Online Security & Hacking

[jross]

As a software engineer trained in security, I advise you to do the following:

• Sign up for a password manager like https://www.lastpass.com/ or https://1password.com/
• Commit all of your passwords to the password management tool
• Have a unique account password to social media, finance, and other meaningful websites.
• Never use the same password twice, and use the password manager's suggested passwords.
• It's okay!  You only need to remember your master password, and your pw tool will handle the rest on your mobile devices and your browser.
  • This password must be very secure - think of three words with symbols and numbers (e.g. wrestle74@cyber!_chuckles OR harder... qaXSSXw*XgEe5re*kn24n)

The odds are that every person that reads this post will have used the same password for multiple accounts.  For example, your intermat pw will be the same pw you use for your bank or facebook.  Further, the odds are that you've used an email account for at least one site that has been compromised, and both your email and password have been compromised.  You can check your email at https://haveibeenpwned.com/ and passwords at https://haveibeenpwned.com/Passwords.  I checked some of my generic passwords today, and they've been pawned.  You are at risk if one account is exposed and you use the same credentials elsewhere.

A baseball teammate discovered last week that someone in Brooklyn, New York spent $4K on TVs, dinner, Uber, and $300 on OnlyFans.  He's a construction worker and has no idea about this stuff.  Learn from him.  


----

Now to the juice. Are elections hacked?  Who knows?  I know the techniques in this HBO document are real, and they work.  I've had to refactor my websites to guard against security risks, and I've run the tools that report security risks across my company's assets.  
 

Edited December 10, 2022 by jross
add complex pw advice for master pw

[nick]

2FA is good to enable, but don't go the SMS route (https://securityboulevard.com/2021/12/why-using-sms-authentication-for-2fa-is-not-secure/, https://krebsonsecurity.com/2016/09/the-limits-of-sms-for-2-factor-authentication/), try to use a tool such as the Google Authenticator (1Pass has the ability be to used a 2FA, https://support.1password.com/one-time-passwords/) 

[BobDole]

I use a password manager with unique passwords. The worst part is when I have to sign in to Disney, Flo, etc on my TV with my unique password!

But yes a password manager is something everyone should have.

[BerniePragle]

I'm going to add a little bit of "old guy" advice to this.  Don't expose yourself as much. Simplify your life. Don't use a card or your phone to buy a bag of potato chips.  I go to the bank every so often and they have this machine that dispenses this green stuff that works great (so far) for buying stuff in person.   On line...another story. 

[headshuck]

Good info! What about using Face-Id to login?

[MPhillips]

23 minutes ago, headshuck said:

Good info! What about using Face-Id to login?

I have trouble hitting the correct keys with my nose while logging in on my laptop...

[Nailbender]

Please keep the good info coming. My email and password life is a mess. I'm overwhelmed by the amount of both but have hesitated to combine my passwords to one place for fear that was actually less safe.

[Mike Parrish]

39 minutes ago, MPhillips said:

I have trouble hitting the correct keys with my nose while logging in on my laptop...

You gotta use double sided sticky tape to adhere the pencil normal to your forehead for advanced login capabilities.

[MPhillips]

2 minutes ago, Mike Parrish said:

You gotta use double sided sticky tape to adhere the pencil normal to your forehead for advanced login capabilities.

This is the main reason I come here. Good solid advice.

[BerniePragle]

2 hours ago, headshuck said:

Good info! What about using Face-Id to login?

There are places in Kentucky and PA where this is not recommended.  Just about anybody in town could login your account.

[Mike Parrish]

2 hours ago, BerniePragle said:

There are places in Kentucky and PA where this is not recommended.  Just about anybody in town could login your account.

Where the laptops thank you for not using Face-Id?

[headshuck]

Ok, I’m still curious if it’s considered safe to use the Face ID option so many sites offer to login. Yes I know a lot of people here hate Apple.

[jross]

7 minutes ago, headshuck said:

Ok, I’m still curious if it’s considered safe to use the Face ID option so many sites offer to login. Yes I know a lot of people here hate Apple.

You are fine to use Face ID.  You cannot defeat face recognition with a printed photo.

The practical risk is from family.  My elder daughter can unlock mom’s phone because of their resemblance.

Mostly someone would need to get you incapacitated and have possession of your phone.

There are other risks of facial modelling that you do not need to worry about.

I use facial recognition for convenience and it provides enough security for my needs.

[mspart]

For some reason this can unlock my phone.

 

mspart

[Mike Parrish]

Just now, mspart said:

For some reason this can unlock my phone.

 

mspart

Charlie Brown?

[GreatWhiteNorth]

On 12/10/2022 at 5:17 PM, jross said:

You are fine to use Face ID.  You cannot defeat face recognition with a printed photo.

The practical risk is from family.  My elder daughter can unlock mom’s phone because of their resemblance.

Mostly someone would need to get you incapacitated and have possession of your phone.

There are other risks of facial modelling that you do not need to worry about.

I use facial recognition for convenience and it provides enough security for my needs.

No - you are not necessarily fine to use Face ID.

If you are travelling abroad, it is important to realize that you may be legally forced to use your face to open your phone at the border so the contents can be examined in detail.

At very least, consider turning off face recognition before travelling if you have privacy concerns.

In this day and age, I'd recommend everybody become serious about personal privacy concerns.

[Mike Parrish]

29 minutes ago, GreatWhiteNorth said:

No - you are not necessarily fine to use Face ID.

If you are travelling abroad, it is important to realize that you may be legally forced to use your face to open your phone at the border so the contents can be examined in detail.

At very least, consider turning off face recognition before travelling if you have privacy concerns.

In this day and age, I'd recommend everybody become serious about personal privacy concerns.

I whole heartedly agree.

I don't run social media on my phone.
I don't bank on my phone.

When I travel for wrestling, my phone is effectively a web browser with a few games and some pictures on it.
When I used to travel for work, I'd bring a different clean phone with almost nothing on it.

Assume your devices are 'made' and you'll be a lot less unhappy.

[RYou]

What's up with the Google and Microsoft email spam blockers these days, especially Microsoft?  My spam is up 10 fold over the past week.  I've won every contest imaginable.  I wish I could cash in on everything I've won from Home Depot, Lowes, Kohls, Target, Wal Mart, and all of those Asian women.

[BobDole]

3 hours ago, RYou said:

What's up with the Google and Microsoft email spam blockers these days, especially Microsoft?  My spam is up 10 fold over the past week.  I've won every contest imaginable.  I wish I could cash in on everything I've won from Home Depot, Lowes, Kohls, Target, Wal Mart, and all of those Asian women.

Scammers know this is the time to spend money and likely your guard is down a little.

[GreatWhiteNorth]

This last week or so before Christmas is when the annual 'FexEx'/'UPS'/'USPS' scams come around.

You'll get an email letting you know you've got a package and all you have to do is click the link... but don't click it.

Be on triple-careful alert. I'd recommend going to the actual web site instead of clicking the link.

[BobDole]

The best bet is to send me your credit card information and what gifts you want to purchase. I will purchase them and have them sent to your home free of charge.

[jross]

This is a joke!  

Cool Feature.  If you type pw: <password> or password: <password> in a post, the intermat forum will automatically replace your password with asterisks when you select Submit Reply.

See?  UN: jross PW: ********

Cool right?

[Mike Parrish]

1 minute ago, jross said:

This is a joke!  

Cool Feature.  If you type pw: <password> or password: <password> in a post, the intermat forum will automatically replace your password with asterisks when you select Submit Reply.

See?  UN: jross PW: ********

Cool right?

Huh...

UN:mike_parrish PW:ChristianPylesIsATwat

[jross]

I'm in!

[Mike Parrish]

34 minutes ago, jross said:

I'm in!

Damn it!