Six Easy Tips: Essentials of Digital Security for Targeted News Organizations

Below is a quick reference, distilled list of six easy tips for any news organization employee at risk of being targeted by malicious adversaries. These tips come the Safe Travels Online campaign that the Tibet Action Institute has been developing over the last two years, to assist Tibetan exile human rights organizations, and it has proven effective in reducing the amount of successful “cyberattacks”, and minimizing impact of successful attacks to only a single infected machine (instead of the entire organization).

The recent story on cyberattacks against the NYTimes indicates that email attachments infected with malicious code was likely the source of the infiltration. These types of attacks have been a common pattern that the Tibetan exile of community has experienced for years, and I am happy to now to share of their painfully-acquired wisdom with all of you. With each tip, I have also included a link to a short public service announcement video on the TibetAction YouTube channel.

1. Use HTTPS to Stay Secret, Safe & Secure: You should always keep your network traffic secure to online services and applications, whether at the office, home or traveling abroad
https://tibetaction.net/knowledge/tech/https-eng/

Thumbnail
httpS Keeps You Secret, Safe & Secure!

Thumbnail
Keep your secrets safe using HTTPS

2. Detach from Attachments: Email attachments are a plague on the information age. There are many better, safer and more effective ways to share files in the 21st century
https://tibetaction.net/detach-from-attachments/

(this is one of our most popular tips, so I’ve embedded it for easy viewing!)

Detach from Attachments!

3. Keep Your Enemies Out Of Your Inbox: Google provides the best set of tools for defending against intrusion, or at least knowing when you may have been compromised
https://tibetaction.net/knowledge/tech/keep-enemies-out-of-your-inbox/

Thumbnail
Keep your enemies out of your inbox!

4. Don’t Share Drives: The culture of sticking a USB flash drive in any old USB slot, must end; it’s like having sex without protection; again, there are better ways to share files
https://tibetaction.net/knowledge/tech/dont-share-drives/

Thumbnail
Don’t Share Drives!

5. Strong Password (keep you safe online): You must use better passwords, enable features like Google’s two factor authentication, and use services like LastPass or KeePass
https://tibetaction.net/knowledge/tech/strong-passwords/

Thumbnail
Strong Passwords!

6. Think Before You Click: Hyperlinks have revolutionized our lives, but when they come inside an email message, they can lead to a whole world of hurt.
https://tibetaction.net/think-before-you-click/

(this is our latest tip, and as it is quite relevant here, I’ve embedded the video)


Think Before You Click!

… and here is just one of the great posters available for printing and posting at your workplace, available at https://tibetaction.net/safetravels. Yes, it has Tibetan writing on it, but that makes it even more legit, doesn’t it?

 

 
Tashi Delek!

Posted in Awareness, Learn from This | Tagged , , , , , | Leave a comment

An extraordinary hacker and activist

Dear friends, family and colleagues… when I get annoyed by you for using the label “hacker” in a negative, nonconstructive, anti-productive manner or to refer to malicious adversaries, it is because there are people like Aaron out there who are true examples of what a hacker is… who use their basic, unstoppable curiosity of deeply technical subjects to change power structures in society, in order to address issues of injustice, basic rights and information freedom. He was also one of the only hackers, consider his brilliant direct action tactics against closed profiteering journal databases, who would have been equally at home at an SFT or Ruckus activist camp, as he would at a hackerspace. RIP.

From danny:

Aaron’s art was an amazing ability to focus on the truly important. When he left, just as when Len left, he left an obligation on the rest of us to keep what each of us have of him, and put it to good use. Between us, I believe we still have a massively parallel, distributed version of Aaron, one unique part of his life shared with each of us alone. The part I’ll remember for us is just how funny he was, and how serious change sometimes requires a light touch, and a sense of the absurd.

 

https://www.eff.org/deeplinks/2013/01/farewell-aaron-swartz

http://www.oblomovka.com/wp/2013/01/12/he-was-funny/

http://rememberaaronsw.tumblr.com

and for eternity: www.aaronsw.com

Posted in Awareness, Learn from This | Leave a comment

Tuning Ubuntu on Samsung Series 7 Laptop

I recently bought a 15.6″ Samsung Series 7 Laptop (NP700Z5B-S01U) from BestBuy for $999. While I generally loathe BestBuy, they are very convenient, and I tend to go shopping at strange hours, like 11pm at night. It was their good fortune, as well, that I decided to buy this laptop during Passover, as my normal go to NYC techshop, B&H Photo, was closed for the week.

 

I haven’t had a new laptop in four years, and so this was a purchase made with great preparation and trepidation. It came down almost entirely to weight, screen size + resolution and battery life. While an ultrabook was an attractive idea, I have grown used to a high-resolution, widescreen with my four years of using a MacBook Pro, and could not give that up. In addition, most ultrabooks are still quite under powered, and I still do quite a bit of serious development work, and need something beefy.

The Samsung Series 7 has an i7 processor and 8GB of RAM, but still manages to achieve 7-8 hours of battery life on Windows 7, and around 4 hours on Ubuntu (linux is still working on really solid battery management, and also companies like Samsung and Microsoft work quite a bit together on tuning). Still 4 hours for something this powerful, is pretty great, considering what I was getting with my old MBP workhorse (about 30 minutes!).

As my intention was to run Ubuntu on this hardware, I did quite a bit of research ahead of time around issues that others were having. It seems like with Ubuntu 10 and 11, there were a wide range of compatibility issues. With that in mind, I decided to jump ahead to the current beta of Ubuntu 12 Precise Pangolin. Right away, pretty much everything seemed to work, including the much aligned trackpad, though I did have to adjust the way tapping and dragging works, and basically stop using the click-and-drag method. The screen was clear and bright, suspend and resume worked flawlessly, the wifi was fast, and all my standard apps and tools were screamingly fast.

The big two breakthroughs to really making this hardware hum were though were finding a way to enable the custom Samsung function keys and to stop the endless fan noise from whining away. The fan noise was an indicator the processor was too hot, which also meant the battery life was not going to be so great. The estimate was only two hours, which was not good enough for my needs.

What I had to do was install the proprietary ATI/AMD graphics driver, instead of using the open-source video driver that is default in Ubuntu now. While I am used to this with MBP’s and the NVidia driver, and I had hoped not to have to use the proprietary driver with my new laptop. However, once I realized that by using the proprietary driver that the fan noise would stop, and my battery life would double, it was an easy choice to make. This driver can be easily installed through the System Settings -> Additional Drivers menu.

The second breakthrough was finding the Linux on my Samsung project, aka Voria. By installing the tools offered in this repo, all the various function keys necessary for brightness, volume and other options control mostly seem to work. I think there is also some other under the hood improvements, as well, but I haven’t fully parsed that. To install the tools, just follow the installation info from the link above, which basically involes Aptitude or ‘apt-get’. Here is a more specific example:

$ sudo add-apt-repository ppa:voria/ppa
$ sudo apt-get update && sudo apt-get upgrade
$ sudo apt-get install samsung-tools
$ sudo apt-get install samsung-laptop
$ sudo reboot

This will enable the fan control hardware function key to work, and you can attempt to set it to “Silent” in order to stop those crazy fans!

I can happily say that I used my new laptop all weekend for an epic, intensive open-source hackfest, and it performed like a champ, had fantastic battery life, and generally impressed everyone who saw it. In a sea of Macbooks and Thinkpads, it definitely stands out, and at the current price, can’t really be beat.

From here, I am going to look into better utilizing the 8GB SSD cache as a swap or perhaps installing the core OS directly onto that. I don’t have much time these days to tinker in that way, but I would love to be able to get Ubuntu back up to a 7 to 8 hour battery life, especially with the travel I do. Otherwise, I will be experimenting with the HDMI video out, the Wifi Direct support and more in the coming days, as well as keeping up to date with the final Ubuntu 12 releases.

All in all, if you are looking for a new laptop and want to make the switch to Ubuntu, this is a setup I would highly recommend.

Update May 6, 2012: I have found an excellent new resources at http://bgrande.de/chronos7.html which provides a detailed overview of the status of various hardware components of the Series 7 support by Linux.

It also provides a new grub configuration to utilize that has helped reduce fan noise issues quite a bit. Just put the grub file here: http://bgrande.de/scripts/grub in place of your ‘/etc/default/grub’ then run ‘update-grub’.

If you are not having success with the proprietary video drivers aka fglrx (I am not using them b/c they do not work with 3.3 kernel), then you also should add ‘blacklist radeon’ to the end of ‘/etc/modprobe/blacklist.conf’ and then run ‘update-initramfs -u’ command to update the configuration of blacklisted hardware modules. Instead, your graphics will be powered by the on-chip Intel graphics driver, which works just fine.

You will want to reboot to see all the changes take affect.

Update September 3, 2012: After weeks of diving back into tuning of Ubuntu on my Chronos, I have finally made some progress. I had never entirely solved the fan noise issue, resulting in a constant, annoying “puff, puff, puff” sound, over and over again while I was working. It was not the CPU fan, it was the AMD Radeon graphics card fan, and all of the previous information in this post, would do nothing to calm or quiet it. I had solid battery life still (4-5 hours), but just this little constant annoying noise that drove me nuts.

I am happy to say that it seems (cross my fingers) , that I have solved the issue, as I now have a dead silent laptop. I am not sure what exactly did it, but here are the variety of combinations I have going now:

1) Ubuntu Precise 12.0.4.1, all the latest and greatest updates

2) Kernel 3.5: Here’s a YouTube video on installing it! http://www.youtube.com/watch?v=traegZveTKo

2) Update to latest BIOS firmware from Samsung. You can find your exact model, but it will be a page like this: http://www.samsung.com/us/support/owners/product/NP700Z5A-S02US
then go to “Manuals & Downloads” then “Firmware” and get the “Update Software (Firmware)” Windows EXE. You will need to boot into Windows to run this.

3) extra settings from /etc/default/grub
(make sure you used the proper escaped quote \”Linux\” below)

GRUB_CMDLINE_LINUX_DEFAULT=”acpi_osi=\”Linux\” pcie_aspm=force acpi=noirq acpi_backlight=vendor intel_iommu=off i915.modeset=1 i915.i915_enable_rc6=1 i915.lvds_downclock=1 i915
.i915_enable_fbc=1 i915.semaphores=1 i915.powersave=1 iwlagn.power_save=1 snd_hda_intel.power_save_controller=1 snd_hda_intel.power_save=1″

#to make sure your keyboard backlights are on
echo 8 > /sys/devices/platform/samsung/leds/samsung\:\:kbd_backlight/brightness

4) Using open/default graphics driver for internal Intel graphics, so blacklisted radeon and fglrx. In “/etc/modprobe.b/blacklist.conf” add these lines:

blacklist fglrx
blacklist radeon
blacklist radeonfb
alias radeon off
alias lbm-radeon off

then make sure to update your initramfs with command >  update-initramfs -u

5) Still using the various Voria/Samsung packages: samsung-tools and samsung-laptop

Again, I am not sure exactly which is the key element here, but I think it may be the combination of the latest BIOS update and Kernel 3.5. Good luck, and please post any comments or successes you have.

+n8fr8

 

 

Posted in Awareness, Emerging Tech | Tagged , , | 34 Comments