Category: Privacy & Encryption

Hugh, Just wanted to bring up a point about a couple of the letters to the editor. The article was meant as a primer as to steps that can be taken to digitally secure your data. There is no such thing as a 100% secure data system. It sounds good, but it is unrealistic. With that said, however, you can make it take such an inordinate amount of time to get to the data as to be “virtually” 100%. That is also the premise of DiD (Defense in Depth). You are employing a multi-layer shell of encryption and segmentation around …

Hi Mr. Latimer, As I read the post “Prepper Digital Security” and then, later, the “Letter Re: Prepper Digital Security”, I kept thinking back to an old XKCD comic strip simply titled “Security”. Both those articles have some great advice in them, but I caution you and your readers from thinking such measures will make you safe. As is often the case in the field of digital security, humans are the weakest link in our defense strategies; I encourage you to keep that in mind. Happy New Year – Z.S.

Mr. Latimer, I read the article “Prepper Digital Security“, by A.B. and would like to offer a couple of comments. The article mentions the use of TrueCrypt. I was a serious user of this software package until June of this year after Microsoft ceased support of Windows XP. When that happened, the development of TrueCrypt was ended with very little explanation. I run Ubuntu Linux and used TrueCrypt. Now that development has stopped, I cannot get updates so am no longer protected if NSA finds another exploit. The website has the following to say: WARNING: Using TrueCrypt is not secure …

Mr Rawles, I received an interesting letter today that profoundly reminded of OPSEC. The letter was notification of a class action suit against Oregon ARCO stations. They failed to disclose their prices when the station charged a 35 cent debit card transaction fee. While my visits to Oregon Arco stations “south of the river” are quite sporadic, the dates of time are what really got my attention– January of 2011-August of 2013. This seems to prove three things to me– our debit and card purchases are being tracked and cataloged, and perhaps Mr. Snowden is not the ogre he is …

Hugh, JR, and the rest of my fellow patriots: I would like to ask your readers who, like myself, have used Craigslist (and maybe similar sites) for years to do everything from buy and sell farm animals to random goods to meeting other people via the personal ads. Have you come to the point where you’re so frustrated with even using CL because of the onslaught of phony, obviously robotic in nature, responses you’ve received either from your own ads or others? Call me crazy, but perhaps it’s a direct result of our very own government’s attempts to not only …

Hugh, When social media is discussed on this site, opsec always seems to take front seat. Entering details of your life and a network of your contacts into a database you don’t own is certainly cause for pause. I don’t have a social media account because I find them obnoxious. However, the letter regarding using social media for intel was spot on and, though Hugh stated that this was just one useful instance, I believe the writer of the letter indicated several, none of which could be effectively reproduced with the level of ham radio activity we have going on. …

Dear Editor, It’s nice that you published an article about system and data security. People need to be aware. Overconfidence in encrypted communications however is a disaster waiting to happen. The author wrote: “Another benefit of the way Linux deals with encryption is that any information that is read or written is directly transferred between RAM and the container: any piece of information that exists outside of the computer’s memory is always encrypted.” This is flawed logic as demonstrated by recent attacks on target and other retail giants. RAM scraping is actually pretty old news. I also heartily disagree with …

Welcome to all the brave souls that didn’t scream and/or quickly scroll on when reading the title. I know a fair percentage of SurvivalBlog readers are concerned about OPSEC, but what about your electronic OPSEC? Is it as good as it should be? As good as it could be? I promise you won’t have to read the entire submission but you should take a look at the first few paragraphs to determine if its something you need to address. If you do, you can always try to find some trusted help in securing your systems. During the second half of …

Dear Editor, A long tome ago, I looked at diceware as Michael Z. Williamson mentioned (love that XKCD cartoon), and I don’t find it quite as robust as I would like for password generating (I have one diceware-ish password I use for convenience, but used a couple of foreign words and specific capitals as well). Creating a series of simple words that forces the attackers to use a brute force attack on it anyway, made me want to go out and find out a better way to find brute-force-resistant passwords. I found one (essentially, only one) really good password generator …