com/onepassword
1Pass has been around longer than Dashlane, and is also a very solid choice, offering
both Password manager and a Digital Wallet. Three reasons why it’s #2 in my list:
1) It doesn’t have a free version
2) It’s Apple-centric
3) It requires a Dropbox account/service in order to sync your devices.
19
Boston U has a nifty guide: http://www.bu.edu/infosec/howtos/how-to-choose-a-password/
13
5) SOCIAL MEDIA
Oy vey. Where do I start?
Humans are social animals (like penguins, but
with thumbs and Botox), so, innately, we have a
want to share (well, most of us). And, a lot of
us do. Everything from how cute our cat is, to
how a super cool but super-secret thing is about
to happen at our company but we’re not telling,
to how our boss doesn’t like that we bring
“fluffy” to work.20
The point is, most people put stuff out in the
open which either should not be put out, or that
should not be put out “in the open.” In this
section, I will not talk as much about the first
part as about the second. After all, in ‘Murica,
we are free to post what we want. (Whether or not we should do it is an entirely different question,
which is best left up to the clearly well-informed individuals doing the posting.)
Now, I’m going to focus on Facebook-like sites, as everyone and their mother has an account for those.
However, these tips are applicable to every social media site out there, and their implementation is
fairly similar.
A) SET YOUR PRIVACY SETTINGS
There is a HUGE difference between “My friends can do this” and “Friends of my friends can do this.”
We all have one of those friends who is, and this is a very technical term, “an attention whore,” more
than happy to accept any and all friend invites on Facebook. (If you don’t, and you yourself have over
500 friends most of whom you’ve never actually met, the first step is admitting you have a problem.)
In any case, let me tell you a story:
A few years ago, I was asked to look into a suspicious individual who was asking some very weird
questions on one of the unofficial “spouses of the company”-type Facebook community pages. Well, I
did. The guy turned out to be a terrorist. Yes, you read that right; an actual, bona fide terrorist, like,
on an FBI watch list and everything. What was he doing on the invite-only page (besides looking for
vegan cupcake recipes that may come close to being edible)?
There is a quote I read a while ago: “Using public sources openly and without resorting to illegal
means, it is possible to gather at least 80 percent of all information required about the enemy.”21
Guess where that’s from. I’ll tell you: the Al Qaeda Training Manual.
So, how did this terrorist get onto this “by invite only” Facebook community page? Well, it turns out,
the settings on this community page allowed Friends of Friends to read/post on it, and one of the
genuine members of the page was a technical term who happened to accept a friend invite from Ahmed
the (now hopefully dead) Terrorist.
The point of the story is: Do you really want Joe the
Hacker/Terrorist/Generally-Bad-Guy to see your wedding photos? Pictures
of your kids? To know where you live or hang out? To know your deepest
thoughts, quirks, secrets, desires, and lunch aspirations?
I wouldn’t.
Facebook
Privacy
Dinosaur says:
22
SET YOUR
DAMN PRIVACY
SETTINGS,
DAMMIT.
20
Despite the numerous references to cats, the author does not, in fact, own a fluffy personification of evil.
A very long, but interesting read (if it’s your thing). Al Qaeda and the Internet: The Danger of “Cyberplanning”
http://strategicstudiesinstitute.army.mil/pubs/parameters/articles/03spring/thomas.pdf
22
The Facebook Privacy Dinosaur did not actually ever say this. Please do not sue me.
21
14
B) BE WARY OF STRANGERS
People lie. The internet makes it easy for people to lie about their identities and motives. (Also, it
tends to be a portal for alter-egos, where people become a different person just by “logging on.”)
So, a couple of tips to address this concern:

Only “friend” people you know.
I know, this one is hard, especially for technical terms I previously mentioned. But, think about it
this way: How much do you know about people you’ve actually met? How much do you know about
people you’ve never met? Hopefully, this little exercise has proven that you don’t want random
creepy strangers to have access to your info.

Consider limiting the number of people who are allowed to contact you through these sites.
There are privacy settings on every site which would allow only your friends (whom you’ve met,
right?) to contact you, blocking everyone else. These same settings also, usually, allow you to
group your contacts into neat little groups, and set privacy controls to each group. Now, this may
limit you from getting random messages from a secret admirer, but it will also stop you from being
a victim of many types of social engineering frauds.

If you interact with people you do not know, be cautious about the amount of
information you reveal and about agreeing to meet them in person.
This should be a no-brainer. And, if you haven’t learned this from McGruff the
Crime Dog by now, I don’t know any words that would drive the point home.
C) BE SKEPTICAL
People lie. A lot. Especially on the internet.
Some, just want to fluff up their importance a bit; others; want
to mislead people for fun; and the rest, just want to watch the
world burn.
Yes, my dear reader, people are evil (especially grandmas).
Whenever you meet a new person on the internet, ask yourself
a few questions:
1) What are the chances that what they are saying is not true?
Um… that’s it, actually; just that one question. But, keep asking yourself it from time to time.
D) LIMIT THE AMOUNT OF PERSONAL INFORMATION YOU POST
While we would all love to hear about the consistency of your muffin this morning, there is some
information that, as a general rule, you should not

Do not post information that would make you vulnerable, such as your address or information about
your schedule or routine
If a bad guy can look at your profile and learn what school your kids are going to, there’s an issue.
Same if they can know exactly where you will be at what time of the day. Think before you post!

When your friends post things about you (or tag you in some pictures), make sure the combined
information out there is not more than you would be comfortable with strangers knowing
If you feel uncomfortable, ask them to un-tag you, or to take the information down. Even though
there is no way to permanently delete information once it hits the interwebs, this will make sure
they bad guys will have to actually work… and most of them are really only looking for easy targets.

On the same note, think before posting stuff about your friends
If you’re going to ask them not to make you a vulnerable target, don’t make them a vulnerable
target. It’s just about common courtesy.
15
E) REMEMBER THE INTERNET IS A PUBLIC RESOURCE
Back in November of 2013, Jack Vale, a comedian known for his YouTube Channel23, conducted a social
experiment where he freaked out random people by randomly approaching them and telling them their
personal details like name, occupation, favorite sports team, or child’s and pets’ names.24 Needless to
say, it freaked many people out.
How did he do it? All he did was: pull up Twitter or Instagram on his cellphone and do a simple search
for posts that were near his location. After seeing the screen names/names/whatever from those
posts, he then searched the Book of Faces for the people and read up a bit.
That’s it. No scary hacker voodoo. He just read the info that people freely plastered all over the
internets.
It’s not an invasion of privacy, because when you post by-minute, play-through updates on the
consistency of your milkshake, you are making a choice to no longer be private.
Think before you post/tweet/’gram!
ALSO: FACEBOOK-SPECIFIC
The good folks at Facebook wrote a fairly comprehensive guide
on how to not become a victim through their site. If you use
Facebook, it is definitely worth a read. Find it here:
https://www.facebook.com/safety/attachment/Guide%20to%2
0Facebook%20Security.pdf
ESPECIALLY: LINKEDIN-SPECIFIC
For those who don’t know about LinkedIn, it is a site similar to
Facebook, minus all the cat videos.
The focus of LinkedIn is to serve as a base for work-related
professional connections, allowing one to more easily access
their professional network for questions, advice, or referral purposes.
After accepting someone’s request for connection on LinkedIn, you are providing the individual with the
ability to know about your current and previous places of work, your performance at those locations, as
well as give them access to your other work-related contacts (unless you turn that function off).
The problem arises when a bad guy joins the site with a fake profile (because, remember, people lie)
and sends an invite to an “Open Linker,” someone who always accepts connection requests. Open
Linkers, as a general rule, do not block their connections from viewing each other, which means
nothing stops the bad guy from sending connection requests to everyone the Linker “knows,” and so
on, and so forth.
A Facebook hack/”drama” post can lead to temporary drama. A LinkedIn hack could lead to you losing
your job. I am hoping you can see how this is bad.
While Facebook allows you to put your contacts into groups, LinkedIn does not. This makes it even
more imperative that you only connect with people you actually know.
23
24
http://www.youtube.com/user/jackvalefilms
http://www.tomsguide.com/us/comedian-psychic-posts,news-17882.html
16
6) EMAIL
We all know that email is important, whether it’s a mistyped missive from our grandma about a recent
apple pie attempt or a heartbreaking note from a Nigerian prince asking for your help to transfer
millions of dollars from point A to point B. Also, all of us get it. And if we don’t, we’re either on a
beach sipping mojitos or are stranded on some deserted island trying to spell out HELP using emus
(there is no in-between). So, since it’s important, here are some fun facts25: In 2013,

spam made up approximately 70% of inbound mail

59% of all messages included malicious attachments

41% of all included malicious links
That’s bad. So, let’s talk about it.
SPAM
I do not like this, Sam I Am, I do not like this icky spam.26
Thankfully, our email programs are getting fairly good at filtering spam from regular mail; so good that
sometimes regular mail ends up in the spam folder. However, they do need your help from time to
time. Here is how you can help your spam blocker:

If a spam email makes it through the filter:
Don’t just delete it, tell your email program it is spam.

Likewise, if a real email gets into a spam folder:
Tell your email that email is to be trusted. Some services can take it a step further and allow you
to create what’s called a “whitelist” of email addresses that are always trusted. If you are using an
email address to only talk to several people, this is a really good option.

NEVER reply to a spam email.
Even to “unsubscribe.” As soon as you do, you will be overwhelmed with more spam than your
email would be able to block.
Note: Sometimes, things you get are not actually from friends. Two things can happen:

Email spoofing
With some tools, bad guys can fake what their name looks like to you, making it look like a
message is coming from your best bud “Jeff,” and not a “murderous bad guy.” If you are not
expecting a message, there is nothing wrong with contacting that person through a different
medium (like: a phone call) and asking if they were the one who contacted you.

Account highjacking
Some viruses can take over an email or social media account and use it to send messages with
either copies of itself or links to convenient locations where you can download it by yourself. The
messages are usually brief and misspelled, which could be hard to detect if your friends are
generally retarded and usually write that way. Just follow the aforementioned advice.
ATTACHMENTS
No matter how seemingly interesting a title of an attachment may be, attachments from people you
don’t know can carry viruses and all sorts of other nasties. Heck, even attachments from people you
know can do that. Point is: DON’T RANDOMLY OPEN ATTACHMENTS.
US Computer Emergency Readiness Team (US-CERT) has a fairly decent guide about email attachment
dangers. Even though it was written in 2009, things have not really changed in this regard. Read it
here: http://www.us-cert.gov/ncas/tips/ST04-010.
25
26
http://www.net-security.org/secworld.php?id=16897
Again, please don’t sue me.
17
LINKS
Before I launch into what will, undoubtedly, be an award-winning explanation of links
and what they do, I would like to do a magic trick: To start this trick, please join me
on Yahoo.com.
If you clicked it, you will be, again undoubtedly, amazed by my technological prowess…
until I tell you that a 6 year old can come up with a craftier lure.
It’s true. Links don’t always point to the sites they claim. Also, there are a LOT of
sites out there with similar names to famous ones everyone knows, and those sites usually have bad
stuff on them. So, there are four things to keep in mind when you come across a link you were not
expecting:

Hover
If you hover your mouse over a link without clicking, the address it will take you shows up either in
a bubble over it or somewhere on the bottom of your screen.

Spellcheck
Once you see the link, make sure the name of the site you are going to is actually spelled correctly.

Web of Trust
If you are unsure about a site, Google it and use the Web of Trust (previously discussed here) to
tell you if the site is legit.

Be careful of URL Shorteners
URL shorteners are sites that take any link and make it smaller, so a long, hard to remember link
address can be turned into something like “bit.ly/blarg” (DO NOT ACTUALLY TRY THAT ADDRESS).
URL shorteners were initially created because of the Twitter’s 140 character limit, but have long
been adopted as a mainstream.
There are over 100 URL shorteners. The most common ones are: bit.ly, goo.gl, t.co, and ow.ly.
IF YOU’RE EXTRA PARANOID (OR ARE DOING NAUGHTY STUFF)
The Free Software Foundation recently held a world-wide “Reset the Net”
event which was aimed at stopping mass surveillance efforts of world
governments on the good, common folk of the world. To do so, they
have assembled a series of tools that help encrypt one’s emails for
when they travel through the dangerous web of prying eyes. They also
wrote a step-by-step walkthrough on their installation and use. It
takes about half an hour to set up.
Get at it here: https://emailselfdefense.fsf.org/windows.html
A note: While extra protection never hurts anyone, this is the one time I
will say that most people don’t need to do this.
The world should be free, man.
18
7) GOING MOBILE: THE WIDE, OPEN WORLD
… are everywhere, and everyone has one… even the Amish folk.27 And, because they are tiny(ish),
they are easily lost/misplaced/stolen. In fact, crimes involving mobile devices account for 18% to over
40% of all crimes out there, depending on city, ranging from casual thefts to full-blown armed stickups
(multiple sources).
And, not only that, there are other threats against them out there too! Pets! Weather! Magnets!
Those little pointy things we need to get into places! (keys, I think, most people call them) Viruses!
Yes, phones can get Virtually Transmitted Diseases; after all, they are just tiny, overpriced, easily
breakable computers (except Nokias, which are actually used at CERN to split atoms)28.
So, let’s talk protection, as losing a personal phone is always horrible (especially if it's a $600
smartphone full of family pictures). Thankfully, there are several applications, or “apps” as the cool
kids are calling them, one can install to help secure your phone against the many dangers of life, the
universe, and everything (exclusions: liquids, microwaves, rabid badgers, toddlers).
PROTECTION SUITES
Protection suites are apps you can install on your cellphone/tablet/whatever to protect the device from
viruses and provide some anti-theft capability.
A note about such programs: there are THOUSANDS apps promising good antivirus capabilities. A lot
of them are shams, or do provide some antivirus capability but at a cost of general badness befalling
yourself or your device. So, it is imperative to install protection software ONLY from 1) trusted sources
and 2) trusted companies.
Now that that’s out of the way, behold my recommendations29:
(note: A lot of the following info was shamelessly stolen via copy/paste from the Gizmodo “How to Find
your Missing Phone” guide30 and then slightly edited… because I’m only slightly not lazy.)

Avast Mobile Security & Antivirus | Android | Free | $1.99/mo or $14.99/yr
Avast is one of the most popular security solutions for Android, with over 50 million people
using the software to protect their devices. For free, you get a LOT of features:
Antivirus/Anti-Spyware/Anti-Ransomware, Privacy Reports for your apps, SMS and Call
Filter, Web Shield, Network usage meter, App locking, Backup, Firewall (if your device is
rooted devices), and a whole slew of anti-theft features like locate/lock/wipe your phone,
turn on a siren noise, and generally control your phone form the web. You get even more cool
features for the paid version.

Bitdefender Mobile Security & Antivirus | Android | Free | $9.95/yr
Is also a full protection suite that is worth mentioning. It allows you to locate and erase
your phone, and throws in a remote lock as well. This keeps your phone secure against the
prying eyes and wandering fingers until you pick it up. Bit Defender can only be uninstalled
by authorized users. If someone tries to bypass that by swapping SIM cards, BD will text
the new number to a phone of your choosing, force the phone to answer your call, and then
remotely wipe the phone via SMS command. Once you get the thief on the line, you should
probably yell something to the effect of, "IF I CAN'T HAVE HER, NO ONE WILL" just before sending
the self-destruct text. Drama! Excitement! Destruction! These extra features don't come free, but
given that the full anti-theft service extends to all your devices—laptops, phones, and tablets alike—
ten bucks is a good investment.
27
http://americanroadmagazine.com/forum/uploads/1315975248/gallery_13589_112_1296.jpg and
http://www.ohgizmo.com/2008/08/04/maple-wooden-phone-might-appeal-to-amish-teens/
28
http://www.smbc-comics.com/?id=3155 (no confusion allowed)
29
Yes, there are a lot more choices out there, but 1) these are independently tested to be good, 2) are user
friendly, and 3) actually care about their customers (good customer support experiences)
30
http://gizmodo.com/how-to-find-your-missing-phone-1184906204
19

Lookout Security & Antivirus | Android/iOS | Free | $3/mo or $30/yr
Lookout Security & Antivirus by Lookout Mobile Security is considered "freemium," also with
over 50 million installs. This total security suite protects your phone against loss or theft as
well as provides continuous protection against viruses. For $3 a month (or $30 annually),
you get the antivirus service, backup and restore features to save and reload your contacts,
photos, and call history, and several anti-theft options. In
addition to the standard map-based location, tracking and forced ringing
features, Lookout also offers Signal Flare, which saves the phone's last
known location when the battery dies, and the Lock Cam, which emails
you a picture of anyone that incorrectly enters the lock screen
combination three times. 

Plan B | Android | Free
Made by the same people. This app is made for those who have lost their phone without
installing any software beforehand. Have no fear! There's Plan B! Plan B is a remotely
installed, barebones tracker app. First, open a browser window and log on to Google Play.
Install the app onto your phone via Play, wait ten minutes for it to download and install,
then text "locate" to your number from another phone. The app will triangulate its position
based on Wi-Fi and GPS signals and send you a single email if it's sitting still, or continuously for a
duration of 10 minutes if the device is on the move. You just have to keep texting "locate" until you
catch up with it (and hope that the battery's still going). Not the best choice, true, but it gives you
more information to work with.
ALSO, JUST TO PROVE THAT I’M WILLING TO PLAY NICE:
People frequently tell me there are no viruses for Macs, to which I frequently respond that they are
wrong, and then frequently to stab them in their delusional aorta. But, since they still remain defiant
about accepting reality, I will not further shatter that illusion by the allusion of existence of antivirus
programs for Macs.
BUT!
I know that having an idevice lost/stolen still sucks, as I have been witness to the various, related
lamentations. So, if you are an unfortunate owner of an Apple device, these are some anti-theft
options for you31:

Find My iPhone | iOS | Free.
The original lost phone tracking service for iOS. This free app locates and tracks your lost or
stolen Apple devices—not just iPhones but iPads and MacBooks as well—not to mention
ringing the unit, displaying a message for whoever finds it, and remotely lock or wipe the
device altogether. The app is free on iTunes. You do need to be on iCloud, but if you’re a
MacHead, you probably already on it… are in it?... have it…? I really don’t know about
iStuff.

GadgetTrak | iOS | $4
For a little more advanced protection, GadgetTrak offers remotely activated GPS location
tracking, push notifications to trick a thief into giving away his position, and the ability to
use your lost phone's camera from the comfort of your home to take a picture of whomever
took it. It'll cost you $4, but that is much cheaper compared to a brand new phone. (Just
make sure to enable password-protected delete for this app)
31
Also mostly stolen from Gizmodo’s guide.
20
VPNS
Remember our conversation about using public WiFi? If you don’t, read it: here.
Cellphones, more than computers, need to have secure connections, because they are always on and
we use them for EVERYTHING. Now, due to the way cell transmission works, one pretty much needs to
be a government power to monitor and spy on your cell’s GSM or CDMA connection. However, as soon
as you go WiFi, now you are in control of the access point’s provider (or, sometimes, the bad guy who
“pwns” the access point). Again, with the options, I’m gonna give you three (they work on Android and
iOS devices):

VyprVPN | 3-day free trial | $6.77/mo - $120/yr, depending on plan and options
From bestvpn.com: Making their presence felt in the internet space since 1994, with
200,000 IP addresses and 700+ servers, VyprVPN has been a force to reckon with in the
VPN industry. Golden Frog, the company behind VyprVPN operates via its very own private
server clusters based in North America, Europe and Asia. They also own the networks to
these centers, which means they can achieve very impressive speeds, which is the most
important part of a VPN. VyprVPN has an average speed retention of 93% (meaning you only lose
7% of your speed when you turn it on.)
Honestly, VyprVPN is great. Their connection speeds are very good, their customer service is fantastic,
and they are reliable. The only downside is money. (even requiring credit card info for the free trial )
Their $6.77/mo plan is only good for one device, and while it does a good job at hiding your location,
the encryption protocols they use would not really deter a determined bad guy. It does give you 10GB
of secure online storage, so that’s something to think about. Their $8.33/mo plan, however, offers
much better encryption, a NAT firewall, access for two devices at the same time, and 25GB of storage.
So, if you can afford to part with $100 for the year, this is definitely the way to go.

ExpressVPN | $12.95/mo - $99.95/yr | 30 day money-back guarantee
Frequently changing places with VyprVPN as #1 mobile VPN provider, ExpressVPN is also a
good choice, if you have the moneys. They have 50 servers in 39 countries, so you have
options. ExpressVPN has 24/7 (even on holidays) support people that are actually very
good, and willing to work with you for hours, if need be, to solve any issues.
With their plan, you get 2 simultaneous connections, 93-94% speed retention, and 99.9% uptime. It is
a very solid choice, especially if you are looking to put VPN on more than one device (cell/tablet,
cell/computer, etc.)

AVAST SecureLine | 7-day free trial | $2.59/mo or $19.99/yr
I’ve always been a fan of AVAST and what they do, so I do tend to use their products… and,
this is actually my personal choice for a VPN (because I’m a cheapskate, and don’t need the
extra features). This was originally free, but became a paid service as it grew in popularity
and AVAST could not keep up with the demand while providing a good service for free.
With SecureLine, you don’t get that many bells and whistles. There is a limited server pool (9, in
total, in 6 countries), a one-click dashboard widget, and 92% speed retention. If the only thing you
are using your VPN is for connecting to a US-based server, this is a good, significantly cheaper,
option.
Note:
Whichever VPN service you go with, you will, most likely, at least once, be faced with a PPTP vs L2TP vs
OpenVPN vs SSTP choice. Here’s a quick rundown:




PPTP: It’s generally considered as very insecure, not really providing any serious level of protection
L2TP: Good security, but easily locked by country firewalls and tends to be a bit slow
OpenVPN: Is usually the way to go. It’s fast and secure, but is still
SSTP: Is good, but is Windows only, so you will not see too much of this for mobile devices
21
8) TRAVELLING
We do it. A lot. And we always bring a tonne32 of stuff with us. Frequently,
we don’t use most of it, but “it’s nice to have.” While I could go on for hours
about how the world is filled with thieves and charlatans out to steal our
shineys, I won’t; if, dear reader, you haven’t learned that fact already,
experience (and an evening of tears) truly is the best teacher.
In this final section, I will talk a bit about keeping your stuff where you want
it to stay, how to protect your information, and will provide some general,
non-cyber-specific tips that are generally good to know during one’s travels.
INFORMATION SECURITY
If you are paranoid about securing your information while travelling (as well you should be), here’s
what you do:

Hard drive encryption
Data at Rest is a tech term referring to data that is just there (like, in a case of a
powered-off computer/tablet/whatever).
Normally, a bad guy would be able to turn on your device and access the info on it. If
you use a Data at Rest encryption, the bad guy would be prompted to enter a
password as soon as the device powered on, blocking their access to even the startup screen.
Windows, actually, comes with a build-it version of this that, surprisingly, doesn’t
suck, is free, and is natively a part all recent versions of Windows: BitLocker. PCWorld has a really
good guide on how to set it up33. And, after you’ve set it up, you can also use the same tool to
encrypt your thumb drives. Fairly useful.
Now, this is something you would do before you set off on your travels, and does take a bit of an
initial time investment, but it is definitely worth it.

Hardware Encrypted Drives
If you want to take your data security to another level, there are hardware-based
encrypted devices. Two companies that instantly jump to mind are LOK-IT and
Apricorn. Both companies make fantastic portable storage solutions (thumb
drives and portable hard drives) that use military-grade encryption, are travel
tough, and look kinda cool. 
The best part, they are operating system independent, and are REALLY easy to
use. So, if you have information to protect, this is definitely the route for you.

Connecting
I’ve discussed this in depth before, so I’m just going to mention two points: Make sure to have
your VPN going when you connect to a new WiFi and make sure to disconnect when you’re done
using it. Remember: if you are not on the network, your computer/cellphone cannot be accessed.
It’s just that simple.

Logons
If you absolutely cannot use a VPN (or if you have to use someone else’s device) to log onto a web
site, there is no guarantee that a bad guy did not get your log-in. As soon as you can/are back
home, change your password for that site. If you had to log onto a finance site, monitor your
accounts closely for any potential nefarious activity.
32
33
It’s proper, British English *holds up pinky finger*
http://www.pcworld.com/article/2308725/a-beginners-guide-to-bitlocker-windows-built-in-encryption-tool.html
22
SPHYSICAL SECURITY
Depending what places you travel, and at what hotels/hostels you stay, the threat to the security of
your stuff can vary greatly. For example, if you are staying in a hostel, there is a high probability that
an inebriated prostitute will go through your stuff; however, if you’re staying at a 5-star hotel, chances
are that she will be referred to as a high-priced “escort”.
I jest, of course. The chances of stuff going missing from a five-star hotel room are significantly lower,
but it can still happen. So, what can one do? Secure your stuff! Not necessarily all of it, as stapling
underwear to mahogany end tables is generally frowned upon, but you should definitely secure your
valuables (i.e. electronics). Let’s look at some things:

Hotel safes
Don’t trust them. There are many, many reasons why I say that, which I’m not going to get into.
Just trust me on this. Secure-It makes a couple of good travel-friendly products34 that secure your
stuff from while you are either travelling to while you are taking that well-deserved dip in a
refreshing pool. Take a look at them, you might like ‘em.

Laptop security cables (a la http://www.amazon.com/Sendt-Notebook-Laptop-CombinationSecurity/dp/B008A4F8UA/) start at approximately $5. (ok, that one doesn’t. It’s “fancy”) While
designed for laptops, they can be used for many other types of electronics as majority of
manufacturers also include security cable ports on non-laptop items. If you need to leave your
laptop behind, lock it to something sturdy, like a bed frame, or a rabid badger, and go off to wander
the streets of a foreign land with peace of mind.
GENERAL NON-CYBER TIPS
In this very last section of the guide, I shall impart on you several pieces of ancient Chinese wisdom
which deal with travel.
Piece #1: If you don’t need it, don’t bring it
The less stuff you have with you, the less stuff you have to protect.
Piece #2: Use an RFID-blocking wallet35
This will stop bad guys from remotely scanning the information on your ID and credit cards.
Piece #3: Separate your sources of money
Don’t keep all your money in one place, so, in case you get pickpocketed, you still have moneys.
Piece #4: Scan all your documents
If you have copies of all your documents easily accessible in your email, you will thank me if they
are ever lost/stolen.
Piece #4: Avoid beggars and gypsy-analogues
While it is a human desire to help someone in trouble, remember: people lie. Most of the beggars
you see in tourist places are exceedingly good at conning you out of moneys.
Piece #5: People lie
Experts are not always experts. The food is not always “safe”. The chloroform-soaked rag does not
smell like cookies.
And, lastly, Piece #6: Do research
Before setting off on your grand adventure, do your research. Learn local laws, customs, and basic
phrases. If you don’t look like a hapless tourist, you won’t be treated as such.
34
http://www.secure-it.com/shop/product_info.php/products_id/187 and
http://www.secure-it.com/shop/product_info.php/cPath/80/products_id/258
35
http://www.thinkgeek.com/product/8cdd/
23
THE AWESOME STEP-BY-STEP GUIDE
(A RIDICULOUSLY ABRIDGED VERSION)
1. Get an Antivirus that doesn’t suck. If you want recommendations, read the damn guide.
2. Clean your Computer!
a. Uninstall crap you don’t need/use.
b. Actually clean the thing.
3. Install a VPN! Pick one from this site: http://www.bestvpn.com
4. Stop using Internet Explorer! Get Chrome or Firefox.
5. Install security addons for your browser:
a. Script blocker: Chrome|NotScripts Firefox|NoScript
b. AdBlocker: https://adblockplus.org/
c. Web of Trust: https://www.mywot.com/
6. Passwords:
a. Stop being stupid trying to hide them, you are not winning.
b. Be smarter in making up passwords
c. Use a password manager: https://www.dashlane.com
7. Social media: USE YOUR PRIVACY SETTINGS, DAMMIT.
8. Email: Don’t poke stuff you should not poke. (applies to life, in general, as well)
9. Cellphones/Tablets:
a. Install an Antivirus. (Yes, cellphones can get viruses)
b. Protect your stuff from theft
c. Use a VPN on it (same list as above)
10. Travelling:
a. Leave stuff you don’t need at home
b. Use protection when hooking up with random networks and people
c. Don’t be a target
24
ABOUT THE AUTHOR
Alexander Shulman, AS, SA, Sec+, CDMC, CDFE, WWBBD
is a generally horrible human being, surviving this harsh
and cruel world primarily on coffee and hatred.
Originally born on the seventh level of Hell (it used to be
called a “Circle”, but we got an elevator now… it’s much
nicer, much more convenient), he moved to New York City
at an early age, where, as a teen, he began his diabolical
plan™ to take over 1/8th of the worldalso™.
At the moment, the plan™ has been put on hold due to
badger-related reasons.
COFF
WHY I WROTE THIS GUIDE
All jokes aside, personnel and information security is both my job and my passion.
Due to my strong technical background, I am constantly approached by friends and coworkers with
questions ranging from how to protect themselves on the internet to why their personal laptop seems
to hate them. While I’m more than happy to fix things for them (I love solving the puzzle of the
problem), due to my job, I know that I won’t always be within an easy reach.
By writing this guide, I’m hoping to put some of the mystique of what I do aside and ‘put the power in
the hands of the users,’ as they say in the IT realm. After all, knowledge is power. And, the only way
to survive in this frequently changing world, full of the Internet of Things stuff, is to learn at least a bit
about it.
Hopefully, I’ve succeeded and you learned something while getting a laugh.
If not, *shrugs*
With best regards,
Alex
25