The End User Patch

Below is the beta version (0.1) of the End User Patch, the “JoDo”, by John Doe. You can read more about how he came about it here. The patch requires no installation and improves security on all devices and platforms simply by reading it. The security increase is estimated to be around a whopping 80%.

JoDo v0.1:

We’ll address the IoT stuff first

Stop acquiring IoT devices. When did you ever need a web interface for your dryer? It’s easier to turn the dial to 60 than to click three to four buttons on a PC. You don’t need a MacBook to operate your microwave. It’s more of a hassle to put food in, go to your MacBook, set the timer, and return to the microwave. That’s why the microwave has a keypad or dial, so that you can activate it without leaving the area. Why did you learn to drive? To drive a car, yes? You don’t need some “smart” software to do it for you. In fact, shocking as it may be, you don’t need GPS to find the Seven Eleven, you can get directions from the gas station. You do not want your door lock to be connected to the internet. That makes it vulnerable to hackers. You will find that a regular lock key is immune to remote attack and even local hacking.

Next, address the hand-helds

Don’t download unofficial software. Your mobile device comes with a built-in package manager. You needn’t understand this. All you need know is that is you “Software Center” or “App Store”. You get safe and verified applications from there. Anywhere else is a risk. You do not need superuser privileges if you are not a superuser. To clarify, if you cannot manually configure things, if you do not understand the difference between an OS and a kernel are, if you have never made system changes without the aid of a How-To or automated software or your friends, then you are not a superuser. The commercial game you want to download from an unofficial source is not free. It is pirated and therefore you still pay for it by risking your security. Is risking all your online accounts, saved passwords, personal information, and nude selfies worth saving five bucks? In case you’re feeling indecisive, the answer is no. Not even for double, triple, or one-hundred times that. What is your phone for? Answer for the two-dgit IQ: making calls and sending texts. So do you need a plethora of apps? No. You may benefit from VOIP and IM apps because they’re cheaper. You may benefit from social media apps. But that’s it. Can you really enjoy a movie on a five inch screen? Be honest. No. Do you need a music player? Maybe, if you don’t own another music player or an iPod, yeah. But that software comes stock so you don’t need to download one. Your phone is not a home theatre or media centre and you will never make it one. Can you really enjoy gaming on a 5 inch screen? Yes. But, can you enjoy gaming without a proper gamepad or kayboard? If you’re a hardcore games, then no. If you’re a casual gamer, the games that you’d enjoy are available from the official store. Do not install all apps on one device. Your phone should be kept strictly for comms. If it is a smartphone, install IM and VOIP, by nothing else. There’s no need for XYZ Saga. Use your tablet. The same is true of web browsing. You don’t need to browse the web every second of every day. Smartphones give a generally bad experience any way. Use a PC or your tablet. By the same token, do not use your tablet for sensitive apps. It is not a good idea to have a banking app on the same device as a game from some publisher with about five downloads and no reviews. The official software sources are usually safe, but it is foolish to rely completely on a system. Don’t have more than one device? Get one. Get a cheap smartphone for your games and insecure activities. If you cannot afford a secondary device look at your monthly expenditure. There is one smart device that retails for less than twelve slabs of chocolate. In other words, one less slab of chocolate per month covers the repayment on a twelve-month credit.

Personal Computers

Do not download software from unofficial sources. Open source software is different because it can usually be trusted to not be malicious. However, if you cannot build it yourself, you probably should not use it. It will appear in your operating system’s repositories when/if it meets the quality and security criteria. Keep your system up to date via to official method described by your OS documentation. If you do not understand, call your IT person.

General

Do not download or click on anything you see on the internet. There’s no magic pill to enlarge your penis. If you need a bigger penis, it is recommended you speak to a medical practitioner. There aren’t tons of singles dying to meet you. How can there be when they don’t know you? To find singles, use reputable sites. Paid-for sites are highly recommended because they filter out out scam-artists. If you want a free platform to meet potential soul mates, there’s a free service called The Outside World. You do not need to click on porn adverts because there are many, erm, reputable porn (sounds like an oxymoron) services through the internet or cable. Surprisingly your local video rental will have media too. You do not need to click adverts for clothing, fashion, make-up, or diets. All these can be obtained for a small fee at the mall. Is your security really worth the off-chance that an outrageous claim that you can shed five kilograms per day is true? High speed weight loss is detrimental to your health and leaves you with flabby skin and a fatigued look. So the answer is no, unless you want to look like the undead. Use a different password for each site you frequent or lock you have. It does not need to be something like @#$%B2A16709. Length is much better strength than complexity. Experts have been saying for years that using some simple words and a non-dictionary one is sufficient. Something like MyKittieIsPregnant@8Months is very hard to crack or guess so consider it. It also meets the criteria that more sites force on their users. Another example, WishIWas30&Flirtie. Do not store sensitive information digitally if you are not well-read on Information Security. Programs may promise to secure your data and passwords, but taking their word for it without assessing them and at least doing some research on them is similar to accepting an offer for heart surgery from a door-to-door salesman. If you have any doubts, remember the most secure place to store passwords is on a piece of paper. Paper, so long as stored and hidden responsibly, is immune to remote attack. If you have your own shorthand, even better, because deciphering it is difficult so if your adversary gains possession of it, it may be useless to them. Never give your details out. A site will never ask for your password or user name except when you login. They’ll never ask by email. If you receive an email from a site telling you to log in, never use the link in the email. Always log into the site from your browser history, bookmarks, or memory. Make sure the address starts with https for extra protection. Do not click links in emails generally, unless they are emails you are expecting, for example an account activation link. Do not login after activating you account, leave the site and return using the above-mentioned methods. Do not download attachments from emails unless you’re expecting them. Example A: your friend sends you some holiday pictures. This is fine. Example B: a random email offers a free something. Not a good idea

Finally:

Disconnect. Ask yourself the following questions about anything you do online.
Did I need to do this online ten years ago?
Did I ever need to do this online?
Can it easily be accomplished without physical internet access?
Do I even need an electronic device for this?
Do I even need to do this?
Do I even need this in my life?

Imagine how you’d feel, after reading all this, if you were the victim of cyber crimes. Imagine how bad you’d feel if a friend, family memeber, or other loved one was harmed by a virus that mailed itself to them from your PC all because you didn’t heed this warning.

Done!

Congratulations. You have just been patched. You can continually update your security by reading this note over and over again.

Share the Love:

Easy Print:

The Ultimate Cross-Platform Patch Arrives

September 25, 2016 at 00:45 John Doe, a system administrator and security engineer was doing the thing most that most sysadmins do: monitoring his remote servers while playing Prince of Persia in a DOSBox. Despite the game’s dreadfully sticky controls and difficulty level, he’d been playing it long enough to allow his mind to wander on to one of his most recurring thoughts: cyber security.

“How does one deal with security all those different platforms? Patching one will not patch any of the others…”

In a world where more and more devices are becoming “smart”, the Linux kernel has moved away from its common uses in desktops, servers and embedded systems to become ubiquitous in “Internet of Things”, IoT, consumer electronics, too. Since all these devices were running the same kernel, they shared the same possible security vulnerabilities that a standard desktop or server may face. The difference? Where Linux-based servers are run by professionals, and can receive security updates, many consumer electronics can’t or won’t because manufacturers seldom, if ever, release updates. The logical step seemed to secure the Linux kernel and educate manufacturers and vendors about securing and maintaining systems. But manufacturers and vendors, even educated, may simply ignore the warnings. Also, this did not account for non-Linux devices. Many routers, for example, use firmware derived from BSDs, and though they share a common Unix-alike ancestry, they are very different. It didn’t end there. There many different operating systems form hand-helds and other smart devices, from Linux-based Android, to IOS, to Windows. “How does one deal with security all those different platforms? Patching one will not patch any of the others,” John Doe thought. “The biggest players on any platform seldom cooperate. They’d never modify their OS to help secure others.”

“I’ve found the single point of failure in all technologies! What’s more, I think I can patch it!”

It was then John had a thought that was so radical, he almost choked on his cold coffee, causing him to die in Prince of Persia. “That’s it!” he cried, standing swiftly and killing his DOSBox session. Immediately he called a friend of his to pitch his idea. “What if there was a single patch that was platform and architecture agnostic, available to every user that worked for all devices!?” he yelled as the call, connected. His friend was still half asleep and barely able to string a response together when John proclaimed, “I’ve found the single point of failure in all technologies! What’s more, I think I can patch it!” Although his friend had been catching up on much-needed rest, John’s idea went surging through him like a shot of adrenalin straight to the heart. The two immediately began their work as John outlined the plan details.

Two days without sleep later, John unveiled “JoDo beta”, the John Doe Security patch for for all things, and made it freely available across the web. It doesn’t require installation on the device, firmware flashing, or anything beyond the abilities of even the most technophobic user.

While he admits this patch won’t solve everything, John estimates it would mitigate around 80% of everyday vulnerabilities. Below you’ll find a link to the patch. It’s easy to activate on all devices from whatever you’re reading this on.

View or Download the Patch Here

“I know it doesn’t fix every issue, but I feel that this patch does away with the biggest problems which leaves developers free to focus on the important ones,” John said nearing the end of our Linphone conversation. After that he explained he needed some rest and would probably not be ready for the mass media for a few days. “[I] need to crash for twelve hours. Then I’m going to order myself a pizza and sit playing Centipede in my DOSBox. Afterwards, I might dust the old PlayStation off, invite some friends round and do a Tekken 3 marathon. Then, I may even see if I can remember how to breed a Gold Chocobo. At this point, I just want to chill,” John explained before disconnecting.

Share the Love:

Easy Print: