|
Kinda a weird question and I'm not sure if it belongs more in the apps thread or here. I had a huge compromise in mid-June, both of my main emails were breached and all the normal stuff happened (compromised other accounts, pw resets, etc). I was able to regain access to these, signed out all devices, changed all my pws, factory reset my samsung s9+, reinstalled windows, implemented as much 2fa and auth app stuff as possible, and basically did all the normal things you'd do in that situation. I wasn't sure how I got compromised, I don't sideload apps and I don't have a jailbroken phone. I run up to date windows, use adblockers, and have been around long enough that I'm not clicking on any dumbass links or ads. This is the first time I've ever had my main emails compromised. I checked some dark web dredging lists and my passwords were not compromised/leaked anywhere. This afternoon my steam notifications blew up as someone was on my account selling some very cheap steam inventory stuff. I looked and saw that yep I was compromised, but by a phone signin in Russia that was given access from my phone's steam guard in late July, a month and a half after I factory reset and wiped everything. I did all the normal stuff, signed all active logins off, changed the pw (again), ensured all the 2fa and steam guard auth stuff was set up, etc. I've ran malwarebytes and the free avast tool and neither found anything. None of the samsung built-in scans have found anything. Is it possible that my phone was imaged or something at some point? Is there another step I could take to ensure that my phone isn't compromised? Are there any scanners beyond the free malwarebytes etc that are more comprehensive? I don't have any sensitive information that would be worth anything to anyone and I'm not a journalist or something. I don't think this is someone using a leaked NSA tool to target me specifically in a way that is above and beyond the normal attack vectors. This just feels like somehow my phone is still compromised. Any advice? I'm pretty much thinking I'll just get another phone anyways when the new cycle drops. Appreciate any and all responses.
|
#
¿
Aug 12, 2024 08:07
|
|
|
|
| # ¿ May 12, 2025 18:31 |
|
|
WattsvilleBlues posted:Questions for VelociBacon: did you have 2FA switched on with every account possible before you were compromised? Do you use a password manager and have it generate complex passwords for all your accounts? Yeah i had 2fa on pretty much everything, there were a few I didn't and got burned on because I honestly hadn't used the services since 2fa became popular (my Ubisoft account for example). I use a PW manager for some things but generally I have a 5-tiered PW system and use pw complexity that is the same as what you'd get with a random string from a PW manager. I can't fully use a manager because I'm having to manually log into things fairly often at work where cookies and any sign ons are disabled. I appreciate that a PW manager negates a lot of keylogger risk. bull3964 posted:I mean, is it POSSIBLE that you might have accidentally approved a push request from SteamGuard in July? To me, that seems like the most likely situation for that. But they clearly still had your login information if they were able to get to the point to generate a 2nd prompt so something was still compromised. No that would have been a huge red flag for me, there's no way I approved it. I'm wondering if they somehow had my backup 2fa codes for the steam guard.
|
|
#
¿
Aug 12, 2024 21:23
|
|
|
Bloodplay it again posted:You might be onto something here. I thought codes were only displayed when setting up 2FA, but there is a chance that, if the phone was compromised in June, they would have been able to generate a new batch of recovery codes and invalidated your original backup codes. Last night, I was thinking hard about your post and my initial assumption was that they had simply moved Steam Guard to one of their devices, but it can only be active on one phone at a time, so that isn't the case. You would have lost the ability to setup 2FA/Steam Guard and they would have had to have approved your login, as well. S9 series only has physical SIM. Do you think someone spoofed my sim? Seems like a lot of intentional work to compromise someone for very little payoff. I can't imagine my email is still compromised, it's fully 2fa'd, my phone number is there, it's under google auth, passkey'd to my new windows install, etc. I don't think they just have been deleting the emails before I notice. I actually checked my google sign-ins and nothing unusual there at all. I agree it's weird.
|
|
#
¿
Aug 12, 2024 21:58
|
|
|
gariig posted:Are your passwords really a random string of 24 characters? If you can easily type it then it's not random. This 11 (!) year old article goes over how passwords are really hacked. It's mostly rule based and "Qbesancon321" is a bad password. Even throwing in a basic "!" at the end doesn't make it a "good" password. If there's a bit of an algorithm there's a good chance it will be hacked. No one is randomly guessing passwords anymore, which is also why the XKCD comic about "correct horse battery staple" is a crap password and is easily hacked. Yeah my passwords are me smashing the keyboard and then writing down the result, lots of various symbols and case changes and no real words. Nothing forwarded in the Gmail accounts, forgot to mention that sorry. No filters of any kind.
|
|
#
¿
Aug 12, 2024 22:12
|
|
|
Tamba posted:I read "I use a 5 tiered PW system" as "I have 5 passwords of increasing length that I reuse, and I decide which of the 5 to use based on how important the thing is". Yeah it's not ideal compared to a PW manager 100% of the time with all pws unique, but the pw I was using at the time of compromise for my emails were different and unique to themselves. All the tiers of pw are the same complexity (described in previous post) they're just that complex string with modifiers for the actual use.The tiers on which passwords are shared are like game clients, and even then the modifiers on the basic pw mean I'm not compromised in another one if that un/pw is compromised. The few things that didn't have 2fa somehow back when I was compromised now have 2fa. Bloodplay it again posted:It is pretty unlikely it was spoofed. They would probably be texting contacts and you'd be receiving confusing replies. More that a shady eSIM service might be the culprit. I am really puzzled how there wouldn't have been an email. I delete all cookies when closing my browser and Steam sends me an email even if I accept the Steam Guard from the same IP I'm always using. You'd think there would have been an email sent sometime last month. Yeah I just checked and nothing there at all. I guess if they had access to my steam guard they could also have turned off the notifications, done the auth, and then turned them back on.
|
|
#
¿
Aug 12, 2024 23:39
|
|
|
As I'm typing this response I get a humble bundle pw reset to my email. Checking my open google sessions I see this I sign out, sign back in, now it's this  I have no idea what's going on. I have 2fa on this. Internet Explorer posted:Interesting discussion for sure.
|
|
#
¿
Aug 13, 2024 00:26
|
|
|
Just an apology first as I didn't really mean to derail the whole thread with this stuff.Internet Explorer posted:Just getting a password reset email doesn't mean anything. It just means someone went to the site and put in your email address to initiate a reset.if you've been hacked and your info is out there, expect to see this frequently. Yeah I appreciate that any email on a compromised list is going to be auto-tried a bunch but given everything else that's happened/happening and with the weird location and possibility someone may, somehow, still have access to my email, it seemed worth mentioning. No 2fa, no DNS servers. My public IP locates me correctly to Vancouver. Tracert seems to make sense to me (Canada route)  I have a VPN that I use to tunnel back to my home network but it's a wireguard thing, no open ports, no forwarded ports. I use a ubiquiti UDM with the security stuff set pretty aggressively:  e: only chrome extensions are ublock Origin and Google Docs Offline. VB - Bruere fucked around with this message at 00:54 on Aug 13, 2024 |
|
#
¿
Aug 13, 2024 00:51
|
|
|
So when I log in with my laptop and sign out the desktop "Bulgaria" session, and then re-sign in on my desktop, it puts me back in Bulgaria. My external IP still points correctly to Vancouver BC. When I use the speedtest.net thing just to see which server it gives me, it gives me a Vancouver server.Flipperwaldt posted:Don't apologize, it's fascinating. only my EX WIFE HAHAHAA (I've never been married)
|
|
#
¿
Aug 13, 2024 01:15
|
|
|
Resdfru posted:I just wanna say you need to use a password manager ASAP. Sharing passwords is a sure fire way to ensure that one compromise is going to cascade. I promise you're not the first person to have a set of unique passwords with modifiers that get used all over. No one is sitting there trying passwords, they are using scripts that will likely find your modifier in very little time. If your issue is that you can't use a password manager at work then you very likely shouldn't be logging into that personal stuff at work. Who's to say the compromise is on one of your devices, maybe it's on the work devices. Especially if they're shared. Get 1password and then it's on your phone if you absolutely have to log in to your stuff at work. If you can't use your phone then yea you definitely shouldn't be logging into this stuff there. Yeah I'll just respond once here and if/when I make a thread over in the more appropriate place I'll edit this post with a link. The passwords are all completely new since the initial compromise. The passwords are like (*#HRJR(&HTt9a79&#TH as a fake example of the base pw, and if it was for twitter for example I might have it be like (*#HRJR(&HTwit9a79&#TH, then the same one for I dunno slack would be (*#HslaRJR(&HTt9a79&#TH. Each tier would have a different 'base' password. Important stuff like banking/emails/etc are unique passwords of that type of complexity. Yes I appreciate pw managers are cool and good and I'll look into 1pass. The work network is extremely locked down (health authority) and definitely not where the compromise happened. The 2fa stuff at play is google authenticator, passkey stuff (pin on one machine, face recognition on another, fingerprint on another). Thanks again for all the help. I'll make a thread for this so if you have any thoughts please hold onto them until I update this post with a link. e: Link https://forums.somethingawful.com/showthread.php?threadid=4068054 VB - Bruere fucked around with this message at 03:17 on Aug 13, 2024 |
|
#
¿
Aug 13, 2024 02:10
|
|
|
So I had ordered a pixel 9 pro XL then realized it's basically no better than the Samsung s24+ so I cancelled and ordered that for $500 less. Used a $220 off sale. Thanks to all in the thread who helped me with the dumb poo poo.
|
|
#
¿
Aug 14, 2024 06:09
|
|
|
Any poo poo to immediately turn off on an s24+?
|
|
#
¿
Aug 15, 2024 20:34
|
|
|
WattsvilleBlues posted:The Galaxy S7 has been my only daily driver Samsung phone so I can only loosely comment. A friend gave me her old Galaxy S20 FE, and there are numerous notifications that seemingly come out of nowhere. Thanks, yeah I like the Samsung ui and I don't like the Google phones I've tried. I don't want to spend $2k CAD on a phone either which is what the 9 pro xl would cost me.
|
|
#
¿
Aug 15, 2024 22:19
|
|
|
WattsvilleBlues posted:I know you've already made your purchase, just noting that you wouldn't have to get the Pixel 9 Pro - the P8 Pro would also be a nice phone. Anything in particular you don't like about the Pixels? Writing this from the new phone and it's a bigger upgrade than I thought it would be from the s9+ which didn't have perceptible lag (I thought). I'm just used to the Samsung three button type UI which I know you can mostly configure on pixel but when I've tried with a family member's 6a it didn't feel the same, to don't remember details. I wasn't about to upgrade to anything that isn't the most recent flagship as I so infrequently upgrade. Appreciate all the opinions and feedback in here.
|
|
#
¿
Aug 16, 2024 17:05
|
|
|
Shai-Hulud posted:You guys got any suggestions for a rugged phone? Something that can survive a construction site? I worked construction for years, agree with Clam that a normal phone in an OtterBox or similar fully encompassing case is the correct solution. Make sure you open it to remove any grit that gets in now and then. I work in a hospital now and the phones we use there are otterboxxed, seem definitely good enough for worksite use.
|
|
#
¿
Aug 17, 2024 18:43
|
|
|
You linty weirdos really need covers for your phone ports?? It's at that point?
|
|
#
¿
Aug 26, 2024 02:03
|
|
|
I noticed that the always on display on my S24+ doesn't move around at all. On my S9+ it did so, presumably to ensure burn-in wasn't a problem. Is this a solved thing? Should I worry about setting my AOD to be literally always on? If I set it to auto it turns off when it's on my desk in my dark goon room.
|
|
#
¿
Aug 30, 2024 05:25
|
|
|
WattsvilleBlues posted:I'm sorry to hear what happened but I'm glad you're still here. I think regulars should have a nominated person to tell us if the worst happens. I've been unironically thinking about making an online deal man's switch type thing where you set up a set of messages and emails to send them to, they get launched if you don't click a link in an automated email that's sent at a frequency of your choosing, with a grace period of your choosing. Too many of our social connections these days are isolated from each other, I fully expect that many people just end up disappearing with no explanation and it seems sad.
|
|
#
¿
Sep 6, 2024 10:01
|
|
|
I honestly wish that button was a little bigger on my s24+.
|
|
#
¿
Sep 7, 2024 14:05
|
|
|
Very happy with podcast addict.
|
|
#
¿
Sep 14, 2024 10:30
|
|
|
Incessant Excess posted:I'm not sure if it's the mysterious new phone magic that always seems to come with a new one for the first few weeks but the fingerprint sensor on the Pixel 9 Pro does seem much more reliable than the one on the 7 Pro. Maybe just that you've recently trained it to your current FingerState?
|
|
#
¿
Sep 15, 2024 12:28
|
|
|
teethgrinder posted:That's Android 2 talk But if you have a phone that changes its refresh rate dynamically to optimize for battery life, and use a wallpaper engine wallpaper at 120, doesn't that force 120 all the time?
|
|
#
¿
Sep 15, 2024 12:42
|
|
|
Lobok posted:Sorry if this has been covered but has something changed with Google Assistant? It's been like this off and on for me for 2+ years. Sometimes it works.
|
|
#
¿
Sep 15, 2024 16:36
|
|
|
sleepwalkers posted:do we have a second poster who fastballs their phone into the wall???? 'So no head?'
|
|
#
¿
Sep 16, 2024 11:23
|
|
|
I'm really happy with my galaxy buds FE, am I correct in thinking they would work just as well with a pixel phone? Including the ANC and the binding of the touch commands via the app? The app isn't locked to only samsungs? I know there are samsung codecs that it uses which a pixel user wouldn't get. Otherwise is there anything as good for a pixel user around that price point ($80 CAD)? The new pixel earbuds are more than twice the price.
|
|
#
¿
Sep 27, 2024 03:42
|
|
|
Branch Nvidian posted:Really wish the overall "switching cost" of moving from iOS to Android wasn't so high when you have other ecosystem devices that rely on the iPhone. Using the Pixel 9 for work has made me realize how much I prefer the smaller and lighter device to my iPhone 15PM (somewhat on account of learning I have CTS and somewhat because it's just too drat big). I returned the P9PXL I had been playing around with, but I'd kinda like to get a regular sized P9P instead, but then I have to replace my Apple Watch Ultra and figure out what to do with my HomePods, and at that point I'd want to replace my AirPods Pro since they lose a bunch of functionality when not being used with an iPhone. Also Apple Intelligence is a hot mess and basically just Siri with a coat of paint on it. I didn't have earbuds or an apple watch, but I switched from the original iPhone SE to a Samsung s9+ when that came out and I never looked back. In those days it felt like Apple didn't want you to be able to use the portable computer as a portable computer (couldn't store media via usb on the device, I don't think you could remote desktop easily on it, etc) and it just irritated me. I understand that stuff is a lot better these days. Still use iPads though, nothing comes close from what I've seen. Oh yeah Siri always worked better for voice commands in the car. That part hurts.
|
|
#
¿
Sep 30, 2024 06:45
|
|
|
I just want the location based smart lock/extend unlock to actually work so my phone doesn't need an unlock when I'm home. That's all I want. Please.
|
|
#
¿
Oct 5, 2024 10:53
|
|
|
WattsvilleBlues posted:I need to copy about 40GB of music onto my phone from my Windows PC. What's the best way to do this wirelessly? A straight Bluetooth file transfer times out after a while. Is AirDroid still free and will cover this use case? Just use a cable and maybe divide it into sections, like A-F, G-R, etc so that you aren't waiting too long. USB 3.0 or USB C<->C is going to be your friend.
|
|
#
¿
Oct 24, 2024 22:52
|
|
|
There are so many cases out there, how is it the right move to add sandpaper or tape to your case? Are the Pixels just such a weird shape that this is common across manufacturers?
|
|
#
¿
Nov 4, 2024 20:22
|
|
|
A few times in the last week or two, and today, my phone restarted itself while I was in the shower. Today it restarted itself when I went to brush up and wash my face before headed to bed. Nobody was touching my phone, and it's not set up to restart itself after failed attempts at login or anything like that anyways. Do phones have logs? Can I see why it's restarting? It's a new s24+. This has only happened when it's not sitting on a wireless charger or plugged in. There's a single circle looking icon under my always on display when it's waiting to be signed into the first time, this goes away when I sign in so I dunno if it's relevant. e: that icon is just the 'your phone restarted' icon, I can manually restart and see it. e2: all the auto restart things I can find have always been turned off. VB - Bruere fucked around with this message at 08:38 on Nov 8, 2024 |
|
#
¿
Nov 8, 2024 08:22
|
|
|
strap on revenge posted:is it always when there's water nearby? i can't see why a tiny bit of moisture would make it restart but it looks like a common thread from what you've said here No the phone is in another room, it's really strange.
|
|
#
¿
Nov 8, 2024 12:50
|
|
|
I also want to listen to the grass album
|
|
#
¿
Nov 8, 2024 21:53
|
|
|
I held off from wireless earbuds for years and just bought some galaxy buds FE a couple months ago and I cannot believe what a fool I was. They're incredible. I've never had audiophile IEMs but I have audiophile level closed back headphones and the sound quality is nearly the same for 1/10 the price. The noise cancelling poo poo is so good too. gently caress these things are great.
|
|
#
¿
Nov 15, 2024 11:01
|
|
|
ChiTownEddie posted:I'm trying to decide if I use the black Friday prices to trade in my pw2 for a 3 or get the buds 2. I'm part of the wired iem crew but I'm getting more on board with just having some convenience. If you're someone who cares enough about audio to use wired IEMs you should at least look at some reviews of the buds FE also. They have the same form factor as the 2, they came out after, and I think are regarded as sounding better and have better ANC. They probably have a slightly more bass heavy sound profile than the buds 2.
|
|
#
¿
Nov 16, 2024 20:01
|
|
|
Captain Yossarian posted:It's not necessarily fitness no, she works retail for now so she "can't" have her phone on her but a watch is fine lol How much functionality does the watch have if the paired phone is not on the person? I always figured it was a BT signal from the phone. Or is she just keeping the phone in a pocket ?
|
|
#
¿
Nov 21, 2024 03:49
|
|
|
BabyFur Denny posted:An LTE watch, as the name implies, has LTE. Thanks man I didn't go to the website for the device, it was referred to as a pixel watch in the post.
|
|
#
¿
Nov 21, 2024 17:12
|
|
|
!Klams posted:Is there a way to make it so that my alarms all turn off if I'm near another particular phone? Is it a notification from a calendar or something? I'd be livid also.
|
|
#
¿
Dec 4, 2024 12:19
|
|
|
How it must feel to have the confidence to set an alarm with my voice and trust that it worked. Do you not check it at all?
|
|
#
¿
Dec 8, 2024 16:04
|
|
|
Termyie posted:I am still humming and hawing over what phone to get now my S23 Ultra is finally off contract. I might just wait for Pixel 9a to come out because I am not really liking the massive size of the flagship phones and the increased price for AI features I never use. All I use my phone for is managing Dungeons and Dragons stuff, tracking my workouts and taking pictures. I am not really feeling the drive like I used to for a flagship phone anymore. Why do you need a new phone? Just being out of contract doesn't really seem like it means anything. That phone isn't even 3 cycles old is it?
|
|
#
¿
Jan 8, 2025 20:10
|
|
|
Samsung s23+, a Gemini app appeared around a week ago and I realized today that a lot of my automations via Google home haven't been working, I think since. When I click on the automations tab in Home it told me I needed to enable the Google app, which I indeed found was disabled. Did Samsung really push Gemini and automatically disable the Google app?? e: just noticed Gemini is back, then realized that when I disabled Gemini the first time it secretly also disabled the Google app. Weird but okay I guess I'll leave it un-disabled. e2: and when I go into the Gemini app and click the thing to switch back to Google assistant it finally disabled the Gemini app and left the Google one. Tech is great VB - Bruere fucked around with this message at 18:18 on Jan 15, 2025 |
|
#
¿
Jan 15, 2025 18:14
|
|
|
|
| # ¿ May 12, 2025 18:31 |
|
|
butt dickus posted:i have gemini and the google app both enabled on my pixel so i don't think that's the case Yeah they want both enabled but if you go back to assistant it disables that Gemini app.
|
|
#
¿
Jan 16, 2025 02:45
|
|