|
I have a question about TrueCrypt - I have 7.0a on my system and set up whole-disk encryption of my drive (except for the small Host Protrction Area that TrueCrypt mentioned in the setup). It's the main physical drive I have with C D and E partitions. I have a fairly robust password setup. GRC haystacks indicates it's a pretty robust password. Are there any issues or vulnerabilities with using 7.0a? I think assuming someone doesn't pull that "evil maid" attack I should be OK. There's nothing super sensitive I am just being careful.
|
#
?
May 25, 2016 02:48
|
|
|
|
| # ? May 17, 2024 22:06 |
|
|
Three-Phase posted:I have a question about TrueCrypt - I have 7.0a on my system and set up whole-disk encryption of my drive (except for the small Host Protrction Area that TrueCrypt mentioned in the setup). It's the main physical drive I have with C D and E partitions. Truecrypt is unmaintained and at least one serious bug ("full system compromise" serious) has been found since the developers jumped ship. Switch to Veracrypt ASAP, keeping in mind that Veracrypt was forked from Truecrypt and potentially inherited all of its lingering bugs. Also consider that, as an ultra-sensitive software that literally replaces parts of your operating system, Veracrypt/Truecrypt actually makes your computer less secure, because even the smallest, most obscure bug can escalate into full system compromise. Don't let this stop you from using it though, because the same is true of antivirus, or any of the lovely, buggy third party device drivers that plague almost any system. Have a plan B for the inevitable day you'll be compromised For full disk encryption I personally use long passphrases that I can recover from hardcopy should I forget them. No fancy symbols or customization with number/letter/case replacements because I'm guaranteed to forget them (ask me how I know)
|
|
#
?
May 25, 2016 10:02
|
|
|
Anything that is actually sensitive I've moved into secure containers on my Mac that has FileVault2. There was just so much stuff on that old computer that id like to make sure everything is crypted. It seems like the consensus is positive about VC but one IT guy at work implored me to use Bitlocker (which needs ultimate or pro Windows 7) over VC because VC is open source. I'm a bit confused about his argument there. I do have plan B and C of sorts set up - this is basically just a gaming system anyways. Three-Phase fucked around with this message at 13:54 on May 25, 2016 |
|
#
?
May 25, 2016 13:33
|
|
|
Update: one of the upper-eshalon ITSEC guys I work with gave Veracrypt the thumbs up. That's cool. EDIT: the transition from TrueCrypt to Veracrypt (decrypting, installing, recrypting) has been surprisingly seamless. It worth noting there is a delay on password entry in the MBR and I think that's done as an anti-brute force addition that makes that kind of attack take hundreds of thousands of times longer. Three-Phase fucked around with this message at 00:02 on May 26, 2016 |
|
#
?
May 25, 2016 19:30
|
|
|
Is anyone else seeing Internet Explorer popping up a crash message that doesn't seem to do anything? I thought it was just my computer having random pop-ups, then I go to work and several computers have the same message. I don't even use it.
|
|
#
?
May 30, 2016 02:36
|
|
|
Three-Phase posted:Anything that is actually sensitive I've moved into secure containers on my Mac that has FileVault2. There was just so much stuff on that old computer that id like to make sure everything is crypted. Until the end of July you can grab a Win7 Pro OEM key off ebay for about the price of a coffee and muffin, and use it to give yourself a digital entitlement to Windows 10 Pro. This will give you bitlocker which is much neater than TC/VC. Or, just use 7 Pro v0v Three-Phase posted:It worth noting there is a delay on password entry in the MBR and I think that's done as an anti-brute force addition that makes that kind of attack take hundreds of thousands of times longer.
|
|
#
?
May 30, 2016 12:31
|
|
|
Khablam posted:Until the end of July you can grab a Win7 Pro OEM key off ebay for about the price of a coffee and muffin, and use it to give yourself a digital entitlement to Windows 10 Pro. I don't eBay, can you link to something legit?
|
|
#
?
May 31, 2016 03:28
|
|
|
Adix posted:I don't eBay, can you link to something legit? Spent $187 CAD then. http://m.ncix.com/products/sku/45275/1316
|
|
#
?
May 31, 2016 03:36
|
|
|
I'm finally unhoarding all my old hard drives and I'm going to use dban on them before binning them. I have two different usb docks that I'm using. Have I misunderstood something, or do I really have to reboot dban every time I change he drive? Or is there some way of making dban recognize newly inserted usb drives? It's not a major deal, waiting a couple of minutes between disks will not kill me, but if there is a way to avoid it, I'd like to know.
|
|
#
?
May 31, 2016 18:08
|
|
|
Hammer. Seriously, if you have data worth recovering from a physically damaged HDD by a nefarious third-party then you wouldn't be posting here. Unless you want to sell the HDDs?
|
|
#
?
May 31, 2016 18:12
|
|
|
cheese-cube posted:Unless you want to sell the HDDs? Nah, most of the later ones at least I have retired because they got a bad sector. I mean they're probably still 99.9% usable, but their days could be numbered. And also lol maybe I should have started with the smaller-than-terabyte disks. Estimated time left 70ish hours. (with "quick erase" that just fills the disk with zeros) ... Look, I just wanted to run dban once in my life.
|
|
#
?
May 31, 2016 18:24
|
|
|
I literally have a giant furnace at my disposal that will melt the drives for me--it is intended to start the process for resource extraction from recycled or scrap material. The more destructive the better.
|
|
#
?
May 31, 2016 18:27
|
|
|
OSI bean dip posted:The more destructive the better. Sell them to Colin Furze for thermite cannon target practice!
|
|
#
?
May 31, 2016 18:56
|
|
|
cheese-cube posted:Hammer. Seriously, if you have data worth recovering from a physically damaged HDD by a nefarious third-party then you wouldn't be posting here. DBAN first, then hammer. The difference being that hammer makes data recovery extremely difficult, but DBAN makes it impossible. For the extent that harddrive is functional. Unfortunately, DBAN needs to be rebooted, it hasn't been designed for several runs. Alternative would be any number of live Linux boots like System Rescue CD, Knoppix, etc, and dd/ddrescue.
|
|
#
?
May 31, 2016 19:06
|
|
|
Just smash it with a hammer. Unless you have to conform with a data disposal standard just hammer it.
|
|
#
?
May 31, 2016 19:13
|
|
|
Three bullet holes to the platter is more than enough to thwart most computer forensics types. DBAN before is just wasting your own time. A hammer is just a slightly less violent but no less effective method.
|
|
#
?
May 31, 2016 19:28
|
|
|
I like to scavenge the magnets and then take an angle grinder to the platters.
|
|
#
?
May 31, 2016 19:29
|
|
|
OSI bean dip posted:Three bullet holes to the platter is more than enough to thwart most computer forensics types. DBAN before is just wasting your own time. I don't want to make an unnecessary mess. I'm going to hammer the ones that don't spin up or are not recognized, but the others I'm going to dban and recycle intact.
|
|
#
?
May 31, 2016 19:40
|
|
|
dis astranagant posted:I like to scavenge the magnets and then take an angle grinder to the platters. Yeah, HD magnets are pretty cool. Scuffing a platter with some sandpaper is probably just as effective as cutting them up with an angle grinder, but less fun.
|
|
#
?
May 31, 2016 20:08
|
|
|
jetz0r posted:Yeah, HD magnets are pretty cool. Power drill works well and is less likely to propel the drive across the parking lot/receiving bay.
|
|
#
?
May 31, 2016 20:15
|
|
|
I used to power up the drives with the case open and see what kind of spirals I could make by resting a screwdriver on the platter while it's spinning. Nowadays I just take out the magnets and give the platters to my mom who uses them for decoration or as small mirrors.
|
|
#
?
Jun 2, 2016 11:54
|
|
|
Is this KeePass vulnerability the same one that was mentioned earlier in the thread? http://www.engadget.com/2016/06/04/keepass-wont-fix-security-hole-due-to-ads/
|
|
#
?
Jun 5, 2016 11:53
|
|
|
So i've bought myself a new laptop and just want to double check i'm not missing anything obvious. - It's a lenovo x250 so i deleted all the partitions that it came with and reformatted with a clean image of windows 10 pro. - I've turned on bitlocker - Set up to use OpenDNS rather than ISP one - Chrome with ublock origin, https everywhere and privacy badger - I use private internet access as a VPN for when i'm using random wifi and at work (work at a hospital and we have to use the open guest wifi) - I was about to move from lastpass to keypass but wondering if i should spring for 1password or just stay with last pass given keypass dont want to use https anything else obvious i'm missing?
|
|
#
?
Jun 5, 2016 13:15
|
|
|
Loving Africa Chaps posted:anything else obvious i'm missing? Just a few more things to consider: - make sure UAC settings are at highest level - consider installing EMET: https://support.microsoft.com/en-us/kb/2458544 - set Flash browser settings to "click-to-play". Better yet, straight up uninstall Flash
|
|
#
?
Jun 5, 2016 15:18
|
|
|
Disable third party cookies and, fwiw, enable DNT
|
|
#
?
Jun 5, 2016 16:01
|
|
Rooney McNibnug posted:Just a few more things to consider: If you're using Chrome, keep in mind that Chrome has its own sandboxed version of Flash, you won't find it in appwiz.cpl. Navigate to chrome://plugins in the omnibar and you'll find where you can disable Flash from ever running.
|
|
|
#
?
Jun 6, 2016 06:06
|
|
|
Rooney McNibnug posted:- set Flash browser settings to "click-to-play". Better yet, straight up uninstall Flash Just remove flash (or turn it off in chrome) If you set it to click-to-play websites still try to use flash because they're lovely. If you remove it the site "falls Google are soon (or just have idk) reversing the above behaviour so that'll be a strong push against flash; very soon it will stop being a thing. Loving Africa Chaps posted:- I was about to move from lastpass to keypass but wondering if i should spring for 1password or just stay with last pass given keypass dont want to use https Note that the app does NOT have an auto-updater; it simply checks for one. e: The above is meant to read as "don't use lastpass because of this non-issue" - lastpass has very real issues. Khablam fucked around with this message at 11:15 on Jun 6, 2016 |
|
#
?
Jun 6, 2016 11:11
|
|
|
Just generally speaking, is it likely possible to remotely switch on a webcam (either permanently soldered to a laptop screen or connected to a desktop PC via USB) and not also switch on the little light that says it's activated? I realize this is asking for a few assumptions about a very wide range of products, and may be stupid, so you may also think of it as me asking whether you personally put black tape over your webcams when not using them.
|
|
#
?
Jun 12, 2016 01:39
|
|
|
doctorfrog posted:Just generally speaking, is it likely possible to remotely switch on a webcam (either permanently soldered to a laptop screen or connected to a desktop PC via USB) and not also switch on the little light that says it's activated? With most of the modules in laptops and USB cameras the LED isn't controllable separately from the camera. I wouldn't sweat it unless you have reason to suspect hardware tampering. Cell phones are a different story though. The tape is good so you don't turn it on accidentally though.
|
|
#
?
Jun 12, 2016 02:11
|
|
|
I believe some drivers dictate the webcam LED just an FYI. There has been some research into this in the past
|
|
#
?
Jun 12, 2016 03:12
|
|
|
OSI bean dip posted:I believe some drivers dictate the webcam LED just an FYI. There has been some research into this in the past Some did, more didn't when we were looking at them.
|
|
#
?
Jun 12, 2016 04:47
|
|
|
Cross-posting here, since everyone probably doesn't frequent the Windows thread:ufarn posted:I've been getting some BSODs this week, and I decided to upgrade to Windows 10 to rid myself of them. Unfortch, Windows 10 itself got a Kernel BSOD (WindowsUpdate_C1900101), so the problem is probably in the hardware.
|
|
#
?
Jun 19, 2016 18:56
|
|
|
ufarn posted:Cross-posting here, since everyone probably doesn't frequent the Windows thread: How much RAM to you have? If there's enough to open Windows with half of it, pull the pair including the suspected chip and see what happen.
|
|
#
?
Jun 19, 2016 22:20
|
|
|
Samizdata posted:How much RAM to you have? If there's enough to open Windows with half of it, pull the pair including the suspected chip and see what happen.
|
|
#
?
Jun 20, 2016 00:12
|
|
|
You aren't making sense. Pull the ram out for a few days. It would take a week max to narrow it down to a dimm.
|
|
#
?
Jun 20, 2016 00:17
|
|
|
ufarn posted:12 (4 modules). The BSODs aren't frequent enough that I could remove the RAM and see - otherwise I would. It happens maybe once or twice each day. Bhodi posted:You aren't making sense. Pull the ram out for a few days. It would take a week max to narrow it down to a dimm. It's the only non-system-grinding way to nail it down for sure. I think most people would say the only way to eliminate a part as being bad is to pull it for a bit. If the BSOD's aren't bothering you enough to do so, then why even post?
|
|
#
?
Jun 20, 2016 00:31
|
|
|
I'm not even sure how a BSOD post like yours belongs in this thread.
|
|
#
?
Jun 20, 2016 02:27
|
|
|
E: Sorry if this is the wrong thread. E2: Okay, then. I have a (probably) relevant question to salvage my idiot nubpost. Is using MikroTik stuff a bad idea or is their security okay? I hear little discussion outside of dedicated mikrotik communities. Is no news good news in this case? Sulfrasta fucked around with this message at 01:24 on Jun 21, 2016 |
|
#
?
Jun 20, 2016 23:58
|
|
|
Sulfrasta posted:I have read a few internet things where they talk about decentralizing authorization using blockchains. Is this as bad of an idea as it sounds? Very much the wrong thread.
|
|
#
?
Jun 21, 2016 00:38
|
|
|
|
| # ? May 17, 2024 22:06 |
|
|
I decided to try KeePass, but I am unimpressed so far. What is the normal setup procedure for using this? It sounds like people slap it up the database on a Google Drive or whatever. How do you coordinate any of the apps that seem to be created to support it with that database? Anyways, I gave it a spin on one of my accounts. I created a local database file, and tried to have it generate a password for one of the sites I use. The policies for that site are a little ridiculous, so it ended up rejecting a lot of the passwords it created since I couldn't enter all the restrictions. Once I got one, it looked like registered it correctly, and I could extract the login. However, I go to check on it today, and that database file is gone. I can't find it on my computer anywhere. At least I only have to reset one password...
|
|
#
?
Jul 12, 2016 18:40
|
|
