Updated Security

One of my New Year’s resolutions is to take digital security and privacy more seriously. I can now check that one off the list as completed. Why the resolution in the first place? Where to begin…

I don’t think I’m all that different from the vast majority of people in the world and as such, I probably make most of the same mistakes. For instance, I have used the same password for four or five years straight now at all sorts of online websites and for all sorts of functions. If only one of those sites were ever compromised or even if only one of those sites’ administrators took advantage of the user credentials in their possession, I could be in a world of hurt. From bank accounts to brokerage accounts to retirement accounts, my financial life could be devastated.

I also keep a lot of financial and credential information in a text file on my various machines – one copy on my work laptop and another on the server on my home network. This file exists as a master record of most of my user names and passwords for financial sites, social security numbers, banking, routing, and credit card numbers, etc. I started it years ago to keep track of passwords and information in case I ever came down with the momentary symptoms of Alzheimer’s, but mostly it’s useful for when I want to purchase something online but don’t have my credit card handy. Just open the file and there’s my information. Anyone who has been on my home network or work laptop has had complete access to this – they just didn’t realize it.

Lastly, I’ve noticed some issues with the security on the home network over the past few years. Knowing that encrypting wireless network signals demand overhead bandwidth and thus lowers actual throughput, I opted to use only MAC address filtering: permitting only those computers I knew and trusted. Strange thing is, the Wii worked and could access the internet long before I added its MAC address and others have brought over laptops that have exhibited the same behavior. I can’t figure out why this happens with my router but in reading up on it, I learned that MAC spoofing is easy enough for a toddler to do these days so my network really isn’t secure at all. Most likely that’s why there are frequently several computers on my network for which I can’t account.

Combine all this together and you have the potential for a wardriving crook to drive by my home, jump on my wireless network, access the shared files on my server, grab all my financial information and passwords, then use that information to drain all of my accounts – all while using my freely available internet connection. Talk about rolling out the proverbial red carpet for the would be cyber criminal.

So this evening I did my homework and made some changes. I’ve adopted a new password and while I plan to use the new password at all of my current websites, at least it’s a different password than what dozens of forums and other one-time use websites have stored for me. Sure, I could adopt a unique, computer-generated password for each site I visit, but I’m not yet that paranoid. I’d like to be able to remember my password and not have to look them up for each site I visit frequently.

I also downloaded Steganos LockNote to replace my text file of important information. LockNote is a neat little self-contained program that acts as an encrypted (AES 256-bit), password-protected text file. Not only does the would be viewer need a password to access the file, the contents are encrypted with one of the highest cryptographic ciphers currently known. AES 256-bit is the only algorithm approved by the United States government (including the NSA) for use on Top Secret documents. My LockNote file is so secure, I could post it publicly on the internet and boast about it containing access to millions of dollars that are up for grabs. At the earliest, someone might crack it in 75 million years (but inflation will have effectively reduced the prize to $0 by that point). Needless to say, it’s secure.

Lastly, I tightened down the home network by removing MAC filtering and enabling WPA2. WPA2 is currently the highest grade security protocol that exists for wireless connections. Without my pre-shared key, access to the network could only be obtained through a brute force attack (in this case taking somewhere in the neighborhood of two million years). If I’m still in the neighborhood at that time, they can have access.