<div dir="ltr"><div class="gmail_default" style="font-family:georgia,serif">oh, and why using SMS as a second factor is pointless</div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><div dir="ltr"><div style="color:rgb(102,102,102)"><font face="georgia, serif" size="1"> <br>// <a href="http://twitter.com/RiCHi" style="color:rgb(17,85,204)" target="_blank">@RiCHi</a><span style="color:rgb(0,0,0)"> |</span> <a href="tel:%2B44.7789.200701" value="+447789200701" style="color:rgb(17,85,204)" target="_blank">+44.7789.200701</a> | <a href="tel:1.408.256.0084" value="+14082560084" style="color:rgb(17,85,204)" target="_blank">1.408.256.0084</a> | <a href="http://richi.uk" target="_blank">richi.uk</a> <br></font></div></div></div><div dir="ltr"><font face="georgia, serif" size="1"> </font><br></div></div></div></div></div></div></div></div></div></div></div></div></div></div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Aug 7, 2019 at 11:10 AM Richi Jennings <<a href="mailto:richi.ipg@richi.uk">richi.ipg@richi.uk</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:georgia,serif">and why a "fire safe" isn't safe against fire (for backup media)</div><div><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div style="font-size:12.8px"><div dir="ltr"><div style="color:rgb(102,102,102);font-family:georgia,serif;font-size:x-small"><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><div dir="ltr"><div style="color:rgb(102,102,102);font-family:georgia,serif;font-size:x-small"><div style="color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:small"><div dir="ltr"><div style="color:rgb(102,102,102)"><font face="georgia, serif" size="1"> <br>// <a href="http://twitter.com/RiCHi" style="color:rgb(17,85,204)" target="_blank">@RiCHi</a><span style="color:rgb(0,0,0)"> |</span> <a href="tel:%2B44.7789.200701" value="+447789200701" style="color:rgb(17,85,204)" target="_blank">+44.7789.200701</a> | <a href="tel:1.408.256.0084" value="+14082560084" style="color:rgb(17,85,204)" target="_blank">1.408.256.0084</a> | <a href="http://richi.uk/" target="_blank">richi.uk</a> <br></font></div></div></div><div dir="ltr" style="color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:small"><font face="georgia, serif" size="1"> </font></div></div></div></div></div></div></div></div></div></div></div></div></div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Aug 6, 2019 at 1:45 AM Tom Henderson via Ipg-smz <<a href="mailto:ipg-smz@netpress.org">ipg-smz@netpress.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p>4. Understanding basic multi-factor authentication and why a
wider ID footprint is good</p>
<p> a. OS vs browser vs site vs non-browser app authentication--
who's guarding what</p>
<p> b. What passwordless really means</p>
<p> c. Why unique passwords are important, since your identity and
at least a few of your passwords are ALREADY OWNED & NOW
published no matter who you think you are.<br>
</p>
<p> d. Password keepers and how they work</p>
<p> e. Why syncrhonization can kill your work across all of your
platforms.</p>
<p>5. Packet Radio and why there's no encryption</p>
<p> a. Basic APRS, state of the art X.25 networking and it still
works, but can be impersonated so simply <br>
</p>
<p> b. Digital modes from RTTY to FT4 and they DON'T USE
authentication and why (Part 95)</p>
<p> c. Spectrum theft by organizations that aren't hams, yet use
opaque protocols that can't be identified (see eHam's treatments
of the topic)</p>
<p> d. Bruce Perens' work on non-proprietery digital protocols and
why</p>
<p>6. Infection vectors and how</p>
<p> a. Your firewall/router, smartphones, computers, digital
appliances, IoT devices</p>
<p> b. Email phishing (as below)</p>
<p> c. Portable media</p>
<p> d. browsing maladies</p>
<p>7. Backup, backup, then backup your friends and civilians, based
on the 3-2-1 plan</p>
<p> a. Three backups, two local, one offsite</p>
<p> b. Backup all devices (after updating them) and send one to a
trusted place, regularly</p>
<p> c. Never put network storage devices directly on the open
internet, ever, for any reason, at any time (they're bot lunch)</p>
<p> d. In the event of theft/fire/destruction, the offsite backup
saves your bacon (or beans, if you're vegetarian)</p>
<p>73 W9YW<br>
</p>
<div class="gmail-m_3796450565627431130moz-cite-prefix">On 8/5/19 5:57 PM, Wayne Rash via
Ipg-smz wrote:<br>
</div>
<blockquote type="cite">
<div class="gmail-m_3796450565627431130WordSection1">
<p class="MsoNormal">I’m putting together a presentation on
computer security for ham radio operators. The club has a high
proportion of very smart engineers and a bunch of nuclear
physicists, but as you’d expect, they know little about
security. </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">So I’m putting together a list of topics.</p>
<p class="MsoNormal"> </p>
<ol start="1" type="1">
<li class="gmail-m_3796450565627431130MsoListParagraph">Why hams are at risk (they use
free software from unverified sites and they believe that
Macs are invulnerable)</li>
<li class="gmail-m_3796450565627431130MsoListParagraph">What the risks are:</li>
<ol start="1" type="a">
<li class="gmail-m_3796450565627431130MsoListParagraph">Phishing</li>
<li class="gmail-m_3796450565627431130MsoListParagraph">Credential theft through social
engineering</li>
<li class="gmail-m_3796450565627431130MsoListParagraph">Ransomware and how to limit the
damage</li>
<li class="gmail-m_3796450565627431130MsoListParagraph">Failure to patch</li>
</ol>
<li class="gmail-m_3796450565627431130MsoListParagraph">How to limit the risks</li>
<ol start="1" type="a">
<li class="gmail-m_3796450565627431130MsoListParagraph">Know how to identify a phishing
email (I have examples of actual emails)</li>
<li class="gmail-m_3796450565627431130MsoListParagraph">How to identify social
engineering</li>
<li class="gmail-m_3796450565627431130MsoListParagraph">How to patch</li>
<li class="gmail-m_3796450565627431130MsoListParagraph">How and why to back up your
data and why a network share isn’t secure, and neither is
an air gap.</li>
</ol>
</ol>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Any thoughts on what else I should include?</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Wayne Rash</p>
<p class="MsoNormal">703-425-9231</p>
<p class="MsoNormal">703-200-4915 cell</p>
<p class="MsoNormal"> </p>
</div>
<br>
<fieldset class="gmail-m_3796450565627431130mimeAttachmentHeader"></fieldset>
</blockquote>
<pre class="gmail-m_3796450565627431130moz-signature" cols="72">--
Tom Henderson
ExtremeLabs, Inc.
+1 317 250 4646
Twitter: @extremelabs
Skype: extremelabsinc</pre>
</div>
-- <br>
Ipg-smz mailing list<br>
<a href="mailto:Ipg-smz@netpress.org" target="_blank">Ipg-smz@netpress.org</a><br>
<a href="http://netpress.org/mailman/listinfo/ipg-smz_netpress.org" rel="noreferrer" target="_blank">http://netpress.org/mailman/listinfo/ipg-smz_netpress.org</a><br>
</blockquote></div></blockquote></div>