|
How would I use either the keyfile or the Yubikey on my phone?
|
# ? Feb 25, 2016 20:40 |
|
|
# ? Mar 28, 2024 23:32 |
|
hooah posted:How would I use either the keyfile or the Yubikey on my phone? Good point. At least for the keyfile you'd just copy it on to there--I am not sure how this works in iOS land but in Android it's just a matter of dumping it via MTP or whatever.
|
# ? Feb 25, 2016 20:57 |
|
hooah posted:How would I use either the keyfile or the Yubikey on my phone? NFC yubikey?
|
# ? Feb 25, 2016 21:15 |
|
Minikeepass (iOS) lets you pull a file from dropbox to use as a keyfile, or sideload using iTunes / document storage.
|
# ? Feb 25, 2016 23:23 |
|
What's a good method of integrating KeepassX with Linux? I've had a go at installing KeeFox: it required mono, so I did that and then it seemed unable to detect my KeepassX 2 instance. I've looked at PassIFox but it's incompatible with Firefox Sync, which is something I don't want to give up. My KeepassX 2.0 vault is set up and imported from Lastpass, it's only the clunkyness that keeps me using Lastpass until I find a better alternative. I'm pretty annoyed at Lastpass for what they've done with the UI in version 4.0 and want to show my disgust by cancelling but I'm yet to find something as easy as Lastpass v3. They stated that being bought out by LogMeIn wouldn't change the service and already they're forcing an awful UI which doesn't work but looks "nicer".
|
# ? Feb 26, 2016 17:44 |
|
Out of curiosity, what did you find didn't work about the new UI? Granted, I only used the password feature so I didn't interact with LastPass much, but it seemed innocuous enough to me.
|
# ? Feb 26, 2016 17:48 |
|
1. It takes about 15 seconds to load on login (i5 laptop with SSD), possibly due to small thumbnails for each site having to load to make it look cuter. 2. Click on secure notes and then click again to see the list of secure notes=wasted click. 3. Generate secure password dialog displays with the bottom part obscured and no scrollbar to see the full range of options, making password generation only partially usable. Top of my head, there.
|
# ? Feb 26, 2016 17:53 |
|
DeaconBlues posted:What's a good method of integrating KeepassX with Linux? I've had a go at installing KeeFox: it required mono, so I did that and then it seemed unable to detect my KeepassX 2 instance. I've looked at PassIFox but it's incompatible with Firefox Sync, which is something I don't want to give up. Did you have any luck using this to install regular KeePass under mono? That should leave you with the ported version of 2.x - from there you can try to install Keepasshttp and get a plugin working, or just use the auto-type to fill in forms. PassIFox does work with sync, you just need to install it and import the keys before you enable sync.
|
# ? Feb 26, 2016 20:52 |
|
Melian Dialogue posted:What are your guys' thoughts on the whole Blackphone thing? Is it overhyped as some uber-security phone or is it actually not bad for what it's selling? I think they are coming out with a tablet soon too. Poul-Henning Kamp (the FreeBSD developer) did a three part review (one, two and three). Yeah, it's crap.
|
# ? Feb 26, 2016 21:23 |
|
NFX posted:Poul-Henning Kamp (the FreeBSD developer) did a three part review (one, two and three). Yeah, it's crap. Really the thing to keep in mind about any phone that claims to be built with privacy and security in mind is that unless they're designing the baseband radio too, it's crap. I tried to look it up because it got me wondering but they're very hesitant to release those specific details (although if I had to guess it might be Qualcomm). Until one can write a non-blackboxed radio chipset for LTE/UMTS/GSM, anyone who claims to have a "secure" mobile phone can go gently caress off. Lain Iwakura fucked around with this message at 21:49 on Feb 26, 2016 |
# ? Feb 26, 2016 21:45 |
|
OSI bean dip posted:I haven't seen much else but there is this: This seems to work only if I'm using Dropbox for syncing
|
# ? Feb 26, 2016 22:03 |
|
Just buy the Windows version and run it under Wine, it's $40 with the coupon code "MacPowerUsers" and works great
|
# ? Feb 26, 2016 23:02 |
|
Boris Galerkin posted:This seems to work only if I'm using Dropbox for syncing I don't think so, he was just personally using Dropbox for syncing the keychain file so he instructed how to use it. The software is designed so the keychain is stored as ~/1Password/1Password.agilekeychain and you just symlink that to where ever your sync client stores the actual file.
|
# ? Feb 27, 2016 00:49 |
|
So if the Blackphone is a dud what options are there where you can still have decent functionality with say Android apps, but still have some semblance of security on mobile? Why does my Camera need access to "Modify settings" and why does a Sudoku app need permissions for Geotagged locations?? Do you pretty much have to be a hermit and not use any mobile tech?
|
# ? Feb 27, 2016 02:29 |
|
Melian Dialogue posted:So if the Blackphone is a dud what options are there where you can still have decent functionality with say Android apps, but still have some semblance of security on mobile? Why does my Camera need access to "Modify settings" and why does a Sudoku app need permissions for Geotagged locations?? Do you pretty much have to be a hermit and not use any mobile tech? Get a phone running M and revoke permissions as you see fit? e: And dont sideload apps and you're fine, easily better off than your desktop. hth. apseudonym fucked around with this message at 02:39 on Feb 27, 2016 |
# ? Feb 27, 2016 02:36 |
|
Melian Dialogue posted:So if the Blackphone is a dud what options are there where you can still have decent functionality with say Android apps, but still have some semblance of security on mobile? Why does my Camera need access to "Modify settings" and why does a Sudoku app need permissions for Geotagged locations?? Do you pretty much have to be a hermit and not use any mobile tech? Yes. The real question is "who is your adversary?" Are you concerned about random malware? Are you concerned about spear phishing? Are you concerned about three letter agencies specializing in SIGINT? If it's the latter, rotate your flip-phone burners and prepaid SIM cards daily, that's the only real solution at the moment to Nation State level attacks. Otherwise, pick up a newer Nexus phone since Google is committed to pushing firmware updates with security fixes on a regular cadence, and isn't beholden to carrier QA approval. Only download software from Play. Only download software which isn't ad supported. Only download software with sensible permissions. Use Baksmali to inspect apps which you really, really care enough about to reverse engineer. Hope that whoever's app you're using supports tokenization for credentials. Use Work Profiles if you're concerned about keeping your work data segregated from your personal data. For God's sake, do not get some sort of "Antivirus" software for your phone. Remember that zero days will always exist in any platform.
|
# ? Feb 27, 2016 02:51 |
|
Overall, mobile phones really suck for security.
|
# ? Feb 27, 2016 04:07 |
|
OSI bean dip posted:Overall, mobile phones really suck for security. Nah, not really.
|
# ? Feb 27, 2016 04:27 |
|
apseudonym posted:Nah, not really. Marshmallow was released going on 5 months ago and 1% of android phones are running it. IOS 9 came out a few weeks prior and 77% of iphones are running it.
|
# ? Feb 27, 2016 04:43 |
|
apseudonym posted:Nah, not really. yeah really
|
# ? Feb 27, 2016 04:51 |
|
uPen posted:Marshmallow was released going on 5 months ago and 1% of android phones are running it. IOS 9 came out a few weeks prior and 77% of iphones are running it. This, unfortunately. For Android, the current structure of carriers and OEMs heavily disincentivizes patching anything at all. If you're lucky, you'll get one OTA update, ever. Apple, being the sole manufacturer AND the OS vendor, AND having the ability to flip off carriers and their requirements, means that they can patch as much as they want, and it's not a gigantic poo poo show of hacks. As I said, the Nexus phones can generally do that too (if bought from Google) but Google doesn't seem to support them as long as Apple does.
|
# ? Feb 27, 2016 15:37 |
|
Volmarias posted:This, unfortunately. For Android, the current structure of carriers and OEMs heavily disincentivizes patching anything at all. If you're lucky, you'll get one OTA update, ever. Apple, being the sole manufacturer AND the OS vendor, AND having the ability to flip off carriers and their requirements, means that they can patch as much as they want, and it's not a gigantic poo poo show of hacks. Add the fact there is what I said: OSI bean dip posted:Really the thing to keep in mind about any phone that claims to be built with privacy and security in mind is that unless they're designing the baseband radio too, it's crap. I tried to look it up because it got me wondering but they're very hesitant to release those specific details (although if I had to guess it might be Qualcomm). Your baseband radio has so much outside control without the OS' knowledge.
|
# ? Feb 27, 2016 17:48 |
|
OSI bean dip posted:Add the fact there is what I said: If your threat model is NSA spookiness there's lots of easier things to do to non-mobile devices and far less integrity protection, though radios are a nice place to try and drop persistent code for sure depending on the hardware layout of the specific device. That's not really a realistic threat model for probably everyone browsing SA though, we're not worth that kind of attention. If your threat model is realistically the NSA your hardware all got shipped to you owned in ways youll never detect. The threat model for most of SA users is just the usual random poo poo on the internet combined with idiotic views on how security actually works leading to shooting themselves in the foot. In actual practical security for your average person mobile is far better than older OSs simple because we've learned from a lot of mistakes in older OSs' designs. The malware numbers for mobile are ridiculously small compared to desktop OSs.
|
# ? Feb 27, 2016 19:37 |
|
Khablam posted:Did you have any luck using this to install regular KeePass under mono? That should leave you with the ported version of 2.x - from there you can try to install Keepasshttp and get a plugin working, or just use the auto-type to fill in forms. Thanks for suggesting using Keepass rather than KeepassX. I'm having much more luck with regular Keepass running with mono in Fedora, using both plugins (Keepasshttp and PassIfox). I just disconnected Firefox sync before installation and then reconnected once Keepass was set up. It's a pretty neat way of handling passwords, actually. Everything seems to be held in Keepass but Firefox thinks it is using its native password filler. Firefox is only being fed each password as and when it's required by whichever webpage I'm logging into. This can be checked by going to Firefox Preferences>Security>Saved Logins>Show Passwords. All of my passwords simply say "Stored in Keepass", so although Firefox thinks it has a couple of hundred passwords in there it actually has nothing until one is needed and then it's piped through from Keepass encrypted with AES. Logging into a site feels just like Firefox is doing it, because it essentially is! I'll play around like this for a few days to see if there are any drawbacks but at the moment it looks like bye bye Lastpass.
|
# ? Feb 27, 2016 20:24 |
|
apseudonym posted:If your threat model is NSA spookiness there's lots of easier things to do to non-mobile devices and far less integrity protection, though radios are a nice place to try and drop persistent code for sure depending on the hardware layout of the specific device. Yeah. But my remark is whether or not you can secure a phone and the answer is "not really". Also suggesting that the NSA is my concern is incorrect. https://www.youtube.com/watch?v=DuaGt83ZCiw This isn't NSA-level stuff and can be done with hardware that's less than $400 USD. The baseband is a serious concern.
|
# ? Feb 27, 2016 20:24 |
|
OSI bean dip posted:Yeah. But my remark is whether or not you can secure a phone and the answer is "not really". Also suggesting that the NSA is my concern is incorrect. Oh, you're coming at this with regards to bugs and exploiting. Sorry when people talk about the baseband its usually very NSA stuff. Yes, bugs in the components of a device that touch the network are fun, but keep in mind WiFi drivers and hardware have similar bugs all too often, its an area of work across a lot more than mobile.
|
# ? Feb 27, 2016 20:34 |
|
apseudonym posted:Oh, you're coming at this with regards to bugs and exploiting. Sorry when people talk about the baseband its usually very NSA stuff. quote:The attack takes advantage of the machine-to-machine (M2M) interface used by carriers to do remote provisioning of the phone when it’s purchased and to push out communications updates. The interface is part of the baseband configuration of the phones—it leverages the baseband processor, which is the system-on-chip that handles the connection to cellular networks. On some devices, the baseband chip can access local storage and memory used by the smart phone’s operating system and be used to gain root-level access. http://arstechnica.com/security/2014/08/blackphone-goes-to-def-con-and-gets-hacked-sort-of/ The last sentence had me kind of giggling. But yeah, I don't really trust mobile phones and it's really hard to write a proper guide these days because removing the battery is pretty difficult--airplane mode is a joke. The problem is that details on the radios is kept very close to the manufacturers' chests. Nobody can really do an audit outside of their own drivers.
|
# ? Feb 27, 2016 20:38 |
|
OSI bean dip posted:http://arstechnica.com/security/2014/08/blackphone-goes-to-def-con-and-gets-hacked-sort-of/ If you don't trust the hardware that's fine, but there's a certain level of trusting trust here, the advice of "pull out the battery" or "airplane mode if you're not using it" is just making it secure by making it useless. You can use a dumb phone if you want but then whats the point, who even uses phone calls anymore. quote:The problem is that details on the radios is kept very close to the manufacturers' chests. Nobody can really do an audit outside of their own drivers.
|
# ? Feb 27, 2016 20:50 |
|
This is all crazy person talk, right?
|
# ? Feb 27, 2016 20:52 |
|
Speaking of crazy persons: http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2 Is there anything to this alarming/alarmist piece? Even if you didn't know John McAffee wrote it?
|
# ? Feb 29, 2016 01:21 |
|
doctorfrog posted:Speaking of crazy persons: http://www.businessinsider.com/john-mcafee-nsa-back-door-gives-every-us-secret-to-enemies-2016-2 There were two backdoors, one which anyone could exploit (and was very amateurish) and one that with the knowledge of a private key would allow the decryption of traffic secured by that device. That second one is a dead ringer for the kinds of things intelligence agencies want, traffic decryption and most importantly nobody but us capability. quote:So, while the NSA was monitoring our perceived Middle Eastern enemies, the Chinese and Russians, and god knows who else, were making off with every important secret in the US, courtesy of the NSA’s back door. Is poo poo, tbh. I'm sure some fun happened due to the first backdoor, but calling that the NSA backdoor is disingenuous. Also they go on a lot about it being a programmer 'planted' by the NSA, there is no evidence to support that whatsoever. I will give it some points for only using 'cyber' once, but its otherwise garbage.
|
# ? Feb 29, 2016 01:46 |
|
Recently when browsing SA and some other websites (usually news articles) my screen will go blank and then come back at the top of the webpage. So if it's a long webpage it will be scrolled to the top. I want to stress that the page has not been refreshed due to this, just changed how far down I have scrolled. I have a screenshot of the blank screen and it has an interesting address at the bottom in hovertext. it's something to the effect of vindicosuite.com which after googling sounds like it's a problem with a site plugin for counting users but this has been happening on multiple sites so I can't help but feel like it's a problem on my end.
|
# ? Mar 30, 2016 22:22 |
|
turbomoose posted:Recently when browsing SA and some other websites (usually news articles) my screen will go blank and then come back at the top of the webpage. So if it's a long webpage it will be scrolled to the top. I want to stress that the page has not been refreshed due to this, just changed how far down I have scrolled. This isn't really the correct thread for tech support but good lord update to Windows 10 already.
|
# ? Mar 30, 2016 23:31 |
|
Volmarias posted:Yes. thank you for this useful post with actionable items instead of castigation of current reality. -- looking forward to the NSA giving the FBI some of its tech and this eventually trickling down to police departments with barely educated thugs with a moral code of "take what you can and burn the rest"
|
# ? Mar 31, 2016 01:03 |
|
pr0zac posted:This isn't really the correct thread for tech support but good lord update to Windows 10 already. Is it stable enough to be worth trusting yet?
|
# ? Mar 31, 2016 05:25 |
|
Fuschia tude posted:Is it stable enough to be worth trusting yet? Sometimes. When it works it's fine. When it breaks it breaks really badly. It's better than 8 and worse than 7 but not that much worse I guess.
|
# ? Mar 31, 2016 05:30 |
|
Fuschia tude posted:Is it stable enough to be worth trusting yet? Rexxed posted:Sometimes.
|
# ? Mar 31, 2016 09:04 |
|
I had Windows 10 BSOD which I don't think I ever had with 7.
|
# ? Mar 31, 2016 13:56 |
|
pr0zac posted:This isn't really the correct thread for tech support but good lord update to Windows 10 already. Sorry! Is there a general tech support questions thread or should I just make a new one with my specific issue?
|
# ? Mar 31, 2016 15:34 |
|
|
# ? Mar 28, 2024 23:32 |
|
Fuschia tude posted:Is it stable enough to be worth trusting yet? Hah, the first page of this forum has 7 posts with Windows 10 in the title (including one of mine) so no, I'm not sure if its there yet.
|
# ? Apr 2, 2016 23:56 |