Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Locked thread
Clockwork Sputnik
Nov 6, 2004

24 Hour Party Monster
I have a close friend that's a celebrity. Like the rest of us, they've got a lot of their lives on their computers, phones, tablets. They are justifiably concerned about their privacy.

They came to me the other day asking me to lock down their entire lives. Home WiFi, securing their phones against theft, snooping/sniffing etc. I would imagine they want all this to be as transparent as possible.

Other than using secure routers with strong passwords, making sure encryption is enabled on all PCs/Laptops at boot level(afer ensuring all are virus-free,) securely destroying all HDDs in old computers, 2FA on email accounts, making sure all iPhones have GPS and remote wipe, wipe after 10 failed PW attempts turned on, what else should I do/look into? (Noting here that cost is not really a factor)

Sorry it is such a broad question, I've never had anyone ask this of me.

Adbot
ADBOT LOVES YOU

mcsuede
Dec 30, 2003

Anyone who has a continuous smile on his face conceals a toughness that is almost frightening.
-Greta Garbo
Are they a celebrity with money? Because hire a professional is a serious answer.

Clockwork Sputnik
Nov 6, 2004

24 Hour Party Monster

mcsuede posted:

Are they a celebrity with money? Because hire a professional is a serious answer.

A decent amount, I suppose. They've told me they've got about 5k to blow on this. If that's the best solution, obviously I'm not going to trust some kid from Geek Squad, what kind of things should I look for in such a professional?

Factory Factory
Mar 19, 2010

This is what
Arcane Velocity was like.
Your friend, like anyone, should assume that anything done on the internet is as good as public, when it comes to a dedicated investigator.

Here's one that people often miss: Not automatically connecting to open WiFi hotspots. Not only can these hotspots be spoofed for man-in-the-middle attacks, but even by just connecting to them passively, a phone can leak incredible amounts of data. Ars Technica and NPR did a joint report (Ars) (NPR).

It would also be good practice to set up a password manager to help ensure that all online passwords are secure.

Jonny 290
May 5, 2005



[ASK] me about OS/2 Warp
Who'd he piss off, and through what vectors have they already hacked this celebrity?

100% of the times somebody has come screaming to me or one of my computer bros for HELP ME PROTECT MYSELF, they got involved in like loving eve drama or something. One guy gave away root on a colo on a gigabit line because he'd totally get guildmaster rank if he did so

Hire a professional. If he requests to go through you, hire the pro, inflate his rates by 25% and bill your customer that.

Clockwork Sputnik
Nov 6, 2004

24 Hour Party Monster
Thanks for the info, Factory Factory. Great articles.


Jonny 290 posted:

Who'd he piss off, and through what vectors have they already hacked this celebrity?

100% of the times somebody has come screaming to me or one of my computer bros for HELP ME PROTECT MYSELF, they got involved in like loving eve drama or something. One guy gave away root on a colo on a gigabit line because he'd totally get guildmaster rank if he did so

Hire a professional. If he requests to go through you, hire the pro, inflate his rates by 25% and bill your customer that.

Primarily because she is a she. The whole conversation started when we were sitting at my bar, and I noticed her phone was completely unlocked and asked her about that, and if she ever thought what would happen if she lost the phone. Which got us on the topic of all her other items. She's brought her laptop into Best Buy before for issues. Her router was set up by the AT&T guy, etc. Out here in LA, its is very tempting for BB/Apple Store techs to dump/sell clients' info to TMZ, etc for more than they'd make in a month.

So, I guess a professional is the way to go, and I'd imagine she wants me to at least vet said professional to avoid the above types of situations. I'm fairly tech-savvy but not to the degree where I would know how to plug as many security holes as possible.

She's smarter than your average clueless celeb, and has seen what's happened to others through their failure to at least use basic security measures.

Hell, when I used to work for a firm that had 100% celeb clientele, they'd often come into the office and just hand me their old laptop as a gift when they got a new one. Completely intact. I could have made a killing selling off the content just off their hard drives, if I had less scruples.

1gnoirents
Jun 28, 2014

hello :)
Reduce your scruples!

However this seems like the kind of thing where there are real professionals and then "pros". I can also seeing this having an obscene price, far far far above $5000. And how would one differentiate? Ones that are vetted will be horribly expensive, and ones that aren't but still can do a good job...

I don't know this sounds like a tough one. I guess you could just take the $5000 and do the things you said yourself, since I can pretty much guarantee there are people who would do far less for $5000

spog
Aug 7, 2004

It's your own bloody fault.
It's an interesting question:

I can imagine that there are lots of people who can secure your network.
There are also lots of people who tell you how to use social media, without looking like an idiot/bigot.

I wonder how many people can crossover and help secure all of these - isn't the standard response for network security simply block Facebook, etc from the work network?

spog
Aug 7, 2004

It's your own bloody fault.
After reading this thread, I half-heartedly thought that there was potentially a very good business plan for being an expert of protecting your private digital life.

Like every similar thought I've ever had, I've been surpassed by events.

Hope your ladyfriend is okay, OP.

Maneki Neko
Oct 27, 2000

Apparently don't use iCloud should be on that list!

1gnoirents
Jun 28, 2014

hello :)
:v:

Novo
May 13, 2003

Stercorem pro cerebro habes
Soiled Meat
If you have poor security skills maybe the best thing you could do is not give advice to celebrity friends or post about how you have either online?

KS
Jun 10, 2003
Outrageous Lumpwad
My understanding is the "Find my Iphone" service didn't lock Apple accounts after multiple failed attempts, so it was vulnerable to brute forcing. This was posted the day before the leak: https://github.com/hackappcom/ibrute Not conclusive that this is what was used, but a big coincidence if it's not.

Rooney McNibnug
Sep 2, 2008

"Life always hopes. When a definite object cannot be outlined, the indomitable spirit of hope still impels the living mass to move toward something--something that shall somehow be better."

KS posted:

My understanding is the "Find my Iphone" service didn't lock Apple accounts after multiple failed attempts, so it was vulnerable to brute forcing. This was posted the day before the leak: https://github.com/hackappcom/ibrute Not conclusive that this is what was used, but a big coincidence if it's not.

This is what Apple is alleging: https://www.apple.com/pr/library/2014/09/02Apple-Media-Advisory.html

Apple posted:

We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.

To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at http://support.apple.com/kb/ht4232.

Their advice in terms of using two-factor authentication can be applied to several other services - http://twofactorauth.org/
I would encourage using 2FA on any platform you're able to, despite the minor annoyance it may bring to the user.

Also, maybe encourage them to look into sandboxed browsing - https://en.wikipedia.org/wiki/Sandboxie

Obviously, you can never be fully "bulletproofed", so it kinda really comes down to making the wisest decisions you can through any digital service. Think twice.

1gnoirents
Jun 28, 2014

hello :)
So it probably was exactly what happened then

mikemil828
May 15, 2008

A man who has said too much

Clockwork Sputnik posted:

I have a close friend that's a celebrity. Like the rest of us, they've got a lot of their lives on their computers, phones, tablets. They are justifiably concerned about their privacy.

They came to me the other day asking me to lock down their entire lives. Home WiFi, securing their phones against theft, snooping/sniffing etc. I would imagine they want all this to be as transparent as possible.

Other than using secure routers with strong passwords, making sure encryption is enabled on all PCs/Laptops at boot level(afer ensuring all are virus-free,) securely destroying all HDDs in old computers, 2FA on email accounts, making sure all iPhones have GPS and remote wipe, wipe after 10 failed PW attempts turned on, what else should I do/look into? (Noting here that cost is not really a factor)

Sorry it is such a broad question, I've never had anyone ask this of me.

Depends on how much of an actual celebrity she is, if she is at the level that she is at a measurably higher risk of being subject to someone trying to specifically hack her, she should be wealthy enough to hire an IT security guy to work for her full time (and a PR person to fix the damage should she get hacked anyway, you can't actually make someone 'bulletproof' you can however make it difficult enough to be not worth the effort). Otherwise she really doesn't need anything more than the average joe needs, granted the average joe puts a lot less effort into security then they ought to but anyway.

Generally when it comes to infosec, hackers go for the path of least resistance, and often that path goes through someone other than you, there isn't really any point to having an obscenely elaborate password to your email account if your bubble headed bleach blonde secretary gives it to the nice computer guy on the phone to 'troubleshoot' some unspecified issue. There isn't really a point to completely securing your wifi ap if somebody pays the cleaning lady 5 grand to plug a little black box into it while you are out. Securing your friends and associates generally goes a lot further for the dollar than a bunch of security equipment.

baka kaba
Jul 19, 2003

PLEASE ASK ME, THE SELF-PROFESSED NO #1 PAUL CATTERMOLE FAN IN THE SOMETHING AWFUL S-CLUB 7 MEGATHREAD, TO NAME A SINGLE SONG BY HIS EXCELLENT NU-METAL SIDE PROJECT, SKUA, AND IF I CAN'T PLEASE TELL ME TO
EAT SHIT

These days well-known people, especially women, don't necessarily need to be wealthy to be specifically at risk from shitheads, especially when it comes to online vectors

Adbot
ADBOT LOVES YOU

Vulture Culture
Jul 14, 2003

I was never enjoying it. I only eat it for the nutrients.
Never bring any computer to a retail repair shop like Geek Squad, ever. They're notorious for fishing through personal documents for nude photos.

  • Locked thread