Security researchers who work with sensitive information can better avoid Google Chrome and Skype, as recommended two researchers. According to Dani Creus and Vicente Diaz Kaspersky Lab happens that investigators are approached by criminal gangs and intelligence.
It also happens that researchers be bugged or that their devices while traveling is compromised. Operational security (OPSEC) is therefore essential, say Creus and Diaz. The main rule here is to remain silent. "If you do not have to say do not do anything. If you need to communicate with someone do it safely so you're not the contents of your message in danger and if possible also leave no metadata."
In the case of communication should be used such as email, instant messaging and phone the researchers several tips. So can only chat services that are trusted Off-the-Record (OTR) offering and Skype should never be used for discussing sensitive issues. Also, wherever possible, disposable phones are used. Furthermore, researchers are advised to use TrueCrypt to encrypt data.
To the Internet, according Creus and Diaz wise to use an 'air gap', which is created by an anonymous obtained 3G / 4G modem connection. Also have no cookies in the browser must be accepted and the execution of JavaScript can be prevented. Furthermore, users can not log on to an account and use Google Chrome is not recommended.
"OPSEC must be quickly part of the daily routine of security researchers," note the two researchers. "Given the kind of operation that is detected, and the parties concerned, the lack of knowledge and discipline in this area can have devastating consequences for researchers who do their work," concludes the pair. Earlier also gave a researcher called The Grugq sorts of tips for improving operational safety.
No comments:
Post a Comment