|
I'd say so. My fiancee doesn't have any trouble.
|
#
?
Apr 30, 2019 04:22
|
|
|
|
| # ? Apr 26, 2024 13:11 |
|
|
I saw some odd behaviour on my iphone yesterday. After I left home and was accessing mobile data, the awful app started timing out, and attempts to access SA or the SA forums via safari - or to check isitdownrightnow - either blanked, as though I hadn’t typed anything in at all, or redirected to the Financial Times website (which is one of my regulars, and which didn’t seem to be a spoof site - it registered my login cookie and let me read content, didn’t prompt me to enter anything etc). This stayed true as long as I was out, despite a couple of hard reboots, disabling pop ups, cleaning cookies etc, and solved itself when I returned home - from which point both WiFi and mobile data worked fine. Haven’t seen this before or since, anyone else had this experience? Just a forum / site maintenance thing or cause for concern? The redirection surprised me a bit. Relatedly, I’ve tended to assume I didn’t need to do much in terms of security for my iPhone (versus sandboxing anything I so much as look at on my desktop); is this wrong?
|
|
#
?
Jun 25, 2019 05:36
|
|
|
Yesterday Cloudflare (and much of the rest of the Internet) had issues after Verizon didn’t properly filter BGP announcements from one of its customers https://blog.cloudflare.com/how-verizon-and-a-bgp-optimizer-knocked-large-parts-of-the-internet-offline-today/ Not sure how that would explain the redirection but the timing seems right and SA does use Cloudflare.
|
|
#
?
Jun 25, 2019 13:43
|
|
|
Yeah, PPJ (D&D mod) was on Discord and said at the time it was Cloudflare making GBS threads itself over the BGP issue. Then Discord succumbed to the same issue, I believe.
|
|
#
?
Jun 25, 2019 13:54
|
|
|
Tesseraction posted:Yeah, PPJ (D&D mod) was on Discord and said at the time it was Cloudflare making GBS threads itself over the BGP issue. Then Discord succumbed to the same issue, I believe. dealing with BGP is about the only thing in IT that seriously intimidates me, and this is why.
|
|
#
?
Jun 25, 2019 23:12
|
|
|
I didn't see it mentioned in the Cloudflare blog post but 20k prefixes were affected by the issue. Good stuff  https://twitter.com/bgpmon/status/1143149817473847296 Edit: also here's a NANOG post that points out that the issue could have been avoided if poo poo was configured correctly: https://mailman.nanog.org/pipermail/nanog/2019-June/101589.html Pile Of Garbage fucked around with this message at 04:31 on Jun 26, 2019 |
|
#
?
Jun 26, 2019 04:28
|
|
|
Beefeater1980 posted:I saw some odd behaviour on my iphone yesterday. After I left home and was accessing mobile data, the awful app started timing out, and attempts to access SA or the SA forums via safari - or to check isitdownrightnow - either blanked, as though I hadn’t typed anything in at all, or redirected to the Financial Times website (which is one of my regulars, and which didn’t seem to be a spoof site - it registered my login cookie and let me read content, didn’t prompt me to enter anything etc). You have network issues; your iPhone isn’t worth targeting.
|
|
#
?
Jun 30, 2019 16:55
|
|
|
What is the forum favourite VPN service? I’m keen for something to use while I’m travelling and using random wifi. Ideally it would have a once a year subscription or one off fee.
|
|
#
?
Aug 1, 2019 05:39
|
|
|
Red_Fred posted:What is the forum favourite VPN service? I’m keen for something to use while I’m travelling and using random wifi. Ideally it would have a once a year subscription or one off fee. None of them. They’re all problematic so whatever you choose is going to be fine for the purposes you outlined but bear in mind you’re just moving goal posts in terms of how you’re monitored.
|
|
#
?
Aug 1, 2019 05:46
|
|
|
If you're ok with your home internet connection, PiVPN on a spare SBC. Use dietpi to make life easier.
|
|
#
?
Aug 1, 2019 05:51
|
|
|
Is algo still considered an ok way to secure yourself on public wifi? If so, Id probably just do that than rely on some rando running a VPN for you. Tbh, the only good thing I’ve found about vpn services is that they can let you bypass region locking. I wouldn’t trust them to “protect” you though and turn it off right after you finish your show/movie.
|
|
#
?
Aug 1, 2019 07:31
|
|
|
Heners_UK posted:If you're ok with your home internet connection, PiVPN on a spare SBC. Use dietpi to make life easier. Can you please elaborate a bit more on this?
|
|
#
?
Aug 1, 2019 08:54
|
|
|
Acer Pilot posted:Is algo still considered an ok way to secure yourself on public wifi? If so, Id probably just do that than rely on some rando running a VPN for you. Yes this is still true. Its likely more secure for you to route your traffic through an algo instance you control than through some public wifi / some lovely paid for VPN. There's reasonable complaints about VPN security from sec people , but mostly the good complaints are like Lain's - pointing out that you're still on the internet, you've just moved where you can be monitored from, regardless of what VPN service you have. Red Fred: if you're at all technical i'd use algo. It'll probably be the cheapest option and almost certainly have the sanest default configuration. Otherwise, like what was already mentioned, almost anything you use will work for the criteria you've posted.
|
|
#
?
Aug 1, 2019 16:48
|
|
|
Red_Fred posted:Can you please elaborate a bit more on this? Sure. PiVPN site link. Well in short it's running the VPN service for yourself using OpenVPN and an Single Board Computer, typically a Raspberry Pi, but anything that will run DietPi will do. Generally if you install DietPi, the PiVPN installation becomes very easy and self guided (which is what I did). That said, this guide goes through it if you want it. Once set up and at a coffee shop, you could connect to your home network and route all your traffic through there.
|
|
#
?
Aug 1, 2019 17:00
|
|
|
Anyone know if Avira free now automatically installs Opera? Just had the browser appear on my Win10 machine out of nowhere. Mighy be malware but I have no notion where it could have come from. I mean I just connected to the home network for the first time in three months so maybe the parents have malware?
|
|
#
?
Aug 1, 2019 19:34
|
|
|
Surprise Giraffe posted:Anyone know if Avira free now automatically installs Opera? Just had the browser appear on my Win10 machine out of nowhere. Mighy be malware but I have no notion where it could have come from. I mean I just connected to the home network for the first time in three months so maybe the parents have malware? Avira is a virus scanner so it's basically malware. Just use the thing built in to modern Windows, if you're a Windows user. Also see the OP about anti-virus.
|
|
#
?
Aug 1, 2019 20:47
|
|
|
If you want to migrate from LastPass to [ other ], what's the best process? Should I change every password I have as I move them over, or is simply deleting my LastPass account enough?
|
|
#
?
Sep 12, 2019 14:43
|
|
|
Lumpy posted:If you want to migrate from LastPass to [ other ], what's the best process? Should I change every password I have as I move them over, or is simply deleting my LastPass account enough? How concerned about what's currently in LastPass are you? I'd change my important ones (Banks, primary email, anything else that is the key to major portions of your life) as you migrate, then just change the rest as they expire.
|
|
#
?
Sep 12, 2019 15:11
|
|
|
I: * Migrated to Bitwarden using the LastPass Pocket Edition export function * Changed the important passwords. Not all. * I already used 2FA * I changed the LastPass password to an absurdly long one, stored in Bitwarden * I'll eventually delete the LastPass account but left it for a while. Actually this post reminded me. Rooted Vegetable fucked around with this message at 17:41 on Sep 12, 2019 |
|
#
?
Sep 12, 2019 16:02
|
|
|
About to do a new Windows 10 install for a personal desktop on a home network. My checklist: - Install all updates - Configure unprivileged user account for general use - Configure UAC to require admin password for all actions requiring admin privileges - Configure firewall to block all inbound traffic that is not pointed at ports 22 and 5001 (for sshd and Universal Media Server, respectively) from unapproved IP addresses (my PS4 and a few other things maybe) or part of an established connection - Replace default browser with NoScript-hardened Firefox - Install whatever Microsoft's official antivirus is atm assuming it doesn't already get set up with the OS installer - Disable Cortana and all of the other search bullshit - Change DNS service to OpenDNS or something else (more research required) Does that about cover it? olives black fucked around with this message at 18:15 on Oct 3, 2019 |
|
#
?
Oct 3, 2019 17:42
|
|
|
olives black posted:- Configure unprivileged user account for general use This adds little in the way of security and will drive you insane. Just leave the UAC config as default. olives black posted:- Configure firewall to block all inbound traffic that is not pointed at ports 22 and 5001 (for sshd and Universal Media Server, respectively) from unapproved IP addresses (my PS4 and a few other things maybe) or part of an established connection The default Windows Firewall profiles block almost all inbound protocols quite adequately. You'll be fine unless you're port-forwarding inbound to your PC on your router and/or your LAN is packed full of dodgy devices (If it's the latter then the best approach is to put your PC on a separate VLAN and permit/deny traffic on your router). olives black posted:- Replace default browser with NoScript-hardened Firefox I've never seen the point of NoScript tbh. Just get uBlock Origin and don't install Flash or Java. olives black posted:- Install whatever Microsoft's official antivirus is atm assuming it doesn't already get set up with the OS installer No action required really, Windows Defender is enabled by default in Win10 and the default settings are OK. There are some extra hardening settings you can enable like Controlled Folder Access which is neat. olives black posted:- Disable Cortana and all of the other search bullshit This is fine however please don't run one of those PowerShell scripts which nukes all the AppX stuff as those honestly do more harm than god. IMO best approach is to uninstall what you can and just not use the rest. It's also worth going through every section in the Windows Settings (New Control Panel) to disable all the dumb telemetry stuff. olives black posted:- Change DNS service to OpenDNS or something else (more research required) OpenDNS got bought by Cisco and rebranded as Cisco Umbrella. Generally for a home setup the recommended approach is to use anything other than your ISP for DNS resolution. The main options out there are:
I personally use Cloudflare as it's the fastest and Google as a backup. Quad9 and Umbrella apparently offer enhanced security (Blocking malicious domains, etc.) however I've personally seen GeoIP issues with Quad9 and Umbrella is just kinda bad. You might also want to look into DNS over HTTPS (DoH). Cloudflare's resolver supports it and you can enable DoH in the latest Firefox release however there's not exactly any support for it at the OS level in Win10.
|
|
#
?
Oct 4, 2019 18:00
|
|
|
Pile Of Garbage posted:This adds little in the way of security and will drive you insane. Just leave the UAC config as default. Thank you for the follow-up! I disagree with the first point (it gives me peace of mind knowing that I can't just click OK out of frustration on something dangerous and I'm used to using sudo on Linux anyway), but the rest has given me good stuff to consider.
|
|
#
?
Oct 4, 2019 18:23
|
|
|
olives black posted:Thank you for the follow-up! That's the thing though: are you confident that when presented with a UAC elevation prompt, expected or otherwise, you can adequately determine whether or not the process which spawned it can be trusted (Remembering that whilst the UAC prompt is active you cannot interact with the OS and the prompt itself only includes at most the process name, PID and path)? This is essentially one of those situations where you're sacrificing usability in the name of security without actually increasing security. Also your analogy isn't really accurate as sudo is manual elevation and more akin to "Run as Administrator" on Windows.
|
|
#
?
Oct 4, 2019 19:08
|
|
|
Pile Of Garbage posted:That's the thing though: are you confident that when presented with a UAC elevation prompt, expected or otherwise, you can adequately determine whether or not the process which spawned it can be trusted (Remembering that whilst the UAC prompt is active you cannot interact with the OS and the prompt itself only includes at most the process name, PID and path)? Point taken regarding the sudo analogy. However, it's less about knowing whether or not I can trust the process as it is about forcing myself to slow down and consider what's happening. Worst case scenario is that I say "idk wtf", cancel out of it and have to investigate what's going on afterwards. olives black fucked around with this message at 19:43 on Oct 4, 2019 |
|
#
?
Oct 4, 2019 19:41
|
|
|
I love it when the threat actor people are hardening against is themselves instead of actual threats
|
|
#
?
Oct 4, 2019 19:57
|
|
|
RFC2324 posted:I love it when the threat actor people are hardening against is themselves instead of actual threats Any end user is an actual threat.
|
|
#
?
Oct 4, 2019 20:04
|
|
|
Pile Of Garbage posted:and the prompt itself only includes at most the process name, PID and path The prompt also, most importantly, shows the publisher name for CA signed executables. Non-code-signed EXEs get a yellow warning border on the UAC prompt.
|
|
#
?
Oct 4, 2019 20:05
|
|
|
olives black posted:Point taken regarding the sudo analogy. However, it's less about knowing whether or not I can trust the process as it is about forcing myself to slow down and consider what's happening. I feel like you maybe don't use Windows on the reg and/or haven't used it in some time because honestly in Windows 10 UAC elevation prompts are very rare. I use Win10 all the time at work and at home and only ever see UAC prompts when I'm installing stuff which is when I expect them. Outside of that I never see them but if I did I'd know something suss was going on because well it just doesn't happen. That aside I guess it's up to you but at the end of the day if you were to get infected with something it'd probably be using some UAC bypass exploit anyway
|
|
#
?
Oct 4, 2019 20:10
|
|
|
Pile Of Garbage posted:I feel like you maybe don't use Windows on the reg and/or haven't used it in some time because honestly in Windows 10 UAC elevation prompts are very rare. I use Win10 all the time at work and at home and only ever see UAC prompts when I'm installing stuff which is when I expect them. Outside of that I never see them but if I did I'd know something suss was going on because well it just doesn't happen. Yeah, I figure it can't hurt. My rage threshold is pretty low, especially when I just want to unwind and play a game (which is why I'm, shock of all shocks, doing this in the first place).
|
|
#
?
Oct 4, 2019 20:15
|
|
|
Holy moly, I forgot what a clusterfuck Windows Firewall is. Is there a way to flush all of the default crap and make a configuration similar to this where inbound traffic is limited to established connections and whitelisted ports/IP addresses only?
|
|
#
?
Oct 5, 2019 15:46
|
|
|
olives black posted:Holy moly, I forgot what a clusterfuck Windows Firewall is. Is there a way to flush all of the default crap and make a configuration similar to this where inbound traffic is limited to established connections and whitelisted ports/IP addresses only? If you run Disable-NetFirewallRule with no parameters in PowerShell it will just disable all the rules in all three profiles (Public, Private and Domain). That aside I'd like to reiterate something I mentioned earlier: Pile Of Garbage posted:The default Windows Firewall profiles block almost all inbound protocols quite adequately. You'll be fine unless you're port-forwarding inbound to your PC on your router and/or your LAN is packed full of dodgy devices (If it's the latter then the best approach is to put your PC on a separate VLAN and permit/deny traffic on your router). Unless your PC is directly exposed to the internet I really don't think you'll get any real benefit by mucking around with Windows Firewall policies.
|
|
#
?
Oct 5, 2019 16:20
|
|
|
I ran the windows 10 debloater on my last install and it significantly increased my quality of life. Disabling all the web searches from the start menu was nice.
|
|
#
?
Oct 9, 2019 03:56
|
|
|
NEVERMIND
FunOne fucked around with this message at 16:57 on Oct 21, 2019 |
|
#
?
Oct 21, 2019 13:59
|
|
|
FunOne posted:For what appears to be about a week, neither of my computers is shutting down the display after I lock the screen. I don't want to kill the backlight on my monitors, nor waste the power, any idea what might've been pushed to both of my devices that is causing this? Security thread probably isn't the right place for this
|
|
#
?
Oct 21, 2019 15:02
|
|
|
Sorry to resurrect the thread, but I’m having a problem where other apps will open links in a new instance of Firefox, one without my settings saved. Not a new window, entirely different version.
|
|
#
?
Nov 25, 2019 06:39
|
|
|
Golden Bee posted:Sorry to resurrect the thread, but I’m having a problem where other apps will open links in a new instance of Firefox, one without my settings saved. Not a new window, entirely different version. Do you have more than one version of Firefox installed? If you deliberately launch Firefox and check settings, does it show Firefox as default? If you check About Firefox in each instance do they show different version numbers?
|
|
#
?
Nov 25, 2019 06:49
|
|
|
Golden Bee posted:Sorry to resurrect the thread, but I’m having a problem where other apps will open links in a new instance of Firefox, one without my settings saved. Not a new window, entirely different version. Check for separate Firefox profiles on your computer. Each one can have a separate set of settings, history and all that. Perhaps for some reason a new one was created and set to default. https://support.mozilla.org/en-US/k...irefox-profiles
|
|
#
?
Nov 25, 2019 07:53
|
|
|
Carbon dioxide posted:Check for separate Firefox profiles on your computer. Each one can have a separate set of settings, history and all that. Perhaps for some reason a new one was created and set to default. Just fixed it! There was default and default-release for some reason. You just removed a major pain from my rear end, thank you.
|
|
#
?
Nov 25, 2019 08:14
|
|
|
My mom fell for a tech support scam yesterday, which allowed the scammers to access her pc remotely and eventually create a payee in her banks bill pay system. We’ve taken care of the attempted payment, updated passwords, etc., but what’s the best thing to do now with the computer? It’s unplugged from the network. Are there resources I can use to scan and clean it with some amount of confidence, or would it be best to take it to a professional? If they’re just going to use the same tools that may be available to me, I’d obviously rather do it myself. Thanks
|
|
#
?
Jan 25, 2020 16:57
|
|
|
|
| # ? Apr 26, 2024 13:11 |
|
|
On top of the usual proving-a-negative issue of deciding the system is clean, the tools they use aren't malware. The shortest route to a known-good system is to flatten it and re-install.
|
|
#
?
Jan 25, 2020 17:19
|
|
