Sale!
Original price was: 2.199,00 EGP.1.300,00 EGPCurrent price is: 1.300,00 EGP.
Description
Price: $21.99 - $13.00
(as of Feb 05,2025 03:10:00 UTC – Details)
Customers say
Customers find the book an interesting and enjoyable read that provides useful information about privacy. They appreciate the author’s experience in the topic and the details provided on real-life cases. The book covers encryption techniques like 256-bit AES, MFA, and OAuth. However, opinions differ on how easy it is to use, with some finding it technical and understandable while others consider it too simple or basic.
AI-generated from the text of customer reviews
Related products
-
Elon Musk
0,00 EGP Add to cart -
Sale!
Trapped in a Video Game: The Complete Series
Original price was: 4.900,00 EGP.3.381,00 EGPCurrent price is: 3.381,00 EGP. Add to cart -
Rinsed: From Cartels to Crypto: How the Tech Industry Washes Money for the World’s Deadliest Crooks
0,00 EGP Add to cart -
The Phoenix Project: A Novel about IT, DevOps, and Helping Your Business Win
499,00 EGP Add to cart
Great Read to Protect Privacy
Let me begin by telling you that I thoroughly enjoyed this book. Being a cybersecurity professional (CISSP), my usual focus is on fortifying my organization, hardening systems and preventing cyber attackers, malware and those sorts of things. This book was different! Knowing it was written by Kevin Mitnick, I could not wait to get my hands on this book to provide me a view of the world from the other side of the table. His methods on The Art of Invisibility made this book completely interesting. I especially enjoyed the techniques he discusses throughout the book on protecting our privacy. When there is a steady, and slow, chiseling away of our privacy protections, we are completely blind to how we are losing our privacy. Kevin points this out and empowers readers with the ability to fight back and regain some of these lost protections. When I finished The Art of Invisibility (hard cover), I was planning to put the paper cover back on the book and place it neatly on my shelf, however, that did not happen. Kevin has so many useful tips, tricks and recommendations in this book, I really plan to keep this book in a place where I can frequently use it as a reference guide. In fact, I caught myself approaching this book as a study guide, much like certification testing material used for certifications. Additionally, Kevin places number references in the text so you can flip to the back of the book and find the respective number (by chapter) and find links and additional informationâ¦.great source of help!
A good read from an experienced
The book went over the various trends that were already happening and stated why we should try our best to keep ourselves protected in the cyber world. It’s a book everyone should read because cyber security is a real threat and yet many still are not aware of the potential harm it will bring to your life.Of course, the author went to the extreme and not everyone has to go that far. But it is definitely a good read on the topic.
Another Mitnick classic :D!
Having followed Kevin since his pre-incarceration days and dabbling in computers since 1983 I found this a great read in his series of tell all books.Security was never even a thought in the early days until some infected floppy disks (5 1/4″) started making the rounds in the latter 80’s. Even dialing into corporate modems was a cinch if you knew the phone number, no firewalls anywhere ;).Nowadays security is still an embarrassment and Kevin details the still most present common weakness, the user and Social Engineering. Knowing how to use those weaknesses though can also help you to arm yourself and at the same time cover your tracks. These books are not a how to step by step Script Kiddie guide. Some common sense and basic skills are required, but they simply give you some worthwhile ideas ;). Even a casual reader with minimal computer experience will still enjoy the stories of Kevin’s escapades. And walk away with a better understanding ;).
This need for vigilance reminds the anonymous participant to not log into any sites or applications with one’s real identity and that it is best to turn off one’s wireless router before you boot …com. 2. Use open wi-fi after changing our MAC address. 3.Find an email provider that allows the traveller to sign up without SMS validation or he/she can sign up for a skype-in number using Tor and a prepaid giftcard. With Skype-in, you can receive voice calls to verify one’s identity. Make sure to be out of camera view. Use Tor to mask the physical location when signing up. 4.Using a newly anonymous email address, sign up at a site such as paxful.com, again using Tor, to sign up for a bitcoin wallet, and buy a supply of bitcoin. Pay for them using the prepaid gift cards. 5.Set up a second anonymous email address and new secondary bitcoin wallet after closing and establishing a new Tor circuit to prevent any association with the first email account and wallet. 6.Use a bitcoin laundering service such as bitlaunder.com to make it hard to trace the currency’s origin. Have the laundered bitcoin sent to the second bitcoin address. 7.Sign up for a VPN service using the laundered bitcoin that does not log traffic or IP connections. A subscriber can usually find out what is logged by reviewing the VPN provider’s privacy policy. 8.Have a cutout [temporary hired hand] obtain a burner portable hotspot device on one’s behalf. Give the cutout cash to purchase it. 9.To access the Internet, use the burner hotspot device away from home, work, and other cell services. 10.Once powered on, connect to VPN through the burner hotspot device. 11.Use Tor to browse the internet.Much more common than travelling is the reality of corporate work life. There is tracking software on Corporate Owned, Personally Enabled (COPE) smartphones and service trucks with GPS to surveil employees. Some companies monitor employee’s outlook calendar entries, email headers, and I.M. logs, ostensibly used to help companies figure out how their employees are spending their time. Anything passing through a corporate network belongs to the company – it is not the employee’s. And when at work an employee must remember to always lock his or her computer screen. If concerned about privacy, one needs to not do anything personal while at work. Keep a strict firewall between one’s worklife and home life. Never use company wi-fi, turn off SSID broadcast if using a portable hotspot. There is the need to keep personal business out of the company computer systems, especially when searching for health-related topics or looking for a new job. There is also a technology called KeySweeper, which is a disquised USB charger that wirelessly and passively looks for, decrypts, logs, and reports back (over GSM) all keystrokes from any MS wireless keyboard in the vicinity, thus increasing the possibility of workplace surveillance.Impacted by resources used frequently at the workplace, Google Drive has introduced a new information rights management (IRM) feature; in addition to the documents, spreadsheets, and presentations created within Google docs, Google Drive now accepts PDF and other file formats as well. Useful features include the ability to disable the download, print, and copy capabilities for commenters and viewers. An employee can also prevent anyone from adding additional people to a shared file. Of course these management features are only available to file owners. That means if someone has invited an employee to share a file that person has to set the privacy restriction. Similar to this, SpiderOak is a service provider that offers the full benefits of cloud storage and sync capability along with 100% data privacy; this resource protects sensitive data through 2-factor password authentication and 256-bit AES encryption so that files and passwords stay private. Another concern to keep in mind is that in 2013 Google started what is called hotwording, which is a feature that allows an end-user to give a simple command that activates the listening mode in Chrome.Moving on, Shodan is a publicly available web search engine that exposes nontraditional devices configured to connect to the Internet; this resource not only displays from IOT devices at home but also from internal municipal utilities networks and industrial control systems that have been misconfigured to connect their sensors to the public network. Similar to this expanding network of remote inspection, a skilled technician can reverse engineer the protocol controlling a vehicle by intercepting and analyzing the GSM or CDMA traffic from a car’s onboard computer to the automaker’s systems. GodView is an administrative tool which is used by Uber to track the location of its thousands of contract drivers as well as their customers. If one rides a bus, train, or ferry to work, he or she is no longer invisible among the masses. Transit systems are experimenting with using mobile apps and near field communications (NFC) to tag riders as they get on and get off public transportation. NFC is a short-distance radio signal that often requires physical contact. Payment systems such as Apple Pay, Android Pay, and Samsung Pay all use NFC to make fumbling for quarters a thing of the past. According to Tesla’s privacy policy, the company may collect the VINs, speed information, odometer readings, battery usage information, battery charging history, information about electrical system functions, software version information, infotainment system data, and safety related data [all of which is touched on in the ownership paperwork, and frequently given only cursory inspection, while providing the vendor with plausible deniability with many concerns].Continuing with the topic of motoring, in one altercation with another motorist, the author describes: ‘I grabbed my cell phone, called the DMV, and impersonated law enforcement. I got the DMV to run his plates, then they gave me his name, address, and SSN. Then I called AirTouch Cellular impersonating an AirTouch employee, and had them do a search on his SSN for any cellular accounts.’ The author then gave the motorist a phonecall, communicating a terse reprimand. As an example from history, in 1888 that kind of constant exposure was still a shocking and disconcerting novelty. The Hartford Courant sounded an alarm: ‘The sedate citizen can’t indulge in any hilariousness without incuring the risk of being caught in the act and having his photograph passed around among his sunday-school children. And the young fellow who wishes to spoon with his best girl while sailing down the river must keep himself constantly sheltered.’On a different note with usage of corporate resources, exchangeable image file (EIF) data in a digital image contains, among other things, the date and time when the picture was snapped, the make and model of the camera, and, if you have geolocation activated on the device taking the photo, the longitude and latitude of the place where you took the image. ‘Some repressive governments … have taken photos of protestors at large anti-government rallies and then put the images on the Web. This is not using image recognition software so much as it is crowdsourcing the identification process.’ One can also perform what is called a reverse image search in google by clicking on the tiny camera within the google seach window and uploading any photo from your hard drive. In a few minutes the investigator will see any copies of that image findable online. In theory, if it one’s own photo, he or she should know all the sites that came up in the results. Consistent with remaining vigilant while on business travel, if a dating site is in use and is being accessed from someone else’s computer, or from a public kiosk computer, always remember to log out to make sure that no personally identifiable information is cached, or accessible to other kiosk users.Impacting the usage of mobile devices and according to Apple, its various products will automatically connect to networks in this order of preference: 1.the private network the device most recently joined. 2.another private network. 3.a hotspot network. If one has something sensitive to do away from the house, it is better to use the cell connection on your mobile device; he or she can also tether to a mobile device using USB, bluetooth, or wi-fi (preferably with WPA2 security). IPSec automatically includes PFS (perfect forward security) but not all services actually bother to configure it. VPNs are more expensive than proxies; if one’s particular VPN vendor keeps logs, read the privacy policy to make sure that the service does not retain traffic or connection logs – even encrypted – and that it doesn’t make the data easy to share. Again a factor while travelling, GoGo and other in-air services throttle UDP packets to prevent skype or other voice-call apps; most VPNs use UDP by default. UDP is preferable for ease and speed of connection, without guaranteeing delivery of the data payload.To remedy this concern, TorGuard and ExpressVPN are connection services that use TCP; one can also install a VPN on a mobile phone. Email providers such as google, yahoo, and MS retain login records for more than a year, and these reveal the particular IP addresses a consumer has logged in from. When one connects to a wireless network, the MAC address on a computer is automatically recorded by the wireless networking equipment. A best practice is to never trust a public PC terminal. Even if one is using a telephone-based dial-up modem or a cable-based ASM (any-source multicast) router (available from Cisco and Belkin, among others), these devices have had their share of software and configuration issues. It is best to always download the latest firmware and to update the router configuration settings. If an end-user does not have the instructions for the router in question, there’s an online list of URLs that tells the investigator what to type into the browser window so as to connect directly to the router on a residential network.Helping to understand better the need for VPNs, there is a hacker tool called Aircrack-NG that can reveal the authorized MAC address of a currently connected user and then an attacker can then the MAC address to connect to the wireles router. Also an important consideration with residential wireless security, WPS (Wireless protected setup) is vulnerable to the attack method called Pixie Dust, which is an offline attack that affects only a few chip makers, including Ralink, Realtek, and Broadcom, and it works by helping hackers gain access to the password on wireless routers. Therefore, it is a good idea to turn off WPS. There is also theft-tracking software: when someone using the software reports that his or her school system-issued laptop has been stolen, the school system administration department can log on to a website and see images from the stolen laptop’s webcam as well as hear sounds from the microphone. Furthermore, whether from a corporate, educational, or private residential network, it is a good idea to avoid clicking on email attachments unless opening them in Google Quick View or Google Docs. AdBlockPlus is an effective ad-removal plugin that complements smooth email access in all these contexts and helps to minimize the possibility of malware infection.Providing important perspective on when and when not to access certain online resources, 70% of health sites’ URLs contain information exposing specific conditions, treatments, and diseases. While it is important to have HTTPS Everywhere enabled in the browser while accessing such material, any person using a browser needs to remember that it encrypts contents of sites but not the URL. In order to know better about how to be anonymous while online, Panopticlick com is a site built by the Electronic Frontier Foundation that will determine just how common or unique a browser configuration is compared to others. Marketers, criminal hackers, and governments are all trying to get information that a private end-user may not want to give. Addressing this concern, NoScript is a Firefox plugin that effectively blocks just about everything considered harmful to the typical residential computer (the equivalent for Chrome is called ScriptBlock). With such a resource implemented, there should be no flashing ads on the google home page, otherwise the computer/browser may be compromised. For both Firefox and Chrome, Ghostery is a utility that identifies all the web traffic trackers that sites use to follow an individual end-user’s activity. Having multiple online personality profiles dilutes the privacy impact of having only one identifiable address, and thus the serious pursuer of anonymity must be firmly aware of hardware, software, and circumstantial challenges.To add further perspective with web browser security, magic cookies provide third parties with information about account and specific preferences; they are proxies for the data that lives on the back end of the website. OAuth is an authentication protocol that allows a site to trust an end-user even if one does not enter a password, and thus is important to be aware of. Facebook Disconnect for Chrome is used to block facebook services on third party sites. ‘Given what Facebook knows about its 1.65 billion subscribers, the company has been fairly benevolent – so far. It has a ton of data, but it, like Google, has chosen not to act on all of it.’ ‘The best way to remove a toolbar is to uninstall it the way you would uninstall any program on your traditional PC. But some of the most persistent and parasitic toolbars may require you to download a removal tool, and often the process of uninstalling can leave behind enough information to allow advertising agents related to the toolbar to reinstall it.’ ‘A geolocation discrepancy like this often flags an attempt to purchase as possible abuse. [in reference to online transactions made via Tor].’Moving deeper on the issue of website security, Content Delivery Networks (CDNs) cache pages for their clients to deliver them faster, no matter where one is in the world. ‘…Every website should have a certificate, a third party guarantee that when you connect the website is not fraudulent.’ An ‘extended verification certificate’ is the most stringent level of certificate verification. http://BENWERD COM/LAB/GEO.PHP is a test site that will tell the end-user whether the browser is reporting the location to other resources on the Internet. CTRL-SHIFT-I can be used to open the developer tools, and thus the informed end-user can work on countering this type of surveillance. Mentioned above, HTTPS Everywhere is the best way to prevent Javascript injections from monitoring one’s activity via the browser. Google Dashboard gives any person full control should he or she ever want to remove synced information from your account, in addition to the steps enumerated above. Even if one is not logged into MS, Yahoo, or Google accounts, the IP address is still tied to each search engine request. One way to avoid this one-to-one match is to use the google-proxy Startpage.com or the search engine DuckDuckGo [which is typically used in tandem with the Tor browser].As an aside, an important piece of meta-data is that open-source and nonprofit organizations provide perhaps the most secure software and services because there are literally thousands of eyes pouring over the code and flagging anything that looks suspicious or vulnerable. Apps such as AIM, Blackberry Messenger, and Skype all store messages without encrypting them. That means the service provider can read the content (if it’s stored in the cloud) and use it for advertising. AIM keeps an archive of all messages sent through its service; it also saves the message content, keeping records of the messages in the cloud in case the end-user ever wants to access a chat history from any device different from the one where the last session took place. Off the Record (OTR) messaging is a higher standard of end-to-end encryption protocol used for text messages and can be found in a number of products: ChatSecure, Signal, Cryptocat, and Tor Messenger and thus directly supports a project of anonymous internet usage.To clarify an important point with the usage of mobile devices, the IMSI (International Mobile Subscriber Identity) is a unique number assigned to a phone’s SIM card; the first part of that number uniquely identifies the mobile network operator and the remaining part identifies the mobile phone. With mobile devices in general, the 2G network offered two standards: Global System for Mobile Communications (GSM) and Code Division Multiple Access (CDMA). That technology also introduced short message service (SMS), unstructured supplementary service data (USSD), and other simple communication protocols that are still in use. While in a live environment, an important piece of information is that Signalling System Protocol keeps mobile calls connected when driving along a freeway and switching from cell tower to cell tower; this handles the process for call establishment, billing, routing, and information exchange functions. VoIP uses the same coaxial cable that brings streaming video and high-speed internet into your home. ‘…Whenever you write an email, no matter how inconsequential, and even if you delete it from your inbox, remember that there’s an excellent chance that a copy of those words and images will be scanned and will live on.’As countermeasures for this risk, PGP, OpenPGP, and GPG (GNU Privacy Guard) are interoperational methods of email encryption. ‘…When you receive an unsolicited phone call from your bank asking for your SSN or account info you should always hang up and call the bank yourself.’ Public algorithms have been vetted for weakness (as discussed above with opensource software). When one encrypts a message – an email, text, or phone call – it is highly adviseable to use end-to-end encryption. That means the message stays unreadable until it reaches its intended recipients; only sender and receiver have the key to decode; a researcher can do a google search for ‘End-to-End Encryption Voice Call. [to circle back to the brief discussion above about VoIP]’ On the same note, MailVelope is a PGP plug-in that handles the public and private encryption keys. Metadata is information in the to and from fields, IP address of involved servers, and the subject line. These pieces of information are not typically encrypted. Therefore, third parties will still be able to see the metadata of an encrypted message unless this concern is specifically addressed.Moving on with the topic of telephony, Call Detail Records (CDRs) show the time a call was made, number dialed, length of the call, and number of times a particular number was called; this information can be used in tandem with social engineering (which is a ‘hacking technique that uses manipulation, deception, and influence to get a human target to comply with a request’). An app developed at Dartmouth College matches patterns of stress, depression, and loneliness in user data, and thus very intimate details can be divulged in an unsecured discussion. To be truly invisible and counter such a concern, a few things are essential: removal of true IP address, obfuscation of hardware and software, and defense of anonymity. Instead of hosting one’s own proxy, he or she can use a service known as an ‘anonymous remailer’ which will mask your email’s IP address for the sender. These services can be identified with a search engine and change the email addresses of the sender before sending the message to its intended recipient. And an anonymous remailer can be used in tandem with Tor, which was designed to be used by people living in harsh regimes as a way to avoid censorship of popular media and services and to prevent anyone from tracking what search terms they use. There are several weaknesses with Tor: no control over the exit nodes, which may be under the control of government or law enforcement, a user can still be profiled and possibly identified, and Tor is very slow [due to the additional, robust security precautions]. A very basic rule is that one has to keep anonymous accounts completely separate from anything that could relate back to a true identity (and the Tor browser certainly helps with this). To communicate in secrecy, one will need to create new email accounts using Tor so that the IP address setting up the account is not associated with a real identity in any way.Moving on, there are email services that don’t require verification, and if one does not need to worry about authorities, Skype numbers work well for google account registration and similar stuff; after using Tor to randomize the IP address, and after creating a gmail account that has nothing to do with one’s real phone number, google sends the phone number a verification code or a voice call. An end-user needs to be aware of all the ways that someone can identify him or her even if undertaking some (but not all) of the precautions described; an explorer needs to perform due dilligence every time anonymous accountsare used. As emphasized above, end-to-end encryption is very important.Reflecting the impressive breadth of this book, Elcomsoft Phone Password Breaker (EPPB) is discussed as a utility that is intended to enable law enforcement to access iCloud accounts. Similar to this, iBrute is a password-hacking mechanism specifically designed for acquiring iCloud credentials. Choosing a hard-to-guess password will not prevent hacking tools like oclHashcat, which leverages GPUs for high-speed cracking. Similarly, John the Ripper is an open source password guessing program; it is able to permute the password letters using rule sets that are extremely effective. With that said, obfuscation is a powerful factor, as being one of hundreds of millions of participants in the world-wide online community, and also the time-intensive nature of cracking well-put-together passwords.On this very same note, one also have the option to forego the creation of a password and automate the process with a digital password manager; he or she can use a digital locked vault and allow one-click access when needed; password managers use one master password for access; if the master password is lost then all passwords are lost. Very similar to password selection, Strong passphrases of at least twenty characters are the best and it is best to never use the same password/passphrase for two different accounts; PasswordSafe and KeePass are open-source password managers that only store
We obviously live in an age of increasing digital surveillance, informed by the prevalence of ipads, iphones, laptop computers, and desktop computers. There is even increasing discussion of the ‘internet of things’ where microwaves, thermostats, and televisions can become nodes on a larger network. And people can have legitimate needs to create an anonymous identity, such as in a legal dispute with a former partner or a disagreement with a corporate chain of command, and this need for a separate identity has to be matched with a willingness to rigorously defend it from potential disclosure. There are resources available to help with this endeavor, such as with VMWare Fusion to create a virtual machine on which Tails is used as the operating system and Tor is used as the browser. There is also the option to use a chromebook for all online banking, in addition to another workstation for routine, day-to-day usage. This need for vigilance reminds the anonymous participant to not log into any sites or applications with one’s real identity and that it is best to turn off one’s wireless router before booting the anonymous laptop at the residence. The secondary laptop can be purchased with gift cards while exercising extreme caution due to surveillance cameras; there is also the option to hire a randomly chosen person to make the purchase of non-refillable gift cards (such a candidate can also be used to go into a Verizon, AT and T, or T-Mobile store to purchase a personal hotspot for $200, in exchange for $100 cash compensation). There is also the guidance in the book to change the MAC address of your machine each time public wi-fi is accessed so that the system unit is not identifiable.An important point to remember is that when the personal hotspot is turned on, the device registers with the closest cell tower. Furthermore, anonymity is supported by remembering to never turn on one’s personal phone or laptop in the same place where turning on the anonymous laptop, burner phone, or anonymous hotspot takes place. As mentioned above, the Tor browser must always be used to create and access all online accounts associated with this anonymous identity. Protonmail.com, Tutanota.com, and fastmail.com are resources available that support anonymity. Funding to support an anonymous identity will have to be run through an anonymity mechanism: such as to convert prepaid giftcards into Bitcoin and then running the Bitcoin through a laundering service. Supporting this endeavor, the Tor browser can be used to set up an initial bitcoin wallet at paxful.com. And tumblers are a specific form of online laundering service where Bitcoin is taken from a variety of sources and then mixed together so that the result retains value and carries traces of many owners, thus diminishing further the possibility of identification. In addition to using the resources specified thus far, this endeavor makes advantageous the use of a VPN, and to make certain to closely review a VPN provider’s terms of service and privacy policies. This complete ‘invisibility’ setup can cost from $200 up to $500; while while this requires a certain investment of capital, the pursuer of comprehensive privacy can them move onward.With this set up in place, an important point to remember is that electronic devices can measure the nanosecond differences in the way each person presses keys on keyboards. This can lead to a ‘keystroke profile’ and to counter this, KeyBoard Privacy is an available plugin for the Chrome browser. Moving along after acknowledging this keyboard-related issue, the Deep web includes subscription-only sites and corporate intranet sites, whereas the Dark Web is where the Silk Road exists along with the ability to hire an assassin and acquire child pornography. Already mentioned a number of times, Tor (or the Onion router) was created by the US Naval Research Lab, and is vital for the implementation of these privacy steps while traveling. In this context, a number of pointers are important: 1. Clean up any sensitive data before you travel and perform a full backup. 2.Leave the data there [on the computer] but encrypt it with a strong key; do not keep the passphrase with you. 3.Upload the encrypted data to a cloud service, then download and upload as needed. 4.Use a free product such as VeraCrypt to create a hidden encrypted file folder on your hard drive. 5.Whenever entering your password into your devices, cover oneself and one’s computer with a jacket. 6.Seal one’s laptop and other devices in a FedEx or other Tyvek envelope and sign it.Furthermore, this book also describes that there are Automated Targeting Systems (ATS) that create an automatic dossier about a traveller when commuting internationally. And when deleting data on a computer it is important to remember that deletion changes to the MBR entry for a file (the index used to find parts of the file on the hard drive); the file (or some of its parts) remains on the hard drive until the new data is written over that part; it is very difficult to ‘wipe’ a solid state drive. Related to this, an important point is that ‘…if you plug your iphone into another person’s computer and ‘trust’ it, a trusted relationship is created between the computer and the iOS device which allows the computer to access photos, videos, SMS messages, call logs, and WhatsApp messages..’ For iTunes backups, it is good to set a password for encrypted files. If an end-user needs to share files, and he or she is using an Apple product, there is the option to use ‘Airdrop;’ if a phone needs to be charged, the lightning cable plugged into the system or an electrical outlet, not into someone else’s computer.When going through any security checkpoint, it is important to make sure one’s laptop and electronic devices are the last on the conveyor belt. Along with this, to encrypt an entire drive, there are different options available: Symantec’s PGP Whole Disk Encryption, Windows WinMagic, and OSX File Vault 2. An important point to consider, along with drive encryption, is that Tails is an OS that can be booted up on any modern-day computer to avoid leaving any forensically recoverable data on the hard drive, preferably one that can be write-protected. Tails can be downloaded onto a DVD or USB stick, and the BIOS firmware or the EFI initial boot sequence can be set for either DVD or USB so as to boot the Tails distribution. And while the utility provides a useful advantage, there are potential issues with Bitlocker: it uses a pseudorandom number generator called Dual_EC_DRBG which might contain a NSA backdoor, it is privately owned, and the key must be shared with Microsoft unless purchased for $250.While travelling, there is also the need to be aware of the possibility of an Evil Maid Attack, which involves a powered-down laptop whose hard drive is encrypted. Someone enters the room and inserts a USB stick containing a malicious bootloader. The target laptop must then be booted off the USB to install the malicious bootloader that steals the user’s passphrase, and the maid can re-enter almost any hotel room the next day and type in a secret key combination that extracts the key combination. Providing additional perspective there are a number of steps that can be taken to use the Internet privately while travelling: 1.purchase prepaid gift cards anonymously. In the EU, you can purchase prepaid credit cards anonymously at viabus
Worth the read. Some really good points.
Livro MAIS do que recomendado.
I found this book very interesting
Author explained very well about the various cyber security measures and threats in this book, however new tools/ threats have emerged since the time of writing. Seems Microsoft is also implementing rust code for windows 11 kernel inplace of c++ language, so there would be somewhat better protection post kernel updates in 2023. At this time, Cyber security is very crucial knowledge and this book can help everyone to get acquainted on the various ways one could get hacked,it seems like as a user we can do little things to protect, but if Someone is specially targeted it will be very hard to fully protect themselves, since threat can come in several ways (from USB charging cable,CCTV camera, IOT products, smartwatch, wifi router everything which has a chip can be hacked). Hope everyone can get conscious of this cyber threat and protect themselves as much as possible. Hacker defensive manual is also another good book
In this age, taken as a bad dream of 1984. Even if you have nothing to hide, you have everything to protect.This book is a great starting point for that journey.