Army Rumour Service

Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

3 tips to make you more secure online

Skip to the second post if you just want skip to context and go straight to the tips

I understand that for those who did not grow up with computers as a part of their daily life, it's all a bit of a pain to keep a PC running well. In this day and age, we are all at a degree of risk when using the internet as there are a great many determined companies, individuals, groups and agencies that are trying to get as much information about us as possible. It is very easy and simple for other people to keep records of which websites we visit, how long we were there for and what we were looking at when we were there. This data is stored indefinitely, processed and sold to a variety of people to essentially use against us. In 10 years time, when it has become a crime to view midgets having sex with amputees on pornhub, that time you watch one for 10 minutes ten years ago will still be on the record. This is just an example of course.

Other, more direct traps that people fall into is clicking on "OK" whenever a box appears because we just want it to go away so that we can continue with what we were doing. Various software is hidden among innocent looking adverts that are designed to make you click it and then click through any other dialogue that appears with the intention of having you install some software that will collect sensitive information from you pc, report back on your habits and allow an attacker to access your machine whenever they want. They can also use your machine to commit crimes in your name.

The older generations, while being able to kill us with their thumb or tell us about patrolling the Rhodesian border killing communists, are most prone to getting fucked over online because it's a relatively complicated and uninteresting 5th dimension that they did not grow up with.

The current trend is to simply use unsophisticated attempts to have you install some software that will collect all your passwords, look for any banking information or other useful data such as your pet's name, mothers maiden name, pictures of you, address etc... and send it all back to them. Have you ever called a company and had them ask you a few questions for security? Whats your mother maiden name etc etc? It is pretty easy to use this data to access your accounts. I could call your bank and when they ask 3 security questions such as "whats your address?" and "whats your mothers maiden name?" and "what was the name of your high school?" I could feasibly answer them all correctly from information that I got from your PC. I might also find photo's of you and of your documents.

Last year some pretty basic but effective software started to spread which locked people files and demanded money to access them again. We can greatly reduce the possibility of this happening to you with some basic precautions

The bottom line is that we need to secure our computers and make it harder for people to get in.
 
Of course, there is a great deal to discuss and a great deal of action to take but lets not pretend that you actually care enough to do all of that. I'll give you 3 top tips now that will punch well above their weight and tighten up your security with minimal effort.

Always, only ever install plugins or software from a verified source, this is either the firefox or chrome app stores or the vendors own site. Never install from 3rd party websites that have nothing to do with it, they will be modified with advertising software or other nasties.

  1. Use Lastpass - a free password manager that allows you to safely use unique and seriously strong passwords on every site you have an account on. You can use this on different pc's and your phone if you want to. You only need to remember 1 password for this to work. You will have to create a free account to use this excellent software.
Chrome : LastPass: Free Password Manager
Firefox: LastPass Password Manager – Get this Extension for Firefox (en-GB)

2. Ghostery - A free tracker blocker. Thousands of companies are tracking your online movements, you are under surveillance and they are profiting from this and they never asked for your permission to do so. They can get fucked.

Chrome: Ghostery – Privacy Ad Blocker

Firefox: Ghostery – Privacy Ad Blocker

3. Ublock Origin - This is a next-generation ad blocker. Sadly, advertising is used as an attack vector and it is used for a wide range of attacks. I won't go into in detail unless asked but this is the best adblocker due to the fact that you can easily allow ads on certain trusted sites like arrse and allow the site owners to make a bit of money. For the most part, it is safer to just block all ads until people realise that they need to tone down the advertising and make it less aggressive and safer.

Chrome: uBlock Origin
Firefox: uBlock Origin – Get this Extension for Firefox (en-GB)

These 3 plugins will make you much safer online and will also give you a cleaner, nicer internet and you don't have to do very much or work very hard to use them. You just install them, set and forget.

If there is interest, I will make other posts with more useful tips and tricks.
 
Last edited:
  1. Let your computer auto update. Think of it like plugging the holes on a sinking ship. If you dont updated, your ship is full of holes and the water gets in. If it does not auto update then tell it to do so. https://support.microsoft.com/en-gb/help/4027667/windows-10-update
  2. Use Windows Defender (free and built in) for AntiVirus, you dont need a 3rd party antivirus program and may be at greater risk if you do use it
  3. Do not use the Administrator account for daily / normal use. Use a basic account with limited rights so that an accidental slip up does not result in you loosing anything, breaking your pc or something nasty getting installed. You should create a new account for yourself. Rename the Administrator account to something else like "Margret" and only use it for administrative tasks. Using the Adminstrator account for everything is like walking around a crowded place with a loaded weapon, no safety on and set to Auto with your finger on the trigger
 
  1. Do not open or run any email attachments that you do not know or trust the sender of, this includes word documents, pdf''s, anything at all. It is internet etiquette to never send anything that could potentially be a threat. If anyone does send you something like that then this is a warning flag, dont open it unless you know and trust the person who sent it. (If you are using a basic user account, the chances are that it will be ok but if you open something dodgey while using Administrator, your fucked)
  2. Do not click on anything on a webpage that is telling you that there is some problem with your PC. These are always a trick designed to steal from you, part you from your money or cause other trouble. No legitimate company will ever proactively try to "help" you like this anyway nor do they have any way to determine that there is a problem with your pc in the first place. If you installed Ublock Origin, you wont see these anyway.
  3. Occasionally, you may receive a telephone call from an Indian claiming that they are from microsoft and that your computer has a virus. They will attempt to have you install some software which will allow them to access your computer, then steal all your stuff. These are always a scam. Microsoft are not in the business of helping you out, they are in the business of selling you things. It's like BMW giving you a ring and saying "yes, we heard your car drive past and it sounded like the exhaust was broken, give us the keys and we will fix it for you". As soon as you hear the Indian saying he is from Microsoft, you can safely hang up and forget it.
 

happyuk

War Hero
1. Remove Facebook.
Besides being 99% puerile shit anyway, there are other ways for people to use the internet and the web to stay in touch without having to kiss the anus of a giant corporation and wade through piles of chav-created sewage. In all seriousness, for Facebook's business model to work it has to remain a surveillance machine. Facebook uses tracking pixels to collect what you're browsing even if you're OFF Facebook.
 

Ritch

LE
  1. Do not open or run any email attachments that you do not know or trust the sender of, this includes word documents, pdf''s, anything at all. It is internet etiquette to never send anything that could potentially be a threat. If anyone does send you something like that then this is a warning flag, dont open it unless you know and trust the person who sent it. (If you are using a basic user account, the chances are that it will be ok but if you open something dodgey while using Administrator, your fucked)
  2. Do not click on anything on a webpage that is telling you that there is some problem with your PC. These are always a trick designed to steal from you, part you from your money or cause other trouble. No legitimate company will ever proactively try to "help" you like this anyway nor do they have any way to determine that there is a problem with your pc in the first place. If you installed Ublock Origin, you wont see these anyway.
  3. Occasionally, you may receive a telephone call from an Indian claiming that they are from microsoft and that your computer has a virus. They will attempt to have you install some software which will allow them to access your computer, then steal all your stuff. These are always a scam. Microsoft are not in the business of helping you out, they are in the business of selling you things. It's like BMW giving you a ring and saying "yes, we heard your car drive past and it sounded like the exhaust was broken, give us the keys and we will fix it for you". As soon as you hear the Indian saying he is from Microsoft, you can safely hang up and forget it.

teaching.jpg
 

Yeah yeah i get it, we are all super qualified systems architects and white hat's', i know, this thread is not for you, guys, it's for the people who don't have any expertise in this area so let them get what they need and you can talk about more advanced stuff on another thread. For example, I'm thinking about taking the AWS solutions architect course bt I''m not sure if it's worth it, maybe we can start another thread for stuff like that
 

anglo

LE
How is it all connected together?

All connected vie one computer, the second computers harddrive is shared
I'd like the external harddrives to to stand alone, and each computer to beable to access
these hhds instead of one computer accessing through the other computer

Hope that makes sense to you
 
Last edited:
1. Remove Facebook.
Besides being 99% puerile shit anyway, there are other ways for people to use the internet and the web to stay in touch without having to kiss the anus of a giant corporation and wade through piles of chav-created sewage. In all seriousness, for Facebook's business model to work it has to remain a surveillance machine. Facebook uses tracking pixels to collect what you're browsing even if you're OFF Facebook.

If you do use it and have not installed Ghostery or something similar, you should ensure that you always "log out" when you have finished. If you stay logged in, even if you close the browser and reopen it, they will keep tracking your web activity. They even continue collecting while you are logged out but to a lesser extent.

I''m sticking the giving advice for Windows here but quickly, remove the facebook app from your phone, if you cant because it is preloaded by the phone company, disable it and never use it. They have access to your camera, microphone etc.. and can access everything on the phone whenever they want...and they do.
 

Goatman

ADC
Book Reviewer
Cut the red wire. Burn everything. Napalm the survivors.

' I say we take off and nuke the place from orbit...it's the only way to be sure'


If you do use it and have not installed Ghostery or something similar, you should ensure that you always "log out" when you have finished

Appreciate what you're attempting here HTB...as you say, not everyone who stumbles on the wonders of t'Interweb has the benefit of annual IT SyOps doctrine battered into them , or a three day IT Sy O course (now almost completely obsolete sadly).

I do IT volunteer thing at my local Library. The level of sy awareness amongst Joe Citizen is eye-wateringly low.

In addition to bolt-ons like Ghostery there are other browsers out there which ALLEGE they are free from Google tracking...here's one you can try:

Help Spread DuckDuckGo
 
Last edited:
The best security I've ever seen was where nothing ever connected to the machine and all data was entered manually, and all software installed had to go through rigorous security testing first

Made it a bit awkward running a procurement system on it, as all data had to be sent by dvd, looked at on a separate machine and manually typed in
 
All connected vie one computer, the second computers harddrive is shared
I'd like the external harddrives to to stand alone, and each computer to beable to access
these hhds instead of one computer accessing through the other computer

Hope that makes sense to you

Is it all set up and working already then ad you just want some ideas to tighten up the security?
 
The best security I've ever seen was where nothing ever connected to the machine and all data was entered manually, and all software installed had to go through rigorous security testing first

Made it a bit awkward running a procurement system on it, as all data had to be sent by dvd, looked at on a separate machine and manually typed in

Bit of a faff doing an Tesco delivery order on a set up like that
 

Goatman

ADC
Book Reviewer
Back in the dark ages part of the IT Sy lecture said something like

' Always remember: any conversation over the Web is like two people talking by megaphone - whilst each standing on the roof of a low-rise office block'

For people who like to 'compare and contrast' there's a review of Ghostery here:

Privacy Tools: Ghostery vs. Adblock Plus

frabz-trust-me-im-the-doctor-8b7624.jpg
 
Use a modded hosts file with a decent up to date blocking list, for network wide ad blocking - use a raspberry Pi with pi-hole installed.

Always use an Antivirus program such as defender - you can use this in a sandboxed mode so it's even more secure.

Don't download dodgy software or open email attachments from people you don't know.

Always check the url of any email you receive to make sure it came from where it says it does.

Always use different passwords on each site - and change them regularly - use phrases such as 'Did you take the dog out today?', as these passwords are long and very difficult to hack.

Don't answer spam calls, and don't give any details to anyone via a phonecall - unless of course you have phoned the company yourself such as a bank and they need to verify who you are.

Open unknown/new programs in a sandbox first, so they can be verified to be what they are - and can't damage your OS.

Probably switch to Linux - such as Ubuntu, this is far more secure than windows and doesn't contain all the 'spying' software that windows uses.
 
. Beware the cloud - no personal data on that, or images of the wife.
. Beware of phishing - check urls if you are unsure, or simply check the web address separately if suspicious.
. Buy a mac - yes can be hacked like a PC, but a fewer percentile risk.
. Don't leave web sites running a in a tab browsing binge.
. Free wifi at cafes - may cost you dearly.
. Use a mix of upper/lower case, numbers and a couple of shift key moves in your passwords.
. Read FB, don't interact with it. Same with Google - and others.
. VPNs, some still keep your data - they probably all do really. DuckDuckGo as a browser does a similar deal in terms of not storing search info - even in private (porn) mode.
 

Latest Threads

Top