|
Poster B (Me) explained the analogy of the street cleaners posited by poster A (Potato Salad) because poster A had clearly given up on the will to live and I genuinely feared you'd be asking about street cleaners ITT forever. Does that explain it?
|
#
?
Aug 23, 2018 17:20
|
|
|
|
| # ? May 25, 2024 13:52 |
|
|
Khablam posted:Poster B (Me) explained the analogy of the street cleaners posited by poster A (Potato Salad) because poster A had clearly given up on the will to live and I genuinely feared you'd be asking about street cleaners ITT forever. Take a break, seriously. Then read the posts again. I don't think I am alone in believing you are wrong here.
|
|
#
?
Aug 23, 2018 17:22
|
|
|
Genuinely curious if you've ever been diagnosed with, or been accused of suffering from, mania
|
|
#
?
Aug 23, 2018 17:24
|
|
|
Rufus Ping posted:Genuinely curious if you've ever been diagnosed with, or been accused of suffering from, mania Not me, but I'm not sure about Khablam and his "street cleaners"/strawmen obsession. Anyway, I'm taking a break from this insane derail, hope no one has a heart attack, have a nice day everyone. Downs Duck fucked around with this message at 17:33 on Aug 23, 2018 |
|
#
?
Aug 23, 2018 17:26
|
|
|
Do you know the difference between a straw man and an analogy?
|
|
#
?
Aug 23, 2018 17:32
|
|
|
DoctorTristan posted:Do you know the difference between a straw man and an analogy?
|
|
#
?
Aug 23, 2018 17:52
|
|
|
Wiggly Wayne DDS posted:he never mentioned straw men, please keep to the topic
|
|
#
?
Aug 23, 2018 17:57
|
|
|
Wiggly Wayne DDS posted:he never mentioned straw men, please keep to the topic I was misdirected by his awesome Infosec practice of writing incomprehensible walls of text.
|
|
#
?
Aug 23, 2018 18:29
|
|
|
I’ve twice tried to start writing a patient, compassionate post explaining where Duck went wrong, but I can’t get my head all the way around it. It is a lot to unpack. Wheels within wheels.
|
|
#
?
Aug 23, 2018 18:55
|
|
|
Downs Duck posted:To make it easy, a mechanic or a nurse wouldn't respond like many (not all) IT-professionals do (various degrees of angry/insults/etc like in this thread), when asked politely about something related to their field of expertise. In my humble, anecdotal experience. When I said to switch off custom ROMs its because I do OS security, and you've taken your security from people who do it for a living and put it all on yourself, and you're not a mechanic. Fundamentally the view that you need to do extra things to make yourself secure is the problem, because you're not an expert and can't be expected to do so correctly, and in your attempts to do something you've made your situation worse.
|
|
#
?
Aug 23, 2018 19:16
|
|
|
The sarcasm, sass, and confrontational attitudes are in no way unique to IT. They're generally an internet thing, and very much a dead gay comedy forum thing. If you don't know much about cars, go into Automotive Insanity. Describe your understanding of how a car works and what you think specifically can be done to keep it running and see what happens. It will be functionally the same as what you got here: facts and good advice interspersed with people telling you your ideas are dumb or wrong in a spectrum of different ways.
|
|
#
?
Aug 23, 2018 19:52
|
|
|
Downs Duck posted:Take a break, seriously. Then read the posts again. I don't think I am alone in believing you are wrong here. Holy crap dude, there's no way you're this dense. I can understand "how did this get here I am not good with computer" tier infosec knowledge when you're not in or peripheral to the industry, but this is something else. Also I use a jailbroken phone because it's the only way to remap the Bixby button. gently caress Samsung.
|
|
#
?
Aug 24, 2018 08:46
|
|
|
No, it's not. There's a couple of apps that achieve it.
|
|
#
?
Aug 24, 2018 10:32
|
|
|
They aren't as good as bxActions.
|
|
#
?
Aug 24, 2018 12:24
|
|
|
   https://www.youtube.com/watch?v=N9wsjroVlu8   Just want to say I've gotten a lot from this thread about security and practices. Regardless of the arguments & derails, there is quite a bit of experience here and people are worth listening to. So for a positive note: I'd like to thank the advice, good and otherwise! I don't think it's been said enough that for free tips, advice, & experience this thread has helped many for not a lot of thanks. (I'm sure in IT you're all used to it)
|
|
#
?
Aug 24, 2018 14:15
|
|
|
Cup Runneth Over posted:They aren't as good as bxActions. If you've somehow got an app that needs it, you've got a fraudulent app.
|
|
#
?
Aug 24, 2018 19:07
|
|
|
Khablam posted:bxactions doesn't require root, it runs using the accessibility workarounds. You can use ADB to further expand the options but you do not need to root. I've got this one: https://play.google.com/store/apps/details?id=com.jamworks.bxactions&hl=en_US I'm pretty sure that's why I installed root. It's been a while.
|
|
#
?
Aug 25, 2018 03:51
|
|
|
Cup Runneth Over posted:I've got this one: https://play.google.com/store/apps/details?id=com.jamworks.bxactions&hl=en_US Don't root phones.
|
|
#
?
Aug 25, 2018 14:47
|
|
|
Google has started selling their Titan security key bundle to the general public for $50. It comes with one NFC-capable USB key and one Bluetooth key with USB dongle. If I'm in the market to buy security keys, is there any reason I wouldn't buy these in favor of a pair of good ol' Yubikey NEOs for $100? My phone is a NFC-capable Android, so the Bluetooth key is the one that would get shoved into the firesafe as a backup.
|
|
#
?
Aug 30, 2018 19:04
|
|
|
I’m keen to purchase some sort of internal security camera for my apartment. My thoughts were that it doesn’t need to be internet enabled (I would actually prefer it isn’t for security reasons). I was thinking some kind of cheap IP camera and cheap NAS that saves like a week’s footage. Low FPS is fine. Can anyone recommend something? I’m renting at the moment so it’s really just to keep an eye on unsupervised people in my apartment. I try to be there generally but can’t always. This may be outside the scope of this thread, please let me know if so.
|
|
#
?
Aug 31, 2018 05:10
|
|
|
Red_Fred posted:I’m keen to purchase some sort of internal security camera for my apartment. My thoughts were that it doesn’t need to be internet enabled (I would actually prefer it isn’t for security reasons). I was thinking some kind of cheap IP camera and cheap NAS that saves like a week’s footage. Low FPS is fine. Can anyone recommend something? You may want to ask in the Home automation and security systems thread. IP cameras are very cheap these days and are usually pretty good. If you want to keep an eye on your place because you think someone may do something, consider that they may do something and then steal your camera and NAS as well when you plan it out. A lot of IP cameras can even just record onto a micro-sd hc card if you don't want to involve saving it to a drive, but this further increases the danger of one device being stolen or broken and leaving you with no footage.
|
|
#
?
Aug 31, 2018 05:27
|
|
|
Got infected by some malware recently, probably from a torrent. It went by SoundMixer.exe and the only reason I found out I had it was because it (presumably accidentally) disabled the Command Prompt. Surprisingly easy to clean out; just deleted it from AppData, cleaned out the few registry entries it made, and force-killed the "Sound Mixing Utility" processes it started, and everything was back to normal. Anyway, if cmd.exe suddenly stops working for you, that's probably why.
|
|
#
?
Aug 31, 2018 09:14
|
|
|
Cup Runneth Over posted:Got infected by some malware recently, probably from a torrent. It went by SoundMixer.exe and the only reason I found out I had it was because it (presumably accidentally) disabled the Command Prompt. Surprisingly easy to clean out; just deleted it from AppData, cleaned out the few registry entries it made, and force-killed the "Sound Mixing Utility" processes it started, and everything was back to normal. Anyway, if cmd.exe suddenly stops working for you, that's probably why. Malwares can leave secondary payloads. Make sure to do a very thorough scan of your computer for other malware, and keep at it because if there's something else it might stay dormant for a long time until something (like a timer or whatever) triggers it.
|
|
#
?
Aug 31, 2018 17:19
|
|
|
Carbon dioxide posted:Malwares can leave secondary payloads. Make sure to do a very thorough scan of your computer for other malware, and keep at it because if there's something else it might stay dormant for a long time until something (like a timer or whatever) triggers it. 
|
|
#
?
Aug 31, 2018 17:29
|
|
|
I'm probably switching from android to ios. Anyone got a recommendation for Keepass on iOS? My requirements are only: not-stupid, no ads, supports dropbox. MiniKeePass comes up first... And I guess just for the record, I've found the following to be fine keepass clients for various OSes: Windows: KeePass 2 MacOS: MacPass (Thank you OP for pointing this one out!) Linux: KeePassX Android: KeePassDroid These all work fine syncing together. Second question: I want to adopt Yubikeys in the not too distant future. I seem to recall that iOS has problems with NFC. Is that getting resolved at all? Or has it? Basically, any reason I should be wary of going to iOS in this respect? Finally: Anybody here adopted that Google Account Advanced Protection feature? Any problems? Do the usual iOS integrations still work just fine? (contacts, calendar, mail)
|
|
#
?
Aug 31, 2018 18:22
|
|
|
For what it is worth, there isn't really a good option for KeePass on iOS but I have been using the shared clipboard option when I am at home--I have no idea about its risk of use here. This has been a recommendation to me but I have yet to test: https://www.kyuran.be/software/kypass/
|
|
#
?
Aug 31, 2018 18:53
|
|
|
I use MiniKeePass on iOS and it's been fine for me. You can export your database from your Dropbox app to it and upload key files via iTunes.
|
|
#
?
Aug 31, 2018 19:13
|
|
|
+1 to MiniKeePass, but bear in mind the sync is one way and it can be frustrating if you ever need to sign up to anything on your phone. Yubikey has some support on iOS, but it's walled in as is anything iOS and I don't think minikeepass supports it.
|
|
#
?
Sep 1, 2018 00:51
|
|
|
Lain Iwakura posted:For what it is worth, there isn't really a good option for KeePass on iOS but I have been using the shared clipboard option when I am at home--I have no idea about its risk of use here. I use this and it’s good! Think it’s paid though. Can update you DB using your phone which is pretty handy.
|
|
#
?
Sep 1, 2018 02:48
|
|
|
Carbon dioxide posted:Malwares can leave secondary payloads. Make sure to do a very thorough scan of your computer for other malware, and keep at it because if there's something else it might stay dormant for a long time until something (like a timer or whatever) triggers it. Good advice. Just found out it disabled Windows Defender via group policy (short registry fix there), so might be the best option (my only option!). Any advice on whether Fresh Start is better than a full flatten?
|
|
#
?
Sep 1, 2018 06:42
|
|
|
Cup Runneth Over posted:Good advice. Just found out it disabled Windows Defender via group policy (short registry fix there), so I don't think anyone on these forums is ever going to recommend anything other than the straight nuke reinstall, especially when malware is involved. Quite frankly, one could argue the "soft" reinstall options Windows gives these days are misleading, false reassurance for people who don't make backups, and could theoretically cause bigger diagnostic problems for regular users later on down the road.
|
|
#
?
Sep 1, 2018 07:46
|
|
|
I have no idea what those soft reset options even do.
|
|
#
?
Sep 1, 2018 07:53
|
|
|
Khablam posted:+1 to MiniKeePass, but bear in mind the sync is one way and it can be frustrating if you ever need to sign up to anything on your phone. You can sync both ways by re-uploading the file to dropbox from MiniKeePass, though the sequence for doing that is weirdly counterintuitive and I have to look it up every single loving time.
|
|
#
?
Sep 1, 2018 08:40
|
|
|
Speaking of KeePass et al., I switched the storage from Google Drive to Dropbox a whole back since in either this thread or one of the Android threads people said it worked better with Keepass2Android, the app I've been using. However, it still doesn't sync from my phone. What other combinations should I try? I just downloaded KeePassDroid, but it can't pull from Dropbox at all.
|
|
#
?
Sep 1, 2018 14:07
|
|
|
Fresh Start redownloads the OS and performs an in-place, same-version upgrade preserving user files. It's okay, I've used it to eliminate Trojans/adware/bloatware/spyware successfully. It will eliminate most rootkits as the downloaded payload is signed and verified. It's hard to give an endorsement to a system with terrible QA and non-existent transparency, but researchers have spent and continue to spend significant effort on investigating the integrity of the always-on, P2P Windows Update and Install/Upgrade stacks as a sort of Holy Grail of watering hole attacks. It's good so far, with the only significant, unmitigated issue being that Reset installs a Windows-brand operating system on your machine. Potato Salad fucked around with this message at 14:49 on Sep 1, 2018 |
|
#
?
Sep 1, 2018 14:46
|
|
|
Dumb question here but for the life of me I have still not been able to figure this out. This is one of those questions where I've let it go on too long before finally admitting I don't get it. I know password managers with complex passwords are the way to go now. My question is, if I understand how they work, is that essentially you have some sort of password for access to your Password manager, and then the manager autogenerates long and complex passwords for each of your websites or accounts you go to (do they do it automatically like Google's password thing?). If my understanding of the above is correct, does that mean you pretty much have to only use your computer or device that has this manager on it to login to your accounts? If I have a password manager on my laptop that manages Something Awful, then I go on my phone, how do I login when the manager is on my phone? Finally, I'm assuming this precludes you really using any of your accounts from a public computer or your friend's, right?
|
|
#
?
Sep 1, 2018 14:54
|
|
|
It's not all that hard to enter a 15 character password on a friend's computer, reading from your phone If you're regularly doing lots of work on shared computers, put that in your use case.
|
|
#
?
Sep 1, 2018 14:58
|
|
|
If you're in the situation where you might need to do that, leave symbols out of the password and check it - eliminate any ambiguous characters O / 0 and I / l for instance. Keepass and a few others will use a font to help, but it's still a good idea. hooah posted:Speaking of KeePass et al., I switched the storage from Google Drive to Dropbox a whole back since in either this thread or one of the Android threads people said it worked better with Keepass2Android, the app I've been using. However, it still doesn't sync from my phone. What other combinations should I try? I just downloaded KeePassDroid, but it can't pull from Dropbox at all.
|
|
#
?
Sep 1, 2018 15:29
|
|
|
IMO the most important aspect of using a password manager is that it encourages you to use unique passwords for each service that you interact with. If a service you use is doing something stupid like storing passwords in plain text it won't matter how complex your password is if their DB gets popped. However if your password is unique to that one service then it will prevent whomever from compromising your other accounts. Realistically having 2FA enabled with an OTP app is more important than making sure your password is complex.
|
|
#
?
Sep 1, 2018 16:19
|
|
|
|
| # ? May 25, 2024 13:52 |
|
|
cheese-cube posted:Realistically having 2FA enabled with an OTP app is more important than making sure your password is complex. This still leaves the user vulnerable to phishing and MITM attacks, however. That's why the glacial adoption rate of FIDO security keys is so frustrating, as they both kill those attacks dead and have the benefit of being easier to use and understand for the average user. At that point, using both a password manager and security key (with any SMS recovery notably disabled), the last remaining front-end account vulnerabilities would be compromised devices and physical coercion.
|
|
#
?
Sep 1, 2018 17:57
|
|