>>53493014
So I guess this is a cybersecurity general, huh?

I'm currently working on a research project at my school that deals with cybersecurity awareness. It takes less than 10 minutes to complete.

http://pastebin.com/bcjZMnsV

I'm a CompTIA-Security+

AMA guys

did you remove all the spaces to save on characters?
because I can't read shit

Stupid beginner questions + english is not my first language, here we go :

- Is it ok to use mail hosts such as gmail if you use encryption on your mail app? (like Thunderbird an Enigmail)

- Is there a good comparison of encrypted mail providers? Preferably free, that work with Thunderbird. At the moment I narrowed it down to Ghostmail but if you have better suggestions don't hesitate.

- Is Signal a good app for Android, or is there a better one in this category?

- Is there some sort of equivalent to Facebook IM that's relatively easy to use so I can try to use it with my friends? (because of course since I'm interested in privacy I'll get off FB soon)

- Is Minds.com a good social network? What else could replace Facebook?

- Is there any way to set up something as a "panic button" to "destroy" hard drives? (no, nothing dirty or fucked up, honest)

If not, I guess the best way to make a hard drive safe is full drive encryption? Is that easy to do? Any recs?

Thanks in advance if you take the time to answer any question.

>>53493893
:-)

>>53493014
>using the smiley with a carat nose

Been looking for a script that will wipe the RAM when triggered, anyone have an idea?

>>53497999
>Been looking for a script that will wipe the RAM when triggered, anyone have an idea?

Of course during shutdown

>>53497999
>>53498020
IIRC Tails does this, so the script to do that should be part of Tails

>>53497999
Try the power button

>>53493014
This thread is cancer.

Who the fuck would read this fucko text cluster fuck.

>>53493014
contribooting with wireless security tips from some post of the /flt/
https://sites.google.com/site/easylinuxtipsproject/securitywireless

File: 1436056903226.png (91 KB, 740x601) Image search: [Google]

91 KB, 740x601

>>53498524
contribooting with more

>learn how to write your own crypto
like a jedi learns how to build its own lightsaber
http://ciphersaber.gurus.org/

>easy safe passwords
strong enough and memorable like in pic rel
http://world.std.com/~reinhold/diceware.html

>privacy tools
for your daily needs and for those you love
https://www.privacytools.io/

>prism break
i want to break free! (from surveillance programs)
https://prism-break.org/en/all/

>droid break
I want to break free! (from the android/google botnet)
http://droid-break.info/

>find alternative software
for anything that you want to test for an alternative
https://alternativeto.net

>>53495340

>Is it ok to use mail hosts such as gmail if you use encryption on your mail app? (like Thunderbird an Enigmail)

Yes, the service can still see who you are contacting though.

>- Is there a good comparison of encrypted mail providers? Preferably free, that work with Thunderbird. At the moment I narrowed it down to Ghostmail but if you have better suggestions don't hesitate.

If you encrypt locally via Enigmail, then it doesn't matter who your provider is.

>- Is Signal a good app for Android, or is there a better one in this category?

The best app is one that uses end to end encryption and, most importantly, the app that your friends have. Encryption only works if both parties have it.

>
- Is there some sort of equivalent to Facebook IM that's relatively easy to use so I can try to use it with my friends? (because of course since I'm interested in privacy I'll get off FB soon)

There are Pidgin plug-ins for facebook messenger that you can use. This allows you to use facebook messenger, but everything will be encrypted so facebook can't read what you're writing.

>- Is there any way to set up something as a "panic button" to "destroy" hard drives? (no, nothing dirty or fucked up, honest)

If the drive is encrypted, then yanking it out of the computer will render it useless if you passphrase is strong. Strong encryption is actually safer than traditional wiping.

I use QubesOS, which has full disk encryption built-in. I believe most Linux-based distros have this feature as well. The main thing is to select a passphrase that has lots of entropy. See Diceware Method.

>>53498505
underrated post

>>53495340
>- Is Signal a good app for Android, or is there a better one in this category?
it's the best if end to end encryption and open source are important to you (and easy to use, normal people won't find it confusing).
Threema is also nice but not open source.

>>53493014
>https://wiki.installgentoo.com/index.php/Encryption
>VeraCrypt, a fork from TrueCrypt, continues its development. This is technically illegal (as the TrueCrypt software license does not allow forks), but there is little chance of the original TrueCrypt developers launching a lawsuit against VeraCrypt.

So what's the vertic on VeraCrypt? Good, bad? I sort of went and encrypted my external HDD before seeing this thread. I haven't been keeping up and just assumed TrueCrypt was already gone by now.

>>53498870
>So what's the vertic on VeraCrypt? Good, bad?
Good, better than TrueCrypt nowadays since they fixed a few bugs/vulnerabilities, slightly more cumberstone since you can use whatever iterations for the password hashing you want

>>53498710
No it isn't. Powering off doesn't do shit:

https://en.wikipedia.org/wiki/Cold_boot_attack
>With certain memory modules, the time window for an attack can be extended to hours by cooling them with a refrigerant such as an inverted can of compressed air. Furthermore, as the bits disappear in memory over time, they can be reconstructed, as they fade away in a predictable manner.

>>53499015
This is in terms of seconds.

An in use stick of ddr3 will retain data for perhaps 10-12 seconds before being completely irrevocable, and for 2-3 seconds before requiring serious data recovery techniques.

If you don't believe me, pull out your ram sticks for a second and put em back in, let me know how it works out.


If you want real mitigation for cold boot attacks, don't use snake oil. Epoxy the sticks to the motherboard, or use TEMPEST to keep crypro keys in CPU registers

>>53498753
There is absolutely no reasin to trust threema, ever.

>>53499015
your ram is safe after 10-20 seconds man.

>>53493014
Finally a good thread. Don't let this die, OP

Also, tweak OP so it is more readable

How can I hack some more ram?

I need lots of ram to overclock my hard disk.

OP posted an article about privacy
Even tho I know this thread is shit or either bait I clicked it

This content is available exclusively to Chronicle subscribers

Fuck off.