|
This thread is neat and I've enjoyed reading it. It's also gotten me to tighten up some stuff. I have a few questions; OpenDNS seems to be widely recommended, but I've been using something called Simple DNSCrypt. Have you ever heard of it and is it worth using over OpenDNS? It encrypts your DNS traffic, which seems like it would help prevent MITM attacks, and hasn't had any noticeable downsides for me other than occasionally changing the server when things stop loading. It also amuses me that all this time I've been feeling slightly nervous not having anything more than Malwarebytes to protect my computer I've actually been more secure not having an AV and simply browsing smart.
|
#
¿
Sep 2, 2016 11:17
|
|
|
|
| # ¿ May 3, 2024 05:33 |
|
|
apseudonym posted:Unless your subsequent connections are over TLS DNS being secure doesn't really do anything. If they are over TLS then the security of DNS doesn't really matter short of a DoS. I use HTTPS Everywhere, if that's any help.
|
|
#
¿
Sep 2, 2016 16:55
|
|
|
Non Serviam posted:When I had a Mac, I used an app called "little snitch," and which allowed me to monitor and/or kill any outbound connection. So far my search for a windows alternative has been fruitless. The understanding I have from posts in this and other threads is that it's not useful because malware will be injecting into processes that normally have network activity, allowing them to fly under the radar disguised as those legit services.
|
|
#
¿
Sep 3, 2016 01:40
|
|
|
Looks like I'll be dealing with my own momputer situation. She only uses Apple products, but when visiting her this year I found out that she's been sending spam emails to all her contacts for the past six months or so. She only knows because one of her friends told her and she's been getting Undelivered Mail notifications because it's trying to send them to noreply emails. The websites linked in the spam are registered to some Indian guy named Harish Coorg through GoDaddy. I'm guessing she's been rolled into some kind of botnet, and she said she's been changing her password so I assume her iPad is infected with malware. I'm not sure what to do other than proverbially raze it to the ground, and reset the iPad to factory default, maybe along with the rest of her devices (because I don't know for certain it's her iPad that's infected and not, say, her phone). She's amenable to the idea of a password manager, so I'm thinking I'll set her up with 1Password with a good master password and make sure it's configured to protect her; password reuse may also be a source of her woes. Apple devices are encrypted by default, I think, so no problems there. Any other advice you guys may have? I know OSI mentioned recommending people with poor computer security get iPads so I'd like to hear his thoughts on dealing with a potentially compromised iPad; I just don't see any other way they could be spamming from her email through password resets.
|
|
#
¿
Sep 4, 2016 06:39
|
|
|
I imagine it's probably a lovely app because the spammer has access to her contacts. The undelivered mail is Cc'ed to several people on her contacts list. I don't see anything with access to her contacts list in her iPad besides Endomondo which seems to be a Fitbit app and probably safe (I revoked it just to be sure.) e: Here's the header of the undelivered mail. code:Cup Runneth Over fucked around with this message at 18:57 on Sep 4, 2016 |
|
#
¿
Sep 4, 2016 18:09
|
|
|
Aye, I realize that now. So what should I do?
|
|
#
¿
Sep 4, 2016 21:29
|
|
|
OSI bean dip posted:An iPad is unlikely to get compromised unless it's EOL'd by Apple with no patch against an exploit, a state actor is after your mother, or you have managed to jailbreak it. It's not jailbroken, but I have no idea why she'd be targeted for email spoofing.
|
|
#
¿
Sep 5, 2016 19:35
|
|
|
Saukkis posted:Because she has an email address and it was included in some "Million Addresses for JUST $49.99!" megadeal. Along with her contacts list?
|
|
#
¿
Sep 5, 2016 20:13
|
|
|
Righto, thanks lads.
|
|
#
¿
Sep 5, 2016 23:04
|
|
|
To spin this into a somewhat interesting topic, why do you think email encryption has not caught on like SSL encryption has lately?
|
|
#
¿
Sep 6, 2016 19:05
|
|
|
cheese-cube posted:They're really two different things entirely. How do games in HTML5 work then?
|
|
#
¿
Oct 19, 2016 03:29
|
|
|
Isn't Javascript also notoriously insecure?
|
|
#
¿
Oct 19, 2016 06:32
|
|
|
Jabor posted:What gave you this impression? Like a decade of hearing it slagged by people who hate Java.
|
|
#
¿
Oct 19, 2016 06:36
|
|
|
Shroom King posted:I have Webroot SecureAnywhere as my AV but this thread encouraged me to download Microsoft Security Essentials. So far, they play nice together. I guess 2 AV programs are better than one? That's not actually totally secure from phishing.
|
|
#
¿
Jan 28, 2017 18:46
|
|
|
apseudonym posted:Stop using ask It's the only search engine that understands me!
|
|
#
¿
Jan 28, 2017 23:40
|
|
|
Wiggly Wayne DDS posted:stick to configuring your own vpn on a home server or vps rather than touching the poo poo paid ones Isn't this similar to rolling your own crypto?
|
|
#
¿
Feb 3, 2017 10:41
|
|
|
What the absolute gently caress, Adobe? I can't save documents in Adobe Acrobat Reader DC without triggering EMET's Caller mitigation and crashing the program. How do you gently caress that up??
|
|
#
¿
Mar 7, 2017 03:40
|
|
|
EMET isn't an AV.
|
|
#
¿
Mar 7, 2017 11:00
|
|
|
Getting a weird problem on Chrome where trying to open any non-HTTPS webpage instead loads a blank white page with "Url not found." I'm not using any proxies, hosts file is fine, changing from OpenDNS to Google DNS didn't help, basically all the stuff I could think of. It'd be less of a problem if HTTPSEverywhere actually made an effort to try to open a page in HTTPS first. Any ideas?
|
|
#
¿
Mar 17, 2017 16:45
|
|
|
Sorry, should have mentioned I already did that and only use incognito mode anyway.
|
|
#
¿
Mar 17, 2017 17:28
|
|
|
Tested it on different browsers and had the same problem, then tried connecting to my phone as a hotspot. That fixed it, so it looks like it's a problem with my router. Resetting it didn't fix it, so I'll look into it on my own. Thanks fellas, I was overthinking it.Khablam posted:Some comically bad ISPs will just block port 80. Are there any other kind?
|
|
#
¿
Mar 17, 2017 17:44
|
|
|
Superfetch is one of those annoying RAM-hogging Windows 10 features. It "pre-loads" programs you commonly use so they load faster. Basically it means those programs are running all the time in the background, sorta. You don't want to become the administrator. You can run things as admin, but the idea behind being a normal user is that it's harder for viruses to escalate to the permissions they need to gently caress up your computer. Being "Top Admin" means that your account, if compromised, can bypass all safeguards against malicious activity. That's why the UAC prompt, while annoying, was invented, and you shouldn't disable it. Win10 should contain an option to "refresh" your computer without deleting your files. If you think it's time for a cleanup, why not try that?
|
|
#
¿
Nov 15, 2017 08:32
|
|
|
I was just going by the description of Superfetch on Microsoft's website. That also contains instructions on disabling it if you want.
|
|
#
¿
Nov 15, 2017 14:15
|
|
|
No. Facebook/Google login APIs are token-based, your password is never involved except when you log in on Facebook or Google's website. It's theoretically possible that they could access whatever information the service can request from Facebook or Google, but I'd consider it unlikely. At worst, just disconnect the service from your account.
|
|
#
¿
Mar 30, 2018 04:53
|
|
|
|
|
#
¿
Mar 30, 2018 23:27
|
|
|
Personally my perceived threat is cyberstalkers and Internet detectives. I don't really care about nation-states or even hackers all that much, I just don't want to be tracked down and doxxed by neckbearded creeps with their Googlefu.
|
|
#
¿
Aug 22, 2018 22:46
|
|
|
Downs Duck posted:That's the thing, I don't know what people would be after or how they would attack me, so I'd like to be as safe as I can reasonably be, with as little information about myself on the net as possible. This is why people are calling you paranoid. "I don't know who might be after me or how, but I just want to keep myself safe!" is a very paranoid thing to say. If you, like me, are trying to protect yourself from internet detectives, here's some things you can do: 1. Don't use the same name across communities/websites. Adopt a wide variety of pseudonyms. Online handles are the first things creeps will use to try and track you down and link your Internet presence together. It's also good to use common words for pseudonyms as they are very difficult to Google. "Downs Duck" is a good one because it seems to be masked by a comic of some sorts. "Cup Runneth Over" is just going to return a bunch of Bible quotes. 2. Use different emails. Emails are the second thing that e-detectives will search for to try and link your accounts. I use MailNull to generate an infinite number of emails for everything I sign up for (insofar as I can be bothered), which redirect to my real e-mail address (and a few aliases) that I avoid giving out as much as possible. This is important because they can't be masked by being "common" -- they can always be directly searched. Usually websites are decent about protecting them from being indexed, but not always. 3. Scrub social media. Don't use Facebook, Twitter, Tumblr, Instagram, etc. as these are hotspots of personal info that, if found, can easily be used to doxx you. If you do use them, use them under pseudonyms and avoid mentioning any personal information. 4. Don't mention personal information anywhere it can be publicly accessed. It's OK to talk about your life in direct messages, for instance, because then only the person you're talking to knows you, and you presumably trust them. What you're trying to avoid is having that info permanently catalogued somewhere that someone can access from a search engine. Even public Discord servers and stuff just require someone to join them and start searching keywords for you. 5. Get a password manager, like 1Password. This is just good security practice in general as it allows you to have a variety of different, high-strength passwords for every service, which means if you ARE hacked on one account they can't use your credentials to log into another. I personally still memorize passwords for stuff like my bank account or my e-mail since those are big points of failure I wouldn't want vulnerable if my password manager somehow got exploited into dumping my password. None of this requires you to adopt 2FA (though you should) or turn into a hermit or whatever. You just need to know what your threat model is rather than just living in fear. Oh, and remember: None of this will keep you safe forever. You're only human, and you will make mistakes, and you probably already have a lot of info out there that can't be erased because it lives forever on the Internet. If someone is determined enough, they'll probably find you. Don't let it keep you up at night, because there's only so much you can do. Just do the best you can and relax. Cup Runneth Over fucked around with this message at 23:39 on Aug 22, 2018 |
|
#
¿
Aug 22, 2018 23:35
|
|
|
Downs Duck posted:Take a break, seriously. Then read the posts again. I don't think I am alone in believing you are wrong here. Holy crap dude, there's no way you're this dense. I can understand "how did this get here I am not good with computer" tier infosec knowledge when you're not in or peripheral to the industry, but this is something else. Also I use a jailbroken phone because it's the only way to remap the Bixby button. gently caress Samsung.
|
|
#
¿
Aug 24, 2018 08:46
|
|
|
They aren't as good as bxActions.
|
|
#
¿
Aug 24, 2018 12:24
|
|
|
Khablam posted:bxactions doesn't require root, it runs using the accessibility workarounds. You can use ADB to further expand the options but you do not need to root. I've got this one: https://play.google.com/store/apps/details?id=com.jamworks.bxactions&hl=en_US I'm pretty sure that's why I installed root. It's been a while.
|
|
#
¿
Aug 25, 2018 03:51
|
|
|
Got infected by some malware recently, probably from a torrent. It went by SoundMixer.exe and the only reason I found out I had it was because it (presumably accidentally) disabled the Command Prompt. Surprisingly easy to clean out; just deleted it from AppData, cleaned out the few registry entries it made, and force-killed the "Sound Mixing Utility" processes it started, and everything was back to normal. Anyway, if cmd.exe suddenly stops working for you, that's probably why.
|
|
#
¿
Aug 31, 2018 09:14
|
|
|
Carbon dioxide posted:Malwares can leave secondary payloads. Make sure to do a very thorough scan of your computer for other malware, and keep at it because if there's something else it might stay dormant for a long time until something (like a timer or whatever) triggers it. Good advice. Just found out it disabled Windows Defender via group policy (short registry fix there), so  might be the best option (my only option!). Any advice on whether Fresh Start is better than a full flatten?
|
|
#
¿
Sep 1, 2018 06:42
|
|
|
I looked up Refresh my PC and it apparently has a "Reset my PC" counterpart which is identical to if you choose to delete all your files. So I did that with a full drive format and then restored my files from my backups with File History. Pretty painless.
|
|
#
¿
Sep 10, 2018 23:07
|
|
|
If you use that password for any other account, then why do you do that? Get a password manager and change all your passwords to something unique and secure. If not, then yes that is bad, but at least it won't affect you much.
|
|
#
¿
Feb 14, 2019 15:47
|
|
|
Sadly if someone wants to harvest your name and address they probably won't need to go to an AMD rewards site to get it  But yes don't give them your payment information.
|
|
#
¿
Feb 14, 2019 16:00
|
|
|
Nettle Soup posted:It's a sketchy image-host. Somebody in the funny pictures thread or somewhere was using it a while back and got mocked for it. So, in layman's terms, you were probably just requesting the image from the site.
|
|
#
¿
Mar 5, 2019 15:21
|
|
|
I suppose ads failing to load is a more elegant way of blocking them than removing the web elements, and it can't be detected like an adblocker can.
|
|
#
¿
Mar 6, 2019 20:54
|
|
|
But what separates it from a partial server outage or a bad connection?
|
|
#
¿
Mar 6, 2019 21:08
|
|
|
That seems like it would be really difficult to code around. I'm talking about the pages that pop up if you use an adblocker -- turn your blocker off to proceed, we can't run the site without ads, blah blah. If YouTube can't load a video ad, for instance, it just won't run it, no? I doubt any programmer would design it to do anything else. Whereas it seems to be fairly easy to detect if you have an adblocker and serve you alternate content if that's the case.
|
|
#
¿
Mar 6, 2019 21:21
|
|
|
|
| # ¿ May 3, 2024 05:33 |
|
|
So... blackhole the alternate content too, then? What I'm saying is that you cannot create a website that doesn't work properly if its ads don't load and not adversely affect random users who have nothing to do with the demographic you're trying to target. You can absolutely do that with adblockers because you can positively identify them as having one. You can only negatively identify a user as having loaded your ads.
|
|
#
¿
Mar 6, 2019 21:49
|
|