|
I checked out the three phone-related apps mentioned before (RedPhone, TextSecure, Signal), but none of them are available on WP. What's the best option that works across Android, iOS and WP? Telegram? e: Bonus points for a desktop client of some kind (bitlbee, libpurple) Pollyzoid fucked around with this message at 12:28 on Aug 13, 2015 |
# ? Aug 13, 2015 12:21 |
|
|
# ? Apr 26, 2024 02:16 |
|
Hello thread there's a dude who called my mother one time about her computer security and now he can remote into her computer. Wrote him out a personal check and sent it in the mail. Apparently he has some kind of "security" thing with Microsoft. This sounds sketch as gently caress right? Am I in the right place?
|
# ? Aug 19, 2015 01:29 |
|
The Meat Dimension posted:Hello thread there's a dude who called my mother one time about her computer security and now he can remote into her computer. Wrote him out a personal check and sent it in the mail. Apparently he has some kind of "security" thing with Microsoft. This sounds sketch as gently caress right? That sounds sketchy as hell. Was this cheque written recently?
|
# ? Aug 19, 2015 02:57 |
The Meat Dimension posted:Hello thread there's a dude who called my mother one time about her computer security and now he can remote into her computer. Wrote him out a personal check and sent it in the mail. Apparently he has some kind of "security" thing with Microsoft. This sounds sketch as gently caress right? That is 100% a scam. I've seen this happen before several times.
|
|
# ? Aug 19, 2015 03:13 |
|
Stop payment on that check immediately.
|
# ? Aug 19, 2015 03:24 |
|
Unguided posted:Stop payment on that check immediately. OSI bean dip posted:That sounds sketchy as hell. Was this cheque written recently? Yeah this happened some time ago. It's long gone. Segmentation Fault posted:That is 100% a scam. I've seen this happen before several times. The thing is that it was about a year ago. I told her it was a scam then and she said "we'll see" and so far she hasn't been locked out of her computer so this guy is on the level, supposedly. I guess what I'm looking for is advice on how I convince my mother (an Excel wizard) that continuing this relationship is a bad idea E: I won't continually pester the thread with updates on "this didn't work" or "that didn't work", I'm just at my wits end here. Can I point to something on the Internet for her to look at? The Meat Dimension fucked around with this message at 04:21 on Aug 19, 2015 |
# ? Aug 19, 2015 04:14 |
|
The Meat Dimension posted:Yeah this happened some time ago. It's long gone. https://www.consumer.ftc.gov/articles/0346-tech-support-scams
|
# ? Aug 19, 2015 04:56 |
|
Thanks, really appreciate that.
|
# ? Aug 19, 2015 08:42 |
|
Made an update to the OP regarding password managers.
|
# ? Sep 15, 2015 18:00 |
|
Serious question: Why is everyone so convinced using a password manager is a good idea? To me it just seems like putting all your eggs in one basket. Secondary question: Other than syncing across devices, what good are they over in-browser password storage? I never use it for similar reasons, and doesn't stuff like Firefox Sync or its Chrome counterpart that I am sure exists also do the trick? It doesn't matter how complex your password for the meatspin.com forums is if someone can get to your password vault. Especially when that's protected by a password you're supposed to remember yourself instead of letting the computer generate a hash of correct horse battery staple. Yes, I know your password vault will not be stored on the sites you use it for, but you should be using unique passwords anyway*. *I use unique passwords for important stuff, throwaway accounts for things I don't care about are just that.
|
# ? Sep 16, 2015 18:43 |
|
Geemer posted:Serious question: Why is everyone so convinced using a password manager is a good idea? To me it just seems like putting all your eggs in one basket. I think you answered your own question without realising it. Yes. Putting all of your passwords into a password manager can produce a risk, but having all of your accounts with the same password is a far greater risk than if you keep randomly generated passwords for each of them. The trick is to ensure that you don't make use of the password for your password manager anywhere else. There are other ways to protect your password file (specifically KeePass here) using things like keyfiles or YubiKey. If you use a poo poo password for your password manager then you're going to have a greater concern when you have a compromise of your password file.
|
# ? Sep 16, 2015 19:01 |
|
Geemer posted:Serious question: Why is everyone so convinced using a password manager is a good idea? To me it just seems like putting all your eggs in one basket. Whats harder for most people, remembering one complex password thats computationally impossible to crack or multiple complex passwords that are all computationally impossible to crack? In which situation are most people more likely to slack off and reuse passwords or use weak ones? My point is, yes, the best possible method is memorizing dozens of randomly generated passwords, however very close to no one is able to do that in real life. Password managers provide a solution that improves security over the current real world method most people use by allowing them an easy way to use a different highly complex password for every website, while only minimally reducing security compared to the best possible method through having a single password protecting all of them. That its "one basket" doesn't matter very much if the basket is securely made. Take for example, 1password which uses PBKDF2-HMAC-SHA512 with at default 25,000 iterations. Lets say you have a copy of my 1password vault for which the current password is 16 characters long and only made of letters and numbers. Currently, oclHashcat64 the fastest hash cracking software, gets about 1000 guesses a second on a top of the line graphics card against 1password vaults. Lets assume you spin up 100,000 AWS instances with comparable power because you really wanna crack this drat thing and have a ton of money to burn on it. So you're getting 100 million guesses a second. It will take (36^16)/(100,000,000*60*60*24*365) or about 2,523,674,882 to try every possible guess, for a statistical likely hood of finding my password in 1,261,837,441 years. I'm happy to send you my 1password vault if you wanna test it for yourself.
|
# ? Sep 16, 2015 19:26 |
|
Thanks for the replies, it makes a bunch more sense when you put it like that. What about the second question, though? (Ignoring the generation of a strong password.) "Other than syncing across devices, what good are they over in-browser password storage? I never use it for similar reasons, and doesn't stuff like Firefox Sync or its Chrome counterpart that I am sure exists also do the trick?"
|
# ? Sep 16, 2015 19:46 |
|
Last I'd heard, at least one of the major browsers stored saved passwords as plain text.
|
# ? Sep 16, 2015 19:49 |
|
Geemer posted:Thanks for the replies, it makes a bunch more sense when you put it like that. These aren't bad, and are comparable to other password managers, though in general they use less secure methods for storing the passwords. Like hooah alluded to, last I checked Chrome stored the passwords in plain text unless you're on OSX where it uses Keychain. Safari uses Keychain on OSX as well. Firefox uses a master password with 3DES which is a bit better as its not tied to the system password. One other benefit is other than syncing across devices, things like 1password/keepass are also easier to use across applications. I pretty regularly use Firefox, Safari, and Chrome, so being able to use 1password from all of them is pretty nice. Also makes it easier to store passwords for applications like Skype/Steam/etc.
|
# ? Sep 16, 2015 20:43 |
|
pr0zac posted:These aren't bad, and are comparable to other password managers, though in general they use less secure methods for storing the passwords. Like hooah alluded to, last I checked Chrome stored the passwords in plain text unless you're on OSX where it uses Keychain. Safari uses Keychain on OSX as well. Firefox uses a master password with 3DES which is a bit better as its not tied to the system password. IIRC Chrome doesn't use Keychain anymore due to the excuse that "Safari doesn't share its passwords so why should we use the Keychain?"
|
# ? Sep 16, 2015 20:54 |
|
I use a notepad. am i a bad nerd?
|
# ? Sep 16, 2015 22:18 |
|
A physical notepad or notepad.exe? If it's the former then IMO that's fine for almost everyone. If it's the latter then you should at least use a decent password manager so it's not sitting unencrypted on disk.
|
# ? Sep 16, 2015 22:45 |
|
froward posted:I use a notepad. am i a bad nerd? The main disadvantages of a physical notepad are that you may lose all of your passwords in a fire or theft. As long as you accept those potential risks then it's alright. My parents use this easily identifiable notebook for their passwords and despite the potential risks it's just about the right level of useful for them: http://www.amazon.com/BookFactory%C2%AE-Password-Passwords-Notebook-JOU-120-MCW-/dp/B009YK2GOA/
|
# ? Sep 17, 2015 03:18 |
|
Hey OSI bean dip, two questions: Why is it better to use another DNS? What's wrong with my ISP's DNS? Would you mind if I took your OP, translated it and published it on a webpage for my friends and family? I might add some extra explanations for the especially stupid readers. If you'd like to be credited in a specific way, shoot me a PM.
|
# ? Oct 17, 2015 09:37 |
|
ISP-run DNS tends to go down more, and they have been known to replace what should be NXDOMAIN responses with adverts, or to deliberately return wrong A records in an attempt to block sites. You also don't know whether they collect your DNS queries or what they do with them. ISPs are generally complete scum
|
# ? Oct 17, 2015 15:53 |
|
What's the best way to keep Keepass synchronized between my devices (three computers, one phone)? Someone suggested putting the database on SpiderOak, but I want to make sure that isn't a bad idea. The key for the database itself is unique and over 130 entropy bits, so hopefully that would be enough.
|
# ? Oct 17, 2015 20:51 |
|
22 Eargesplitten posted:What's the best way to keep Keepass synchronized between my devices (three computers, one phone)? Someone suggested putting the database on SpiderOak, but I want to make sure that isn't a bad idea. The key for the database itself is unique and over 130 entropy bits, so hopefully that would be enough. SpiderOak is fine I quite like BitTorrent Sync because the Android app is nicer than SpiderOak's
|
# ? Oct 17, 2015 21:00 |
|
Rufus Ping posted:ISP-run DNS tends to go down more, and they have been known to replace what should be NXDOMAIN responses with adverts, or to deliberately return wrong A records in an attempt to block sites. You also don't know whether they collect your DNS queries or what they do with them. ISPs are generally complete scum You're extrapolating your experiences with the US' ridiculous ISPs to the rest of the world. Over here in The Netherlands I've only had issues with my ISP's DNS three times in the last 10 years. Also, you also don't know whether the non-ISP DNS collects your queries or what they do with them, so why even consider that?
|
# ? Oct 17, 2015 22:23 |
|
Geemer posted:You're extrapolating your experiences with the US' ridiculous ISPs to the rest of the world. Geemer posted:Over here in The Netherlands I've only had issues with my ISP's DNS three times in the last 10 years. Geemer posted:Also, you also don't know whether the non-ISP DNS collects your queries or what they do with them, so why even consider that?
|
# ? Oct 17, 2015 23:16 |
|
You're right though. Between Phorm and the Verizon header injections, ISPs have shown they can't be trusted not to gently caress with either HTTP requests, or HTTP responses. There's no reason to believe they're above loving with DNS responses from third party resolvers either.
|
# ? Oct 17, 2015 23:25 |
|
Rufus Ping posted:I'm in Europe Changing your DNS to Google's with the expectation that this will decrease any data-mining occurring is remarkably stupid. The only uses in "intercepting" your name lookups at large is almost entirely stats based, and you better believe Google will do this. Their DNS is also usually slow. Your ISP has 1001 other, better and less intensive ways of monitoring you if they wanted to. You change your DNS because there are better DNS resolvers that filter your results against known malware sites / bad ad domains and in some cases attempts by malware to phone home.
|
# ? Oct 17, 2015 23:26 |
|
Khablam posted:Changing your DNS to Google's with the expectation that this will decrease any data-mining occurring is remarkably stupid. The only uses in "intercepting" your name lookups at large is almost entirely stats based, and you better believe Google will do this. Their DNS is also usually slow. Personally I change it so the responses I receive accurately reflect the RRs published by the authoritative DNS, but don't let me stop you trying to blacklist "bad ad domains" using the equivalent of a hosts file
|
# ? Oct 17, 2015 23:42 |
|
Khablam posted:Their DNS is also usually slow. 17ms here, but the speed-up might be due to PeerGuardian
|
# ? Oct 17, 2015 23:45 |
|
Rufus Ping posted:Personally I change it so the responses I receive accurately reflect the RRs published by the authoritative DNS, but don't let me stop you trying to blacklist "bad ad domains" using the equivalent of a hosts file It's the equivalent of a dynamically updating hosts file that can't readily be overwritten, so that's a lot better than nothing. Their focus is on blocking malware from phoning home / stopping botnet control and they have reasonable success at that. Much more effective, say, than the success rate you'd achieve trying to block anti-piracy groups with an open filter list, which you feel is worth your time. Differences in performance is less ping time (since all are within milliseconds of one another), and more one of reliability; Google's DNS has gone through several rocky patches where it would create considerable lag from making your enquiries retry or fallback due to non-response. Not sure if this is still such an issue.
|
# ? Oct 18, 2015 01:08 |
|
Khablam posted:It's the equivalent of a dynamically updating hosts file that can't readily be overwritten, so that's a lot better than nothing. Their focus is on blocking malware from phoning home / stopping botnet control and they have reasonable success at that. We're getting off-topic here, but letting your ISP sinkhole any hostname their three-letter-agency pals tell them is "malware" isn't the same as my carefully vetted blacklist shared over a tahoe-lafs hidden service. Grow up. Khablam posted:Differences in performance is less ping time (since all are within milliseconds of one another), and more one of reliability; Google's DNS has gone through several rocky patches where it would create considerable lag from making your enquiries retry or fallback due to non-response. Not sure if this is still such an issue. Clearly this is why you should be running unbound which automatically removes resolvers from the pool if they become unreliable
|
# ? Oct 18, 2015 02:37 |
|
Rufus Ping posted:SpiderOak is fine Okay, thanks. Speaking of Android, is one of the Keepass apps better than the others? Or is there one that's evil and actually stealing passwords, or anything like that?
|
# ? Oct 18, 2015 05:16 |
|
22 Eargesplitten posted:Okay, thanks. this is the problem with keepass relying on so many third party programs and plugins and apps, you don't know imo buy 1password instead. At least it's all made by one company
|
# ? Oct 18, 2015 05:45 |
|
22 Eargesplitten posted:Okay, thanks. I'm using Keepass2Android and at least I think I haven't been hacked yet so Su-Su-Sudoko fucked around with this message at 06:01 on Oct 18, 2015 |
# ? Oct 18, 2015 05:56 |
|
Does Google Public DNS offer any advantages over OpenDNS?
|
# ? Oct 18, 2015 10:00 |
|
I just installed that EMET thing the OP talks about. Any recommended settings for that? Is there harm in setting it to the maximum security profile?
|
# ? Oct 18, 2015 11:15 |
|
Applebees posted:Does Google Public DNS offer any advantages over OpenDNS? It supports DNSSEC and should theoretically be immune to DNS spoofing. The list of such incidents is vanishingly small however, and most DNS servers do their own sanity checking to ensure they're not being fed lies. Past (successful) attacks have been against ISP DNS servers, so switching to either is very likely to be equivalent protection from it. OpenDNS filtering owns, and if you need any other reason to use it, it makes graphs of your requests.
|
# ? Oct 18, 2015 12:34 |
|
Khablam posted:OpenDNS filtering owns, and if you need any other reason to use it, it makes graphs of your requests. But wasn't that the stuff Rufus Ping was making GBS threads their pants about earlier? gently caress! Looks like free services actually do need to make money somehow! Better spin up your own personal DNS server and stock up on tinfoil.
|
# ? Oct 18, 2015 14:18 |
|
http://myers.io/2015/10/22/1password-leaks-your-data/ quote:Let me summarise: Do not use the Agile Keychain format. It leaks your data. If you are using it, convert it to the OPVault format immediately. If you are using the 1PasswordAnywhere you are currently using the Agile Keychain and should stop and convert ASAP.
|
# ? Oct 22, 2015 04:08 |
|
|
# ? Apr 26, 2024 02:16 |
|
John Lightning posted:http://myers.io/2015/10/22/1password-leaks-your-data/ Thanks for reminding me to edit the OP about this.
|
# ? Oct 22, 2015 04:10 |