We’re always hearing about hackers getting into some software or movie companies like Sony Pictures or German Bundestag or other leaks like The Hacker Team leak several weeks ago. And also there were several exploits like Heartbleed, Shellshock or the one-liner which gave you root access on OS X 10.10.
And we’re getting more and more into a fully digitalized world (see digital transformation), where nearly everything can be hacked. And since Snowden we should know, that it will be hacked. At least by the NSA or other agencies.
What can a normal internet user like you and me do in this more and more digitalized world?
Actually, there is no answer for that, because I cannot say, that at least my operating system or even the firmware on my motherboard is save against hacks (or is it hacked already?). It isn’t save. Even hard-drives can get hacked. Which was something I never thought, that this is possible. And lastly I saw this post on wired, where a Jeep got controlled and finally killed remotely by a normal notebook. I thought that won’t be possible until the Google Cars are on public streets.
At least you could do as much as you can. Like, keep your OS and apps (especially on your mobile devices) up-to-date, use two-factor authentication (i.e. with the Yubikey) where possible and do not use the same password on every service, instead use a password manager like KeePassX.
If you’re a developer you should know about the OWASP Top 10 security flaws:
- Broken Authentication and Session Management
- Cross-Site Scripting (XSS)
- Insecure Direct Object References
- Security Misconfiguration
- Sensitive Data Exposure
- Missing Function Level Access Control
- Cross-Site Request Forgery (CSRF)
- Using Components with Known Vulnerabilities
- Unvalidated Redirects and Forwards
And whether you’re a developer or not, you should use encryption for everything you can. In your PHP application: use the OpenSSL library for sensitive data. On your notebook: enable harddrive encryption (FileVault or BitLocker). This is possible even on your smartphone or tablet (android encryption, iOS encryption). In your cloud (even it’s your OwnCloud): use Cryptomator or similar tools. In your web-browser: disable Flash- and Java-plugins or at least use the Click-To-Play extension. On your website: use HTTPS (see my „Let’s encrypt“ blog post).
You see, there are many opportunities to protect your privacy and your data. Even more important is that companies and their manager get aware of that all time security risks that they’re facing.
Software has to get more expensive to pay the right developer for doing the right thing: protect your software against attacks, leaks and other flaws. A software must not cost less than its security protection.
Each individual should get the awareness of privacy and security in his own digital life. Mainly, because you cannot stop the digitalization.
What do you do for your privacy and security in the digital world?
Do you have more helpful links, tools or tips to share?
Feel free to post it in the comments :-)
Update 2015-08-14: Additional links that emphasize this blog post
- (EN) Stagefright: Everything you need to know about Google’s Android megabug – Fortune – 28. Jul
- (EN) HTML5 privacy hole left users open to tracking for three years – Wired – 4. Aug
- (DE) Criminals send e-Mails with ransomware instead of Windows 10 update – ZDNet – 5. Aug
- (DE) Tesla let experts hack its Tesla S – ZDNet – 7. Aug
- (DE) Security flaw „Certifi-gate“ on Android – Cachys Blog – 7. Aug
- (DE) Hackers pwn anesthetic machine – Golem – 8. Aug
- (DE) Hoster 1blu gets hacked and blackmailed – T3N – 13. Aug
- (EN) OwnStar Wi-Fi attack now grabs BMW, Mercedes, and Chrysler cars’ virtual keys – Arstechnica – 14. Aug