|
Ynglaur posted:A 6 digit PIN? Really? Crack time per password for that is measured in microseconds. So if you have a 50-50 chance of dodging, either most ofyour other users have stronger passwords or you have a lot of users. I was talking about specific user's password. The system simply don't allow online brute forcing. When I did the calculation the system would lock the account for half an hour after 5 failed attempts within some time frame. You got less than 5 thousand attempts within a year before the password had to be changed. If you got the list of usernames, then you most likely could have cracked someone's PIN.
|
#
?
Sep 14, 2020 03:32
|
|
|
|
| # ? May 11, 2024 03:51 |
|
|
Saukkis posted:I was talking about specific user's password. The system simply don't allow online brute forcing. When I did the calculation the system would lock the account for half an hour after 5 failed attempts within some time frame. You got less than 5 thousand attempts within a year before the password had to be changed. If you got the list of usernames, then you most likely could have cracked someone's PIN. out of curiosity, whats the pattern to usernames? finitial+last?
|
|
#
?
Sep 15, 2020 07:50
|
|
|
rabidcowfromhell posted:This seems wrong but I'm not smart enough to dispute it.... There's plenty of YT vids of people throwing GPU arrays at leaked databases and getting 1000's of unsalted passwords in moments. Once you've concluded you need a stronger password. And a unique password, you have to then conclude the easiest AND most effective solution is a password manager.
|
|
#
?
Sep 15, 2020 08:30
|
|
|
RFC2324 posted:out of curiosity, whats the pattern to usernames? finitial+last? That is probably the most common pattern, but there are all kinds of variations. Some have only last name, some are split. And when a self-service account creation for students was built, where you can choose from a list of suggestions, we got usernames like hahaha or xooxoo.
|
|
#
?
Sep 18, 2020 13:17
|
|
|
A friend of mine who isn't too savvy wants to encrypt some of her stuff on an external hdd. Personal documents, I think her diaries, maybe some photos. Shouldn't be more than 1tb all told, probably much less. Bitlocker isn't an option because she has no TPM and no windows pro. Am I right to just teach her VeraCrypt and managing volumes and stuff or is there a new hotness in lay person-focused volume/drive encryption?
|
|
#
?
Oct 7, 2020 17:15
|
|
|
most consumer external drives have a built in encryption tool, some even do it in hardware https://www.bestbuy.com/site/shop/encrypted-hard-drives
|
|
#
?
Oct 7, 2020 17:25
|
|
|
You can upgrade to win 10 Pro without reinstalling, and turn off the tpm requirement
|
|
#
?
Oct 7, 2020 17:27
|
|
|
Isn't veracrypt explicitly not maintained and the guys who wrote it said not to use it?
|
|
#
?
Oct 7, 2020 17:36
|
|
|
RFC2324 posted:Isn't veracrypt explicitly not maintained and the guys who wrote it said not to use it? That said, a Win10 pro license can be bought for ~$5 and comes with other benefits. I'd just buy Win10 pro.
|
|
#
?
Oct 7, 2020 17:50
|
|
|
Khablam posted:You're thinking of TrueCrypt. The post-humous TC audit showed a few issues which the devs were likely referring to, they were fixed a long time ago. Veracrypt itself has gone through an independent audit and the issues found were fixed. Not using it at this point is quite aggressively paranoid. Cool, thanks for the clarification. I'll still stick to bitlocker/whatever is in my current linux distro, just for convenience
|
|
#
?
Oct 7, 2020 17:52
|
|
|
The upgrade to 10 pro is the proest recommendation, thanks. I didn't know you could do bitlocker without some kind of TPM so that's very helpful!
|
|
#
?
Oct 7, 2020 20:02
|
|
|
tuyop posted:The upgrade to 10 pro is the proest recommendation, thanks. I didn't know you could do bitlocker without some kind of TPM so that's very helpful! Pulling it up on your phone and knowing how to use a numpad without looking helps greatly.
|
|
#
?
Oct 8, 2020 10:58
|
|
|
tuyop posted:The upgrade to 10 pro is the proest recommendation, thanks. I didn't know you could do bitlocker without some kind of TPM so that's very helpful! For reference Microsoft call it BitLocker To Go. Quaint Quail Quilt posted:I've recently done encryption with pro and the only time I know it's on is if you reinstall windows or update the bios you have to type your 100 digit key in. That's regular BitLocker using TPM.
|
|
#
?
Oct 8, 2020 16:44
|
|
|
Pile Of Garbage posted:That's regular BitLocker using TPM.
|
|
#
?
Oct 8, 2020 16:52
|
|
|
Quaint Quail Quilt posted:I've recently done encryption with pro and the only time I know it's on is if you reinstall windows or update the bios you have to type your 100 digit key in. I just recently had to do that to resurrect an old tablet running Windows 10. Using the onscreen keyboard. Like 3 times because of how hosed the previous install was. 
|
|
#
?
Oct 11, 2020 00:39
|
|
|
Does anyone know if there are any users on SA that have achieved a CVE certification? Or has earned a CVE for some discovery?
|
|
#
?
Oct 27, 2020 22:33
|
|
|
My roommate just got hit with a sextortion scam, the whole "send me btc or I send a video of you masturbating to all your friends and family" thing. That's not the big concern, the concern is she opened a .txt attachment in the email containing the blackmail message. I had her shut down her computer, but I'm trying to figure out if she needs to flatten just her C drive or every drive on her computer in case the virus that was likely in the .txt file. Thoughts? I've told her never to open unexpected attachments but it's a bit late now. She opened it in the Gmail previewer, she didn't download it fullly, not sure if that makes a difference at all.
|
|
#
?
Nov 23, 2020 19:03
|
|
|
if it's just a txt it probably can't be anything? doubly so if it was only opened in chome
|
|
#
?
Nov 23, 2020 19:11
|
|
|
Okay, thanks. I hadn't thought about the Chrome previewer thing at first, and I wasn't sure how hard/easy it is to run a virus out of a text file like you can from a PDF.
|
|
#
?
Nov 23, 2020 19:24
|
|
|
Delete system32 just to be safe
|
|
#
?
Nov 23, 2020 19:35
|
|
|
22 Eargesplitten posted:My roommate just got hit with a sextortion scam, the whole "send me btc or I send a video of you masturbating to all your friends and family" thing. That's not the big concern, the concern is she opened a .txt attachment in the email containing the blackmail message. I had her shut down her computer, but I'm trying to figure out if she needs to flatten just her C drive or every drive on her computer in case the virus that was likely in the .txt file. Thoughts? I've told her never to open unexpected attachments but it's a bit late now. She opened it in the Gmail previewer, she didn't download it fullly, not sure if that makes a difference at all. Fair chance it wasn’t a text file, but a disguised shortcut with a .txt extension that launches e.g. a hidden powershell window and runs some code, but if she just looked at it with the previewer that shouldn’t be an issue.
|
|
#
?
Nov 23, 2020 19:43
|
|
|
Since there is no imbedded data or anything in a txt file, if there is a virus you can visually see it with your eyes if you preview the file.
|
|
#
?
Nov 23, 2020 19:43
|
|
|
Rufus Ping posted:Delete system32 just to be safe I'm on Linux, can I just run rm /rf ~ instead?
|
|
#
?
Nov 23, 2020 19:49
|
|
|
22 Eargesplitten posted:I'm on Linux, can I just run rm /rf ~ instead? If you’re running Linux you already owned yourself way harder than any joke suggestions we make here would.
|
|
#
?
Nov 23, 2020 20:47
|
|
|
It's actually Windows 10, the only thing I own running Linux is a Pi
|
|
#
?
Nov 23, 2020 23:31
|
|
|
22 Eargesplitten posted:My roommate just got hit with a sextortion scam, the whole "send me btc or I send a video of you masturbating to all your friends and family" thing. That's not the big concern, the concern is she opened a .txt attachment in the email containing the blackmail message. I had her shut down her computer, but I'm trying to figure out if she needs to flatten just her C drive or every drive on her computer in case the virus that was likely in the .txt file. Thoughts? I've told her never to open unexpected attachments but it's a bit late now. She opened it in the Gmail previewer, she didn't download it fullly, not sure if that makes a difference at all. well you can either run the built-in windows antivirus and see if it picks anything up, or if that won't make her feel safe she can format and reinstall Windows. she will probably know if she has a virus or not when it encrypts all her files and tells her to send bitcoin to an address for the decryption password. but i haven't really heard of "opening a text file in gmail preview on your browser" as a risk factor in any sandbox escape or privilege escalation exploits so she is probably fine
|
|
#
?
Nov 23, 2020 23:34
|
|
|
I think I may have a keylogger on my PC. I play a popular online computer game (League of Legends). I logged on this morning to play a round or two. Long story short, my account was temporarily banned for security reasons for logging on from a different location. When I went to check on my recent game history I saw a ton of games I never played. Now to state the elephants in the room - No I have never shared my account password for this game. I have never logged on to another computer other than my own to play this game. All logins to this program are done from one computer in my house, and to clear things up. I have no children, family members, or any relatives who could have logged on. My computer is on a wireless connection with a few other tenants of the apartment I'm sharing. My next thought was a keylogger. I ran a Malwarebytes scan and it found a few entries in my uTorrent program. It removed those. I'm hoping I got a keylogger through uTorrent, and that scan removed it. I'm not real up to snuff on keyloggers. But I'd like to make sure my computer is cleared of any threat. What should I do next to be sure I don't have someone getting access to my private information? I was thinking of posting a hijackthis log, but I haven't been really up to date on computer security since 2010 so any suggestions would be welcomed. zaepg fucked around with this message at 19:37 on Jan 9, 2021 |
|
#
?
Jan 9, 2021 19:32
|
|
|
Change your password, add/change your 2FA, and  .
|
|
#
?
Jan 9, 2021 19:37
|
|
|
Is it a unique password? Or possibly been exposed in some password dump
|
|
#
?
Jan 9, 2021 19:38
|
|
|
fourwood posted:Change your password, add/change your 2FA, and Ok. Yeah. I changed my password and got up to date on 2 step security. Out of curiosity , is it possible for other tenants on my wireless network to pick up personal information? Is a wired connection more secure.  rafikki posted:Is it a unique password? Or possibly been exposed in some password dump Not sure how that would have gone down. But my password is a 10 letter password with a mixture of some @#$, numbers, and capital and lower case.
|
|
#
?
Jan 9, 2021 19:42
|
|
|
zaepg posted:Ok. Yeah. I changed my password and got up to date on 2 step security. Out of curiosity , is it possible for other tenants on my wireless network to pick up personal information? Is a wired connection more secure. It doesn't matter what it is, the question is if it's a password you've used elsewhere or only for LoL.
|
|
#
?
Jan 9, 2021 19:47
|
|
|
rafikki posted:It doesn't matter what it is, the question is if it's a password you've used elsewhere or only for LoL. Oh, I understand. In that case. Yes. I have a few different passwords. But my LoL password is used elsewhere.
|
|
#
?
Jan 9, 2021 19:55
|
|
|
Yes, if you've used the same password anywhere else ever basically consider it compromised. Also the official version of uTorrent has been shipped with malware since 2015, please switch to another torrent client ASAP and remove it from your system.
|
|
#
?
Jan 9, 2021 19:55
|
|
|
zaepg posted:Oh, I understand. In that case. Yes. I have a few different passwords. But my LoL password is used elsewhere. It's entirely possible your system has been compromised, but it's just as likely that your password was leaked from somewhere else. Password reuse is one of the most common, if not the most common, methods of account compromise. If you care at all about securing your accounts, you should invest some time (and maybe a little money) into a password manager. Here's some random article I pulled up going into detail about why they're good and important: https://www.nytimes.com/wirecutter/blog/why-you-need-a-password-manager-yes-you/. I'll personally recommend 1password which does involve a subscription, but there are other options out there if you don't want to pay.
|
|
#
?
Jan 9, 2021 20:07
|
|
|
zaepg posted:Ok. Yeah. I changed my password and got up to date on 2 step security. Out of curiosity , is it possible for other tenants on my wireless network to pick up personal information? Is a wired connection more secure. All the other posters points are valid but yeah this is also possible and not good in general.
|
|
#
?
Jan 9, 2021 20:36
|
|
|
zaepg posted:Ok. Yeah. I changed my password and got up to date on 2 step security. Out of curiosity , is it possible for other tenants on my wireless network to pick up personal information? Is a wired connection more secure. Wireless traffic is easier to snoop since radio goes everywhere while a wire is harder to physically tap. But I expect your game and most websites that aren’t completely scamtastic to use TLS or similar to encrypt the connection, including your login, so even if an attacker has all your traffic they’ll still have to decrypt it. Given what you posted it’s far more likely one of the other sites that you reused the password on got popped and someone took the password and email from there and tried popular sites until they got lucky. Get a password manager (Keepass, Bitwarden, 1password, etc) and take this opportunity to change every password to a unique strong password for each website. Turn on two-factor authentication anywhere it’s offered.
|
|
#
?
Jan 9, 2021 22:35
|
|
|
Deluge is a pretty good torrent client for downloading official versions of Linux and nothing else.
|
|
#
?
Jan 9, 2021 23:28
|
|
|
zaepg posted:Not sure how that would have gone down. But my password is a 10 letter password with a mixture of some @#$, numbers, and capital and lower case. A good place to start would be to run your email addresses through haveibeenpwnd.com Its a handy tool that checks if your emails were exposed in public hacks/password dumps. (edit:typo) TheParadigm fucked around with this message at 01:26 on Jan 10, 2021 |
|
#
?
Jan 10, 2021 00:48
|
|
|
Ah-ha
zaepg fucked around with this message at 01:50 on Jan 10, 2021 |
|
#
?
Jan 10, 2021 01:24
|
|
|
|
| # ? May 11, 2024 03:51 |
|
|
zaepg posted:Ah-ha this site is impossible to use for me because I use a different vanity email address for almost every website
|
|
#
?
Jan 10, 2021 01:54
|
|