Language:
switch to room list switch to menu My folders
Go to page: First ... 4 5 6 7 [8] 9 10 11 12
[#] Mon Feb 22 2021 12:08:46 EST from ParanoidDelusions

[Reply] [ReplyQuoted] [Headers] [Print]

My mother told me, when I was very young, 

"Don't ever write anything to a girl that you wouldn't want other people to read." 


With technology: 

Just assume that no matter how good you are, if someone is interested in seeing what you're doing, they're better than you are. 

Even if they are not - it is good humility to have. 

 



[#] Tue Feb 23 2021 17:33:42 EST from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

Somewhat related.

 

Last night i signed up with a medical testing place so i could schedule online/get results/etc.

As i did "we want to ask you some questions to verify its you"  They had one of my places of employment back in 1991 ( that is no longer even in business )... and one of the cars i own make/model/year.. ( a very uncommon car )

wtf.. not exactly secret data, but still ..wtf



[#] Tue Feb 23 2021 21:44:00 EST from LoanShark

[Reply] [ReplyQuoted] [Headers] [Print]

2021-02-23 17:33 from Nurb432
Somewhat related.

 

Last night i signed up with a medical testing place so i could
schedule online/get results/etc.

As i did "we want to ask you some questions to verify its you"  They
had one of my places of employment back in 1991 ( that is no longer
even in business )... and one of the cars i own make/model/year.. ( a
very uncommon car )

wtf.. not exactly secret data, but still ..wtf


My mom was talking about this stuff to me a month ago. It sounds like you're talking about LexisNexis' verification system.

She had to get through this process, and it was asking her about me, and it was blocking her. It would ask her things like whether I've ever been associated with her most current address, or, I don't know. So she started giving it the wrong-but-plausible answers just to get through the process, and now I wonder if it will take those as correct, and now *I* have to give the wrong-but-plausible answers next time I go through this shit (and I just had to go through it a few days ago to sign up for WeillCornell's patient portal.)

For fuck's sake.

[#] Tue Feb 23 2021 22:06:51 EST from zooer

[Reply] [ReplyQuoted] [Headers] [Print]

I have gotten those questions as well, scary.

What scares me is when none of the answers were correct.  



[#] Thu Feb 25 2021 18:44:39 EST from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

I had forgot about those people.  invasive SoBs

Tue Feb 23 2021 21:44:00 EST from LoanShark
My mom was talking about this stuff to me a month ago. It sounds like you're talking about LexisNexis' verification system.

She had to get through this process, and it was asking her about me, and it was blocking her. It would ask her things like whether I've ever been associated with her most current address, or, I don't know. So she started giving it the wrong-but-plausible answers just to get through the process, and now I wonder if it will take those as correct, and now *I* have to give the wrong-but-plausible answers next time I go through this shit (and I just had to go through it a few days ago to sign up for WeillCornell's patient portal.)

For fuck's sake.

 



[#] Mon Mar 01 2021 05:24:02 EST from triLcat

[Reply] [ReplyQuoted] [Headers] [Print]

Not sure if this is the right place... but a friend died, leaving basically everything important stuck in a computer that's password protected, firewalled, and other layers of security.  

His kids need access to his financial information (and other stuff, but mainly that). 

 

Anyone here able to do that kind of thing? (The computer is in NY) 



[#] Mon Mar 01 2021 06:21:50 EST from darknetuser

[Reply] [ReplyQuoted] [Headers] [Print]

2021-03-01 05:24 from triLcat
Not sure if this is the right place... but a friend died, leaving
basically everything important stuck in a computer that's password

protected, firewalled, and other layers of security.  

His kids need access to his financial information (and other stuff,

but mainly that). 

 

Anyone here able to do that kind of thing? (The computer is in NY) 



Do you have phisical access to the computer?

I have cracked some computers that used **heavy** full disk encryption, but only because the guy who had forgotten the password remembered most of it. The typical situation in which the guy says "I know the password started by "paypalsucks", and then it had a number, or maybe three, and ended with a special character which I don't remember.

If you have access to the computer directly, is it full disk encrypted? Which operating system (and version) does it run?

[#] Mon Mar 01 2021 22:43:12 EST from ParanoidDelusions

[Reply] [ReplyQuoted] [Headers] [Print]

Yeah... encryption and security has gotten very good on consumer grade devices. Intel had boxes full of password encrypted hard drives in 2003, pulled from ThinkPads. 

Mon Mar 01 2021 06:21:50 EST from darknetuser
2021-03-01 05:24 from triLcat
Not sure if this is the right place... but a friend died, leaving
basically everything important stuck in a computer that's password

protected, firewalled, and other layers of security.  

His kids need access to his financial information (and other stuff,

but mainly that). 

 

Anyone here able to do that kind of thing? (The computer is in NY) 


Do you have phisical access to the computer?

I have cracked some computers that used **heavy** full disk encryption, but only because the guy who had forgotten the password remembered most of it. The typical situation in which the guy says "I know the password started by "paypalsucks", and then it had a number, or maybe three, and ended with a special character which I don't remember.

If you have access to the computer directly, is it full disk encrypted? Which operating system (and version) does it run?

 



[#] Tue Mar 02 2021 12:04:59 EST from LoanShark

[Reply] [ReplyQuoted] [Headers] [Print]

2021-03-01 22:43 from ParanoidDelusions
Yeah... encryption and security has gotten very good on consumer
grade devices. Intel had boxes full of password encrypted hard drives
in 2003, pulled from ThinkPads. 

Yeah unfortunately if it's BitLocker, and not using HW encryption on one of the known-bugged SSD's, it's probably pretty tough to crack. But the key is often linked to the person's Microsoft Account, so if you can acccess *that*...

[#] Tue Mar 02 2021 19:06:03 EST from IGnatius T Foobar

[Reply] [ReplyQuoted] [Headers] [Print]

Brave browser’s Tor feature found to leak .onion queries to ISPs

I got smacked by Corporate IT for even *having* Brave on my machine, simply because it *can* do Tor. :(

I think if I used tor I would probably set up a proxy config in my regular browser to send all ".onion" requests to the correct proxy instead of needing to use another browser. Same with .i2p, I guess. And that's probably the wrong way to do it from an ultra-privacy point of view.

[#] Wed Mar 03 2021 09:27:26 EST from darknetuser

[Reply] [ReplyQuoted] [Headers] [Print]

I think if I used tor I would probably set up a proxy config in my

regular browser to send all ".onion" requests to the correct proxy

instead of needing to use another browser. Same with .i2p, I guess.

And that's probably the wrong way to do it from an ultra-privacy point

of view.



Yes, that setup is very broken.

First if you visit an i2p site which has some resource loaded over cearnet, your computer will fect both the i2p and the clearnet components of the page at once.... the i2p part over i2p, and the clearnet part over clearnet. Which is very very bad.

Also, when you use the same browser for both things it is hard to forget which configuration you are using at a given time. This is, there is no clear indication when you are fetching results in the clear or not, so if you are tired it is easy to mess up.

[#] Wed Mar 10 2021 01:55:55 EST from ParanoidDelusions

[Reply] [ReplyQuoted] [Headers] [Print]

I set up i2p on my Pi400 - and it scares me, because I don't know that I'm doing it right, and it doesn't really hold your hand through holding it right - so it is kind of a novelty. I'm getting to sites that I can't get to normally, through regular methods - but I don't know that I'm leaking traceable information. 

And that seems to be the problem with these solutions - they need a reliable sanity check that says, "The Ayatollah or President Xi is not going to see you posting this because you're not making a stupid mistake that is easy for a noob to make, citizen of an oppressive regime." 


Which seems to be growing more important here in the US, too. Some Facebook loony stalked me OFF of Facebook. I had his personal address in Yuba city and everything else his metadata was leaking within 20 minutes of him starting to harass me - but still. I'll post more details later - it is an interesting story. 

Wed Mar 03 2021 09:27:26 EST from darknetuser
I think if I used tor I would probably set up a proxy config in my

regular browser to send all ".onion" requests to the correct proxy

instead of needing to use another browser. Same with .i2p, I guess.

And that's probably the wrong way to do it from an ultra-privacy point

of view.



Yes, that setup is very broken.

First if you visit an i2p site which has some resource loaded over cearnet, your computer will fect both the i2p and the clearnet components of the page at once.... the i2p part over i2p, and the clearnet part over clearnet. Which is very very bad.

Also, when you use the same browser for both things it is hard to forget which configuration you are using at a given time. This is, there is no clear indication when you are fetching results in the clear or not, so if you are tired it is easy to mess up.

 



[#] Wed Mar 10 2021 14:33:16 EST from darknetuser

[Reply] [ReplyQuoted] [Headers] [Print]

2021-03-10 01:55 from ParanoidDelusions
I set up i2p on my Pi400 - and it scares me, because I don't know

that I'm doing it right, and it doesn't really hold your hand through

holding it right - so it is kind of a novelty. I'm getting to sites

that I can't get to normally, through regular methods - but I don't

know that I'm leaking traceable information. 

And that seems to be the problem with these solutions - they need a

reliable sanity check that says, "The Ayatollah or President Xi is

not going to see you posting this because you're not making a stupid

mistake that is easy for a noob to make, citizen of an oppressive

regime." 


Which seems to be growing more important here in the US, too. Some

Facebook
loony stalked me OFF of Facebook. I had his personal address
in Yuba city and everything else his metadata was leaking within 20

minutes of him starting to harass me - but still. I'll post more

details later - it is an interesting story. 


If you want to interact with regular clearnet services, the following solutions take a "secure by default" aproach:

* The Tor Browser Bundle is a package available for any popular operating system (and a lot of not popular operating systems) with includes a preconfigured web browser with a tor instance. It has all the common leaks and issues eliminated and it has nice fingerprinting protection - your http traffic looks like some common internet browser's for providers.

* The Tails Live Operating System is a Linux distribution designed to be installed in a DVD or pen-drive. All the traffic is tunneled through tor by default. All the traffic goes through an agressive network filter to ensure you don't generate leaky side traffic. Lots of apparmor thrown in so the whole thing is sealed shut. The distribution does not have many programs, but it has all the basics (email, openpgp, browser, office, bitcoin) and all of them are specifically adapted for privacy.

* The Whonix suit of operating systems is a ready-to-go solution. It is included in the Qubes distribution. Basically you use a Whonis instance as a Tor router and then another Whonix instance as a client virtual machine. The architecture is a bit complex but the idea is that the Whonix client works in an isolated network that can only communicate to the outside via the Whonix router. If you make a mistake or get your Whonix client cracked, the Whonix router won't allow it to leak information to the outside. It sounds complex to set, but when using a ready-to-go solution as in Qubes, it is deployed automatically for you.


TL;DR: there is no shortage of out-of-the-box privacy tools for posting pictures of Biden and Gates sodomizing each other in some *.chan.

[#] Wed Mar 10 2021 14:35:22 EST from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

VM and block all ports other than TOR or freenet or I2P.  

Wed Mar 10 2021 14:33:16 EST from darknetuser
If you want to interact with regular clearnet services, the following solutions take a "secure by default" aproach:

 



[#] Wed Mar 10 2021 14:54:36 EST from darknetuser

[Reply] [ReplyQuoted] [Headers] [Print]

2021-03-10 14:35 from Nurb432
VM and block all ports other than TOR or freenet or I2P.  
Wed Mar 10 2021 14:33:16 EST from darknetuser


If you want to interact with regular clearnet services, the
following solutions take a "secure by default" aproach:









 


That too but those you have to configure yourself, which is less bullet proof than a ready-to-go solution.


[#] Sat Apr 24 2021 20:24:17 EDT from zooer

[Reply] [ReplyQuoted] [Headers] [Print]

Backdoored password manager stole data from as many as 29K enterprises

https://arstechnica.com/gadgets/2021/04/hackers-backdoor-corporate-password-manager-and-steal-customer-data/



[#] Mon Apr 26 2021 23:48:20 EDT from ParanoidDelusions

[Reply] [ReplyQuoted] [Headers] [Print]

Doesn't this point out the flaw with cloud based - always latest update - software? 

I think there are so many things being updated so frequently that the odds of this happening outweigh the majority of "security updates" that roll out rapidly. 

Sat Apr 24 2021 20:24:17 EDT from zooer

Backdoored password manager stole data from as many as 29K enterprises

https://arstechnica.com/gadgets/2021/04/hackers-backdoor-corporate-password-manager-and-steal-customer-data/



 



[#] Tue Apr 27 2021 14:53:30 EDT from Nurb432

[Reply] [ReplyQuoted] [Headers] [Print]

It depends on the vendor

In my case with the app i support, we only get 1 upgrade a year for free.  So, they wont be doing it without our our knowledge.  And any hot fix for issues we run across that we cant wait on, gets applied to our test system first, for us to sign off on before its scheduled to be put in prod.

 

Now, stuff like O365, ya, its a constantly moving target.

Mon Apr 26 2021 11:48:20 PM EDT from ParanoidDelusions

Doesn't this point out the flaw with cloud based - always latest update - software? 

I think there are so many things being updated so frequently that the odds of this happening outweigh the majority of "security updates" that roll out rapidly. 

 


[#] Wed Apr 28 2021 01:00:10 EDT from ParanoidDelusions

[Reply] [ReplyQuoted] [Headers] [Print]

Office 365, Adobe Creative Cloud - OS X, Windows *and* Linux - these are ALWAYS throwing down new security updates. My Synology is always throwing down new updates - and most people have enough systems doing this that they can't regression check them all before applying them - and the industry spits out this narrative that you HAVE to do it - or your system *is* a target. 

I don't know. I just think the conventional wisdom on aggressive, constant updates is a flawed approach. 

 

Tue Apr 27 2021 14:53:30 EDT from Nurb432

It depends on the vendor

In my case with the app i support, we only get 1 upgrade a year for free.  So, they wont be doing it without our our knowledge.  And any hot fix for issues we run across that we cant wait on, gets applied to our test system first, for us to sign off on before its scheduled to be put in prod.

 

Now, stuff like O365, ya, its a constantly moving target.

Mon Apr 26 2021 11:48:20 PM EDT from ParanoidDelusions

Doesn't this point out the flaw with cloud based - always latest update - software? 

I think there are so many things being updated so frequently that the odds of this happening outweigh the majority of "security updates" that roll out rapidly. 

 


 



[#] Wed May 05 2021 16:48:58 EDT from zooer

[Reply] [ReplyQuoted] [Headers] [Print]

Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs



Go to page: First ... 4 5 6 7 [8] 9 10 11 12