OPSEC or Operational Security is about keeping information safeguarded and is commonly used by militaries or governments.
Questions tagged [opsec]
13 questions
448
votes
14 answers
Is it bad practice to use your real name online?
On some accounts I use my real name on-line (Google+/Facebook/Wikipedia/personal blog), others (Q&A/Gaming) I use an alias.
My question is: Security and privacy wise, what can people do with my real name? What are the dangers of using your real name…
blade19899
- 3,601
- 3
- 13
- 18
13
votes
1 answer
WAF Process Creation for Integration of IT and Business
A client has asked me to help them out with their WAF processes. Currently they have a few critical web applications being protected by a couple of WAFs. I have managed to get the WAFs tuned and ready for production. The company is fairly large and…
Lex
- 4,247
- 4
- 19
- 27
11
votes
3 answers
Disable USB keyboard pluggability on MacBook
I'm concerned about USB devices being physically attached to my MacBook laptop when I am about to unlock my computer or while my computer is unlocked.
My threat model involves an attacker who is willing to spend about $200 to gain access to my…
dionyziz
- 213
- 1
- 7
6
votes
3 answers
What are some ways to anonymize your writing style?
I imagine that if someone suspected an anonymous online persona of being a specific real person who also had writing samples available online (like a blog or social media) they'd be able to compare the styles of writing. What are some ways to…
user187395
5
votes
2 answers
Shutdown if case opened
Assume the user has a full disk encrypted HDD in which their OS and files reside. They also have made attaching USB or any other device without first allowing it cause an automatic shutdown which subsequently wipes the RAM clean (the same way Tails…
user5510281
- 81
- 4
4
votes
1 answer
When reading PGP or other encrypted emails, is it wise to unplug my computers ethernet in order to use my private key?
I've never used PGP before so my logic may be a bit off.
When receiving an email encrypted with my public key, would it not be best to unplug or disconnect my computer's internet before decrypting with my private key? That way there can be no chance…
watchy
- 41
- 1
2
votes
1 answer
Anonymity Stack: Home connection -> VPN -> Whonix(Tor) -> Socks5. Few questions on anonymity
So let's assume the following:
1. A host machine running a clean BSD-based OS that has no backdoors, malware, spyware or other potentially de-anonymizing harmful software.
2. One home internet connection from an ISP that keeps a close eye on…
Stackexchange_fan
- 21
- 1
- 3
2
votes
1 answer
Why is Pastebin still widely used by malicious actors for sensitive data dumps, given that it's public and easily parsable?
If you scrape Pastebin for research or even just out of curiosity, it quickly becomes apparent that there is an abundance of compromised data that is uploaded there by unknown malicious actors.
My question is, why is this still done given that there…
Boblicon
- 131
- 4
1
vote
1 answer
How do enterprises deal with SSO and Google backing up WiFi credentials?
Single Sign On in a company means that you have one set of credentials for all the services the company uses / provides to their employees.
Logically, these credentials might also be usable for Wifi.
Benefits for the employee: Only one password to…
PhilLab
- 205
- 1
- 6
1
vote
2 answers
How to mitigate the risks of using new, third party imported electronic accessories?
As someone who is naturally good at recognizing risk and who are striving to maintain a wholistic view on security, I’m wondering how to evaluate and reduce the risks of hardware accessories (I.e. charging plug-ins, Thunderbolt cables), specifically…
dopeideas
- 11
- 1
1
vote
3 answers
Can an unregistered phone with a prepaid SIM card be traced by the police?
Let's say that someone is using an unregistered phone — I mean just a phone that he bought in another country — with a prepaid SIM card. The person is sending messages only on WhatsApp, without making any calls. After he sends the messages, he…
Opi778
- 21
- 1
- 1
- 3
0
votes
2 answers
Not disclosing the password when tortured?
In Citizenfour, Edward Snowden says:
Because some of these documents are legitimately classified, in ways
that could cause harm to people and methods... Um, I'm comfortable in
my technical ability, uh, to protect them. I mean, you could…
twowo
- 103
- 1
0
votes
3 answers
Is there a way to answer security questions privately while in public?
Is there a strategy for answering security questions via telephone modestly securely while in an insecure environment? For example: I am at a coffee shop and am locked out of my account, I call the helpdesk to unlock and they ask for my userID, DOB,…
Matthew Peters
- 3,592
- 4
- 21
- 39