Computer security

  • Guest, it's time once again for the hotly contested and exciting FoH Asshat Tournament!



    Go here and fill out your bracket!
    Who's been the biggest Asshat in the last year? Once again, only you can decide!

Porkchop

Mr. Poopybutthole
<Bronze Donator>
1,212
1,006
  • 3Like
Reactions: 2 users

Brad2770

Avatar of War Slayer
5,221
16,408
My son created a gmail account 2 years ago. He uses it for any of his video game registration stuff. He needs to log into the account to verify some information for one of his game accounts, but has forgotten the password. I tried to help him recover the password, but have realized he got one of the digits on the phone number on the gmail account wrong. How would I go about recovering the account since he doesn’t have a backup email or the correct phone number to receive a text?
 
  • 1Like
Reactions: 1 user

dizzie

Triggered Happy
2,509
3,937
My son created a gmail account 2 years ago. He uses it for any of his video game registration stuff. He needs to log into the account to verify some information for one of his game accounts, but has forgotten the password. I tried to help him recover the password, but have realized he got one of the digits on the phone number on the gmail account wrong. How would I go about recovering the account since he doesn’t have a backup email or the correct phone number to receive a text?

Try here: I'm having trouble resetting my password - Ajuda da Conta da Google

After you select Forgot password and enter your username, we offer you recovery options in order to access your account. If you can't access these recovery options, you can click the link at the bottom of the page to verify your identity. You’ll then be given a series of questions to verify that you own the account. Answer as many questions as possible, and make sure your answers are accurate. If you’re unsure about an answer, provide your best guess. It also helps to submit your answers from a computer you've used in the past.
 
  • 3Like
Reactions: 2 users

Mist

Eeyore Enthusiast
<Gold Donor>
30,274
22,008
Put your computer in a lead box, keep it turned off, and don't let humans touch it.

Otherwise, you're likely to have a security problem.
 
  • 2Like
  • 1Solidarity
Reactions: 2 users

a_skeleton_05

<Banned>
13,843
34,508
NCIX Databreach • r/canada

If you have ever shopped at ncix I highly suggest you cancel your credit cards and change your passwords.
Tldr: somebody is selling server equipment with decrypted drives containing complete customer data including credit card numbers, passwords, emails, addresses, etc, as well as employee personal data
The worst part of this is all of the data was not hashed and salted. Totally unacceptable in this day and age.

[H]ardOCP: The NCIX Data Breach

NCIX customer and employee data is allegedly available for sale as data brokers have purchased the servers, cracked the passwords in less than 5 minutes and are selling volumes of confidential customer and employee data for tens of thousands of dollars. Every single credit card record, address, business name, email address, phone number, IP address and unsalted MD5 hashed passwords; literally everything was allegedly saved on the servers when the company went bankrupt. Even the data from the air-gapped servers, data that was considered so confidential extra steps were taken to secure it from the outside world, has been copied and cataloged for sale to foreign and domestic entities. 13TB of data here, another 3 million records there and Travis Doering of Privacy Fly hadn't even scratched the surface of the data available for sale.
 
Last edited by a moderator:

3301

Wake Up Man
<Banned>
2,770
1,379
Windows File Discreetly Stores Touch Devices' Sensitive Text

During an investigation in which Skeggs was trying to see whether or not a certain email was being silently stored on Windows 8.1, Skeggs didn't get any positive results. However, when he searched for the email’s title across the entire forensic image, he found one result: the email was copied to the WaitList.dat file, found at C:\Users\%User%\AppData\Local\Microsoft\InputPersonalization\TextHarvester\WaitList.dat.

Skeggs not only found the email for which he was looking, but also found the metadata and full body text of over 36,000 emails and documents, spanning a period of three years. The entire file was only 140MB in size.
 

MusicForFish

Ultra Maga Instinct
<Prior Amod>
31,455
123,572
Not sure if this post belongs here or not.
Move it if needed please.



Cool new Linux-based non-iOS/Android phone coming next spring: Products – Purism

Background: Librem 5 Leads New Wave of Open Source Mobile Linux Contenders

Documentation: Librem 5 Docs

What’s native-IP about? Designed for VOIP: Librem 5: What is IP-Native Communication?

Summary: Librem 5: All You Need to Know About The Upcoming Linux Phone | It's FOSS

Why do you want a privacy-focused phone free of iOS/Android?

China owns Apple/Google/Facebook/Amazon servers (and more): Bloomberg - Are you a robot?

Google is explicitly helping China enforce their brand of internet censorship: Google’s Project Dragonfly Promotes Chinese Censorship and Surveillance |

And they are trying to do the exact same thing here in the US: 'THE GOOD CENSOR': Leaked Google Briefing Admits Abandonment of Free Speech for 'Safety And Civility' | Breitbart

Facebook too: Facebook censors US political pages in another free speech purge

Android especially has over 260 apps in the Google Play store that make use of ultrasonic tracking beacons: https://hackaday.com/2017/05/04/ultrasonic-tracking-beacons/

https://developers.googleblog.com/2015/07/lighting-way-with-ble-beacons.html?linkId=15518168

https://developers.googleblog.com/2015/07/connect-with-world-around-you-through.html

https://thehackernews.com/2017/05/ultrasonic-tracking-signals-apps.html?m=1

Other security problems with cell phones: https://thehackernews.com/2017/04/mobile-open-port-hacking.html

Understanding internet browsers and the lack of security: https://browserleaks.com/

https://blog.macsales.com/41842-what-secrets-does-your-browser-know-and-reveal-about-you

How to safeguard your privacy and security while online:

Mindset like that of a hunter: https://www.securityweek.com/wear-camouflage-while-hunting-threats

Decent How to Guide for Privacy:
How to harden Firefox’s defenses: https://www.privateinternetaccess.com/blog/2018/09/firefox-hardening-guide/

Focus on uMatrix: https://www.privateinternetaccess.c...ox-extension-to-enhance-security-and-privacy/

Hardening Android defenses: https://thehackernews.com/2015/04/android-privacy-security-apps.html

Tor Browser (warning: created by US Gov’t): https://www.torproject.org/

VPN Reviews: https://www.vpnmentor.com/bestvpns/overall/

https://vpnreviewer.com/

See this about Nord VPN: https://www.bestvpn.com/privacy-news/nordvpn-responds-criticisms/

Note: private internet access has proven in court that they don’t keep logs – no other VPN can say that.

Free VPNs (I have used these):

https://windscribe.com/

https://free.protonvpn.com/?#vpn

But see this about Proton VPN: https://news.ycombinator.com/item?id=17258203

More free stuff: https://www.vpnmentor.com/blog/free-alternatives-to-windscribe-safe-fast-vpns/

Risks of “free”: https://www.vpnmentor.com/blog/free-vpn-vs-paid-vpn-which-is-right-for-you/

DIY Free VPN: https://www.vpnbook.com/ (caveat: maybe compromised? Maybe combined with Tor?)

Tor + Free VPN + FF hardening = decent protection (except for the compromised hardware of your phone and Silicon Valley’s servers…)

Private Search Engines:https://www.vpnmentor.com/blog/best-private-search-engines-true-no-log-services/
 

Hex

Lord Nagafen Raider
404
389
Well, since this was bumped let us all take a moment and appreciate how fucking stupid this vulnerability is.

 
  • 2Worf
Reactions: 1 users

Hex

Lord Nagafen Raider
404
389
Illinois is enforcing tax collection for out of state sales, R.I.P. the edge B&H and Newegg had over Amazon for me (in most cases) :(
 

LiquidDeath

Magnus Deadlift the Fucktiger
4,828
11,118
Any good resources for beginners in IT Security? I want to start learning home protection and move up to small business and then corporate level stuff.
 

Hex

Lord Nagafen Raider
404
389
Any particular area of home security you're looking to focus or start on? Firewalls, IPS/IDS, Endpoint, Content Filtering (Malware/Advertising domains?)

If you're looking to do get some better visibility into your network from a DNS level making a Pi-Hole is a fun project, added benefit is you can also leverage OpenDNS still to perform some category based blocking and enhance the ad-network blocking.

There's a lot of free open source solutions that are a lot of fun to tinker with. I spent some time recently building out a cuckoo lab so I can detonate malware on my guest network and see what kind of fun shit it tries to do.
 

LiquidDeath

Magnus Deadlift the Fucktiger
4,828
11,118
Any particular area of home security you're looking to focus or start on? Firewalls, IPS/IDS, Endpoint, Content Filtering (Malware/Advertising domains?)

If you're looking to do get some better visibility into your network from a DNS level making a Pi-Hole is a fun project, added benefit is you can also leverage OpenDNS still to perform some category based blocking and enhance the ad-network blocking.

There's a lot of free open source solutions that are a lot of fun to tinker with. I spent some time recently building out a cuckoo lab so I can detonate malware on my guest network and see what kind of fun shit it tries to do.

I have a Pi-Hole up and running, but every time I set it as the only DNS in my router I lose access to the Internet. I've looked online for solutions but haven't been able to find any. Admittedly, I've spent maybe an hour trying to solve the issue.

I'm mainly looking to level up my understanding of computer security at every level. I see it being a stable source of income well into the future and was hoping to start learning more in anticipation of a possible career move.
 
  • 1Like
Reactions: 1 user