Healthy Paranoia - Buckle Up!

Healthy Paranoia

Buckle Up!

Veit Hailperin
by Veit Hailperin
time to read: 5 minutes

Healthy Paranoia looks like an oxymoron at first, because paranoia is a psychological disorder and thus, by definition, can’t be healthy. When wearing seat belts became mandatory in the 1980s, it was perceived as unnecessary and overly protective. Now it is simply considered normal. The same happened with ski helmets. Not even ten years ago only little children wore helmets – they were literally considered unbearbale and unwearable. Now the vast majority of skiers and snowboarders can be seen wearing helmets. Computers and Internet are young and most things related to security are perceived as paranoid. It is the security that will eventually come though and it actually protects.

Take Charge

The news has been rife lately with banks getting hacked, passwords getting stolen and governments interfering with your privacy. It is no surprise that many people have become cynical and given up because they feel powerless. But being powerless is only partially correct. Everyone on the internet is vulnerable to quite a range of different attack types, some of which we can protect ourselves against without much effort. We can categorize attacks into targeted and non-targeted attacks. An attack is targeted when it is directed at a single person because of the person itself, or part of a bigger attack, perhaps because that person has access to sensitive data at a bank. It is close to impossible to defend against these types of attacks. The attacks we are all subject to are the non-targeted ones. They live from the simple mass and it doesn’t matter if what is stolen is credit card data, your identity or simply the calculation power of your computer’s processing unit. These attacks can be made far more difficult for attackers without introducing a lot of work for us, following the 20/80 principle which describes the theory that 80 percent of the result can be gained with 20 percent of the effort.

Data is often sent unencrypted, which enables attackers to listen to the communication. Wether the communication is encrypted or not is shown by most browsers with an image of a small lock in the address bar. Always having to check wether the communication is encrypted or not is a nuisance. So let us make the computer work for us (just for a change). The Electronic Frontier Foundation (EFF) developed a plugin called HTTPS Everywhere for Firefox (Android and Desktop) and for Chrome. It will ensure that your browser, when accessing websites that you have already once accessed using a secure channel, will always automatically chose the encrypted communication.

Installation in Chrome

Search the Plugin

Choose the plugin

Installation in Firefox

Download in Firefox

Installation of the Plugins in Firefox

Firefox on Android

Should you have already installed Firefox on Android, installing the plugin will work analogous to the regular desktop installation.

Neither Safari nor Internet Explorer feature equivalent plugins.

About the Author

Veit Hailperin

Veit Hailperin has been working in information security since 2010. His research focuses on network and application layer security and the protection of privacy. He presents his findings at conferences.

Links

You need support in such a project?

Our experts will get in contact with you!

×
OWASP Core Rule Set

OWASP Core Rule Set

Mark Zeman

Anthropomorphism

Anthropomorphism

Marisa Tschopp

Data Leakage Prevention

Data Leakage Prevention

Tomaso Vasella

Password Leak Analysis

Password Leak Analysis

Marc Ruef

You want more?

Further articles available here

You need support in such a project?

Our experts will get in contact with you!

You want more?

Further articles available here