Computer security

Porkchop

<Donors Crew>
948
11h 2m
Reactions
277 207 0 0
#1

Brad2770

<Donors Crew>
2,430
15d 18h 19m
Reactions
4,975 781 0 0
#4
My son created a gmail account 2 years ago. He uses it for any of his video game registration stuff. He needs to log into the account to verify some information for one of his game accounts, but has forgotten the password. I tried to help him recover the password, but have realized he got one of the digits on the phone number on the gmail account wrong. How would I go about recovering the account since he doesn’t have a backup email or the correct phone number to receive a text?
 

dizzie

Triggered Happy
498
7d 59m
Reactions
788 54 0 0
#5
My son created a gmail account 2 years ago. He uses it for any of his video game registration stuff. He needs to log into the account to verify some information for one of his game accounts, but has forgotten the password. I tried to help him recover the password, but have realized he got one of the digits on the phone number on the gmail account wrong. How would I go about recovering the account since he doesn’t have a backup email or the correct phone number to receive a text?
Try here: I'm having trouble resetting my password - Ajuda da Conta da Google

After you select Forgot password and enter your username, we offer you recovery options in order to access your account. If you can't access these recovery options, you can click the link at the bottom of the page to verify your identity. You’ll then be given a series of questions to verify that you own the account. Answer as many questions as possible, and make sure your answers are accurate. If you’re unsure about an answer, provide your best guess. It also helps to submit your answers from a computer you've used in the past.
 

Mist

Ssraeszha Raider
15,685
20d 13h 52m
Reactions
4,501 5,752 0 0
#7
Put your computer in a lead box, keep it turned off, and don't let humans touch it.

Otherwise, you're likely to have a security problem.
 

Dom

Blackwing Lair Raider
2,007
Reactions
5,134 1,071 0 0
#11
NCIX Databreach • r/canada

If you have ever shopped at ncix I highly suggest you cancel your credit cards and change your passwords.
Tldr: somebody is selling server equipment with decrypted drives containing complete customer data including credit card numbers, passwords, emails, addresses, etc, as well as employee personal data
The worst part of this is all of the data was not hashed and salted. Totally unacceptable in this day and age.
[H]ardOCP: The NCIX Data Breach

NCIX customer and employee data is allegedly available for sale as data brokers have purchased the servers, cracked the passwords in less than 5 minutes and are selling volumes of confidential customer and employee data for tens of thousands of dollars. Every single credit card record, address, business name, email address, phone number, IP address and unsalted MD5 hashed passwords; literally everything was allegedly saved on the servers when the company went bankrupt. Even the data from the air-gapped servers, data that was considered so confidential extra steps were taken to secure it from the outside world, has been copied and cataloged for sale to foreign and domestic entities. 13TB of data here, another 3 million records there and Travis Doering of Privacy Fly hadn't even scratched the surface of the data available for sale.
 
Last edited:

mcdj22

Lord Nagafen Raider
360
8d 13m
Reactions
729 262 0 0
#12
Windows File Discreetly Stores Touch Devices' Sensitive Text

During an investigation in which Skeggs was trying to see whether or not a certain email was being silently stored on Windows 8.1, Skeggs didn't get any positive results. However, when he searched for the email’s title across the entire forensic image, he found one result: the email was copied to the WaitList.dat file, found at C:\Users\%User%\AppData\Local\Microsoft\InputPersonalization\TextHarvester\WaitList.dat.

Skeggs not only found the email for which he was looking, but also found the metadata and full body text of over 36,000 emails and documents, spanning a period of three years. The entire file was only 140MB in size.
 

MusicForFish

Not Blind to the Injustices of the World
<Donors Crew>
3,150
20d 3h 59m
Reactions
11,618 2,057 0 0
#13
Not sure if this post belongs here or not.
Move it if needed please.



Cool new Linux-based non-iOS/Android phone coming next spring: Products – Purism

Background: Librem 5 Leads New Wave of Open Source Mobile Linux Contenders

Documentation: Librem 5 Docs

What’s native-IP about? Designed for VOIP: Librem 5: What is IP-Native Communication?

Summary: Librem 5: All You Need to Know About The Upcoming Linux Phone | It's FOSS

Why do you want a privacy-focused phone free of iOS/Android?

China owns Apple/Google/Facebook/Amazon servers (and more): Bloomberg - Are you a robot?

Google is explicitly helping China enforce their brand of internet censorship: Google’s Project Dragonfly Promotes Chinese Censorship and Surveillance |

And they are trying to do the exact same thing here in the US: 'THE GOOD CENSOR': Leaked Google Briefing Admits Abandonment of Free Speech for 'Safety And Civility' | Breitbart

Facebook too: Facebook censors US political pages in another free speech purge

Android especially has over 260 apps in the Google Play store that make use of ultrasonic tracking beacons: https://hackaday.com/2017/05/04/ultrasonic-tracking-beacons/

https://developers.googleblog.com/2015/07/lighting-way-with-ble-beacons.html?linkId=15518168

https://developers.googleblog.com/2015/07/connect-with-world-around-you-through.html

https://thehackernews.com/2017/05/ultrasonic-tracking-signals-apps.html?m=1

Other security problems with cell phones: https://thehackernews.com/2017/04/mobile-open-port-hacking.html

Understanding internet browsers and the lack of security: https://browserleaks.com/

https://blog.macsales.com/41842-what-secrets-does-your-browser-know-and-reveal-about-you

How to safeguard your privacy and security while online:

Mindset like that of a hunter: https://www.securityweek.com/wear-camouflage-while-hunting-threats

Decent How to Guide for Privacy:
How to harden Firefox’s defenses: https://www.privateinternetaccess.com/blog/2018/09/firefox-hardening-guide/

Focus on uMatrix: https://www.privateinternetaccess.c...ox-extension-to-enhance-security-and-privacy/

Hardening Android defenses: https://thehackernews.com/2015/04/android-privacy-security-apps.html

Tor Browser (warning: created by US Gov’t): https://www.torproject.org/

VPN Reviews: https://www.vpnmentor.com/bestvpns/overall/

https://vpnreviewer.com/

See this about Nord VPN: https://www.bestvpn.com/privacy-news/nordvpn-responds-criticisms/

Note: private internet access has proven in court that they don’t keep logs – no other VPN can say that.

Free VPNs (I have used these):

https://windscribe.com/

https://free.protonvpn.com/?#vpn

But see this about Proton VPN: https://news.ycombinator.com/item?id=17258203

More free stuff: https://www.vpnmentor.com/blog/free-alternatives-to-windscribe-safe-fast-vpns/

Risks of “free”: https://www.vpnmentor.com/blog/free-vpn-vs-paid-vpn-which-is-right-for-you/

DIY Free VPN: https://www.vpnbook.com/ (caveat: maybe compromised? Maybe combined with Tor?)

Tor + Free VPN + FF hardening = decent protection (except for the compromised hardware of your phone and Silicon Valley’s servers…)

Private Search Engines:https://www.vpnmentor.com/blog/best-private-search-engines-true-no-log-services/
 

Hex

<Donors Crew>
317
3d 1m
Reactions
204 13 0 0
#14
Well, since this was bumped let us all take a moment and appreciate how fucking stupid this vulnerability is.

 

Hex

<Donors Crew>
317
3d 1m
Reactions
204 13 0 0
#16
Illinois is enforcing tax collection for out of state sales, R.I.P. the edge B&H and Newegg had over Amazon for me (in most cases) :(
 

slippery

<Donors Crew>
4,223
11d 11h 53m
Reactions
2,204 83 0 0
#17
Yeah it was a sad day when I started getting taxed by Amazon in Florida
 

LiquidDeath

Magnus Deadlift the Fucktiger
<Donors Crew>
2,231
10d 20h 9m
Reactions
3,623 87 0 0
#18
Any good resources for beginners in IT Security? I want to start learning home protection and move up to small business and then corporate level stuff.
 

Hex

<Donors Crew>
317
3d 1m
Reactions
204 13 0 0
#19
Any particular area of home security you're looking to focus or start on? Firewalls, IPS/IDS, Endpoint, Content Filtering (Malware/Advertising domains?)

If you're looking to do get some better visibility into your network from a DNS level making a Pi-Hole is a fun project, added benefit is you can also leverage OpenDNS still to perform some category based blocking and enhance the ad-network blocking.

There's a lot of free open source solutions that are a lot of fun to tinker with. I spent some time recently building out a cuckoo lab so I can detonate malware on my guest network and see what kind of fun shit it tries to do.
 

LiquidDeath

Magnus Deadlift the Fucktiger
<Donors Crew>
2,231
10d 20h 9m
Reactions
3,623 87 0 0
#20
Any particular area of home security you're looking to focus or start on? Firewalls, IPS/IDS, Endpoint, Content Filtering (Malware/Advertising domains?)

If you're looking to do get some better visibility into your network from a DNS level making a Pi-Hole is a fun project, added benefit is you can also leverage OpenDNS still to perform some category based blocking and enhance the ad-network blocking.

There's a lot of free open source solutions that are a lot of fun to tinker with. I spent some time recently building out a cuckoo lab so I can detonate malware on my guest network and see what kind of fun shit it tries to do.
I have a Pi-Hole up and running, but every time I set it as the only DNS in my router I lose access to the Internet. I've looked online for solutions but haven't been able to find any. Admittedly, I've spent maybe an hour trying to solve the issue.

I'm mainly looking to level up my understanding of computer security at every level. I see it being a stable source of income well into the future and was hoping to start learning more in anticipation of a possible career move.