Don't Get Hacked!

Don't Get Hacked!

Most books on cybersecurity suffer from one or more of three flaws.<br>The most common books are those aimed at professionals: programmers,<br>system administrators, their managers, and so on, up to the Chief<br>Information Security Officer, a high-level corporate executive who reports<br>to the CEO and the Board of Directors. There&rsquo;s nothing wrong with such<br>books—I&rsquo;ve written or co-written three of them myself—but the advice<br>in such books isn&rsquo;t very helpful to home users. (My last book contained<br>passages like &ldquo;The solution is a technology known as<br>fuzzy extractors. Without going into<br>the details, a fuzzy extractor generates a uniformly random string<br>from noisy input; this string is suitable for use as a cryptographic<br>key.&rdquo; This is, shall we say, not very useful (or even<br>comprehensible) advice for ordinary users.)

That paragraph illustrates a second failing of most books: they&rsquo;re too<br>full of jargon, and filled with phrases like &ldquo;fuzzy extractor.&rdquo; No,<br>I won&rsquo;t bother explaining that one is; it&rsquo;s not at all relevant here—and<br>that&rsquo;s precisely my point. I&rsquo;ve tried to keep this book jargon-free,<br>and while I have to use a few new terms,<br>I&rsquo;ve kept it to<br>an absolute minimum. In fact, you almost certainly already know all of the<br>concepts behind those terms. For example,<br>anyone who knows not to flash $100 bills<br>while walking through a dark alley in a dubious neighborhood already<br>knows what I mean by &ldquo;threat model,&rdquo; even if they don&rsquo;t use that<br>phrase.<br>Then why do I use such terms? It saves me the complexity and verbosity<br>of constantly referring back to &ldquo;the dark alley story.&rdquo;<br>Technical people (usually) don&rsquo;t invent terms just to be obscure;<br>rather, they do it for clarity within the profession. You&rsquo;re probably not in<br>the cybersecurity profession, but a very few terms are useful.

The third problem with many cybersecurity books is that they&rsquo;re written<br>by non-experts, and tend to contain obsolete or misleading advice.<br>My favorite example is passwords, which, as we&rsquo;ve all been told, must<br>be 13&frac12; characters long, contain at least one upper-case letter,<br>one lower-case letter,<br>one numeral, one special character, two characters from 19th century<br>romance novels,<br>and one from a dead or science fictional alphabet (personally,<br>I&rsquo;m partial to<br>Linear A and Klingon). And oh, yes, you should never write down your<br>password, and you must avoid using +, %, &, =, Ψ, ࠛ,<br>or ܟ.<br>As we&rsquo;ll see, that&rsquo;s simply bad advice, though<br>much of the blame rests with the web sites we all use rather than<br>just authors<br>of such books.

I&rsquo;ve tried to avoid that problem here. While some of what I say may<br>be surprising to you, since it appears to contradict received<br>wisdom, little if anything would be seen as wrong by other experts<br>in the cybersecurity field.

This book is for ordinary computer users, using our personal devices,<br>e.g., our<br>laptops, phones, etc.<br>Work computers may have different requirements because of specialized<br>needs of the organization, and that&rsquo;s true even for small businesses.<br>It&rsquo;s also not aimed at people who may have particular security<br>problems—if, say, you&rsquo;re the deputy director of some three-letter agency,<br>you might be targeted by hackers who have unusual powers and different<br>goals. The precautions I suggest here are almost certainly insufficient<br>for you. You know and I know that you wouldn&rsquo;t be careless enough to<br>put classified information on a home computer—but do those spies<br>know that?

This book is released under a<br>Creative Commons 4.2 BY-NC-ND license. Share and enjoy!

Preface<br>Introduction<br>Software and Updates<br>Passwords and Authentication<br>E-Mail<br>Browsers and the World-Wide Web<br>Scammers and Phishers<br>Internet of Things<br>Odds and Ends<br>Privacy<br>Artificial Intelligence<br>Recovering from a Breach<br>Physical Security<br>Your Digital Afterlife<br>Security Myths and Misconceptions<br>Conclusion<br>Security Principles

References

Index

Credits

If you prefer to buy a hard copy version, it is available,<br>at cost—I make nothing from this—here.

The content of<br>all

versions of this book are the same,<br>but they differ in formatting. All PDF<br>versions are intended for double-sided printing.

Formatted for printing on &ldquo;normal&rdquo; book-size paper. This is probably the best version to read online.<br>The same, but with monochrome (greyscale) images.<br>This is for full-page views on 8.5"x11" paper. It&rsquo;s considered harder to read, since the line length is too long and requires more eyeball movement, but is cheaper to print.<br>The same, but with monochrome images.<br>For A4 paper users, there is a color and<br>a monochrome version.

An epub version, for most ebook readers.<br>A .mobi version, for Kindles.<br>(You probably have to &ldquo;sideload&rdquo; the file to your Kindle. On a Mac, if you<br>plug your Kindle in, you can drag and drop the file there. For the...