It looks like TrueCrypt is not secure anymore; 1; 2.
I’m taking the context of these news to ask you what kind of security tools and software do you use. I’m pretty sure there is a paranoid side within each of us
I open this discussion saying I created a PGP key for signing mailing lists mails. It is the only “security” thing I’m currently using, shame on me =P
(PS.: This might also be a suggestion of topic for a future show)
Arch Linux with encrypted partitions, no swap, sleep or suspend.
GPG for encryption, KMail to handle encrypted email accounts. HTTPS Everywhere or its equivalent for web browsing. I make an effort to minimize contact with unsecure systems/networks and think through what I share on the net.
Security software? I just use Dropbox.
ducks
Hoping this post isn’t used as a way to try and figure out who might be easiest to hack by other unscrupulous persons, or most interesting challenge…
- Well I avoid using Windows as much as possible at home (the wife has an old Win laptop she’s slightly paranoid about security with, I think is now well enough protected; I have one thats v.rarely used and has well-reviewed AV s/w on it but she does anything requiring more security on my up-to-date Ubuntu) - she’s not a techy in any way but she hasn’t found it hard to get used to, especially as mostly chrome/firefox, printing, and the odd relatively-simple doc in Libre.
- Keepass for passwords, mostly the longest+most complexity possible on sites, using generated strings.
I hate sites that only allow up to 8 chars or less for passwords or
disallow symbols/spaces/are case insensitive. I look at for e.g. plaintextoffenders website and consider reviews/hack news and their treatment of, before I enter my details (especially for payment) anywhere.
- 2 different-brand firewalls between any home wifi and our net connection.
- 2FA for email/other important/dependent accounts, where possible.
- Encrypted partition for any sensitive documents/data (the system
itself ie /usr and the like, or /etc are not yet/won’t bother)
- All possible connections on https/ssh, openvpn
while outside or if on untrusted wifi
- Using unique email addresses for some less-trusted/smaller services to help track how trustworthy they are going forward
- Keeping up with security website news/blogs
- ISP that isn’t one of the big-6 that gets told to monitor/filter
connections in the UK
- PGP keys, but not really used much yet.
For my own-domain stuff
- Email servers with restricted IP access lists, and TLS setup, servers kept patched.