Search the Community
Showing results for tags 'security'.
-
One thing about computer technology; no matter how long you've been around, something new will always come along to make you feel like you don't understand a thing. I'm all in favor of 2-factor authentication. I've long appreciated the weakness of passwords. But a recent incident involving a very popular password manager service, which I've used for over a decade and won't name because nothing that happened was their fault, I realized that there are serious shortcomings with depending on relying on 2-factor authentication that uses codes sent to you via text message or codes generated with a generator stored on your mobile device. The only fool-proof method of 2-factor authentication available at the moment is to use a physical key, sold under brand names like Yubi® keys and easily available from Amazon or, now, Google. You still use a username and password on each site you want to make extra secure but you also need a physical key that, by USB, WiFi, Bluetooth or NFC, "unlocks" that site and allows access. Anyone else without your key but in possession of your username and password wouldn't be able to log in to the site. Now that comprises just about everything I understand about these keys. Despite owning a set of USB and WiFi keys, I know little about actually using them. If just owning them made me more secure, I'd be all set. Unfortunately... My primary question is; Are these keys used the same way a password manager is? In other words, can my credentials from multiple sites be stored on them? Every explanation I've seen in print or video relates to using them to secure a single, usually Google, account. But can I use a single key to access any site that lets me use one for 2-factor authentication? Another way to ask the same question, is the key assigned to me as an individual or is it assigned to the site I first use it on? If I register it as a device to allow me access to my bank does it erase the credentials that allow me to access my Gmail, or will it authenticate me on any site where I've registered it as me? I can't imagine the developers expect us to carry a key for each service we want to use one for, but there are a lot of things I can't imagine that turn out to be the case.
-
This looks very interesting and has a Arch package in the AUR.I am typing this from a firejail firefox. https://l3net.wordpr...jects/firejail/ https://l3net.wordpr...ozilla-firefox/ https://l3net.wordpr...bilities-guide/ There are quite a few pages of stuff to read and some of the comments are worth a read aswell.Of interest is the fact that you can run VLC-without internet access (or similar program) and also isolate programs like the TorBrowser and Dropbox. I ran a quick comparison opening up FF with a page with video running and it does not seem to use up any more cpu or ram than a normal FF.
-
This thread is dedicated to useful tips on running an Arch install. CCACHE To Help Speed Up Compilation Process When Installing Packages From AUR You need to install ccache package first. For those wondering, ccache is a fast c/c++ compiler which is used to speed up the compilation process. It speeds up recompilation by caching previous compilations and detecting when the same compilation is being done again. It supports C, C++, Objective-C and Objective-C++.
- 24 replies
-
- 1
-
-
- arch
- maintenance
- (and 4 more)
-
Lynis a 5 min entertainment break from studying for V.T.
abarbarian posted a topic in Bruno's All Things Linux
Studying can be a real drag if you never take a break. So I found this little gem which should provide some relief from the drudgery. http://www.unixmen.com/audit-the-security-of-your-unixlinux-systems-using-lynis/ http://www.rootkit.nl/files/lynis-documentation.html https://aur.archlinux.org/packages/lynis/ Well I gave the program a run through on my home pc. Worked just fine and gave these warnings, and theses suggestions, There is tons of stuff in the suggestions list an I am not sure about how to do everything it suggests or even if I need to act on every thing. Can someone suggest a decent simple to use " file integrity tool " Can a network expert help me to " Configure a firewall/packet filter to filter incoming and outgoing traffic " Can someone give a very brief explanation of this " Default umask in /etc/profile could be more strict like 027 " Thanks in advance and happy playing Eric. -
Just found this interesting and vast guide to reducing outgoing tracking data from Firefox. It's in the form of a user.js file which you could deploy altogether, or select particular items and edit them with about:config. Firefox does appear to send various data out and most of us probably don't need the functionality this data supports. Who ever used "Pocket" for instance? https://gist.github.com/MrYar/751e0e5f3f1430db7ec5a8c8aa237b72
-
Debian has just released a special point release specifically to address a vulnerability in apt. More details: https://forums.scotsnewsletter.com/index.php?showtopic=22937&st=1500#entry458542 https://forums.scotsnewsletter.com/index.php?showtopic=22937&st=1500#entry458531
-
One of the best aspects of this forum is the ability to ask a question and get honest, simple, down-to-earth answers that are informative and easy to understand. For years I've seen references to physical security keys like Yubi keys. I've always been big on security. I use 2-factor authentication anywhere it's offered, even if many sites employ it in a way that makes it inconvenient and cludgy. Based on what I've read it seems that Yubi-type keys provide the same basic security that 2-factor does. The key is registered to you (somehow) and the fact you have it in your possession and can plug it into your USB port proves you are you. Looking closer I see there are a couple of different standards, U2F and FIDO2 appear to be the most common. That's pretty much what I know about these things. So, my questions... Are they really useful? Is using a key more secure than having codes sent to your phone? How do you employ these if you're logging in from a phone or non-USB tablet? Can they be used at work, using different credentials, or do you need a separate key for each account? Is there value in spending $20-50 for a replacement for text codes? Any other info or opinion welcome.
-
So has anyone tried this yet ????? http://www.zdnet.com/article/encrypted-email-service-protonmail-comes-out-of-beta-unveils-ios-and-android-apps/ https://protonmail.com/security-details ProtonMail Plans Explained (Free, Paid, Visionary) https://protonmail.com/support/knowledge-base/email-ddos-protection/ Seems to be still under very active development but reading through a lot if the comments it looks to be at a pretty stable and usable state. Makes sense as they have opened it up for anyone to join as opposed to the invite only service they were offering. I like that it is not USA or UK/EU controlled in any way meaning private stays private.
-
If you want privacy you need to run Linux - ComputerWorld (S.J. Vaugha
V.T. Eric Layton posted a topic in Bruno's All Things Linux
Read the rest of the article HERE. -
I have a friend (no, really) who has found out that a third party has access to his work emails. This man's a lawyer, so this is a fairly serious issue. The emails were sent from his work server to another attorney. His server is on a privately owned domain and maintained by a friend of his. We don't know what setup the other attorney has for her email. I told him, and I hope I was correct in my advice, that the maintainer of the server should be able to look at the logs for that domain and see which IP addresses logged in during the month in question. Eliminating the IPs that are known should expose the unknown. Turns out the server logs are only kept for 60 days, and these emails were from December of last year. Of course they could have been accessed any time since then, but we'd only be able to find the culpret if the access was within the last 60 days. So without discusiing hacking techniques, what advice can I give him on how best to determine how those emails were obtained? I suspect if the hacks were made more than two months ago he may never find out who did it or how. What are your suggestions for methods to harden their server against future attacks? Obviously, being lawyers, their emails are frequently very sensitive and I believe they would spare no expense to make sure this doesn't happen again.
-
http://www.blackmoreops.com/2014/08/05/world-live-ddos-attack-maps-live-ddos-monitoring/ Amazing live updated maps, clicking on the maps shows different information. The map would make a great screensaver if it did not consume so much bandwidth (bandwidth heavy maps) Looking at the avatar on the site raises the Q - has Josh got a secret part time job in the security world.
-
http://linuxgizmos.com/networking-security-appliance-runs-snort-on-openwrt/ here is the Kickstarter page which is not running yet. https://www.kickstarter.com/projects/itus/900815374?token=f30bd9c9 Is the iGuardian a useful tool or just a load of fluff ?
-
dropbox Dropbox told about vulnerability in November 2013, only fixed it when
Guest posted a topic in Security & Networking
Dropbox told about vulnerability in November 2013, only fixed it when the media showed interest - Graham Cluley And likely Dropbox still wonders why security aware people may not trust them with their sensitive information... I stopped using them for anything that matters long ago. -
Much has been said recently with the release of the 2014 white paper iOS Security by Apple. It is not a super difficult read, but I am not a cryptography guy, so some of it is well above my head. From what I've been able to glean, however, is that Apple is 100% behind security and privacy in iOS. It is not a long read, and I encourage everyone to take a look. iMessage security as well as Touch ID is covered as well. Steve Gibson did a bit of a deep dive into the white paper, and he had some interesting things to say about Apple's claims. You can see his report on Security Now below (Skipped ahead to the relevant portion): Here is a text transcript of the episode, and audio (HQ / LQ). What do you think? Did Apple make a good choice with their model? Adam
-
http://www.linuxbsdos.com/2014/02/27/boeing-black-android-smartphone-will-self-destruct-if-tampered-with/ For government officials only.
-
Perhaps you folks know more than me on this subject, i've found this particular email on my spam that emulates the website of one of the banks on my country, i knew right away that it was a phishing link (years ago my friend did this with facebook and i learnt about it) the thing is i went to the site and wrote fake username and fake password like "myuseris" password "notyours" just for the fun of it, anyway that got me thinking, can i actually be exploited via an email with HTML code on it? and if that is so, how much of my system is compromised? Any way to know if chromium is actually being hijacked?
-
Adware vendors buy Chrome Extensions to send ad- and malware-filled updates Once in control, they can silently push new ad-filled "updates" to those users. http://arstechnica.com/security/2014/01/malware-vendors-buy-chrome-extensions-to-send-adware-filled-updates/ Something to watch for if you are a Chrome user.
-
Dan's Data is one of my old favourite sites, Aussie, kinda geeky, with hints of XKCD and rather addictive. And lots of really useful tips. Although his posts are less frequent lately, there's a goldmine to explore. I just happened across this article, a fascinating insight on passwords. Put your protective sarcasm goggles on. On the h4xx0ring of p4sswordZ
-
If you are a LinkedIn user with an iPhone or iPad, you should do some research before using/opting in to Intro app for email. I searched "linkedin intro security" and found a bunch of write-ups of the security risks and questionable practices built in to Intro.
-
YOU CAN BE FREE
-
winpatrol WinPatrol PLUS For Everyone Just $2 & Info About XP Users
Guest posted a topic in Security & Networking
WinPatrol PLUS For Everyone Just $2 - Bits from Bill Blog Much more in the posting! Thanks Bill for doing this again!!! Gonna go snag some more for me! Great way to 'donate' and say how much I love WinPatrol! ' FYI: If you buy via credit card, there is a $.50 surcharge. The PayPal way to pay without a surcharge is in the RIGHT navigation on WinPatrol.com Also note that you can buy multiple copies of individual WinPatrol at $2 each or a Family Pack for $10 Last time I purchase 5 individual licenses so I could pass some on to friends. This time I think I will just do I chose the Family Pack so I will have unlimited use on all family computers. Wish I could do 5 more individual licenses too but timing is such that I am playing catch up. Bill also has a posting about Windows XP users: Many Surprised by Windows XP Usage - Bits from Bill Blog: BOLD emphasis mine. Much more in the article. If you read the 7/23/2013 update to that article, Microsoft is also pushing their XP Retirement party (posted after this posting by Bill. -
International Space Station switches from Windows to Linux
abarbarian posted a topic in Bruno's All Things Linux
http://www.extremetech.com/extreme/155392-international-space-station-switches-from-windows-to-linux-for-improved-reliability From the comments section, -
I spent the evening tonight setting my systems back up for ssh connectivity. During the process, I made some changes to how I had been doing it previously. Read more about it here --> http://noctslackv1.wordpress.com/2013/03/17/ssh-can-it-be-more-secure/ Have a wonderful day!
-
Evernote hacked; millions must change passwords
-
Corrine posted this interesting news over in the Security area. Check it out --> http://forums.scotsnewsletter.com/index.php?showtopic=59289
