My mother told me, when I was very young, 

"Don't ever write anything to a girl that you wouldn't want other people to read." 


With technology: 

Just assume that no matter how good you are, if someone is interested in seeing what you're doing, they're better than you are. 

Even if they are not - it is good humility to have. 

Somewhat related.

Last night i signed up with a medical testing place so i could schedule online/get results/etc.

As i did "we want to ask you some questions to verify its you"  They had one of my places of employment back in 1991 ( that is no longer even in business )... and one of the cars i own make/model/year.. ( a very uncommon car )

wtf.. not exactly secret data, but still ..wtf

I have gotten those questions as well, scary.

What scares me is when none of the answers were correct.  

I had forgot about those people.  invasive SoBs

Tue Feb 23 2021 21:44:00 EST from LoanShark

My mom was talking about this stuff to me a month ago. It sounds like you're talking about LexisNexis' verification system.

She had to get through this process, and it was asking her about me, and it was blocking her. It would ask her things like whether I've ever been associated with her most current address, or, I don't know. So she started giving it the wrong-but-plausible answers just to get through the process, and now I wonder if it will take those as correct, and now *I* have to give the wrong-but-plausible answers next time I go through this shit (and I just had to go through it a few days ago to sign up for WeillCornell's patient portal.)

For fuck's sake.

Not sure if this is the right place... but a friend died, leaving basically everything important stuck in a computer that's password protected, firewalled, and other layers of security.  

His kids need access to his financial information (and other stuff, but mainly that). 

Anyone here able to do that kind of thing? (The computer is in NY) 

Yeah... encryption and security has gotten very good on consumer grade devices. Intel had boxes full of password encrypted hard drives in 2003, pulled from ThinkPads. 

Mon Mar 01 2021 06:21:50 EST from darknetuser

2021-03-01 05:24 from triLcat
Not sure if this is the right place... but a friend died, leaving
basically everything important stuck in a computer that's password

protected, firewalled, and other layers of security.  

His kids need access to his financial information (and other stuff,

but mainly that). 

 

Anyone here able to do that kind of thing? (The computer is in NY) 

Do you have phisical access to the computer?

I have cracked some computers that used **heavy** full disk encryption, but only because the guy who had forgotten the password remembered most of it. The typical situation in which the guy says "I know the password started by "paypalsucks", and then it had a number, or maybe three, and ended with a special character which I don't remember.

If you have access to the computer directly, is it full disk encrypted? Which operating system (and version) does it run?

I set up i2p on my Pi400 - and it scares me, because I don't know that I'm doing it right, and it doesn't really hold your hand through holding it right - so it is kind of a novelty. I'm getting to sites that I can't get to normally, through regular methods - but I don't know that I'm leaking traceable information. 

And that seems to be the problem with these solutions - they need a reliable sanity check that says, "The Ayatollah or President Xi is not going to see you posting this because you're not making a stupid mistake that is easy for a noob to make, citizen of an oppressive regime." 

Which seems to be growing more important here in the US, too. Some Facebook loony stalked me OFF of Facebook. I had his personal address in Yuba city and everything else his metadata was leaking within 20 minutes of him starting to harass me - but still. I'll post more details later - it is an interesting story. 

Wed Mar 03 2021 09:27:26 EST from darknetuser

I think if I used tor I would probably set up a proxy config in my

regular browser to send all ".onion" requests to the correct proxy

instead of needing to use another browser. Same with .i2p, I guess.

And that's probably the wrong way to do it from an ultra-privacy point

of view.

Yes, that setup is very broken.

First if you visit an i2p site which has some resource loaded over cearnet, your computer will fect both the i2p and the clearnet components of the page at once.... the i2p part over i2p, and the clearnet part over clearnet. Which is very very bad.

Also, when you use the same browser for both things it is hard to forget which configuration you are using at a given time. This is, there is no clear indication when you are fetching results in the clear or not, so if you are tired it is easy to mess up.

VM and block all ports other than TOR or freenet or I2P.  

Wed Mar 10 2021 14:33:16 EST from darknetuser

If you want to interact with regular clearnet services, the following solutions take a "secure by default" aproach:

Backdoored password manager stole data from as many as 29K enterprises

https://arstechnica.com/gadgets/2021/04/hackers-backdoor-corporate-password-manager-and-steal-customer-data/

Doesn't this point out the flaw with cloud based - always latest update - software? 

I think there are so many things being updated so frequently that the odds of this happening outweigh the majority of "security updates" that roll out rapidly. 

Sat Apr 24 2021 20:24:17 EDT from zooer

Backdoored password manager stole data from as many as 29K enterprises

https://arstechnica.com/gadgets/2021/04/hackers-backdoor-corporate-password-manager-and-steal-customer-data/

It depends on the vendor

In my case with the app i support, we only get 1 upgrade a year for free.  So, they wont be doing it without our our knowledge.  And any hot fix for issues we run across that we cant wait on, gets applied to our test system first, for us to sign off on before its scheduled to be put in prod.

Now, stuff like O365, ya, its a constantly moving target.

Mon Apr 26 2021 11:48:20 PM EDT from ParanoidDelusions

Doesn't this point out the flaw with cloud based - always latest update - software? 

I think there are so many things being updated so frequently that the odds of this happening outweigh the majority of "security updates" that roll out rapidly. 

 

Office 365, Adobe Creative Cloud - OS X, Windows *and* Linux - these are ALWAYS throwing down new security updates. My Synology is always throwing down new updates - and most people have enough systems doing this that they can't regression check them all before applying them - and the industry spits out this narrative that you HAVE to do it - or your system *is* a target. 

I don't know. I just think the conventional wisdom on aggressive, constant updates is a flawed approach. 

Tue Apr 27 2021 14:53:30 EDT from Nurb432

It depends on the vendor

In my case with the app i support, we only get 1 upgrade a year for free.  So, they wont be doing it without our our knowledge.  And any hot fix for issues we run across that we cant wait on, gets applied to our test system first, for us to sign off on before its scheduled to be put in prod.

 

Now, stuff like O365, ya, its a constantly moving target.

Mon Apr 26 2021 11:48:20 PM EDT from ParanoidDelusions

Doesn't this point out the flaw with cloud based - always latest update - software? 

I think there are so many things being updated so frequently that the odds of this happening outweigh the majority of "security updates" that roll out rapidly. 

 

Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs