|
I'm trying to get some people onboard with KeePass, but I'm wondering what the best option for cloud backup of the master file is? I keep mine backed up on two separate USBs but that's not really an option for people who are less security/technology minded.
|
#
?
Apr 11, 2018 21:32
|
|
|
|
| # ? May 17, 2024 07:32 |
|
|
SSJ_naruto_2003 posted:I'm trying to get some people onboard with KeePass, but I'm wondering what the best option for cloud backup of the master file is? I keep mine backed up on two separate USBs but that's not really an option for people who are less security/technology minded.
|
|
#
?
Apr 11, 2018 23:30
|
|
|
https://twitter.com/roustem/status/984177816429187072
|
|
#
?
Apr 12, 2018 00:25
|
|
|
That's pretty drat cool. I've always liked those guys because they're super responsive to their forums users and respond super fast on support tickets (at least they did I submitted one years ago for v3)
|
|
#
?
Apr 12, 2018 02:29
|
|
|
Frivolous Sam posted:I use Google Drive which integrates well with Keypass2Android Yeah, use basically anything. The main thing is to never store the keyfile/master password with the .kdbx file. I suggest keeping one of those offline always. Hell, write the master password on a piece of paper as a backup if you like. .kdbx security is pretty good (if your master password is good and you did the randomization mouse thing for long enough when creating the database) so it should be safe to even store it on a public server. Just for ease of mind I'd put it behind something that's password protected like google drive or dropbox yeah. By the way, I just want to say that I really like the synchronization option in Keepass. It lets you put 2 copies of the kdbx file in sync again, even if you made changes to both. They apparently made the algorithm quite safe, making sure you always have the latest version of every entry, and they made sure you don't get inconsistent or lost data. If it doesn't know what to do it just puts the older version in a history folder within the db, and then puts the newer version of an entry in the new folder. It's very useful when you have one version locally and another version you use remotely and sometimes you need to edit both. That's great, I'm gonna see if we can do something with that. Carbon dioxide fucked around with this message at 06:45 on Apr 12, 2018 |
|
#
?
Apr 12, 2018 06:42
|
|
|
https://www.humblebundle.com/software/cybersecurity-software-bundle $15 usd will get you Dashlane, PIA VPN and Spideroak ONE Backup for a year. Be warned some of the software in the Bundle is probably to be avoided.
|
|
#
?
Jun 19, 2018 21:59
|
|
|
c0burn posted:https://www.humblebundle.com/software/cybersecurity-software-bundle
|
|
#
?
Jun 19, 2018 22:16
|
|
|
anthonypants posted:Specifically, you should avoid Dashlane and PIA VPN. What's wrong with PIA? And what would you recommend instead?
|
|
#
?
Jun 19, 2018 22:46
|
|
|
I thought pia was fine from the reading I did before I got it, I'm curious too
|
|
#
?
Jun 19, 2018 22:52
|
|
|
VikingofRock posted:What's wrong with PIA? And what would you recommend instead? https://github.com/trailofbits/algo SSJ_naruto_2003 posted:I thought pia was fine from the reading I did before I got it, I'm curious too It’s fine if you aren’t relying on it for anonymity.
|
|
#
?
Jun 19, 2018 22:52
|
|
|
VikingofRock posted:What's wrong with PIA? And what would you recommend instead?
|
|
#
?
Jun 19, 2018 23:15
|
|
|
On top of that, wasn’t there some drama regarding giving up log-files in England or somewhere (can’t be arsed to google) when they specifically state “we don’t keep logs” as a selling point? I will fully admit I may be conflating them with an entirely different service.
|
|
#
?
Jun 20, 2018 01:38
|
|
|
I think it was Russia, and they ended up shutting down their Russian endpoint as a result.
|
|
#
?
Jun 20, 2018 02:26
|
|
|
Proteus Jones posted:On top of that, wasn’t there some drama regarding giving up log-files in England or somewhere (can’t be arsed to google) when they specifically state “we don’t keep logs” as a selling point? After googling around for a bit I found this https://torrentfreak.com/private-internet-access-no-logging-claims-proven-true-again-in-court-180606/ so they might actually do the "no logging" thing. anthonypants's points are still true though.
|
|
#
?
Jun 20, 2018 08:29
|
|
|
I’m reading you can set up Algo on a Ubiquiti Edgerouter Lite. What would that potentially do to throughput? Would it be really stupid to run traffic to/from Steam, YouTube, Netflix, or whatever outside of the VPN to avoid any speed hit? I’ve never done anything with a VPN before, but if I’m doing a real network setup I might as well do that too.
|
|
#
?
Jun 27, 2018 18:24
|
|
|
22 Eargesplitten posted:I’m reading you can set up Algo on a Ubiquiti Edgerouter Lite. I don't have any experience with Algo's IPSec mode but I do run wireguard on an ER-X using this build, which you might want to check out 22 Eargesplitten posted:What would that potentially do to throughput? I don't see any real impact on throughput but my internet is fairly slow to begin with (11mbps). At much higher pps the CPU may become the limiting factor (although the ER-L is slightly faster than the ER-X). How fast is your internet connection? 22 Eargesplitten posted:Would it be really stupid to run traffic to/from Steam, YouTube, Netflix, or whatever outside of the VPN to avoid any speed hit? You can do this pretty easily on EdgeOS using policy based routing ("modify table" rules) based on destination cidr and/or port. You might want to do it with Steam to reduce latency perhaps? (I guess - I'm not a gamer) Not sure there's much point for streaming video
|
|
#
?
Jun 27, 2018 19:50
|
|
|
Thanks, I’ll take a look. I’m on gigabit fiber. It occurred to me that Steam would be one to be careful about since once in a blue moon I buy a game, and payment data is what needs to be protected more than my anime streams. I was thinking Steam because that’s where I’m downloading 75GB of game files in a go. I’ll have to see what my ping is like in general, I had something like 9ms over maybe 30 miles as the crow flies on my old router.
|
|
#
?
Jun 27, 2018 20:23
|
|
|
22 Eargesplitten posted:Thanks, I’ll take a look. I’m on gigabit fiber. At that speed you will quite possibly run up against the limits of the hardware The ER-L supports hardware accelerated IPSec for specific ciphers but Algo doesn't use those ones by default. So if both the default Algo IPSec settings and wireguard are too slow, consider changing the cipher suite 22 Eargesplitten posted:It occurred to me that Steam would be one to be careful about since once in a blue moon I buy a game, and payment data is what needs to be protected more than my anime streams Payment data goes over TLS regardless so it doesn't make a difference
|
|
#
?
Jun 27, 2018 21:27
|
|
|
anthonypants posted:Specifically, you should avoid Dashlane and PIA VPN. Why is Dashlane bad? I understand avoiding LastPass, and I've never used a subscription password manager myself since I use Keepass, but Dashlane is what I recommend to regular users once I realized the hard way Keepass is way too user-unfriendly for normal people to handle without constant handholding anyway. Infosec bloggers seemed to really like it a while back, was that just a marketing blitz?
|
|
#
?
Jul 11, 2018 19:07
|
|
|
Kerning Chameleon posted:Why is Dashlane bad? I understand avoiding LastPass, and I've never used a subscription password manager myself since I use Keepass, but Dashlane is what I recommend to regular users once I realized the hard way Keepass is way too user-unfriendly for normal people to handle without constant handholding anyway.
|
|
#
?
Jul 11, 2018 19:45
|
|
|
judge a company by how they respond to vulnerabilities, not that they've existed at all in an evolving codebase
|
|
#
?
Jul 11, 2018 19:54
|
|
|
Wiggly Wayne DDS posted:judge a company by how they respond to vulnerabilities, not that they've existed at all in an evolving codebase You absolutely should judge quality or nothing will ever get better. Patching is necessary but not sufficient.
|
|
#
?
Jul 11, 2018 20:19
|
|
|
apseudonym posted:You absolutely should judge quality or nothing will ever get better. Patching is necessary but not sufficient. I believe he meant "everything has bugs, and rather than yelling about how one time a company handled something basic really terribly its more reasonable to look at how they react to bugs", but I could be wrong. That's something /I/ think anyway. I'll add that frequency of inept-looking bugs matter and that's why most people argue to stay away from LastPass, since despite having pretty ok response times to bug reports they Just Keep Happening.
|
|
#
?
Jul 11, 2018 21:17
|
|
|
Lain Iwakura posted:Great. Here's the advice you should give: uninstall MalwareBytes because it's trash. Malwarebytes frequently gives me "we just quarantined this" popups when browsing Pornhub. Are those just false positives, or would they be caught by Windows Defender otherwise, or what? Unsinkabear fucked around with this message at 15:38 on Aug 2, 2018 |
|
#
?
Aug 2, 2018 14:29
|
|
|
Unsinkabear posted:Malwarebytes frequently gives me "we just quarantined this" popups when browsing Pornhub. Are those just false positives, or would they be caught by Windows Defender otherwise, or what? What browser are you using? Chrome's incognito mode caches to memory rather than disk, so there's nothing for AV to even scan
|
|
#
?
Aug 2, 2018 16:53
|
|
|
Rufus Ping posted:What browser are you using? Chrome's incognito mode caches to memory rather than disk, so there's nothing for AV to even scan Chrome incognito. It happens exclusively on opening new tabs, but that's all the clues I've got. 
|
|
#
?
Aug 2, 2018 17:04
|
|
|
Rufus Ping posted:What browser are you using? Chrome's incognito mode caches to memory rather than disk, so there's nothing for AV to even scan wait, are you saying all a virus has to do to evade detection is like in memory instead of writing itself to disk?
|
|
#
?
Aug 2, 2018 17:06
|
|
|
Unsinkabear posted:Chrome incognito. It happens exclusively on opening new tabs, but that's all the clues I've got.
|
|
#
?
Aug 2, 2018 17:08
|
|
|
RFC2324 posted:wait, are you saying all a virus has to do to evade detection is like in memory instead of writing itself to disk? Or just not look like malware they already know, but yeah completely avoiding AV isn't hard.
|
|
#
?
Aug 2, 2018 17:08
|
|
|
RFC2324 posted:wait, are you saying all a virus has to do to evade detection is like in memory instead of writing itself to disk? it doesn't even have to do that lol but no I assumed it was on-access scanning because of the reference to 'quarantining'
|
|
#
?
Aug 2, 2018 17:18
|
|
|
Rufus Ping posted:it doesn't even have to do that lol yeah, av sucks and is worse than useless, but never even looking in ram just seems way beyond the lazy i would have expected, given the number of always on computers out there. glad i gave up on it years ago
|
|
#
?
Aug 2, 2018 17:21
|
|
|
How would it decide where to look in RAM and when?
|
|
#
?
Aug 2, 2018 17:24
|
|
|
Subjunctive posted:How would it decide where to look in RAM and when? watch calls to virtualprotect with PAGE_EXECUTE set
|
|
#
?
Aug 2, 2018 17:31
|
|
|
Enjoy churning on the .NET and JS JITs! Would the call to mprotect block until the scan is done?
|
|
#
?
Aug 2, 2018 18:29
|
|
|
Subjunctive posted:Would the call to mprotect block until the scan is done? I guess it would have to, to stand any chance of being effective - probably causing an unbearable delay as you say
|
|
#
?
Aug 2, 2018 19:15
|
|
|
You can also map memory w+x, so it wouldn’t really help anyway.
|
|
#
?
Aug 2, 2018 19:25
|
|
|
Subjunctive posted:You can also map memory w+x, so it wouldn’t really help anyway. I mean you could enforce W xor X Giving a component of your system the ability to read the RAM of things is the best way to shoot good security practices in the face.
|
|
#
?
Aug 2, 2018 19:32
|
|
|
apseudonym posted:I mean you could enforce W xor X even if DEP is set to 'always on', suitable calls to HeapCreate/VirtualAlloc will clear the NX bit so you can't really enforce it
|
|
#
?
Aug 2, 2018 20:14
|
|
|
apseudonym posted:Giving a component of your system the ability to read the RAM of things is the best way to shoot good security practices in the face. this is one of the reasons I would expect AV to do it
|
|
#
?
Aug 2, 2018 21:17
|
|
|
|
| # ? May 17, 2024 07:32 |
|
|
Rufus Ping posted:even if DEP is set to 'always on', suitable calls to HeapCreate/VirtualAlloc will clear the NX bit so you can't really enforce it I meant an OS could, I don't know or really pay attention to windows
|
|
#
?
Aug 2, 2018 22:06
|
|