They generate spam emails based on large data breeches. You can see for yourself here: https://haveibeenpwned.com/ (it's safe to add email here).
​
Just change your password if it hasn't already been changed. Usually after the data breech you would have been forced to pick a new password anyway.
If You're Not Paying for It; You're the Product.
https://lifehacker.com/5697167/if-youre-not-paying-for-it-youre-the-product
Your password should be considered compromised if you reuse it. Check https://haveibeenpwned.com to see if you're in any known breaches.
Use something like Lastpass or 1password or another password manager that will let you easily generate random passwords and use them across devices and computers. I know with Lastpass you can have it check your password list for any reuse and you can go change those.
The majority of hacked accounts come from a breach on another site. If you use the same password for multiple things, its easy to get hacked.
​
Use a UNIQUE STRONG password for every site, and go change any and all passwords you think you used twice.
Password managers are the thing you want, look into LastPass or Dashlane for a good start!
​
Check out https://haveibeenpwned.com/ to see if your email and password are PUBLICLY listed, or were involved in another breach.
Oh man do I not like PureVPN. Among other issues, I was once asked by support staff to confirm the last 4 characters of my password over a chat to verify my account ownership. That obviously implies my password is both stored in plain text and accessible to first tier support staff.
Fingerprints, no matter what platform, are not all that secure. Fingerprints can be reproduced from photographs and they can't be stored the same way you would store a password. Personally, I wouldn't get into this discussion as fingerprints are insecure to begin with. Additionally I would not use the fingerprint scanner for authenticating apps. Especially banking.
It's likely your password was exposed in a breach.
You can check and see if your email addresses were part of breaches using services like this one:
Once you're part of a breach, you information will be spread on lists, and bad people will send your own password back at you. I have to admit, the first time it happened to me, it was alarming to see one of my real (but older) passwords. They'll threaten and try to scare you, and demand payment in Bitcoin.
I've been using strong passwords that are always unique ever since.
Check Troy Hunts database on HaveIBeenPwned? Probably your email will be listed in 1 of the breaches there what means attackers can just buy that data on the black market (or download it from the dark web) and spam “hack” a lot of accounts.
You could also check the passwords you use but that would require some technical knowhow.
You can get a free Yubikey with a 1 year subscription to the online version of Wired Magazine for $5, and you can immediately disable / opt out of the auto renewal.
Sign up for digital delivery only and then opt out of any email they send you.
This is how politicians work... To quote some Australian idiot (that was the prime minister):
> "The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia."
So, don't expect politicians to use things like logic or even common sense to try and navigate through this quagmire. In the mean time, download GnuPG.
I stay away from VPNs that are not in 14 Eyes but are in countries with good relationships with 5 Eyes. U.S. and Panama have very good relations and treaties together. Same for UK with Hong Kong and BVI. I consider these non-14 Eye countries 5 Eye proxies. U.S. DOJ got PureVPN in Hong Kong to hand over connections logs (PureVPN did not keep activity logs) based on a subpoena that busted some guy for cyberstalking by correlating his PureVPN use with a Gmail account. Cyberstalking is certainly not cool, but Hong Kong based PureVPN makes my point.
I bought a 5-pack from Amazon but there's also a single piece. It's called Mic-lock.
But I stopped using it. I was able to download an app for Android and change the source of the sound to the internal mic. Plugged in Mic-lock and internal mic was still receiving sound. So it would only work for stupid malware and it's just not worth the inconvenience, imo. Maybe it's different for iphones if Apple doesn't allow changing the sound source. Dunno.
Last time someone posted anything critical about NordVPN in this sub masses came to the rescue in what seemed at the time to be a little suspicious. There seems to be a lot of pro-NordVPN sentiment around here and whether or not it's organized, it seems unusual to an outsider who isn't familiar with their service.
To top it off, /u/dreamysmury doesn't appear to be speaking critically of either Nord or Proton but rather the exploit that was patched which makes it strange that people are trying to defend companies which aren't being attacked.
If you can't find one pre-made, just make your own. cut the end off an old headset/ear buds or purchase a Plug sold to attach your own cable to and attach it to a keyring.
>Look at facts
Okay:
https://old.reddit.com/r/worldnews/comments/4ct1kz/reddit_deletes_surveillance_warrant_canary_in/
and
https://thenextweb.com/socialmedia/2016/05/30/reddit-knows-your-dark-secrets/
Your addiction to and defense of the site is sad.
This is correct. You wouldn't know. Install signal. If you are experiencing ongoing paranoid delusions you should seek psychiatric help.
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en
Generally, a "free" VPN is one that makes its money via advertising, meaning it collects data on you, meaning it cannot be trusted.
There are some low priced ones ($3-$4 / month w/ annual plan) that are trustworthy, like Private Internet Access.
Have you by any chance have the same password for all of these accounts? if yes, then it's not difficult to hack your accounts. If no, what about your wifi? Is it safe, do you connect to unsecure networks? It's extremely easy to take over a session with browsing info.
A few tips: - Do not reuse passwords, create strong passwords, if you can't remember them, lastpass will help.
Do not have auto-fill, do not fill your credentials into a HTTP website
Have NordVPN autoconnect instantly on startup
You can read about security tips in this article, very helpful, helped me out to set up a few things and increase my security
Free products, in general, aren't very trustworthy, and especially if we're talking about security services. I just always keep wondering from where do they get the income if users don't pay anything? It must be from something quite shady, IDK, it's possible that I'm too paranoid. Anyway, maybe this article will be helpful , I think NordVPN and Safer are pretty good options with the average price compared with other services.
> The citizen in question, unfortunately, left part of his Google profile pic in a screenshot, and an image search revealed his identity. As it turns out, the citizen, named Caleb Chen, was probably most concerned about PIA’s revenue. You see, Mr. Chen is an employee of London Trust Media, which is the parent company of Private Internet Access.
Well, surprise surprise. PIA are a terrible company, they pretend to cater to privacy yet are hosted/operated out of the USA of all places. They even have that MtGox douchebag as their CEO. If there's any VPN company to stay away from, it's PIA.
Not to mention PIA staff talk absolute shite on reddit and elsewhere, accusing potential customers as being "shills" for other companies when you ask them simple questions.
NordVPN says it’s getting an independent audit.
> [W]e are hiring one of the largest professional service firms in the world to run an independent audit and verify our ‘no logs’ claim. The audit is expected to be completed within 2 months and will independently verify that the accusations are false.
What app do you use to make your passwords?
Check out https://haveibeenpwned.com/ to see if you're in any breaches. It sounds like they have your password and can't get anywhere because you have 2FA. You might have an old password you've forgotten about that was in a breach.
>P.S. I am a network security professional with more than 20 years of experience. This is not user error.
I having a hard time believing your credibility when you did not once mention you had 2FA turned on.
Even though you say the passwords were random, lengthy, and unquite you did not mention how you make them. Did you use a password manager or better yet have you ever repeated these passwords anywhere else? What does https://haveibeenpwned.com/ say about this email account?
And we can't rule out user error because there are other ways someone can get in your Google account without your password. You could have login onto a public computer. You could have sold an old Android phone with no protection/password. Could have your cookies that keep you logged in stolen.
VPN is just encrypting data from point to point (or site to site). Someone watching the traffic can still see this computer is talking to this other computer, the content just looks garbled. However they could capture it and decrypt it later. And they can do traffic analysis to determine what type of content is most likely is.
TOR basically bounces your request between a bunch of other people before its final destination. This prevents traffic analysis because you don't know who the real sender and receiver is.
However I've read that you can de-anonomized the TOR network - https://www.theguardian.com/technology/2014/jul/22/is-tor-truly-anonymising-conference-cancelled
> Where are we supposed to send them to get safe, reliable, useful software?
https://chocolatey.org (with Chocolatey-gui). There is also https://ninite.com for a mix of Free and proprietary, freeware software. You shouldn't have to troll the web for software.
KeePassXC is the best choice these days.
Also have a look here: https://strongpass.us
Online solutions are bad choices because they are honey pots for hackers. LastPass has been hacked 3 times in the past 5 years. That's incredible for a company that specializes in security products.
Better VPN would be Mullvad.
If you’re looking for a pre-configured browser take a look at . If you’re willing to configure a browser, use Firefox and adjust settings according to
There aren't any good free VPNs. If they're giving it away free then you're the product not the customer. Facebook owns a free VPN which they use to monitor ALL of your Internet traffic so that they can serve you more relevant ads. There used to be one free VPN that sold your "excess" bandwidth to third parties at the rate of about $15 per GB. So scammers and botnets used your IP address to communicate with the world, which rather defeats the point of having a VPN.
The nearest to a good VPN is TOR (The Onion Router). But don't become an access node for it as you will get blacklisted from several websites and common IRC servers. People will also be able to look up CP and extremist material from your IP address. Also TOR has a pretty bad reputation as it's an essential to get to "darknet" web sites which specialise in drug and weapon sales as well as CP.
Personally I recommend Private Internet Access as do many other people which is about $39.99 a year. Another alternative is that the Opera Web browser has a built in VPN but it is Chinese owned these days so be careful.
PIA looks sketchy as hell. And US-based is a no-go. You might want to consider another provider. I like Mullvad, myself, for their aggressive no logs, no info policy.
To answer your question, their privacy policy is not clear on the matter (though that "may change without warning" note at the bottom is scary), but the information they explicitly claim to collect does not include IP associations. But you'd have to ask.
This happens when you reuse passwords. A site you used in the past was breached and the login details were stolen. Hackers will try your logins on other sites to see what they can get, this is called credential stuffing.
You can check what breaches you're in at https://haveibeenpwned.com/ and to stop this from happening again you need to give every account a unique password. Get a password manager as it will make creating unique passwords painless.
https://haveibeenpwned.com/Passwords
They're legit from what I can tell. Your type your password (risky I know) they then check it against hashes from database breeches. This doesn't mean it was your account that was compromised but it does meant that your password is potentially in the wild if someone has revered the hash or does so in the future.
Looks like you've been in a password breach, check out https://haveibeenpwned.com/ and change your passwords. Turn on 2FA for all accounts that support it especially your email account.
Just to be sure, check out https://haveibeenpwned.com/ to see if you have had any accounts exposed in a breach. Your security is strong but you're not the problem, it’s websites that don't take security seriously that become the issue.
Have an upvote for asking an honest question.
By default Chrome tells Google servers:
Every URL you visit as you visit it
Details about every file you download
What you are typing into the browser bar as you type it
Tons of tracking info. Obviously your IP, which it uses to geolocate you. The current version of Chrome, when you installed and where you installed it from, etc. etc.
It can even be configured to send every single word you type into text input forms for spellcheck purposes.
The full details can be found here: https://www.google.com/chrome/browser/privacy/whitepaper.html
You'll note that nearly all of these can be disabled, and Google is very up front about them on that page. They actually have to be for government compliance. Chrome has been repeatedly traffic sniffed by professionals, and to my knowledge Google has never tracked more things than advertised.
As others have pointed out, most of these are used for features. DNS prefetch, some amazing spell check accuracy, automatic updates, Google Now.. Due to these features, some of those privacy settings I have left enabled while others I have chose to disable.
It's legit, most likely linked to the recent 000webhost compromise with thousands credentials leaked.
Amazon and LinkedIn did a good job finding their users in the dump and notifying them to change the password. People tend to reuse passwords to different services all the time, so it's a good precaution measure.
You can check whether your email address / username is on any password dump list from recent major breaches on https://haveibeenpwned.com/
Some folks or orgs may want want an OV or EV cert
Letsencrypt has an advisory board with people from Akamai, Cisco, EFF, and Mozilla (and independents). It also partners with various unis, IdenTrust, and the Linux Foundation. It is further sponsored by a buttload of companies (google, OVH, gandi to name just a few of their major sponsors randomly).
Letsencrypt is cross-signed with Identrust so you likely should have no issues with browsers lacking their root cert. (https://letsencrypt.org/docs/certificate-compatibility/)
If you do not trust or have had issues with Letsencrypt or Identrust that may be a reason to go with someone else, although I personally see no reason not to over another CA.
The long of the short of it is Let's Encrypt exists got tired of the pay-for-security-by-small-end-users system or wanted to provide ssl on customers domain names for cheap (like shopify or squarespace for example) and decided to try this and put money up to make it happen long term.
edit: Let's Encrypt also only offers 90 day certs (https://letsencrypt.org/2015/11/09/why-90-days.html)
edit2: And no wildcard certs, but since they are free getting a new domain is easy and an API exists for facilitating this along with ACME for clients
You can find the full list of the categories (highlighted by Brave) here: https://brave.com/update-rtb-ad-auction-gdpr/Google-publisher-verticals-marked-up.pdf
Not related to OP’s post, but responding to this misconception:
> If something is free, you are the product.
I don’t really like this saying. Open source software is free and I am not the product. My buddy’s side project is free, and I’m not the product. Google’s paid plans aren’t free, and I’m still the product. We need to rethink this.
But, I agree that Mullvad is a good choice, but just because they are a paid vpn does not make them that good choice.
Some tips I can offer:
Invest in a VPN. I use Private Internet Access
Don't do tasks such as Internet banking on public Wi-Fi
Check your emails on a site such as and change the corresponding passwords, if necessary.
Ensure you are using an up to date browser, as these will block or warn you about non-https sites (i.e sites that don't use encryption)
Use two factor authentication on apps/sites which have the capability. Two factor codes generated via an app (e.g Google Authenticator, Lastpass authenticator) are generally more secure than those sent via SMS.
Hope these help!
You probably don't want to actually send passwords to other devices, because they could possibly be intercepted. However, using 2 factor authentication, something similar is common. Check out google authenticator , You can set it up so that whenever you want to log in, you must type your password, as well as a code that the app generates. That code changes every so often, but your original password will stay the same.
Depending on your windows version you might be able to hide your porn like this: http://www.howtogeek.com/193013/how-to-create-an-encrypted-container-file-with-bitlocker-on-windows/
Also get a better password. If he still has access get a better roommate.
Internet Browsers validate that they are going to a secure and proper webpage by checking the certificate of the web page. The certificate is issues by a company which is supposed to have validated the site.
It's why when you go to https://www.amazon.com, your browser knows that it is really amazon.com, not a different site pretending.
It's a complex and mostly broken system. The math and crypto work, but the structure needs work.
I think you should really check out https://haveibeenpwned.com/ if you have a habit of reusing passwords even if they're "strong". Every account should get its own password no matter how unimportant you think it is. Use a password manager as it makes this very easy.
I see what you are describing but that is not Qubes. Qubes is a step further than what you are describing, making the usage of Windows as host in those circumstances impossible without just going full circle and turning Windows into Qubes. Which is pointless, since we can just use Qubes. Windows application usage with Qubes is described here.
Disclaimer: I have not actually used Qubes, myself but this is my understanding of how it works.
It looks like Qubes does not support GPU passthrough for app containers, so one would have to run another full virtual OS for each game, if they wanted to segregate them.
Qubes looks pretty cool but I'm trying to figure out exactly what is provides that Xen can't other than a more user-centric interface.
Kali-undercover is visual only. No user agent details or other OS fingerprint. When I run it on my Kali laptop it changes my background, desktop icons, taskbar (moves taskbar to bottom), and even adds a somewhat clunky Windows-like start menu. Rerunning the script returns my desktop to normal.
If you havent seen it yet there is a GIF on this page: https://www.kali.org/news/kali-linux-2019-4-release/
I'm not an expert, but regarding 2-FA, I believe that is only authenticating you to Google, it does not prevent google to access the data if the want to. Thats is what is different with Proton I believe; they cant access your data because only one key is stored with them and other key is stored locally during the login.
Check this link for more details
I was wondering how this compares with PGP.
> Malvertising is a nasty problem. It’s hard to track. Because of ad targeting (e.g. location, mobile vs desktop, 3G vs Wi-Fi, web browsing history, etc), different users see different ads and different ad campaign are active in different time. Moreover, one third-party ad network script usually loads content from dozens of other partner networks and trackers behind the scenes. For example, recently we worked with a site whose homepage had scripts from 8 different third-parties (ads and widgets) — when loaded in a browser, that single page generated over a thousand HTTP requests to resources on 249 unique domains — 99% of which belonged to various ad networks and trackers. Maybe this is an extreme example, but requests to 30-40 unique domains initiated by ad script is quite typical.
Instead of trusting hundreds of unknown domains to silently install and run software on my computer, I'm just going to block them by default. Sorry for your lost advertising revenue, but maybe you should find an honest line of work.
Stop re-using passwords.
How many years have you been using this computer?
Re-assess what browser plugins you are using.
Freeze your credit? Might be too late.
Consider not using the VPN for a bit and not doing anything that needs it, assess if only things through the VPN are being seen.
Is your router 100% yours? (as in, not one that's netgear/cisco/linksys and hacked?)
NordVPN and VIPRE don't do shit to assess your online digital cleanliness - they just check the client they're working with/on and tell you if they think they're working. They can't know the situation outside the box beyond what the URL in your browser says. They won't tell you if a MITM or certificate exploit is in use.
Lastly, have you looked at the certificates you trust? Have you added any? Have any been added? Any certificate that's added into your machine as a trusted signer of websites can enable a large host of MITM (man in the middle exploits). Going to sites/places/things that you are having issues with might also provide some interesting intel - like - is the certificate I'm loading on website X here on my PC the same cert that my phone gets through the carrier?
Show her https://haveibeenpwned.com and explain how all these data breaches have increased the available stock of passwords, and that if her email is in there, then she should make sure she uses a fresh password for each site. You might also want to consider letting her keep the notepad provided she sets a 6 digit PIN and uses touchID or FaceID to log in.
Check https://haveibeenpwned.com/ to see if you've been in any breaches. Get a password manager and give every account a unique password no matter how unimportant you think it is. Use 2FA, not the text message 2FA but the Google Authenticator or Authy version.
If it is your employer's network and computer, trying to go around security measures may be a career limiting move.
TMK, at least on Windows, all common web browsers leverage the shared OS certificate API, rather than only trusting their own private certificate store. And not trusting the corporate certificate won't get around a firewall which forces MITM decryption of various websites, it'll just pop up certificate warnings.
If you can install VirtualBox, you could run a Chrome OS in a virtual machine; the VM software would only trust it's own certificates, not the parent OS.
This story keeps getting b̶e̶t̶t̶e̶r̶ ̶a̶n̶d̶ ̶b̶e̶t̶t̶e̶r̶ stupider and stupider.
But even now, “police say they may yet charge him with making a hoax bomb — though they acknowledge he told everyone who would listen that it’s a clock.”
Instead of having to look through the dark corners of Windows 10's settings to find all of the privacy settings, O&O Shutup provides a centralized menu. After installing updates, you run the program and it will detect any changes Microsoft makes to your preferences. Additionally, it automates the creation of restore points prior to making any changes and you can save a configuration file of your preferences for portability or in case you had to reinstall the program.
https://www.oo-software.com/en/shutup10
​
Edit: Bizarrely half of my comment disappeared when I submitted it.
Head to PortableApps and install their platform. A 2G USB has been plenty for a tool-based device but there are games as well if you like.
Off the top of my head I use:
Ant Renamer
BleachBit
Eraser
All of the "Wise" tools
VeraCrypt
When I burn a computer with an HDD for myself or someone else I:
1) Create a Burn folder of the desktop and move temp files, documents, photos, whatever into it.
2) Rename the files and folders with Ant Renamer using the Random UID setting
3) Securely delete them with Eraser
4) Confirm it worked with Wise Recovery
I also keep the EFF Long Word List txt file on the USB and a six sided die in my backpack.
Nmap is by far the best tool to discover hosts on a network. What problems are you having?
Simple ping scan of network: nmap -PE <network range>
This should be a pretty decent scan for clients on a LAN.
Simple List scan: nmap -sL <network range>
This will give you a list of hosts with a reverse DNS check for host names. It sends no packets, only receives.
You might try reading this section of the Nmap manual: http://nmap.org/book/man-host-discovery.html
Yay, I'm so glad you love 1Password :).
Just wanted to contribute this link about how security is at our core: https://1password.com/security/
I'm here (and so is our super-smart head of security!) to answer any questions you have about 1Password and it's top-notch security.
-Henry from AgileBits (makers of 1Password)
A VPN isn't for hiding from Google, it can be for hiding from your ISP or network sniffers. It creates a secure connection to the domain you are connecting to.
If you're worried about Chrome using your information then look into Firefox and the tips/add-ons from https://www.privacytools.io/
Building on what /u/tehfcae7182 said, use a password manager. Last pass is pretty good. During the recent breach they let us know how they do passwords... and it's really good. The tl;dr version is even though they got "breached" it didn't really matter, because of how they do things. They're a good password manager.
Once you have a password manager, just generate random passwords. If you're on Windows 7 (or above) click Start, type "powershell" and hit enter. At the prompt, paste this:
-join(33..126|%{[char]$_}|Get-Random -C 40)
And it'll give you 40 random characters. Like these:
\A/yc{R'@EUl;r!vI>x=KN1Ditkw7&b}^JaFjQH# ~piN(m4G/7oJh9ekz#MyKx5.R{8]S361%@`FD>$_ HSC-#joF)0XB~mzw7l/y!g]>:$9^,[dNe6q2W4u
These passwords will never* be cracked. Then just put the passwords into your password manager, make the master password something long and hard to guess, and you're good to go.
^(^by ^"never" ^I ^mean ^that ^it ^would ^take ^literally ^millions ^of ^years ^for ^a ^computer ^to ^brute ^force ^it, ^because ^of ^how ^math ^works.)
So tl;dr. Your method is not bad but it's also not good. It has flaws. The better method would be to use completely random passwords in combination with a password manager.
I work in infosec, and I helped a company out during a DDoS attack a few years back. After the fact, I put together a list of "lessons learned," things they could have done to minimize the impact had they taken these steps BEFORE the incident. Not a silver bullet, but definitely a resource you can use to build out similar controls at your company. https://www.slideshare.net/JerodBrennenCISSP/ddos-attack-preparation-and-mitigation-27027980
Shameless plug for /r/homedefense.
That will get you in a good place.
When connecting to unknown/public networks, WiFi or otherwise, someone might be snooping on what you're accessing.
Your passwords (and other traffic) are mostly protected by HTTPS. However, if you're connecting to something via FTP or HTTP, which are not encrypted, that data can be intercepted at any point along its route.
Privacy VPN services like NordVPN wrap the whole thing in encryption to mitigate the risk of such interception. Everything is encrypted between your computer and NordVPN's servers is encrypted, and then it's sent from NordVPN's servers to the endpoint. That means the traffic can't be intercepted on your end if you're connected to a dodgy network like a public WiFi network. It's still not encrypted between NordVPN and the server you're connecting to, but the chances of being intercepted on that end of the route are much smaller.
It really depends on why you need a vpn but for the most part the paid ones are better because you need money to maintain a quality product. Free vpns might generally be slow and unreliable and as someone already mentioned might be selling your data.
I would recommend NordVPN, they have been around for a long time and seem reliable enough to me.
Of Course. First: If something is free, you are the product. Mullvad is a paid vpn and it just got a strict no-logging policy. Second: OperaVPN isnt Opensource so you dont see how its been operating and which servers are connencting else. In addition OperaVPN doesnt allow OpenVPN or wireguard configs.
Hahahaha I read that at the end, and had the same reaction. Can't be both.
lol the title of the linked NordVPN article, "NordVPN: Why the false allegations are wrong". Seems slightly redundant. Who writes these articles?
"There are animated ads and bloatware installers to deal with, which are undeniable annoyances."
http://mobile.geek.com/latest/254075-why-google-chrome-thinks-utorrent-is-malware?origref=
Bloatware is arguably malware just for the fact that it's software installed agaist the users will, and that's before you factor in that bloatware is often malicious (ad injection, search engine redirection etc).
A discussion about torrent clients listing some alternatives: http://www.howtogeek.com/197542/the-4-best-alternatives-to-utorrent-on-windows/
This is why re-using passwords is a bad thing. Use a unique password for every account and store them in a password manager (I like KeePass). If you haven't done so already, type your email address(es) into https://haveibeenpwned.com/ and see if you get a hit. Set up multi factor authentication if it's available too.
This discussion provides really valuable information. You can gather experience.
http://www.bleepingcomputer.com/forums/t/526536/bitcrypt-virus-help-me/
An alternate variant is to download RectorDecryptor by Kasperski.
But I suppose there is no existent way to crack 4096 encryption.
Go to https://haveibeenpwned.com/ to see what breaches you're in. Get a password manager like Bitwarden, 1Password, or KeePassXC. Write down your master password and keep it somewhere safe in your home. Then turn on 2FA for all the accounts you can but especially for your email. Get Authy or use the password manager mentioned to store the 2FA secret. Above all else, every internet account gets a unique password no matter how unimportant it is.
For true anonymous communication, use TailsOS, it's an operating system designed for privacy that boots off a USB stick.
For regular daily use, use a VPN (properly configured with kill switch and DNS leak prevention) on all your devices. Use a privacy & security hardened browser (e.g. Firefox + noscript/umatrix + ublock origin + privacy settings + random agent spoofer + clean links + disconnect search + self-destructing cookies).
That's basically all you need. If you're using windows, make sure you use a tool like Spybot Anti-Beacon to disable windows spying.
There are cheaper cameras that can do what you need like this although you will have less reliability and support than going with a more trusted brand.
Ninja Edit: Or this odd looking but inexpensive one with lights on it.
~~Ninja~~ Edit 2: Right link: http://www.alibaba.com/product-detail/wireless-mini-pir-ip-camera-with_1840803945.html
At first every attack seems personal and targetting you in particular. It's most likely not the case. Thousands of bots are automatically trying to break passwords on big platforms etc from lists that circulate on the black market and come from past breakins or other data leakage.
Since there's been something like one company announcing that the data of millions of customers were lost by week recently, you're probably just one of them. Use that website to know if your email is in the lists that have leaked publicly https://haveibeenpwned.com/
If you've ever received spam from companies you didn't give your email to, that means your email is already sold somewhere by someone. It's just a matter of bying it.
This is by far the most prevalent possibility and if it's the case, relax, unless your password is bad they're not serious attackers. They have millions of account to try so if it doesn't work they'll just leave it and try another one.
If on the other hand it is a targetted attack, then it most likely is someone close.
Microsoft just added them: https://threatpost.com/microsoft-adds-direct-trust-for-lets-encrypt/134761/
FWIW, the LE intermediate certs are cross-signed by Identrust, which was already in the trust stores of the major browsers, so that's how the chain worked before. Now the chain can use the LE root of trust.
They have your PC's unique fingerprint. So they make an educated guess that the guy using IE on the computer is the same guy using FF.
EDIT: scroll down to the fingerprint test https://www.privacytools.io/
And if you don't have a Pi-Hole or a HOSTS file, don't use IE with FB because you can't install uBlock Origin. Instead use Chrome or FF, whichever isn't your main browser. That's what I do.
We've created an audit for all Firefox versions in your network so you can quickly identify vulnerable machines and help with patching.
I'd be happy to. This is a list I wrote about a year ago, but it's still accurate:
More details on SSL decryption:
> Keyless SSL requires that Cloudflare decrypt, inspect and re-encrypt traffic for transmission back to a customer’s origin.
Source: https://www.cloudflare.com/ssl/keyless-ssl/
By doing that, Cloudflare is violating the trust between users and server operators and making the SSL certificate itself worthless. A website cannot be considered "Secure" if the traffic is decrypted by a man in the middle.
Wipe your computer with something like DBAN and reinstall your OS. Make sure you've got install media available to you (including something that boots) before you wipe.
If you've got banking information at risk, it may be cheaper/easier/faster to buy a new computer.
You could also consider running something like a LiveCD version of Ubuntu (see https://help.ubuntu.com/community/LiveCD/Persistence) for banking or other important things, especially if you can't/won't wipe/reinstall or buy a new computer. Chromebooks are also cheap and will get you on the Internet pretty securely.
It sounds like a phishing scam, are you sure the email is actually from Target? Keep an eye on your bank account, keep your computer clean and check to see if you've been pwned
>WireGuard securely encapsulates IP packets over UDP. You add a WireGuard interface, configure it with your private key and your peers' public keys, and then you send packets across it.
This is going to be big
Seems to be a fork <em>of</em> KeePassX with the aim of being properly cross platform and having better security. Might be the best non-Windows client (going to try it over the usual KeePassX in WINE right now), but I'll stick with KeePass for Windows.
Edit: Yay, it's going to support KDBX4. No more exporting a copy for KeePassX to use separately.
Heads-up, you seem to be talking talking about <strong>Kee</strong>Pass, which is free and open-source, not KeyPass (which I'll refrain from linking), which is proprietary, closed-source, limited to 10 (!) entries in the free version, and IMO not to be trusted.
Unfortunately this ransomware doesn't have a decryption tool and likely won't for a long while.
You'll want to restore from a backup.
In the future you may want to look into data protection software and backup software for your server.
This is about the "none" algorithm again, based off the original post at https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
This is from 2015, and the discussion (on Reddit, Hacker News, etc) already happened. Pick a library that either doesn't implement "none", or verifies the input algorithm against a whitelist.
> https://www.whatsapp.com/legal/#privacy-policy-information-we-collect
In addition to the metadata, they say, they would retain "popular" media for a longer period of time in their servers, to improve performance - if that is the cause what purpose does end-to-end encryption serve (with encryption it would be impossible for them to classify what is popular and what is not), it also seems totally contradictory to the lines you have quoted from their Terms ("encrypted to protect against us and third parties from reading them")
There's some info about all that here: https://www.google.com/chrome/browser/privacy/
Switching to Firefox might offer better security, or if you're really paranoid, use the Tor browser along with your VPN. Some other alternatives here.
Well, free VPN is not a good idea, although I doubt that SuperVPN can steal you email information. Mostly it's free because it shows you some ads and limits you session and bandwidth. It can also track you DNS requests, meaning it can track what websites you go.
I'm pretty sure that the alert you got is related to the VPN.
In any case, changing the password and using 2FA is a good choice.
All of these security threats are a bit unlikely and it's not like everyone is capable of it, but it's still better to be safe than sorry. Seems like just https isn't enough security these days so a VPN would be a great additional layer of protection.
I think NordVPN is a trustworthy service, they have been in the industry for a long time and they're based in Panama so you can be certain that they will respect your privacy.
Quick question, Are you using Diskless Servers like AzireVPN? As in everything run off RAM.
When I answered you with "charitably, on the up-sell to premium" I wasn't in any way saying they were a charity. Upselling is a business strategy, and if ProtonVPN makes its money from premium customers then everything you say about the importance of reputation applies to them - they're just using upselling as a marketing technique.
"Charitably" in this context means "viewing them in the best possible light".
TOR is absolutely comparable to a VPN. I have no idea what you're even trying to claim here.
Wow it seems like "people" are really shilling out for NordVPN in these comments. I'm going to go out on a limb here, but it kinda seems like any time someone accuses someone else of running a "smear campaign" they turn out to be the guilty party.
So, I got IPVanish several months ago and I’ve found it to be unusable presumably because of so much nefarious activity by other users.
My eBay account got temporarily banned because I made a listing while connected to my vpn and eBay flagged my IP as being suspicious.
I’ve been stuck in endless captcha loops.
I’ve run into more captchas than normal.
I’ve had websites tell me my IP is completely blocked, even after switching endpoints/countries.
So are any of these VPN services better than this? Or is this just an unfortunate side effect of using protection?
For 1): I'm entering via ShangHai, so I assume that is large enough of a metropolitan area?
For 2): I've heard that ExpressVPN is the go-to VPN for China, correct?
For 6): If I have iCloud turned on and all my photos automatically back up to iCloud, can spyware compromise that as well through the photo uploads?
What's cheap to you? I used to use Private Internet Access until more and more services blocked their proxies. I have switched to ExpressVPN. Over a year the good VPN are affordable and worth it. I would recommend to not use any free ones as you cannot be 100% sure they are not scraping your data or logging what you do.
VPNs you will get what you pay for.
BB
PIA have a good reputation, as to NordVPN and FREEDOME VPN (run by F-Secure). Any which support OpenVPN and have a no logging policy, but you've no way to really know that's true. However, if you're not doing anything illegal, that's not an issue, is it?
By the way, there is literally nothing stopping the VPN provider from doing anything your ISP could do above. They know who you are, your payment details (unless you use a cryptocurrency or gift card to pay), and plenty of other details. You should continue to use decent "op sec" on the web, ensuring your connection to the endpoint is encrypted wherever possible, and not linking your VPN use with things like social media if anonymity is really your goal.
This is such a stupid move by PIA I can't even describe it, they've lost a customer. Thanks OP for mentioning NordVPN as one of the options, I've just read about it and they seem pretty good and reliable. Currently using the free trial and considering buying the subscription. Snooped around the 'net a bit and found this offer, maybe I'll use it and maybe it'll be useful to someone Also heard that StrongVPN is quite good, will have to try it as well before making the decision.
If anyone is looking for a good VPN, I recommend NordVPN. I mostly use it to get around YouTube music videos that are blocked in the U.S. It works very well and I've never had any problems.
EDIT: Why am I being downvoted? I'm not allowed to mention a VPN that I like?
You can get a one year subscription to it right now for basically free:
Also has BitDefender 2017 / Acronis True Image 2017 / CyberGhost VPN 1 year subscription / Display fusion for $20, it's pretty slick.
Here is what I recommend (and I'd welcome feedback from the group on this):
OpenBSD as a desktop operating system. The focus of this platform is on security and it makes a very nice daily driver. You give up Flash support and Virtualization software support (qemu is it) but for everything else it is very solid. Use full disk encryption and leverage the fact that OpenBSD has encrypted swap for quite some time.
On the hardware front, if you are very concerned, look to use Coreboot (open source BIOS). You can purchase Lenovo laptops from that have it pre-installed for you.
Use the following browser plugins:
Ghostery - blocks trackers Some Ad Block plugin HTTPS Everywhere from the EFF (forces encryption) Referrer Control (sanitizes HTTP referer)
Use a VPN service from a company that you know doesn't store logs. AirVPN got good marks on this front recently. When you set this up, make sure you aren't leaking any DNS data (do a Google search here).
Use TOR on top of your VPN to randomly route your encrypted traffic. There are some concerns about compromised TOR nodes so do some research here.
Don't use suspend/resume on the laptop. Do a cold boot and full shutdown every time. That will ensure that your front line of security if the laptop is stolen is that full disk encryption.
Use tarsnap or some other fully encrypted backup tool to back up your data offsite. Tarsnap is nice because you can build the tool from source code and the data is encrypted before it ever leaves your machine.
Thoughts from the group?
Android supports full disk encryption (there are lots of guides online). Everyone should use it, if only to keep your personal data safe in case of theft/lost phone.
One thing to be careful about is that by default android sets the filesystem (fs) encryption password to be the same as your lock screen password. This is idiotic for a lot of reasons (your lock screen password is usually short because you have to enter it so often, while you want your fs password to be long and brute force resistant). The App Cryptfs Password will let you change the fs encyption password so it isn't the same as your lock screen password.