|
Rrrrgh, headaaaache. I just got an e-mail from the Google Account Recovery Team (legit) indicating that my attempt to recover my account failed. I did not attempt to recover my account. While I'm glad it failed, I am feeling real paranoid, here. What are my options for making sure this doesn't work?
|
# ? Apr 2, 2011 17:05 |
|
|
# ? Jun 7, 2024 15:53 |
|
Factory Factory posted:Rrrrgh, headaaaache. I just got an e-mail from the Google Account Recovery Team (legit) indicating that my attempt to recover my account failed. I did not attempt to recover my account. Set up a long password that contains no dictionary words, has capital letters, lowercase letters, numbers AND symbols. ex: a?s3D#F56p?* EDIT: also make sure your secret question answers are non-sensical. ex: What is your dog's name? "Gibberish.com" bobmarleysghost fucked around with this message at 19:06 on Apr 4, 2011 |
# ? Apr 4, 2011 19:03 |
|
feld posted:Customer of ours had pretty much every column of every table of their MSSQL database injected with <script src="http://foo.com/su.php" </script> http://www.techwatch.co.uk/2011/04/01/lizamoon-sql-injection-attack-hits-tons-of-websites/ ?
|
# ? Apr 4, 2011 19:07 |
|
Factory Factory posted:Rrrrgh, headaaaache. I just got an e-mail from the Google Account Recovery Team (legit) indicating that my attempt to recover my account failed. I did not attempt to recover my account. http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html
|
# ? Apr 5, 2011 01:04 |
|
Santa is strapped posted:Set up a long password that contains no dictionary words, has capital letters, lowercase letters, numbers AND symbols. What? Ignore this password advice; just make an (actually) long password. For example (minus or plus quotes): "sept the Jegger tot leter" a?s3D#F56p?* = 12 characters upper,lower,digits + symbols (lets say 10) vs 25 characters upper/lower. code:
code:
Kelson fucked around with this message at 01:52 on Apr 5, 2011 |
# ? Apr 5, 2011 01:46 |
|
Kelson posted:What? Ignore this password advice; just make an (actually) long password. For example (minus or plus quotes): "sept the Jegger tot leter" H$RDP$ssw0rds don't need to be hard to type/remember.
|
# ? Apr 5, 2011 07:18 |
|
Good advice, everyone. It was a false alarm, however. A family member used my e-mail as contact after mistyping her password and then hosed up recovery because too many typos were made in the recovery form.
|
# ? Apr 5, 2011 09:34 |
|
PopeOnARope posted:H$RDP$ssw0rds don't need to be hard to type/remember. Many crackers can be configured to use a = @, s = $, o = 0.... Adding more characters always helps, but the real enemy is poor implementations by websites and re-use.
|
# ? Apr 5, 2011 13:11 |
|
Bob Morales posted:Many crackers can be configured to use a = @, s = $, o = 0.... These days I should hope anyone tech saavy would use something like KeePass for anything they don't need mobile access to. Being able to quickly generate long, hard to remember passwords that are easily accessible when you need them seems better than simply using letter-swap rules.
|
# ? Apr 5, 2011 16:32 |
|
Cuntpunch posted:These days I should hope anyone tech saavy would use something like KeePass for anything they don't need mobile access to. Being able to quickly generate long, hard to remember passwords that are easily accessible when you need them seems better than simply using letter-swap rules. Hell, since most of this poo poo is online I just make sure I have my PortableApps thumbdrive with me at all times. I don't know my SA password, but I'm logged in on PortableFireFox for anywhere surfing.
|
# ? Apr 5, 2011 17:59 |
|
bbcisdabomb posted:Hell, since most of this poo poo is online I just make sure I have my PortableApps thumbdrive with me at all times. I don't know my SA password, but I'm logged in on PortableFireFox for anywhere surfing. My keypass ridiculousness: Brand new Keypass installation -- the first time plugging my thumbdrive into my home PC to back everything up (after setting keypass up on thumb drive from work laptop), USB port is bad, drive fried, all data (including password database) non recoverable. Should have backed up the keypass database first thing but I was going to do it on my home PC. This is before I started using dropbox. What a giant pain in the rear end resetting every single password I had was.
|
# ? Apr 5, 2011 18:11 |
|
Cuntpunch posted:These days I should hope anyone tech saavy would use something like KeePass for anything they don't need mobile access to. Being able to quickly generate long, hard to remember passwords that are easily accessible when you need them seems better than simply using letter-swap rules. I don't even need to limit it to "stuff I don't need mobile access to". Dropbox + KeePassDroid means I'm good to go anywhere.
|
# ? Apr 5, 2011 18:34 |
|
I couldn't get KeePassDroid to use an authentication file, but that ended up being no additional security, since the key file was right there on the flash drive I use for KeePass as well as on the phone.
|
# ? Apr 5, 2011 19:15 |
|
I just use a dozen short strings or so I remember by heart and mix and match em whenever I need to generate a password. I can make absurdly long passwords that are still easy to remember.
|
# ? Apr 5, 2011 20:12 |
|
Technogeek posted:I don't even need to limit it to "stuff I don't need mobile access to". Dropbox + KeePassDroid means I'm good to go anywhere. Yeah this is the best, but I still have a few copies of my KeePass database on my usb sticks.
|
# ? Apr 5, 2011 20:23 |
|
Technogeek posted:I don't even need to limit it to "stuff I don't need mobile access to". Dropbox + KeePassDroid means I'm good to go anywhere. I use a similar system based on 1Password. It's not particularly cheap, as you have to buy a license for Windows, OS X, and iOS separately, but it's a really excellent solution that offers browser integration on the Mac and Windows side of things and built-in Dropbox sync. (Plus it's Hardison-approved.)
|
# ? Apr 5, 2011 20:54 |
|
PopeOnARope posted:H$RDP$ssw0rds don't need to be hard to type/remember. Cuntpunch posted:These days I should hope anyone tech saavy would use something like KeePass for anything they don't need mobile access to. Being able to quickly generate long, hard to remember passwords that are easily accessible when you need them seems better than simply using letter-swap rules.
|
# ? Apr 6, 2011 00:17 |
|
Kelson posted:I agree; "this is a hard password for any password cracker" to break and it is incredibly easy to remember. On the other hand, as Bob Morales said, your string doesn't actually make password guessing much harder; you've gained far more security simply by combining two words than those character replacements. It's not just about the difficulty of memorization though, I tend to enjoy the simplicity of entry. With that particular password, the only things special that YOU need to do is hold shift for part of it, and sub an o with a 0. It's a lot easier than typing a 25+ character one in.
|
# ? Apr 6, 2011 03:24 |
|
PopeOnARope posted:It's not just about the difficulty of memorization though, I tend to enjoy the simplicity of entry. With that particular password, the only things special that YOU need to do is hold shift for part of it, and sub an o with a 0. It's a lot easier than typing a 25+ character one in. I use KeePass2. If I ever need to type in a password I open KeePass, doubleclick the password I need, then press Ctrl+V and enter. One of the reasons I use KeePass is that I never have to actually know my passwords, so if someone attempted to ask me what my password was for service X I wouldn't be able to tell them anyway.
|
# ? Apr 6, 2011 10:17 |
|
I just got a virus off of somebody's computer that had marked her User folders as hidden. You could open Word documents through the Recent Items shortcut but couldn't search for them. That's a new one on me.
|
# ? Apr 7, 2011 21:47 |
|
Pope Guilty posted:I just got a virus off of somebody's computer that had marked her User folders as hidden. You could open Word documents through the Recent Items shortcut but couldn't search for them. That's a new one on me. I Just ran into this same thing. It was called "Windows Recovery" it marked all the folders on the C drive as hidden and changed registry permissions on the computer.
|
# ? Apr 20, 2011 16:07 |
|
Forgive me for butting into this thread but I wanted to ask the following: Is the old saw about not running as administrator during your day to day computer use still applicable? I mean to say does this do anything to stop this poo poo from getting on your machine or does it exploit flaws in Windows/IE/Firefox/Adobeanything that are going to let poo poo happen no matter what? I always run as a limited user since Vista since UAC makes it easier to elevate when needed. Is it doing any good?
|
# ? Apr 20, 2011 19:55 |
|
Vanagoon posted:Forgive me for butting into this thread but I wanted to ask the following: So long as you are using the default settings, an administrator account will execute everything with user credentials unless you explicitly elevate. This is essentially what you are doing now, but with files split over two profiles which can be a bit annoying. There really isn't a reason to do it that way any more if you don't want to.
|
# ? Apr 20, 2011 22:00 |
|
Anyone tried to fix that stupid Facebook "roller coaster crash in canada" virus. Nukes you boot.ini so I used recovery console to make a new one, and the motherboard still shows up as nuked. I will probably end up telling the customer that the whole hard drive needs to be nuked, started for scratch again. Tried a Linux live cd to transfer files off, but she is running a 1.2ghz Athalon XP, so none of them will work.
|
# ? Apr 22, 2011 14:35 |
|
mmm11105 posted:I will probably end up telling the customer that the whole hard drive needs to be nuked, started for scratch again. Tried a Linux live cd to transfer files off, but she is running a 1.2ghz Athalon XP, so none of them will work. Wow.
|
# ? Apr 22, 2011 16:11 |
|
mmm11105 posted:Anyone tried to fix that stupid Facebook "roller coaster crash in canada" virus. Nukes you boot.ini so I used recovery console to make a new one, and the motherboard still shows up as nuked. I will probably end up telling the customer that the whole hard drive needs to be nuked, started for scratch again. Tried a Linux live cd to transfer files off, but she is running a 1.2ghz Athalon XP, so none of them will work. Honestly, this sounds like one of those situations where you should turn the customer away and tell them to buy a new computer.
|
# ? Apr 22, 2011 16:25 |
|
Pope Guilty posted:I just got a virus off of somebody's computer that had marked her User folders as hidden. You could open Word documents through the Recent Items shortcut but couldn't search for them. That's a new one on me. I just dealt with that infection yesterday. I was doing my usual thing, using the command prompt to root through the %appdata% folders, and the \roaming\ one came back with one folder. I was perplexed. Then I checked the \local\ one. Then I figured out what that fucker did. It's one of the ones that did the whole Warning! 34% of your hard drive clusters are corrupt and unreadable crap. \/ I got that at work, running Firefox too. I think in that case, if you clicked "Ok" you'd be prompted to download some poo poo. Probably nothing other than the garden variety java exploit crap. Lord knows ours is like 83 years out of date. PopeOnARope fucked around with this message at 06:43 on Apr 23, 2011 |
# ? Apr 22, 2011 17:17 |
|
Anyone know what vector this Win Anti Virus 2011 crap is trying to exploit ? I was searching for an image via Google Images, I clicked on one particular thumbnail image, and a moment later my Firefox 4 window immediately shrinks to minimum size. I re-size it and its got an alert message with some Engrish "You are havings teh Viruses! SCAN NAO!" message up, and the window title is WinAntiVirus 2011. I just closed the whole window without clicking on anything and my computer hasn't been acting strange at all.
|
# ? Apr 23, 2011 06:17 |
|
MREBoy posted:Anyone know what vector this Win Anti Virus 2011 crap is trying to exploit ? I was searching for an image via Google Images, I clicked on one particular thumbnail image, and a moment later my Firefox 4 window immediately shrinks to minimum size. I re-size it and its got an alert message with some Engrish "You are havings teh Viruses! SCAN NAO!" message up, and the window title is WinAntiVirus 2011. I just closed the whole window without clicking on anything and my computer hasn't been acting strange at all. Normally it's flash/java/pdf, for that I think Why aren't you running noscript and disabling redirects without having to click allow?
|
# ? Apr 24, 2011 00:44 |
|
mmm11105 posted:Anyone tried to fix that stupid Facebook "roller coaster crash in canada" virus. Nukes you boot.ini so I used recovery console to make a new one, and the motherboard still shows up as nuked. I will probably end up telling the customer that the whole hard drive needs to be nuked, started for scratch again. Tried a Linux live cd to transfer files off, but she is running a 1.2ghz Athalon XP, so none of them will work. Hahaha what. I can understand a live cd being slow on an old system like that if you're using like, a full Ubuntu disc or something. Use drat Small Linux or Puppy Linux instead. I use Puppy Linux on a 1.1Ghz celeron laptop and it's downright snappy.
|
# ? Apr 24, 2011 05:01 |
|
pienipple posted:Hahaha what. I can understand a live cd being slow on an old system like that if you're using like, a full Ubuntu disc or something. Use drat Small Linux or Puppy Linux instead. I use Puppy Linux on a 1.1Ghz celeron laptop and it's downright snappy. Yeah, I dug up a disc of drat Small Linux that worked. Got her files off, nuked it with gParted and started from scratch. Works just fine now. This computer does not have one original part in it except the HDD. Current Specs on it: 1.2ghz Athlon XP 256MB RAM nForce 2 MOBO nVidia RIVA TNT2 32MB (competitor to the Voodo3 and the Rage128) super old wireless card (took forever to find drivers for it) edit:and it was manufactured by Tagar Systems (never heard of them) mmm11105 fucked around with this message at 17:03 on Apr 25, 2011 |
# ? Apr 25, 2011 17:01 |
|
Biowarfare posted:Normally it's flash/java/pdf, for that I think Apparently gstatic.com is completely compromised. I was just browsing google images and got weird activity (I'm using both noscript and adblock and scanned afterwards, so I'm pretty certain it didn't do anything, but the image was definitely doing something weird)
|
# ? Apr 28, 2011 14:21 |
|
Anybody else encountered a virus that plays frigging sound ads? It did the 'hide all desktop items' bit as well as the fakeav, but playing sound ads with no browser process running is a new one to me.
|
# ? Apr 28, 2011 14:29 |
|
Furnok Dorn posted:Anybody else encountered a virus that plays frigging sound ads? Had one laptop in my shop that would randomly start talking to me in a sexy voice and try to sell me random junk. Nothing ever popped up on the screen, it was just audio. Malwarebytes finally nailed it after a few days of definition updates and a full scan.
|
# ? Apr 28, 2011 14:35 |
|
Maniaman posted:Had one laptop in my shop that would randomly start talking to me in a sexy voice and try to sell me random junk. Nothing ever popped up on the screen, it was just audio. Malwarebytes finally nailed it after a few days of definition updates and a full scan. Yeah, I managed to gas it with superantispyware but I kept looking around the damned office for where the hell this voice was coming from, I thought I was going nuts.
|
# ? Apr 28, 2011 14:39 |
|
Had an interesting one on the social engineering front; a user had ms tools. However, instead of buying mstools, they went out and bought AVG instead. I was impressed by this, and I wonder how often the scareware people are actually inadvertently ending up having people buy 'real' antivirus. I think this might actually become the status quo. This was a younger person but one who was all 'oh man I don't know anything about computers'. However they knew enough to have previous brand awareness of an anti-virus program instead of just panicking out right like a lot of the older victims to this kind of plot.
|
# ? Apr 28, 2011 19:27 |
|
That malware that marks every single file in a user profile as hidden can gently caress right the hell off.
|
# ? Apr 28, 2011 19:34 |
|
Furnok Dorn posted:Anybody else encountered a virus that plays frigging sound ads? It did the 'hide all desktop items' bit as well as the fakeav, but playing sound ads with no browser process running is a new one to me. There was an absolutely amazing thread in YOSPOS awhile back where somebody found a malwareinstaller that would install dialers which would install dialers which would install dialers and so on. I remember the phrase "Around lunchtime, it started making slot machine noises."
|
# ? Apr 28, 2011 19:35 |
|
BangersInMyKnickers posted:That malware that marks every single file in a user profile as hidden can gently caress right the hell off. I'm getting used to the message "Windows cannot find C:/Windows/System32/rsrtui.exe".
|
# ? Apr 28, 2011 19:39 |
|
|
# ? Jun 7, 2024 15:53 |
|
I'm sure a few people have OpenDNS accounts for personal use or whatever, but we're looking at using ClearCloud DNS for the DNS provider on laptops to block access to known malware domains. Free for business use as far as I can tell and it has pretty good performance when I tested it on DNS Benchmark.
|
# ? Apr 28, 2011 19:44 |