A Better Way to YOLO

May 10 2017

Consider the word “syndrome,” it is defined as something strictly psychological – in your head – something you alone created and thus must resolve yourself. Many people of color at higher institutions are said to suffer from imposter syndrome, but suppose that it's not completely due to something in their head but also their environment. Micro-aggressions and other sorts of external biases can reaffirm people's belief that they don't feel they belong. If we aim to create a more just and equal society, to be cognizant of how we treat others, we must work to overcome these biases.
I'm a cryptographer at MIT and my passion is creating systems that will allow everyday people to remain secure as they compute and surf the web. By using formal methods and cryptography embedded into our everyday tools I believe we can reach a more secure state.

Here are my top 6 tips to stay secure online:

1. Password defense
Use a password manager and don’t use the same password everywhere. Your email should have your strongest unique password since it's the key to all your other accounts. Need to reset a password? With access to your email, you get access to everything. When a website needs you to sign up, use ephemeral user accounts from BugMeNot. Use Two factor authentication on things that matter.

2. Identify Phishy content
Learn how to identify phishing emails. This may include strange senders, weird links, misspelled text, or unusual requests. If the email comes from someone you know, and it contains a weird request, verify through a secondary source whether they sent the message or not. If you get a file that is suspicious, open it in Google Drive so your computer doesn’t get affected.
You can report phishing content to the US Department of Homeland Security’s (DHS) Computer Emergency Response Team (CERT).

3. Block ads
While websites do get most of their revenue from ad clicks, malicious ads are a major vector of attack that can cause legitimate websites to issue out spam. The best approach is to limit your ad exposure on websites. Check out Pi-Hole if you’re interested in a more sophisticated setup.

4. Stay updated
Every week new vulnerabilities are found in common applications for every platform. If you’re interested, CERT produces a weekly list of found vulnerabilities in applications, ranking from mundane to can-totally-pwn-your-system. The common way people get infected is through the use of common vulnerabilities, so as long as you update your software you’ll be up to date on common patches.

5. Backup
Ransomware is so sophisticated now that even the FBI suggests you simply pay up. To be protected if you were to be infected by ransomware, be sure to regularly backup your files. Locally updating is better for privacy (on an external hard-drive or DVD), but cloud backups provide you redundancy. A major problem with cloud backups is the fact that they can be breached (recall the fappening).

6. Minimize your attack surface
The less programs you have installed on your mobile or desktop device, the fewer accounts you have at random websites, and the less content you share online all minimize the ways people can get to you. There are trade-offs to these decisions, but that line is different for each person. If you stay at the lower level of that threshold, you’ll be better off.
If you want to discuss crypto, programming languages, security, or anything else, hit me up. These days I want to understand Homotopy Type Theory, prove universal composability of some protocol, and formally verify obfuscated-LLVM.

Cambridge, MA
[email protected]

comments powered by Disqus