Protect Yourself from NSA Attacks and Don't Do Anything Stupid

Can you protect yourself from NSA attacks?

If they are determined to get you, I suspect probably not, but there is no reason to make it easy for them either.

Reader "CJ" sent me a link to the November 15, Schneier on Security Crypto-Gram suggesting I take a look.

I did and I pass on "CJ's" suggestion to everyone else concerned.

Don't Do Anything Stupid

One of the links from Schneier on Security involves a Woman Cheated Out of $825 After Posting Photo of Winning Ticket to Facebook.

A woman named Chantelle placed a $20 bet on the 100-to-1 shot Prince of Penzance at this year’s Melbourne Cup, Australia’s most prestigious Thoroughbred horse race. The Prince of Penzance ended up winning the race, netting Chantelle a total of $825 in winnings.

She blocked out part of the barcode with her fingers, and it appears the story blackened out more, but someone, likely a "Facebook Friend" reconstructed the barcode and collected the winnings.

How to Protect Yourself from NSA Attacks

I followed another link from Schneier to this story on How to Protect Yourself from NSA Attacks by the Electronic Frontier Foundation on defending your rights in the digital world.

I followed the article's advice and made corrections to both Firefox and Google Chrome even though the author notes there is a trade-off: "Removing your clients support for "_DHE_" ciphers will eliminate the risk of this [NSA] attack, but it may also remove Forward Secrecy support altogether for some sites. Here's how to remove those "_DHE_" cipher suites if you still have them ...".

Much of the article was way above my head, but I found the instructions for Firefox and Chrome easy enough to follow.

If nothing else, please be careful of what you post on Facebook and elsewhere. I tend not to use Facebook at all, except for automatic posting of my blog links.

Mike "Mish" Shedlock