User Tag List

123 Last

Results 1 to 10 of 38

  1. #1
    Administrator highlander's Avatar
    Join Date
    Dec 2009
    MBTI
    INTJ
    Enneagram
    6w5 sx/sp
    Socionics
    ILI Ni
    Posts
    17,283

    Default The Security Thread

    This thread is for posting interesting stuff on computer security. I'll start with a basic article on online safety.

    Krebs’s 3 Basic Rules for Online Safety — Krebs on Security

    Please provide feedback on my Nohari and Johari Window by clicking here: Nohari/Johari

    Tri-type 639
    Likes Floki, GarrotTheThief liked this post

  2. #2
    Emperor/Dictator kyuuei's Avatar
    Join Date
    Aug 2008
    MBTI
    enfp
    Enneagram
    8
    Posts
    13,848

    Default

    Interesting things I learned from a friend of mine who works as a legal hacker about passwords:

    Making them something you can remember is useful. The XKCD guy's comic on it was sort of on point, but the reality is sites limit you on your ability to use spaces, upper/lower cases, and on top of that the comic itself's password it invented is so commonly used now that it's in password hacking databases everywhere. So, come up with your own sentence that works in most parameters.. Like using !'s for spaces or something for the sentence.
    Start with numbers. Most people don't, and starting with numbers can help thwart the stereotypical format for most password hacking codes.
    If you have trouble remembering different passwords for different sites and use the same passwords for everything.. Use a stem sentence and change it up for different sites. for example (this is not a password, recommended password, nor what I use): 1eLOVE!amazon .. 1eLOVE!gmail&google ... 1eLOVE!pinterest . etc.. Now, just change some of the vowels into numbers so that you always remember "if it has an a in it, I use a 4 instead.. if it has an i in it, I use a 9" 1eLOVE!4m4zon .. 1eLOVE!gm49l&google .. Or, you can change the name to one you always use. For example, I call google "the oracle" so I could write 1eLOVE!theor4cle .. Stuff like that will create something you can remember (a strong stem sentence) + different components to make the passwords different but easier to remember.
    Change your passwords. I'm always SUPER bad about this because I can't remember what sites I use, if I've used them before, changed them before, and the stupid "I'll remember your password for you!!" things never work for me and end up confusing me and cluttering my system. Instead, I just use a wordpad list and change the main ones I remember, write them down, and when I encounter the lesser used ones I change it over to the new password set up and write it down.. so I know if I'm using the old sentence, or the new sentence. Changing it doesn't have to be difficult... instead of "1eLOVE!" I can write "365DAYSilike"
    Longer passwords, in general, are far far better than shorter ones. If there's a maximum password set, simply type as much of your 'sentence' as it will allow and make that the password. That way you don't have to remember changing it up into a whole new sentence.
    And if you think 12, 12qw, 1q2w, 12qw!@QW, 1q!Q, 1q2w!Q@W aren't in every password hacking database ever you're wrong. Think of numbers that mean something to you but are out of the ordinary for the flow of typing.
    Kantgirl: Just say "I'm feminine and I'll punch anyone who says otherwise!"
    Halla74: Think your way through the world. Feel your way through life.

    Cimarron: maybe Prpl will be your girl-bud
    prplchknz: i don't like it

    In Search Of... ... Kiwi Sketch Art ... Dream Journal ... Kyuuei's Cook book ... Kyu's Tiny House Blog ... Minimalist Challenge ... Kyu's Savings Challenge
    Likes chubber liked this post

  3. #3
    Administrator highlander's Avatar
    Join Date
    Dec 2009
    MBTI
    INTJ
    Enneagram
    6w5 sx/sp
    Socionics
    ILI Ni
    Posts
    17,283

    Default

    Quote Originally Posted by kyuuei View Post
    Interesting things I learned from a friend of mine who works as a legal hacker about passwords:

    Making them something you can remember is useful. The XKCD guy's comic on it was sort of on point, but the reality is sites limit you on your ability to use spaces, upper/lower cases, and on top of that the comic itself's password it invented is so commonly used now that it's in password hacking databases everywhere. So, come up with your own sentence that works in most parameters.. Like using !'s for spaces or something for the sentence.
    Start with numbers. Most people don't, and starting with numbers can help thwart the stereotypical format for most password hacking codes.
    If you have trouble remembering different passwords for different sites and use the same passwords for everything.. Use a stem sentence and change it up for different sites. for example (this is not a password, recommended password, nor what I use): 1eLOVE!amazon .. 1eLOVE!gmail&google ... 1eLOVE!pinterest . etc.. Now, just change some of the vowels into numbers so that you always remember "if it has an a in it, I use a 4 instead.. if it has an i in it, I use a 9" 1eLOVE!4m4zon .. 1eLOVE!gm49l&google .. Or, you can change the name to one you always use. For example, I call google "the oracle" so I could write 1eLOVE!theor4cle .. Stuff like that will create something you can remember (a strong stem sentence) + different components to make the passwords different but easier to remember.
    Change your passwords. I'm always SUPER bad about this because I can't remember what sites I use, if I've used them before, changed them before, and the stupid "I'll remember your password for you!!" things never work for me and end up confusing me and cluttering my system. Instead, I just use a wordpad list and change the main ones I remember, write them down, and when I encounter the lesser used ones I change it over to the new password set up and write it down.. so I know if I'm using the old sentence, or the new sentence. Changing it doesn't have to be difficult... instead of "1eLOVE!" I can write "365DAYSilike"
    Longer passwords, in general, are far far better than shorter ones. If there's a maximum password set, simply type as much of your 'sentence' as it will allow and make that the password. That way you don't have to remember changing it up into a whole new sentence.
    And if you think 12, 12qw, 1q2w, 12qw!@QW, 1q!Q, 1q2w!Q@W aren't in every password hacking database ever you're wrong. Think of numbers that mean something to you but are out of the ordinary for the flow of typing.
    One of the problems is that we use the same password to access multiple sites. Your password is only as secure as the least secure site you have used it on because password databases are regularly exfiltrated and hacked by the bad guys. That's why changing passwords on a regular basis is a good idea. A better option is to use a password manager. They come with a password generator that allows you to create a random password for every site you visit.

    On an unrelated note, this is a pretty good article on how Kaspersky Labs was compromised.

    Please provide feedback on my Nohari and Johari Window by clicking here: Nohari/Johari

    Tri-type 639
    Likes Xann liked this post

  4. #4
    Administrator highlander's Avatar
    Join Date
    Dec 2009
    MBTI
    INTJ
    Enneagram
    6w5 sx/sp
    Socionics
    ILI Ni
    Posts
    17,283

    Default

    I guess the automatic thread bumping feature works

    Please provide feedback on my Nohari and Johari Window by clicking here: Nohari/Johari

    Tri-type 639

  5. #5
    mercenary SiegfriedSchtauffen's Avatar
    Join Date
    May 2015
    MBTI
    ISTP
    Enneagram
    7w8 sx/sp
    Socionics
    SLI Te
    Posts
    187

    Default

    On sites where I keep no sensitive data I use one of my "good old", "manual" passwords. When it comes to sensitive stuff like bank accounts, work related accounts then I use keepassx with a 20+ letter sentence as the master password.

    Another not so often used technique: I use separate machines for serious things (work, business), and for not so serious things (forums, reading, watching films). For home entertainment you usually want to install much more suspicious stuff than for serious things. I use an old windows (XP) laptop for "home entertainment" and I have a super-strong macbook pro that I use for work and business and I further separate even these things by using virtualization on the mac.
    Health, Freedom, Fun.

    "The only true power comes from within."
    "Honesty is a very expensive gift, Don't expect it from cheap people." - Warren Buffett
    "The truth will set you free - but first it will make you miserable." - James A. Garfield
    "It is far better for a man to go wrong in freedom than to go right in chains." - Thomas Henry Huxley
    "Failure is success if we learn from it." - Malcolm Forbes
    "Everything you want is on the other side of fear." - Jack Canfield

  6. #6
    Administrator highlander's Avatar
    Join Date
    Dec 2009
    MBTI
    INTJ
    Enneagram
    6w5 sx/sp
    Socionics
    ILI Ni
    Posts
    17,283

    Default

    This is one of the best blogs out there

    Krebs on Security

    Please provide feedback on my Nohari and Johari Window by clicking here: Nohari/Johari

    Tri-type 639

  7. #7
    Administrator highlander's Avatar
    Join Date
    Dec 2009
    MBTI
    INTJ
    Enneagram
    6w5 sx/sp
    Socionics
    ILI Ni
    Posts
    17,283

    Default

    Value of our PC being hacked.


    Please provide feedback on my Nohari and Johari Window by clicking here: Nohari/Johari

    Tri-type 639

  8. #8
    Analytical Dreamer Coriolis's Avatar
    Join Date
    Apr 2010
    MBTI
    INTJ
    Enneagram
    5w6 sp/sx
    Posts
    16,991

    Default

    I have a question. How secure is google drive? I recently learned that some of the local school districts use google docs and google drive, having the students (as young as elementary age) do work in google docs and then post it in their google drive. There is nothing sensitive here in the manner of financial information or industrial secrets. I'm sure, though, that none of these students would want their awful 8th grade essay, or journal account of some personal experience, trotted out later when they are 26 and looking for a job - or a date. The parents are not asked to approve storage of their students' work in the cloud, and sadly the teachers I have spoken with seem to have no understanding at all of what the cloud even is. They had no idea the student work was stored outside the school building, much less outside the school district.

    Am I being paranoid, or is there a legitimate concern here?
    I've been called a criminal, a terrorist, and a threat to the known universe. But everything you were told is a lie. The truth is, they've taken our freedom, our home, and our future. The time has come for all humanity to take a stand...

  9. #9
    Administrator highlander's Avatar
    Join Date
    Dec 2009
    MBTI
    INTJ
    Enneagram
    6w5 sx/sp
    Socionics
    ILI Ni
    Posts
    17,283

    Default

    Quote Originally Posted by Coriolis View Post
    I have a question. How secure is google drive? I recently learned that some of the local school districts use google docs and google drive, having the students (as young as elementary age) do work in google docs and then post it in their google drive. There is nothing sensitive here in the manner of financial information or industrial secrets. I'm sure, though, that none of these students would want their awful 8th grade essay, or journal account of some personal experience, trotted out later when they are 26 and looking for a job - or a date. The parents are not asked to approve storage of their students' work in the cloud, and sadly the teachers I have spoken with seem to have no understanding at all of what the cloud even is. They had no idea the student work was stored outside the school building, much less outside the school district.

    Am I being paranoid, or is there a legitimate concern here?
    I would look at Google's terms and ownership of the content that is placed out there.

    Please provide feedback on my Nohari and Johari Window by clicking here: Nohari/Johari

    Tri-type 639

  10. #10
    Analytical Dreamer Coriolis's Avatar
    Join Date
    Apr 2010
    MBTI
    INTJ
    Enneagram
    5w6 sp/sx
    Posts
    16,991

    Default

    Quote Originally Posted by highlander View Post
    I would look at Google's terms and ownership of the content that is placed out there.
    I'll take a look, but I wouldn't trust Google (or any cloud provider) to live by them. Once something is out of your hands, especially online, it's out of your hands.

    The only material I (knowingly) place in the cloud is photos and accounts of public events, for a volunteer group I work with.
    I've been called a criminal, a terrorist, and a threat to the known universe. But everything you were told is a lie. The truth is, they've taken our freedom, our home, and our future. The time has come for all humanity to take a stand...

Similar Threads

  1. [MBTItm] The haiku thread...
    By anii in forum The NF Idyllic (ENFP, INFP, ENFJ, INFJ)
    Replies: 33
    Last Post: 01-22-2017, 11:03 PM
  2. The Beer Thread
    By Noel in forum The Bonfire
    Replies: 309
    Last Post: 02-03-2010, 12:07 PM
  3. The GHOST thread
    By swordpath in forum The Bonfire
    Replies: 14
    Last Post: 03-14-2008, 08:47 AM
  4. The Hundredth Thread
    By Rajah in forum The Bonfire
    Replies: 3
    Last Post: 04-24-2007, 12:22 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
Single Sign On provided by vBSSO