General Security against Hackers/Malware/etc - Tech Support | futures.io
futures.io futures trading
 

Go Back   futures.io

> Futures Trading, News, Charts and Platforms > Off-Topic > Tech Support


General Security against Hackers/Malware/etc
Started:October 18th, 2016 (01:15 PM) by CobblersAwls Views / Replies:286 / 4
Last Reply:October 25th, 2016 (12:22 PM) Attachments:0

Welcome to futures.io.

Welcome, Guest!

This forum was established to help traders (especially futures traders) by openly sharing indicators, strategies, methods, trading journals and discussing the psychology of trading.

We are fundamentally different than most other trading forums:
  • We work extremely hard to keep things positive on our forums.
  • We do not tolerate rude behavior, trolling, or vendor advertising in posts.
  • We firmly believe in openness and encourage sharing. The holy grail is within you, it is not something tangible you can download.
  • We expect our members to participate and become a part of the community. Help yourself by helping others.


You'll need to register in order to view the content of the threads and start contributing to our community. It's free and simple, and we will never resell your private information.

-- Big Mike
     

Reply
 
Thread Tools Search this Thread

General Security against Hackers/Malware/etc

Old October 18th, 2016, 01:15 PM   #1 (permalink)
Elite Member
London, United Kingdom
 
Futures Experience: Intermediate
Platform: N/A
Broker/Data: Bloomberg
Favorite Futures: Energies
 
CobblersAwls's Avatar
 
Posts: 253 since Jul 2014
Thanks: 800 given, 308 received

General Security against Hackers/Malware/etc

Hi,

I thought I would start a thread so that people could share information on preventative methods against hackers/malware and other security threats that are pretty common nowadays. These things are essential to everyone, but I feel even more so for traders and those with personal businesses.

I will update the summary with the best bits of information. Please keep this strictly on-topic and post only helpful and relevant information.

Thanks.

Reply With Quote
     
The following user says Thank You to CobblersAwls for this post:
     

Old October 18th, 2016, 01:45 PM   #2 (permalink)
Elite Member
London, United Kingdom
 
Futures Experience: Intermediate
Platform: N/A
Broker/Data: Bloomberg
Favorite Futures: Energies
 
CobblersAwls's Avatar
 
Posts: 253 since Jul 2014
Thanks: 800 given, 308 received

Some rules used at work that could be replicated:

(1) Use two machines. Primary machine will have all important software and files related to trading on it. Do not use this machine to browse the internet or download anything. In fact it is probably best to delete all shortcuts to browsers.

Secondary machine (laptop also suitable) should be used for browsing online, downloading software and other general use. Emails should also be handled on this machine. The amount of emails we receive with fake 'resume/cv' attachments that are viruses is crazy. We now filter straight to quarantine.


(2) Have both anti-virus and anit-malware software. I use Kaspersky and Malwarebytes and have never had any issues. If there are any they usually get rid of them pretty quickly. If you do ever get a virus. The best thing to do is a hard reset (wipe your HDD and re-install everything). As such I keep a back-up of all my important files.

If you cant do a hard reset then learn to dig out a virus yourself as some are good at hiding from anti-virus software (trojans in particular). Bear in mind this is for more advanced users, but access cmd as administrator and follow some of these guides:

Removing a virus without using any anti-virus software - All
How to Remove Virus from Your USB Using DOS Command if Infected | TechGainer

Reply With Quote
     
The following 3 users say Thank You to CobblersAwls for this post:
     

Old October 20th, 2016, 05:09 PM   #3 (permalink)
Elite Member
London, United Kingdom
 
Futures Experience: Intermediate
Platform: N/A
Broker/Data: Bloomberg
Favorite Futures: Energies
 
CobblersAwls's Avatar
 
Posts: 253 since Jul 2014
Thanks: 800 given, 308 received

Email Encryption


I want to start covering encryption as I've become increasingly concerned at the amount of my data being mined, and in particular the brazen attitude that companies take towards it in that they no longer even bother to be discrete.

One such instance that happened recently was that of Linkedin. I recently signed in to check some stuff and saw that a lot of the recommendations for new connections were people that I had no link to outside of my private work email. This troubled me so I decided to look away from gmail at some other options. The two best options I've found so far are:

ProtonMail (https://protonmail.com/security-details)
Initial impressions suggest that this service will suit most people's needs here. It offers good end to end encryption and being based in Switzerland is outside the 'Fourteen Eyes' which is important.


Quoting 
At ProtonMail, our goal is to guard against mass surveillance and we feel the best way to do that is to give encryption to everybody. The only way to do that, is to make encryption easy to use. This is why ProtonMail works out of any modern web browser, and why we went to great lengths to make the cryptography completely invisible to the user. However, this approach does come with certain shortcomings.

1. Compromised User – This is the most common type of compromise. Even if you use the world’s most secure electronic communication system, advanced encryption does you no good if there is a keylogger on your computer recording all of your keystrokes. ProtonMail does not and can not guard against a compromise of a user’s machine.

2. Man-in-the-Middle (MITM) Attacks – This is a very rare attack where an adversary will sit between the user and the ProtonMail servers and tamper with the data being relayed between the user and the server. However, because ProtonMail messages are encrypted before they leave the user’s browser, an attacker cannot get message data by simply listening in on the communications. The attacker would have to actually send the user’s browser a modified version of the ProtonMail website which may secretly pass the mailbox password back to the attacker. This is a far more difficult attack that can typically only be executed by a strong adversary (like a government) and is generally a targeted attack. It cannot easily be used on a large scale to perform mass surveillance.

Fortunately, there are several ways to protect against a MITM attack. ProtonMail employs SSL to ensure our encryption codes are properly delivered to user’s browsers and not tampered with en-route. Generally speaking, a successful MITM attack requires breaking SSL, typically by using a forged SSL certificate. There are browser plugins in existence today which can be used to detect forged certificates and greatly reduce the risk of a MITM attack. We recommend Certificate Patrol or Perspectives (although the second one may need more time to mature).

3. Unauthorized backdoor – Another attack vector would be if an attacker somehow gained access to ProtonMail’s servers in Switzerland without us noticing. Such an attacker could conceivably change the ProtonMail software to send bad encryption code to user’s browsers that would somehow allow the attacker to get unencrypted data. ProtonMail has implemented numerous safeguards against this on the server level. We have routines that constantly scan for code changes and will detect them. The attacker would have to gain control of the server, instantly change the behavior of the code scanners, and then modify the software all without anybody at ProtonMail noticing. The odds of this being successfully executed is indeed quite low.

Our risk analysis indicates that ProtonMail offers good (but not perfect) protection for the vast majority of users. There are however some risks for users facing a strong adversary, such as a government focusing all its resources on a very specific target. In such a case, we don’t think crypto would be of much benefit as this XKCD comic would apply.
Below are some examples of recommended, and not recommended use cases for ProtonMail


NOT RECOMMENDED:

Edward Snowden – If you are Edward Snowden, or the next Edward Snowden, and have a life and death situation that requires privacy, we would not recommend using ProtonMail. For extremely sensitive situations, it is simply not a good idea to use email as a medium for communications.


RECOMMENDED:

Sensitive business communications – You have sensitive business information that you want to make sure is protected from competitors and other malicious parties. For example, you fear a competitor may want to sue you under false pretenses to get access to sensitive data. In this case, ProtonMail offers a great deal of protection. ProtonMail will not release ANY data unless provided with an enforceable Swiss court order. To get such an order, the case must first work its way through the Swiss courts where stricter privacy laws might result in a different ruling. Even if an adversary went through the expensive and time consuming procedure of obtaining such an order, ProtonMail’s zero access cryptography means we would only be able to release data that is encrypted since we do NOT hold the decryption keys.
Private Citizen with Privacy Concerns – ProtonMail is also perfect for an individual (or corporation) that does NOT want the government to have access to all of their emails at any time, and does not like Google or Microsoft constantly scanning and archiving all conversations. With ProtonMail, the barrier of entry for mass surveillance is high enough that mass surveillance simply is not practical. This is an example where ‘good privacy’ can act as a meaningful substitute to ‘perfect privacy’.

We would like to conclude with a few thoughts about privacy and surveillance in general. Some people make the assertion that if you are NOT a criminal, there is no need for privacy. To those critics, we simply ask, does that mean that only criminals have curtains over their windows?

On a more serious note, there are also critics who assert that by building ProtonMail, we are providing a powerful tool for criminals to evade the authorities. There is no denying that ProtonMail provides a high level of security and privacy for criminals, but one has to remember that the world does not consist of just criminals. There are also dissidents, and democracy activists living under authoritarian regimes where freedom of speech is not respected. Then, there are the rest of us, law abiding private citizens who simply want control over our online data. We can either choose to live in a world where everybody is under surveillance, or a world where everybody (criminals included) have privacy. We feel that the right to privacy is a fundamental human right, and we are willing to fight and work towards protecting that right.


PGP - Using Thunderbird and Enigmail.
This method uses the mozilla thunderbird email suit and combines it with PGP encryption to secure your email. This works in a similar way to ProtonMail but some argue is more secure. You can read about it more here (https://support.mozilla.org/en-US/kb/digitally-signing-and-encrypting-messages)


I have yet to decide which method I'm going to use, but if you have any further suggestions or additional ways to improve security then please do let me know.

Reply With Quote
     
The following 3 users say Thank You to CobblersAwls for this post:
     

Old October 22nd, 2016, 03:43 PM   #4 (permalink)
Trading Apprentice
London United Kingdom
 
Futures Experience: Beginner
Platform: NinjaTrader
Favorite Futures: ES
 
Posts: 12 since Dec 2014
Thanks: 1 given, 2 received

This is a very timely thread. The same day it was started, this happened to me:

NT7 started ok in the morning, but when I tried to start it in the afternoon, I had trouble starting it, and my Continuum connection was not listed. Also, I could not sign in to NT forum or Forex Factory, but could access other websites. Restarted laptop and router. Switched on Opera VPN. I could now connect to NT forum and Forex factory, and the Continuum connection was now in NT7. Later I noticed a Windows Homegroup icon to share files had appeared on my desktop. Was I hacked? Anyone with any similar experiences?

Reply With Quote
     

Old October 25th, 2016, 12:22 PM   #5 (permalink)
Elite Member
London, United Kingdom
 
Futures Experience: Intermediate
Platform: N/A
Broker/Data: Bloomberg
Favorite Futures: Energies
 
CobblersAwls's Avatar
 
Posts: 253 since Jul 2014
Thanks: 800 given, 308 received

VPN

Futures Edge on FIO
Using a VPN(Virtual Private Network) is a great way to add an additional layer of security and privacy to your online network and be very useful as I'll outline below. However, it seems that due to the rising awareness of the need for privacy and VPNs, there are many providers who are faking reviews and ratings on blogs and other sites in order to generate traffic. Others offer free VPN services but then sell your data to generate income - in such a case you are simply better off not using a VPN at all. You can read more about issues here (https://www.reddit.com/r/VPN/comments/4iho8e/that_one_privacy_guys_guide_to_choosing_the_best/)


Below is a list of some uses for VPNs:


Access a Business Network While Travelling: VPNs are frequently used by business travellers to access their business’ network, including all its local network resources, while on the road. The local resources don’t have to be exposed directly to the Internet, which increases security.

Access Your Home Network While Travelling: You can also set up your own VPN to access your own network while travelling. This will allow you to access a Windows Remote Desktop over the Internet, use local file shares, and play games over the Internet as if you were on the same LAN (local area network).

Hide Your Browsing Activity From Your Local Network and ISP: If you’re using a public Wi-Fi connection, your browsing activity on non-HTTPS websites is visible to everyone nearby, if they know how to look. If you want to hide your browsing activity for a bit more privacy, you can connect to a VPN. The local network will only see a single, secure VPN connection. All the other traffic will travel over the VPN connection. While this can be used to bypass connection-monitoring by your Internet service provider, bear in mind that VPN providers may opt to log the traffic on their ends.
This final point is why it's essential to use a trusted VPN service that will not access or sell your data!

Access Geo-Blocked Websites: Whether you’re an American trying to access your Netflix account while travelling out of the country or you wish you could use American media sites like Netflix, Pandora, and Hulu, you’ll be able to access these region-restricted services if you connect to a VPN located in the USA.

Bypass Internet Censorship: Many Chinese people use VPNs to get around the Great Firewall of China and gain access to the entire Internet. (However, the Great Firewall has apparently started interfering with VPNs recently.)


Note that when looking for a VPN provider, it's best to find one that secures your anonymity, privacy and security whilst also offering fast connections and top quality servers.

FINAL NOTE: As most of us will be concerned with trading, I thought I'd mention that a VPN might not be the best idea to install on your trading PC as it can hinder D/L and U/L speeds. This is the same with firewalls. Many professional outfits will disable firewalls on the machine they execute trades on to further increase speeds, but as a result will never use the machine for anything other than trading otherwise you are welcoming attacks. Please read up on this more if you decide to turn off your firewall.

Reply With Quote
     

Reply



futures.io > Futures Trading, News, Charts and Platforms > Off-Topic > Tech Support > General Security against Hackers/Malware/etc

Thread Tools Search this Thread
Search this Thread:

Advanced Search



Upcoming Webinars and Events (4:30PM ET unless noted)
 

NinjaTrader 8: Features and Enhancements, Tips and Tricks

Dec 6
 

Al Brooks: Stop Losing when a Good Trade goes Bad, Correcting Mistakes

Elite only
 

Trading Technologies: Algo Design Lab hands-on

Dec 13
     

Similar Threads
Thread Thread Starter Forum Replies Last Post
Bank Hackers Steal Millions via Malware kbit News and Current Events 0 February 14th, 2015 07:26 PM
Hackers bypass online security at 34 banks kbit News and Current Events 0 July 22nd, 2014 08:53 PM
FBI: 'We are losing to hackers' kbit News and Current Events 1 March 30th, 2012 01:02 AM
.....Hackers, IT units focusing on smartphone security kbit News and Current Events 0 December 30th, 2011 02:30 PM
Lax security at Nasdaq helped hackers kbit News and Current Events 0 November 18th, 2011 12:51 PM


All times are GMT -4. The time now is 12:35 AM.

Copyright © 2016 by futures.io. All information is for educational use only and is not investment advice.
There is a substantial risk of loss in trading commodity futures, stocks, options and foreign exchange products. Past performance is not indicative of future results.
 
no new posts

Page generated 2016-12-02 in 0.13 seconds with 19 queries on phoenix via your IP 54.146.141.60