|
Grog posted:Not sure if I should just ask in here or make a new thread, but I'll ask anyway. Let me know otherwise. What did the AV engines on VirusTotal report it as? Usually you can find an accompanying KB article from the relevant vendor which lists signs of infection that you can check for. Of course that's assuming that it's fairly benign.
|
#
¿
Oct 29, 2015 12:46
|
|
|
|
| # ¿ May 3, 2024 13:26 |
|
|
Khablam posted:So with SSL fuckery (thanks Dell) and manufacturers doing MITM attacks on their own customers, bad AVs self-signing your requests (breaking EV) should we talk about SSL security? That GRC page is absolutely garbage. SSL Labs is pretty much the go-to for validating the strength of a web-servers TLS implementation/configuration. Edit: it appears that you are actually talking about PKI and validation of client-side trusted root/intermediate CA certificate stores, not SSL/TLS. Just keep your OS, web browsers and any other applications which maintain their own trusted CA certificate stores up-to-date (e.g. JRE). If you've bought a new machine then it really depends whether or not the OEM is a massive rear end in a top hat so format and reinstall the OS I guess. Pile Of Garbage fucked around with this message at 14:20 on Nov 25, 2015 |
|
#
¿
Nov 25, 2015 14:02
|
|
|
TwystNeko posted:Similar to Goodpancakes, I've had several login alerts with google. Check the apps which have been authorised to access your Google account here: https://security.google.com/settings/security/permissions. If there are any that you don't recognise then revoke them (Or just revoke all of them). Enable 2FA on your Google account using the Google Authenticator app (https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en) as your primary and SMS/landline as backup. Then enable 2FA on all other services which support it (If they support OAuth2 then you can hook them in with the Google Authenticator app). Once you've done all that you can start looking for a password manager (KeePass seems to be popular, I can't comment because I just use Password Safe on an encrypted volume like some sort of old).
|
|
#
¿
May 16, 2016 09:16
|
|
:
|
Hammer. Seriously, if you have data worth recovering from a physically damaged HDD by a nefarious third-party then you wouldn't be posting here. Unless you want to sell the HDDs?
|
|
#
¿
May 31, 2016 18:12
|
|
|
OSI bean dip posted:The more destructive the better. Sell them to Colin Furze for thermite cannon target practice!
|
|
#
¿
May 31, 2016 18:56
|
|
|
Just smash it with a hammer. Unless you have to conform with a data disposal standard just hammer it.
|
|
#
¿
May 31, 2016 19:13
|
|
|
Segmentation Fault posted:I was under the impression it did some other things too. Is uBlock Origin just a superset of Disconnect then? I don't know whether there's any overlap between the uBlock and Disconnect filters but you can enable a whole bunch of different third-party filters, including Disconnect, in the uBlock Origin add-on settings: 
|
|
#
¿
Jul 21, 2016 15:44
|
|
|
Might want to add a bit about restricting administrative access (HTTP, SSH, etc.) on the device so that it can only be administered via your internal network. Heaps of garbage devices have that enabled by default and it's how they get owned.
|
|
#
¿
Aug 11, 2016 03:02
|
|
|
Squeegy posted:This thread is neat and I've enjoyed reading it. It's also gotten me to tighten up some stuff. I have a few questions; OpenDNS seems to be widely recommended, but I've been using something called Simple DNSCrypt. Have you ever heard of it and is it worth using over OpenDNS? It encrypts your DNS traffic, which seems like it would help prevent MITM attacks, and hasn't had any noticeable downsides for me other than occasionally changing the server when things stop loading. Encrypting the connection from your client to the DNS server may make MITM more difficult however most malware simply just tampers with your DNS client settings or edits your host file. Edit: to actually provide some advice, if you have a firewall then block all outbound udp/53 except for DNS servers that you trust. Pile Of Garbage fucked around with this message at 11:50 on Sep 2, 2016 |
|
#
¿
Sep 2, 2016 11:43
|
|
|
Mo_Steel posted:Relevant side-question from the discussion on the last page, anyone got a good breakdown of HTML5 vs. Flash in terms of security and vulnerabilities? Is it sandboxed better to prevent egregious poo poo, less long-standing known security flaws, smaller current userbase, etc.? They're really two different things entirely. HTML is just a markup language which your browser parses and feeds into its layout engine to render the page. Videos are simply embedded using the <video> element which contains a URL to the video file which the browser downloads and plays back. The browser doesn't actually "execute" anything (Ignoring JS). On the other hand, Flash objects (SWFs) are essentially compiled applications which are executed by the Flash Player plug-in. This is the main reason why Flash is inherently dangerous, you're executing untrusted code on your machine.
|
|
#
¿
Oct 19, 2016 03:26
|
|
|
OSI bean dip posted:I would never ever trust a computer. If you can find a way to flatten them, you should do so. ftfy
|
|
#
¿
Dec 19, 2016 07:50
|
|
|
uPen posted:You're not going to run into something that can turn a USB drive into an infection source on 99.9% of computers. Copy any documents, pictures, music etc you want off the pc, format the drive and reinstall windows. Yeah this is bunk. Any file system mounted RW on an infected machine should be considered compromised.
|
|
#
¿
Jan 14, 2017 08:54
|
|
|
African AIDS cum posted:My PC was recently hacked or infected with a trojan or something, not sure as no scanner picked anything up, but someone was able to get into my email/amazon/banking etc, even bypassing 2 factor authentication. Also noticed a ton of bandwidth being used by tcpsvcs.exe to some random brazillian IP address. I am very careful about what I allow to run, so I really have no idea what happened. Doing your banking, etc. in a VM will only be "safer" if you already assume and expect your PC to be compromised. If your PC has been compromised then they would have probably owned your accounts anyway. In addition things like phishing attacks rely on exploiting the user more than the computer so if you aren't being careful you can be owned regardless. Upgrade to Windows 10, keep your OS and software (Browsers, etc.) up-to-date, enable click-to-play for all browser plug-ins (Flash, Java, etc.) or if you don't need them uninstall completely, get an ad-block extension for your browser (For FF/Chrome: uBlock Origin), get a password manager and set different passwords for all your accounts online, enable app-based 2FA for everything and be more careful online.
|
|
#
¿
Feb 2, 2017 06:03
|
|
|
Cup Runneth Over posted:What the absolute gently caress, Adobe? I can't save documents in Adobe Acrobat Reader DC without triggering EMET's Caller mitigation and crashing the program. How do you gently caress that up?? More often than not it's the AV that's hosed up but we are talking about Adobe here soooo
|
|
#
¿
Mar 7, 2017 10:51
|
|
|
Cup Runneth Over posted:EMET isn't an AV. Lol yes you are correct. For some reason I read EMET as ESET...
|
|
#
¿
Mar 7, 2017 11:50
|
|
|
Subjunctive posted:I would hope that it wipes all unallocated space. This. Also depends on how you're wiping it (Pattern, number of passes, etc.)
|
|
#
¿
Mar 15, 2017 14:31
|
|
|
Oysters Autobio posted:Is this a good thread to ask about VPNs? The security risks will depend on the VPN implementation in software and how you configure it. IMO you should only consider it if you have an actual requirement for it. RFC2324 posted:don't you pretty much have to run the vpn on the router unless you want to expose an internal system? Never trust consumer networking equipment to not be riddled with vulnerabilities.
|
|
#
¿
Jan 1, 2018 04:38
|
|
|
Blowdryer posted:1. Enhanced Mitigation Experience Toolkit (EMET) Correct. The protection provided by EMET was rolled into Windows Defender. Blowdryer posted:2. At least for Windows' built-in firewall, configure it so it denies all inbound traffic regardless of what network you are on and only enable inbound ports if absolutely necessary. Unless you're going to be using a 4G dongle or have a weird setup your PC will be behind NAT and not directly exposed to the internet. Modifying the Windows Firewall configuration will only really affect communication with other devices on your LAN. IMO just leave it as-is and make sure you will be fine, if you're super worried just set the network location to "Public". Edit: applications like Steam and most Windows torrent clients are smart enough that they'll automatically add inbound rules to Windows Firewall when you install them. However, and this is more specific to torrent clients, if you've disabled UPnP on your modem/router (And you should) then you'll need to configure static NAT/port forwarding to allow inbound connections. Also uTorrent is terrible, use Deluge instead. Blowdryer posted:3. Make sure that admin access is disabled from the Internet This is referring to your router/modem and administrative access via HTTP/SSH/Telnet/etc. You need to check the configuration of your router/modem and make sure that it only allows administrative access from your LAN and does not allow access from the internet. Blowdryer posted:4. Should I get Malwarebytes Anti-Malware? Planning on using Windows Defender & Firewall. No, don't bother with MBAM or any other AV really as they're all hot garbage. Pile Of Garbage fucked around with this message at 11:00 on Jan 6, 2018 |
|
#
¿
Jan 5, 2018 17:35
|
|
|
Rexxed posted:Malwarebytes anti-malware had a bug in an update today that caused some kind of memory leak that would cause windows to crash. Apparently there's a new update that fixes it but if you had windows problems today and use it, that's why: cheese-cube posted:No, don't bother with MBAM or any other AV really as they're all hot garbage.
|
|
#
¿
Jan 28, 2018 08:43
|
|
|
IMO the most important aspect of using a password manager is that it encourages you to use unique passwords for each service that you interact with. If a service you use is doing something stupid like storing passwords in plain text it won't matter how complex your password is if their DB gets popped. However if your password is unique to that one service then it will prevent whomever from compromising your other accounts. Realistically having 2FA enabled with an OTP app is more important than making sure your password is complex.
|
|
#
¿
Sep 1, 2018 16:19
|
|
|
yoloer420 posted:Advertisers can target you based on a variety of mechanisms, this is true. Google won't give that information or your details to the advertisers though. That would be against Google's interests because then advertisers could target you directly, without continuing to pay Google. Yeah but if they ever did find a way to make more money by handing out people's personal info then they'd probably do it.
|
|
#
¿
Sep 23, 2018 08:52
|
|
|
OSU_Matthew posted:5. Pi hole is easy and effective to set up, and using Quad-9 as your DNS can help protect you from malicious resolutions. I posted a few pages ago about this, and it was just brought up again. Not a panacea, but it helps Quad-9 had issues with geolocation for services like Office 365, not sure if they've since rectified them.
|
|
#
¿
Mar 13, 2019 09:00
|
|
|
I didn't see it mentioned in the Cloudflare blog post but 20k prefixes were affected by the issue. Good stuff  https://twitter.com/bgpmon/status/1143149817473847296 Edit: also here's a NANOG post that points out that the issue could have been avoided if poo poo was configured correctly: https://mailman.nanog.org/pipermail/nanog/2019-June/101589.html Pile Of Garbage fucked around with this message at 04:31 on Jun 26, 2019 |
|
#
¿
Jun 26, 2019 04:28
|
|
|
olives black posted:- Configure unprivileged user account for general use This adds little in the way of security and will drive you insane. Just leave the UAC config as default. olives black posted:- Configure firewall to block all inbound traffic that is not pointed at ports 22 and 5001 (for sshd and Universal Media Server, respectively) from unapproved IP addresses (my PS4 and a few other things maybe) or part of an established connection The default Windows Firewall profiles block almost all inbound protocols quite adequately. You'll be fine unless you're port-forwarding inbound to your PC on your router and/or your LAN is packed full of dodgy devices (If it's the latter then the best approach is to put your PC on a separate VLAN and permit/deny traffic on your router). olives black posted:- Replace default browser with NoScript-hardened Firefox I've never seen the point of NoScript tbh. Just get uBlock Origin and don't install Flash or Java. olives black posted:- Install whatever Microsoft's official antivirus is atm assuming it doesn't already get set up with the OS installer No action required really, Windows Defender is enabled by default in Win10 and the default settings are OK. There are some extra hardening settings you can enable like Controlled Folder Access which is neat. olives black posted:- Disable Cortana and all of the other search bullshit This is fine however please don't run one of those PowerShell scripts which nukes all the AppX stuff as those honestly do more harm than god. IMO best approach is to uninstall what you can and just not use the rest. It's also worth going through every section in the Windows Settings (New Control Panel) to disable all the dumb telemetry stuff. olives black posted:- Change DNS service to OpenDNS or something else (more research required) OpenDNS got bought by Cisco and rebranded as Cisco Umbrella. Generally for a home setup the recommended approach is to use anything other than your ISP for DNS resolution. The main options out there are:
I personally use Cloudflare as it's the fastest and Google as a backup. Quad9 and Umbrella apparently offer enhanced security (Blocking malicious domains, etc.) however I've personally seen GeoIP issues with Quad9 and Umbrella is just kinda bad. You might also want to look into DNS over HTTPS (DoH). Cloudflare's resolver supports it and you can enable DoH in the latest Firefox release however there's not exactly any support for it at the OS level in Win10.
|
|
#
¿
Oct 4, 2019 18:00
|
|
|
olives black posted:Thank you for the follow-up! That's the thing though: are you confident that when presented with a UAC elevation prompt, expected or otherwise, you can adequately determine whether or not the process which spawned it can be trusted (Remembering that whilst the UAC prompt is active you cannot interact with the OS and the prompt itself only includes at most the process name, PID and path)? This is essentially one of those situations where you're sacrificing usability in the name of security without actually increasing security. Also your analogy isn't really accurate as sudo is manual elevation and more akin to "Run as Administrator" on Windows.
|
|
#
¿
Oct 4, 2019 19:08
|
|
|
olives black posted:Point taken regarding the sudo analogy. However, it's less about knowing whether or not I can trust the process as it is about forcing myself to slow down and consider what's happening. I feel like you maybe don't use Windows on the reg and/or haven't used it in some time because honestly in Windows 10 UAC elevation prompts are very rare. I use Win10 all the time at work and at home and only ever see UAC prompts when I'm installing stuff which is when I expect them. Outside of that I never see them but if I did I'd know something suss was going on because well it just doesn't happen. That aside I guess it's up to you but at the end of the day if you were to get infected with something it'd probably be using some UAC bypass exploit anyway
|
|
#
¿
Oct 4, 2019 20:10
|
|
|
olives black posted:Holy moly, I forgot what a clusterfuck Windows Firewall is. Is there a way to flush all of the default crap and make a configuration similar to this where inbound traffic is limited to established connections and whitelisted ports/IP addresses only? If you run Disable-NetFirewallRule with no parameters in PowerShell it will just disable all the rules in all three profiles (Public, Private and Domain). That aside I'd like to reiterate something I mentioned earlier: Pile Of Garbage posted:The default Windows Firewall profiles block almost all inbound protocols quite adequately. You'll be fine unless you're port-forwarding inbound to your PC on your router and/or your LAN is packed full of dodgy devices (If it's the latter then the best approach is to put your PC on a separate VLAN and permit/deny traffic on your router). Unless your PC is directly exposed to the internet I really don't think you'll get any real benefit by mucking around with Windows Firewall policies.
|
|
#
¿
Oct 5, 2019 16:20
|
|
|
If there is stuff that you must simply keep on the PC then remove the HDD, swap in a fresh one, reinstall Windows and then mount the old one to a Linux or something to pull files off. Also make sure you go through your mum's accounts and remove any app access (That poo poo where an app gets issued a token for perm access to the account). My grandma's FB account got compromised a while ago through one of those. Changing passwords and enabling MFA didn't do poo poo because the mechanism popping the account had access via the token.
|
|
#
¿
Jan 25, 2020 18:50
|
|
|
The important thing here being to not connect the potentially infected drive to the newly reinstalled system because then you'll potentially just undo everything. Attaching the drive to a Linux system is usually good as it's very unlikely that whatever is on it would be able to pop a Linux system.
|
|
#
¿
Jan 25, 2020 20:54
|
|
|
Carbon dioxide posted:Does the OP's section about antivirus products apply to ClamAV on Linux? Yes the OP applies to ClamAV because ClamAV is an antivirus product. I personally don't see any benefit to installing ClamAV on Linux systems beyond box-ticking asinine compliance reports.
|
|
#
¿
Feb 27, 2020 19:30
|
|
|
Is it only going to be used with Windows? If so then BitLocker is perfectly fine.
|
|
#
¿
Mar 22, 2020 09:14
|
|
|
uguu posted:Isn't bitlocker only for professional and enterprise on vista? I have home premium. I know there are lots of ways around the problem, but I'd like to keep the drive as is, frozen in time, if possible. Wait why are we talking about Vista? Assuming a mistype IIRC the TPM-backed version is only available on Pro or Enterprise but but the password-based "BitLocker To Go" is available on all versions.
|
|
#
¿
Mar 22, 2020 11:14
|
|
|
I'm certain if it's a boot volume you can't use BitLocker To Go. And if it's not on Win10 I think it uses some algo that's not backwards compatible. Maybe if you actually told us what you are trying to achieve then we can give good recommendations?
|
|
#
¿
Mar 22, 2020 19:28
|
|
|
tuyop posted:The upgrade to 10 pro is the proest recommendation, thanks. I didn't know you could do bitlocker without some kind of TPM so that's very helpful! For reference Microsoft call it BitLocker To Go. Quaint Quail Quilt posted:I've recently done encryption with pro and the only time I know it's on is if you reinstall windows or update the bios you have to type your 100 digit key in. That's regular BitLocker using TPM.
|
|
#
¿
Oct 8, 2020 16:44
|
|
|
Oysters Autobio posted:So I've been using Dashlane for almost a year now but am not too happy with the functionality (the autofill on it isn't really good so it rarely actually pops up to automatically prompt password changes or new accounts). I only really subscribed because they offered a VPN alongside the subscription so I thought why not. Also found out that the VPN they contract out to is apparently sketchy in terms of selling your log data. IMO you'd be better off looking for password manager and VPN services separately. They're solutions to two entirely different problems and as such there's a lot of outfits that do one or the other well but almost none that do both well. Also password monitoring isn't really super important if you're using a password manager properly because then you will have unique passwords for every service which mitigates the risk of a service being hacked. If you really want it then do as hooah recommended and sign-up for Have I Been Pwned notifications. This aside I don't really have any recommendations sorry. I run my own VPN with dedicated hardware and only use Password Safe on my home PC (Never really found the need to sync my creds).
|
|
#
¿
Feb 23, 2021 12:20
|
|
|
Midjack posted:Keyfile in a safe deposit box if you have one, or encrypted and given to your attorney or a friend or family member whom you would trust not to lose or try to crack it is an enhancement to this scheme, though depending on your circumstances you may not have any of those or wish to expend the resources to get them. I think it's worth repeating that whenever you go down the road of securing your things you should have a good think about what your threat model actually is. This includes evaluating yourself as a target. I'd be willing to bet that the large majority of people here on SA, myself included, are effectively nobodies with little in the way of valuable assets. If you fall into that category, and you probably do, then you're a low-value target and only need to worry about the same poo poo as everyone else: scams, malware and phishing. If you're in this category then leaving poo poo like encryption keys or MFA recovery codes in a safe deposit box or with an attorney offers no more protection than leaving them on a piece of paper or a HDD at home. Further to considering yourself as a target you need to consider what possible threats you might face because there are many that you as an individual can't do poo poo to mitigate. An oft used example is if Mossad wanted your AES 512-bit encrypted data. In that case they'd simply kidnap and torture you to get the key! That of course isn't a threat any of us would face but it goes to show how many security measures kind of fall apart if you're just an individual without corporate/government backing. To summarise, just go with what is sensible and easy. Unless you're Alexei Navalny enabling MFA on everything, using unique passwords for every single service, using a password manager, running ad-block, installing software/OS updates on your phone+PC and not clicking links in e-mails will protect you from 99% of potential threats. Anything more is probably unnecessary.
|
|
#
¿
Mar 5, 2021 13:46
|
|
|
That's a good point, I am a massive dingus!
|
|
#
¿
Mar 5, 2021 16:05
|
|
|
Wait a minute this is all dumb. If the risk is "a fire obliterates your house and all your belongings" then your lock-box key is probably toast as well. Just get a fire-proof safe or put your key on some cloud service that's separated from your other stuff.Khablam posted:The best way to have a keyfile is obfuscation. Don't have "my keyfile.keyx" and decide you have to hide it, just use some commonly available file, but I repeat myself. So you're advocating for security through obscurity? You do know forensic file system tools exist right? They can look through a whole bunch of files and immediately ID anything that's out of place (NTFS Alternate Data Streams, weird EXIF data, file data structure not matching header, other sneaky poo poo I don't know about plus most of the common steganography techniques). If you really wanted to hide the file in such a fashion you'd have to be real fuckin sneaky about it, so much so that you'd end up having to record where and how you've hidden it because there's no guarantee that you'll remember whatever arcane process you used.
|
|
#
¿
Mar 5, 2021 18:51
|
|
|
Cup Runneth Over posted:Huh??? Under what circumstances? Either you're home at the time and A) die in the fire, or B) evacuate with basic belongings like your keys and wallet and stuff, or you're not at home and you have your keys and wallet and stuff with you. In both cases you're either dead or have your keys, and why wouldn't your lockbox key be among them? Complete destruction of all the poo poo was the premise Midjack posted up-thread: Midjack posted:
I agree it's probably unlikely but disaster planning is about assessing likelihood, impact and mitigation together. Khablam posted:A keyfile is just a second-factor that stops someone accessing your vault if they can a) get a copy and b)get your password. Nothing about using a holiday snap of a pier makes it any less secure. If they can ID and lift your keyfile, it also doesn't matter what it is. Correct me if I'm wrong but are you suggesting that the keyfile be stored adjacent to the vault? If that's the case then you're effectively nullifying any benefits that a keyfile would provide. The whole point of a second-factor is that an attacker doesn't have it. B-Nasty posted:On Windows machines, a better approach is to lock down the key file, not obfuscate it. A few issues here:
IMO a better approach is to store your key file on a separate volume encrypted with BitLocker (Passphrase AKA BitLocker To Go, not TPM) and to enable Ransomware Protection to control access to the volume/folder containing the key file (Assuming you're running Win10 which you should be). Furthermore you should ensure that KeePass is configured correctly, specifically the automatic lock and clipboard clearing options. Edit: should probably add that the Ransomware Protection/Controlled Folder Access feature in Win10 isn't infallible so as always make sure to keep your system up-to-date. Edit 2: if you're using Ransomware Protection/Controlled Folder Access and enable access to a location for say cmd.exe or powershell.exe you are basically screwing yourself. It's easy to shoot yourself in the foot so you gotta be careful. Pile Of Garbage fucked around with this message at 20:27 on Mar 5, 2021 |
|
#
¿
Mar 5, 2021 20:23
|
|
|
|
| # ¿ May 3, 2024 13:26 |
|
|
B-Nasty posted:That's true, but kind of ridiculous. If malware can use an exploit to elevate or inject into a trusted process (these are rare), or you elevate it by UAC-clickthrough, you're hosed. Controlled folder access won't protect you at that point either. Just tested it and it does block access by elevated processes to protected locations. Of course if you can elevate privilege you can modify the allow list. Also it only blocks writes and not reads so kinda pointless in retrospect (I'm constantly wrong lmao). B-Nasty posted:A risk, for sure, but consider that you're also trusting all your passwords to that application. At least with a local app like KeePass, you can choose to not install updates. With auto-updated browser extensions or online password services, you could be hit with this attack at any time. Just to note I never advocated using any browser extensions or cloud password managers, rather just using a cloud storage service to store the key file, ideally one that isn't linked to any of your other accounts, the idea being to not store the keyfile adjacent to the vault itself because if you do that then the keyfile is no better than a password.
|
|
#
¿
Mar 5, 2021 22:06
|
|