Reply to post: Re: Personally. . .

One-third of all HTTPS websites open to DROWN attack

Anonymous Coward
Anonymous Coward

Re: Personally. . .

some silo protection ideas for debate?

i.e. do your browsing/banking on a refurb iPad Air set to "Private" - do not use this for email. Have Search_Engine_Suggestions, Safari_Suggestions, Quick_Web_Search, Preload_Top_Hit, Fraudulent_Website_Warning all OFF. Do dump the client-side cookies/LSO's every week Settings/Safari/Advanced/Website_Data/ Edit&Delete, repeat until they are gone.

If you have to use your old PC/Mac for browsing, consider using a clean Linux Mint liveCD from before the recent attack on their repos, or on OS X use Chrome(*) for everything except Goooogle products, use FF only for Gmail/google products, try using IXQUICK.nl for search (omnibox setting https://ixquick.nl/do/search?query=%s&cat=web&pl=chrome&language=english) but - do not use this PC for email. (*)On Chrome, do not sign-in, update Chrome every week (from About Chrome,) then ensure that chrome://settings/ Show_Advanced_Settings has ‘navigation errors,’’prediction,’’prefetch,’’report,’’protect,’’spelling,’’usage,’ OFF

Read/screen your POP email on a $/£ 35 Raspberry Pi 3, or an old smartphone, do not use this for web browsing. Emails that you wish to keep could be physically printed out for filing & storage. Re-instantiate the RaspberryPi regularly (possibly we could use a virtual machine here, but a hardware RPi3 is quite fun)

Update the OS/Firmware then switch off the WiFi/delete/reset the web connection to default on all your SmartTV's, Fridges etc

Abandon your telco Web router with its multiple unknown backdoors to the telco, turn off its WiFi, unscrew its antenna, have a single ethernet cable with fixed IPv4 to your real router, (Your Router with a spoofed MAC address so it's hard to guess which model) and set a hard to guess Administrator name & password - which you can write on the underneath of your router for those mislaid moments. Consider using OpenDNS family service on your router’s DNS = 208.67.222.123 and 208.67.220.123 (this will protect from most of the browser ’errors’ that we configured OFF earlier)

Invent & run several random traffic generators including DHS monitored keywords, use TOR for checking the cricket scores, the dark-web for reading the DailyMail & Telegraph

This approach at least leads to some level of phishing/crypto-locker immunity & restores a bit of 1990’s privacy. Lawful Interception can still profile you, but they’d need to do it with proportionality rather than vacuum-cleaning.

. . .there may be better ways to protect the civilian infrastructure from cyber-squirrels, what else to try?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021