|
Nalin posted:In reality you'll just get a pin number in a text message.
|
#
?
Oct 30, 2020 03:30
|
|
|
|
| # ? Apr 16, 2024 17:37 |
|
|
Nalin posted:In reality you'll just get a pin number in a text message. Going through the pain of setting up a 90 character long password, two factor authentication, encryption keys, and so on only to get owned all the same because an overworked AT&T call center worker fell for social engineering.
|
|
#
?
Oct 30, 2020 04:50
|
|
|
The only 2FA EBay lets you use is either your phone number or you have to use their app. Can't use anything else. My regional bank has more 2fa options than they do.
|
|
#
?
Oct 30, 2020 05:48
|
|
|
xtal posted:I didn't subscribe to Linux to post this, you don't need to buy any software, much less buy it more than once. Separately from that, storing your passwords in the cloud is a bad idea whether it's a subscription or not. Weird how Linux hasn't solved this problem then. Huh.
|
|
#
?
Oct 30, 2020 06:36
|
|
|
Try using WINE
|
|
#
?
Oct 30, 2020 06:45
|
|
|
astral posted:You can buy a standalone 1Password license. For 7? I have one for 4 but was under the impression I'd need to start shelling out again to upgrade to 7
|
|
#
?
Oct 30, 2020 07:11
|
|
|
Cup Runneth Over posted:For 7? I have one for 4 but was under the impression I'd need to start shelling out again to upgrade to 7 Yes.
|
|
#
?
Oct 30, 2020 07:42
|
|
|
Internet Explorer posted:Complaining about this for a security product that needs constant maintenance is some galaxy brain poo poo.
|
|
#
?
Oct 30, 2020 10:00
|
|
|
BlankSystemDaemon posted:I feel like there's a valid argument to be made that all software needs constant maintenance, it's just that the relationship between paying for it and getting it is at best correlative rather than a causative one. I mean the alternative is hoping random strangers on the Internet maintain it for you (very legitimate for many pieces of software!) or doing it yourself. It is not irrational to pay someone else to maintain software for you that is valuable to you.
|
|
#
?
Oct 30, 2020 12:21
|
|
|
I use iCloud Keychain syncing on all my fruit devices and I've yet to think of a single reason to switch to something else. I'm sure someone here will tell me why I shouldn't, but it's free, does the job, and I get good value for my money  The only real downside is when I'm on a non-fruit machine or need to enter a password on my streaming box or something once every few months but I can deal with 30 seconds of fishing my phone out of my pocket.
|
|
#
?
Oct 30, 2020 15:11
|
|
|
Ynglaur posted:I mean the alternative is hoping random strangers on the Internet maintain it for you (very legitimate for many pieces of software!) or doing it yourself. It is not irrational to pay someone else to maintain software for you that is valuable to you. Plenty of software gets continual updates without a subscription model tho? Just for the screamingly obvious one, Windows. Also almost everything else, at least for a few years after release. Saying that the subscription model is required if you want security updates is complete bullshit that is only being said by people who want to increase profits, and by people who buy into that capitalist garbage
|
|
#
?
Oct 30, 2020 15:30
|
|
|
RFC2324 posted:Plenty of software gets continual updates without a subscription model tho? Just for the screamingly obvious one, Windows. Yes, me, a person who definitely buys into that capitalist garbage. Expecting someone to work for free, in a capitalist society, does not make you a paragon of virtue. It also goes a long way to make sure that only people who have the free time and another source of income can contribute. Windows is subsidized by Microsoft's other endeavors and their monopoly in most parts of the market. The same thing goes for something like iCloud Keychain. Being mad about this is like being mad that childcare costs money and that food is not free. Should they be? Absolutely. If you want to fix that, then change the economic system. But living in a capitalist society and balking at the idea of paying someone for their labor doesn't make you a socialist, it makes you an rear end in a top hat. We're talking about $3 a month here.
|
|
#
?
Oct 30, 2020 15:38
|
|
|
Internet Explorer posted:Yes, me, a person who definitely buys into that capitalist garbage. Its that simple. They are adding a subscription cost to a thing that has always before been part of the original purchase. That screams of someone sitting down and saying "we want more money in our quarterly, how can we squeeze that". And having my identity locked behind paying them for continuing access to my passwords bugs me more than a little. Those are what made me go back to keepass after LastPass went to hell. E: apologies, I may also be acting a bit hostile out of irl frustrations. RFC2324 fucked around with this message at 15:52 on Oct 30, 2020 |
|
#
?
Oct 30, 2020 15:49
|
|
|
RFC2324 posted:E: apologies, I may also be acting a bit hostile out of irl frustrations. No worries. It's an interesting conversation none the less. Hope your day gets better.
|
|
#
?
Oct 30, 2020 15:53
|
|
|
RFC2324 posted:
fwiw, 1pass gives you read access to your database indefinitely if you turn off your subscription
|
|
#
?
Oct 30, 2020 16:06
|
|
|
Martytoof posted:I use iCloud Keychain syncing on all my fruit devices and I've yet to think of a single reason to switch to something else. Keychain is actually good, and the only real limitation is the one you mentioned.
|
|
#
?
Oct 30, 2020 16:07
|
|
|
The Fool posted:fwiw, 1pass gives you read access to your database indefinitely if you turn off your subscription *Reactivates subscription once every 90 days to cycle passwords*😁
|
|
#
?
Oct 30, 2020 16:13
|
|
|
CLAM DOWN posted:Also this was prophetic lmao Glad we're all still doing it too.
|
|
#
?
Oct 30, 2020 16:20
|
|
|
RFC2324 posted:E: apologies, I may also be acting a bit hostile out of irl frustrations. All good. Life is frustrating and you raise some good points worth thinking about. Conversations like this are why I like SA. 
|
|
#
?
Oct 30, 2020 16:31
|
|
|
tbh my one big thing about 'cloud' and 'security related' items is that while i'd be happy to purchase the software, i don't want to give them a card, i don't want billing details or email associated with my password manager
|
|
#
?
Oct 30, 2020 18:25
|
|
|
Biowarfare posted:tbh my one big thing about 'cloud' and 'security related' items is that while i'd be happy to purchase the software, i don't want to give them a card, i don't want billing details or email associated with my password manager Ironically, with the rise of stripe and wepay and other payment gateways, you never really hear about credit cards getting hacked anymore these days eh? It’s all personal data instead which sells for more. Oh what a world.
|
|
#
?
Oct 30, 2020 18:33
|
|
Cat Army
|
The Iron Rose posted:Ironically, with the rise of stripe and wepay and other payment gateways, you never really hear about credit cards getting hacked anymore these days eh? the thing that bothers me about stripe's on-site integration is that you feasibly can't tell the difference between whether the data is going to stripe or to the vendor first party, and if stripe fails to load or loads slowly there's a nonzero chance it will just send the raw card details in a POST form directly to the underlying page. (in this case, I don't mean the stripe modal/iframe, they have a feature that just intercepts on-page selectors like <input name="card"> <input name="cvv"> and preventDefault()s them and sends its own ajax call) another "fuckin comedy" thing is analytics services like those heatmap and session replay services that capture all input via js, including PII Impotence fucked around with this message at 19:01 on Oct 30, 2020 |
|
#
?
Oct 30, 2020 18:57
|
|
|
This hunter biden DKIM stuff is wild and I'd love for any of your input on it, I can't make sense if it's real or not without spiraling into some Q zone conspiracy hole
|
|
#
?
Oct 30, 2020 19:58
|
|
|
cr0y posted:This hunter biden DKIM stuff is wild and I'd love for any of your input on it, I can't make sense if it's real or not without spiraling into some Q zone conspiracy hole A ten second google search shows me a bunch of journalists that don’t know how dkim works. Plus all the other hunter biden stuff that’s been debunked this week. Do you have a specific question?
|
|
#
?
Oct 30, 2020 20:05
|
|
|
Oh. And dkim only ensures that an email came from a specific domain and doesn’t give a poo poo about email content or the individual sender.
|
|
#
?
Oct 30, 2020 20:06
|
|
|
The Fool posted:Oh. And dkim only ensures that an email came from a specific domain and doesn’t give a poo poo about email content or the individual sender. SPF is domain. DKIM can sign/hash the body, headers in addition.
|
|
#
?
Oct 30, 2020 20:09
|
|
|
Hrm leave my idiocy up as a testament to others
|
|
#
?
Oct 30, 2020 20:13
|
|
|
https://twitter.com/ErrataRob/status/1322008400994160640?s=19 It appears that this email is cryptographically sound, but it's just an email about getting coffee so not really that compromising. It seems like the angle is release one legitimate email and then a bunch of PDFs of the body of others hoping to ride the legitimacy of the first one to the news headlines? Idk, just thought you goons would find it interesting as I have been having to slap down this latest scandal all day from my brother in law 😒 Which is kind of stupid because the average american does not care if a damaging email has proper cryptographic signatures 🤷♀️ cr0y fucked around with this message at 20:25 on Oct 30, 2020 |
|
#
?
Oct 30, 2020 20:23
|
|
|
Just got three different emails from Yahoo in a row asking to confirm the login with a code Time to change a password
|
|
#
?
Oct 31, 2020 00:17
|
|
|
klosterdev posted:Just got three different emails from Yahoo in a row asking to confirm the login with a code It just occurred to me that my 25 year old yahoo whos security was established by a teenager in the 90s is the recovery account for my gmail, which is what most of my online identity verifies against for recovery. What a loving weak link to have never have had compromised
|
|
#
?
Oct 31, 2020 01:16
|
|
|
RFC2324 posted:It just occurred to me that my 25 year old yahoo whos security was established by a teenager in the 90s is the recovery account for my gmail, which is what most of my online identity verifies against for recovery. If that idiot teenager ever reused that password, it's time to change it. Heck, it's probably time to change it anyway.
|
|
#
?
Oct 31, 2020 06:28
|
|
|
Volmarias posted:If that idiot teenager ever reused that password, it's time to change it. Also maybe point my recovery email somewhere less likely to be completely compromised lol
|
|
#
?
Oct 31, 2020 06:46
|
|
|
What are your all's thoughts on how to safely convert new or used USB drives you've purchased into trustworthy boot drives or secure storage drives? Even brand new drives seem like they could snitch on you to Big Brother. From the Vault 7 leaks, we know of several incidents of brand new products being sold with state-sponsored malware in them (Samsung TVs, various routers). For that reason, I distrust even brand new USB drives to not frequently be sold that way. Here's a thorough article how any USB device, not just drives, could hack you in unexpected ways if the firmware itself is malicious: https://www.howtogeek.com/203061/don%E2%80%99t-panic-but-all-usb-devices-have-a-massive-security-problem/ (found for me by someone in the Linux thread). My point is, if firmware of a thumb drive can be malware, then attempting to securely wipe the drive as soon as you get it is of no use. The firmware could just inject things upon read/write, or worse, do some of the many other things mentioned in that article -- non-storage related hardware spoofing attacks, etc. In this state of the world, is there ANY way to make a secure OS install thumb drive, or even a bootable OS on a stick, that you can trust not to have backdoor introduced by the firmware? A hazard that seemingly results from just buying the wrong USB drive, even brand new?
|
|
#
?
Oct 31, 2020 09:39
|
|
|
Happy Thread posted:What are your all's thoughts on how to safely convert new or used USB drives you've purchased into trustworthy boot drives or secure storage drives? Hello and thank you for your question! The answer is 'no' and probably also 'please re-evaluate your threat model'.
|
|
#
?
Oct 31, 2020 10:05
|
|
|
Find an OS with a checksummed filesystem, a bootloader that can handle the FDE implemented by the OS, and where the FDE implements integrity verification. FreeBSD with root on ZFS using GELI configured with AES-XTS or Camellia-CBC plus HMAC/SHA512, along with FreeBSDs loader.efi works well. BlankSystemDaemon fucked around with this message at 12:05 on Oct 31, 2020 |
|
#
?
Oct 31, 2020 11:41
|
|
|
Quick question for the thread. As an ordinary home user, is there anything particularly egregious with using Windows while logged in as an administrator on my personal laptop? General profile:
I mean, I get that if GRU wants to pwn me they probably can. I'm trying to understand if there are really compelling reasons in 2020 for home users to have a separate administrator account setup on a personal Windows laptop.
|
|
#
?
Oct 31, 2020 13:58
|
|
|
Do you need to run anything as an administrator? If not, why not make use of limited user access as an additional precaution.
|
|
#
?
Oct 31, 2020 14:32
|
|
|
BlankSystemDaemon posted:Do you need to run anything as an administrator? If not, why not make use of limited user access as an additional precaution. It's for my wife's laptop. In the past I've set her up as a normal user, but things like Windows or various application updates sometimes require the administrator to login, and it's frustrating for her.
|
|
#
?
Oct 31, 2020 14:38
|
|
|
Ynglaur posted:It's for my wife's laptop. In the past I've set her up as a normal user, but things like Windows or various application updates sometimes require the administrator to login, and it's frustrating for her. You could just give her the password and have her input it as she needs. Only slightly safer than just having total admin control but it'll still give a reminder that "hey, you sure you wanna install this?"
|
|
#
?
Oct 31, 2020 14:42
|
|
|
|
| # ? Apr 16, 2024 17:37 |
|
|
cage-free egghead posted:You could just give her the password and have her input it as she needs. Only slightly safer than just having total admin control but it'll still give a reminder that "hey, you sure you wanna install this?" Wouldn't that just be UAC with extra steps? For that matter, wouldn't relying on UAC be just fine given what the laptop is for? Unless Ynglaur is talking about the actual Administrator account, which would be insane.
|
|
#
?
Oct 31, 2020 17:50
|
|