Stephanie WIP

security/PracticalSecurity.md

@@ -0,0 +1,15 @@
+- [KeePass](https://en.wikipedia.org/wiki/KeePass) - open-source password manager
+- [Alternatives to KeePass](https://alternativeto.net/software/keepass/) - cloud, desktop, etc., consider your personal security/convenience tradeoff
+- [Two Factor Auth](https://twofactorauth.org/) - list of services that support 2 factor authentication
+- [Connecting to GitHub with SSH](https://help.github.com/articles/connecting-to-github-with-ssh/) - more convenient (for command line) *and* secure than passwords
+- [Adding GPG to your GitHub account](https://help.github.com/articles/generating-a-new-gpg-key/) - simple GPG setup that will let you sign commits
+- [Creating the perfect GPG keypair](https://alexcabal.com/creating-the-perfect-gpg-keypair/) - more complicated, for those who want finer control
+- [Keybase](https://keybase.io/) - a way to share/certify public keys (also offers encrypted chat, file storage, etc.)
+- [Yubico](https://www.yubico.com/) - affordable hardware security devices for two-factor/crypto
+- [How to install Ubuntu in VirtualBox](https://linus.nci.nih.gov/bdge/installUbuntu.html) - usable secure popular distribution of Linux
+- [Kali Linux](https://www.kali.org/) - security-specific (penetration testing) distribution of Linux, includes VM images for download
+- [Information about Sandboxes](https://en.wikipedia.org/wiki/Sandbox_(computer_security)) - general starting point for learning about sandboxes to contain an application
+
+I looked at all the links on the readme.  Some of the technology seems a bit overkill for my current security needs.  Nevertheless, it was interesting to see the services for 2 factor authentication.  My banks on the US use SMS and email authentication, which is an absolute killer since I don't have the same phone number here. I have to wait until I travel back to the US if I ever have any big changes to make. In mainland China we had SMS and a hard token authentication.  I prefer that combo a bit more, but once again it became a killer when I left my mainland China phone number. Now, while I can still deposit money and withdraw money, I can't use online banking anymore. I'm limited to ATM interaction or face to face.  
+The sandbox information was also interesting. On my windows, my anti-virus provides a sandbox website to access websites like our banks. I've tried to use it but the slow speed it works at usually keeps me from wanting to use it further. 
+Out of the links in the readme, I plan to download either keepass or lastpass to improve my security. I think a password manager could be useful, even though I am not quite trusting. I have to do further research though, as a lot of these extra security factors are not very compatible with people like me who travel quite often/ change residences accross countries/  use different computers. 

security/ThreatModel.md

@@ -0,0 +1,21 @@
+
+Scenario: 
+
+Jack is an old man who rarely updates his laptop. He takes his laptop traveling with him and uses simplistic passwords. 
+
+- Attack surface (what tech/situation exposes them, e.g. systems they use, places they go)
+Old system
+Travel, possibly easy to lose
+
+- Adversaries (who may be interested in compromising their security, e.g. criminals, pranksters)
+Regular Hackers
+Any thief that steals the laptop
+
+- Attack vectors (specifically how they may be compromised, e.g. password theft/cracking, surveillance)
+Password theft
+Computer hacking
+- Mitigations (what can be done to reduce the risk, e.g. 2-factor auth, encryption)
+Update laptop
+Secure laptop with better passwords
+2-factor auth
+Laptop Tracking

theory/README.md

@@ -10,6 +10,8 @@ both `antelope` and `antelopes`.)
     antelope rocks out
 
     antelopes rock out
+
+/antelopes? rocks? out/g
 
 * Regex that matches either of:
 
@@ -20,6 +22,7 @@ both `antelope` and `antelopes`.)
   but not:
 
     boat
+/[gm]oat/g
 
 * Regex that matches dates in YYYY-MM-DD format. (Year can be 1-4 digits, and
   month and day can each be 1-2 digits). This does not need to verify the date
@@ -33,6 +36,8 @@ both `antelope` and `antelopes`.)
 
   812-2-10
 
+/\d{2,4}-\d{1,2}-\d{1,2}/g
+
 ## State Machines
 
 > A useful tool for drawing state machines is [Evan's FSM
@@ -55,11 +60,14 @@ both `antelope` and `antelopes`.)
   for commands to change its behavior. For example:
 
       ESC[12;45f
+  /ESC\[\d+;\d+f/g
 
   moves the cursor to line 12, column 45.
 
       ESC[1m
 
+  /ESC\[1m/g
+
   changes the font to bold.
 
   * Come up with regexes for the two above sequences. The one to set the
@@ -70,6 +78,7 @@ both `antelope` and `antelopes`.)
   * Draw a state machine diagram for a VT-100 that can consume regular
     character sequences as well as the two above ESC sequences.
 
+not sure how to do this
 > If you're curious, [here are all the VT-100 escape
 > sequences](http://ascii-table.com/ansi-escape-sequences-vt-100.php).
 > More common these days is a superset of VT-100 called [ANSI escape