Results 1 to 14 of 14

Thread: Computer Security

  1. #1
    Guest Asht_200's Avatar
    Join Date
    Oct 2001
    Location
    ashflix.com
    Posts
    21,322
    Rides
    0

    Computer Security

    Hello,

    As some of you may be aware, I am quite fanatical about Information Security, having also recently switched to using Elementary OS Linux as my main home computer operating system.

    A few days ago, I received an email from an unknown source claiming they had my outlook.com password, reading through the email, it transpired that they did indeed have it. But they also were trying to blackmail me for $900 of bitcoin, claiming that they had infected my PC with malware, remotely turned on my webcam and filmed me and my wife / girlfriend having sex. Well 2 things are wrong with that last bit. I'm currently single ish and 2, I don't have a webcam. So I'm ignoring the email.... apart from them having my password.

    It wasn't that worrying, because I do have 2 factor authentication switched on for everything that supports it, but I decided to change the passwords anyway, just to be sure. I don't believe the malware story since PC has been scanned to within an inch of it's life and found nothing, but the fact is they still had my password. The most likely source has come from a data breach elsewhere that is not in our control.

    The moral of the story is, use a strong password and also use 2 factor authentication for everything that supports it. And if you do own a webcam and get caught like they claimed I was, get on to pornhub, find your video and bump up the views... you may get some advertising revenue

  2. #2
    Oor Willy sideways14a's Avatar
    Join Date
    Apr 2003
    Location
    In cloud Cucold land
    Posts
    34,352
    Rides
    0
    Crist i see these all the time, folk get them through at work loads.

    Good luck getting into my home lan, secured with multi layered security - Voda router doing nothing but VDSL connectivity, pfsense, dns filtering, own proxy, managed wireless,client virus checker as well as online malwarebytes mode and everything patched as soon as it comes out (heck i even have a windows update server running)

    But all my passwords are 123456

  3. #3
    Now with 400bhp....
    Join Date
    Aug 2007
    Location
    South west
    Posts
    35,780
    Rides
    1
    Quote Originally Posted by sideways14a View Post

    But all my passwords are 123456
    Should upgrade them all to “password”
    South west Events and local meet info. See here


    My car on THRLL: http://thrll.com/car/1998-nissan-200sx-12410
    Chris Cooke Photograpy: https://www.facebook.com/ChrisCookePhotography
    1998 Nissan 200sx s14a , 2000 std 5 speed with nismo supercoppermix clutch bn6 Sapphire Blue

  4. #4
    Guest Asht_200's Avatar
    Join Date
    Oct 2001
    Location
    ashflix.com
    Posts
    21,322
    Rides
    0
    Quote Originally Posted by Chriscooke View Post
    Should upgrade them all to “password”
    And write it on a postit note and stick to each monitor

  5. #5
    Guest Asht_200's Avatar
    Join Date
    Oct 2001
    Location
    ashflix.com
    Posts
    21,322
    Rides
    0
    Quote Originally Posted by sideways14a View Post
    Crist i see these all the time, folk get them through at work loads.

    Good luck getting into my home lan, secured with multi layered security - Voda router doing nothing but VDSL connectivity, pfsense, dns filtering, own proxy, managed wireless,client virus checker as well as online malwarebytes mode and everything patched as soon as it comes out (heck i even have a windows update server running)

    But all my passwords are 123456
    Besides I'm also trying to de-tech myself at home..... says the man with a Wifi module plugged into the CONSULT so I can read all the codes on my iPad. LAN, Fiber to the garage, 60TB NAS, VMs running on ESXi and a dead printer. If I need to send a letter, I hand write them with a Quill Pen (Even have a Wax Seal with the Family Coat of Arms on it )

  6. #6
    West Country Rep
    Join Date
    Mar 2008
    Location
    Bristol, UK
    Posts
    894
    Rides
    0
    Quote Originally Posted by Asht_200 View Post
    Hello,

    As some of you may be aware, I am quite fanatical about Information Security, having also recently switched to using Elementary OS Linux as my main home computer operating system.

    A few days ago, I received an email from an unknown source claiming they had my outlook.com password, reading through the email, it transpired that they did indeed have it. But they also were trying to blackmail me for $900 of bitcoin, claiming that they had infected my PC with malware, remotely turned on my webcam and filmed me and my wife / girlfriend having sex. Well 2 things are wrong with that last bit. I'm currently single ish and 2, I don't have a webcam. So I'm ignoring the email.... apart from them having my password.

    It wasn't that worrying, because I do have 2 factor authentication switched on for everything that supports it, but I decided to change the passwords anyway, just to be sure. I don't believe the malware story since PC has been scanned to within an inch of it's life and found nothing, but the fact is they still had my password. The most likely source has come from a data breach elsewhere that is not in our control.

    The moral of the story is, use a strong password and also use 2 factor authentication for everything that supports it. And if you do own a webcam and get caught like they claimed I was, get on to pornhub, find your video and bump up the views... you may get some advertising revenue
    Passwords are leaked via website exploits which manage to dump their SQL / Backend which holds user details. If websites have bad practices they store your passwords plan text or very weak encryption.

    If you get spam via email it is normally the websites have been breached but your password was Salted (stored hased password) that cannot be decrypted.

    You can check if your website or/and password has been leaked via here: https://haveibeenpwned.com/

    West Country REO

  7. #7
    Oor Willy sideways14a's Avatar
    Join Date
    Apr 2003
    Location
    In cloud Cucold land
    Posts
    34,352
    Rides
    0
    Just wait till we have to start disabling hyperthreading on intels older chips due to vulns there, plus the extra mitigations they need to stop stuff leaking.
    Hence why i am going to jump over to Zen2 on the 3000 series from AMD next month for my upgrade from my old 5820k.. It looks like intels got there performance improvements over the years from shoddy security.

  8. #8
    Guest Asht_200's Avatar
    Join Date
    Oct 2001
    Location
    ashflix.com
    Posts
    21,322
    Rides
    0
    Quote Originally Posted by Murt View Post
    Passwords are leaked via website exploits which manage to dump their SQL / Backend which holds user details. If websites have bad practices they store your passwords plan text or very weak encryption.

    If you get spam via email it is normally the websites have been breached but your password was Salted (stored hased password) that cannot be decrypted.

    You can check if your website or/and password has been leaked via here: https://haveibeenpwned.com/
    Ta for the heads up. I appear on 3 sites... Plex being one of them

    1 - The data contained almost 2.7 billion records including 773 million unique email addresses
    Last edited by Asht_200; 21-06-2019 at 20:16.

  9. #9
    Oor Willy sideways14a's Avatar
    Join Date
    Apr 2003
    Location
    In cloud Cucold land
    Posts
    34,352
    Rides
    0
    Of the several accounts i use day to day my work email address has the worst pwnage, in fact its the only.

    The worst was Adobe a few years back, of course i sorted out licensing for our campus for Adobes crap and yep got hit with the biggie back in '13
    I also got hit with Drop box (not that i used it, i was checking it out) but now i see another couple popped up.
    Apollo who i have never heard from ... 126million and an onliner spambot list of 711 million addresses picked up from god knows where.

    In total my work email address pops up in 4 places according to that site.. although its mostly useless.

  10. #10
    I <3 BBS LM Actual_Ben_Taylor's Avatar
    Join Date
    May 2001
    Location
    South East
    Posts
    23,315
    Rides
    0
    So many data breaches, check yourself out on haveibeenpwned.com change your passwords, don't use the same ones for everything.

    Don't see the point of super strong passwords when they just get hacked 2 factor is the best.

    https://en.wikipedia.org/wiki/Have_I_Been_Pwned%3F

    Legit site

  11. #11
    Oor Willy sideways14a's Avatar
    Join Date
    Apr 2003
    Location
    In cloud Cucold land
    Posts
    34,352
    Rides
    0
    Yeah 2 factor for anything important.

    Amazes me how bad some companies security is, i have a couple of CC's that i struggle to log into there web sites to manage as there security is so bad - they ask for everything bar a DNA test (and i bet thats coming) - my bank does it well so why cant these twats?

    2019 and most of the world still has not woken up to the web.

  12. #12
    Member sx rider's Avatar
    Join Date
    Apr 2008
    Location
    West Sussex
    Posts
    2,493
    Rides
    0
    thanks for the heads up, all changed to Password2 now

  13. #13
    Guest Asht_200's Avatar
    Join Date
    Oct 2001
    Location
    ashflix.com
    Posts
    21,322
    Rides
    0
    Company secretaries are the worst. Access to the Boss email and password on a postit note stuck to monitor


    Sent from my iPhone using Tapatalk

  14. #14
    Member R3K1355's Avatar
    Join Date
    Nov 2006
    Location
    Yorkshire
    Posts
    11,862
    Rides
    0
    Quote Originally Posted by Actual_Ben_Taylor View Post
    Don't see the point of super strong passwords when they just get hacked 2 factor is the best.
    This it's a ****ing nightmare, come up with a decent password that you can actually remember and then some useless tossers manage to leak everyones details online.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •