Lost in Space
"No one can access my hard drive." Umm, you don't need Tor for that. You have to voluntarily expose your hard drive for anyone to be able to reach it even with a direct IP address. And Tor still routes traffic to your system because it has to for two-way communication. Sure, nobody can discover your real IP through your web browsing, but that has absolutely no effect on any other form of access, and a firewall will block just about all of that regardless.
I mean, maybe some idiot has an unsecured SMB share that someone can get into from outside their network, but if so that's a problem that they can't fix just by using proxies.
Also, web browsers usually store data on your hard drive — this is true regardless of whether you use proxies. The only way to be completely safe against intrusion is to run your web browser in a VM or other memory sandbox, and dump it when you're done. Of course, this assumes you don't want to save anything you do online, including cookies and downloads.
Who/what are you trying to hide from with all of this privacy fetishism?
edited 24th Oct '17 1:27:59 PM by Fighteer
"It's Occam's Shuriken! If the answer is elusive, never rule out ninjas!"
No one can reach my hard drive because the OS boots from a read-only cd. The OS itself has no access to the hard drive, so hacking it would give no else access either.
I only go that far when I'm using a public wi-fi service, like in a coffee shop. When I'm at home I'm a little more relaxed about it.
Oh, and you don't have to voluntarily expose your hard drive to be at risk—you need only open a malicious email attachment, or download an infected app.
edited 24th Oct '17 3:45:54 PM by DeMarquis
Lost in Space
Well, Tor isn't going to protect you against malicious email attachments. You seem to be advertising it as some kind of cure-all for privacy problems, which it most definitely is not. The only perfect protection against email vectors is knowing how to detect the bad ones. (Well, you could open all your emails in a VM, I guess, but these are not things the typical consumer will ever do.)
You set your hard drive to read-only on public networks? Are you storing nuclear launch codes on it or something?
edited 25th Oct '17 6:17:03 AM by Fighteer
"It's Occam's Shuriken! If the answer is elusive, never rule out ninjas!"
The boot cd, on which the OS resides, is read only, so nothing can be stored on it, including malicious downloads, because there is nowhere to download to.
No nuclear launch codes, but I do keep files that are important to me, and I dont want anyone encrypting them and holding them for ransom. Thats not at all uncommon these days.
Lost in Space
By infiltrating your system through public Wi-Fi networks and installing malware without you clicking on anything? Mmmhmm. There's such a thing as too paranoid, you know.
"It's Occam's Shuriken! If the answer is elusive, never rule out ninjas!"
United Earth
Usually malware are like vampires: you have to invite them in.
Is this the right thread to discuss encryption and personal digital privacy?
edited 25th Oct '17 7:41:20 AM by TheHandle
Darkness cannot drive out darkness; only light can do that. Hate cannot drive out hate; only love can do that.
Lost in Space
Sorry, Fighteer, but not true. The latest round of hijack ware relies on corrupted web page servers, that download fake software updates. It's also possible to become infected through the network servers your computer connects to. It's easy to make a mistake and get hijacked, it's hard to remain vigilant at all times and never let your guard down. So why shouldn't I let specially designed security software do that work for me?
You know, for someone who works in the IT field, you seem strangely cavalier regarding the dangers of modern day hacking. I'm not being paranoid, I'm simply being prudent in an inherently risky environment. It's like locking your front door, even when you are home, because you live in a dangerous neighborhood.
edited 25th Oct '17 9:18:35 AM by DeMarquis
Lost in Space
A sensible person locks their doors. An insane person puts ten locks on their doors, boards them up, and then melts the keys down.
If you're referring to the Krack thing, once you've updated your WiFi software, you're safe, and the hijack doesn't apply to public (i.e., unsecured) access points anyway. Installing OS, browser, and antivirus updates when you're supposed to will address 99% of vectors for the typical consumer, who is rarely targeted for personalized hacking because there's no profit in it. You really think criminals are going to drive through neighborhoods trying to crack individual home access points?
Train yourself to detect and ignore spam, recognize malicious websites, and keep your system up to date, and you're fine unless you're a commercial or public entity that's a more direct target. If you're concerned about malware being distributed through compromised public access points, then do your web browsing in a VM. It's much easier than booting from a CD-ROM... seriously...
edited 25th Oct '17 9:36:30 AM by Fighteer
"It's Occam's Shuriken! If the answer is elusive, never rule out ninjas!"
![[up]](https://static.tvtropes.org/pmwiki/pub/smiles/arrow_up.png "[up]"){kind=icon}
DeMarquis doesn't seem to be doing that kind of behaviour. It's a notch above the standard forms of procedure, sure, but it's not out and out paranoia.
And one should be very careful in regards to public networks/wi-fi services, regardless of how many protections one has. It may be impossible to prevent/defend everything, but it's best to make things harder for whoever tries to cause problems.
That being said:
I agree with this.
edited 25th Oct '17 9:45:06 AM by Quag15
Lost in Space
Seriously, though, booting from a CD-ROM? I don't even think that's possible in a Windows 10 system, unless it's embedded. Certain system functions require a writable storage medium to work.
Yes, I am very IT-savvy, but part of that savviness is recognizing when a solution is practical for general use. At a certain point, you hit diminishing returns in the trade-off between security and usability. If it's not an out-of-the-box solution from a major vendor, then most consumers will lack the willingness (never mind ability) to do it.
edited 25th Oct '17 10:02:21 AM by Fighteer
"It's Occam's Shuriken! If the answer is elusive, never rule out ninjas!"
Well, I'm using linux, so perhaps that makes staying safe easier than in a windows environment. Booting an OS from a cd is very simple, fast and nearly free. Tails, for example, is no harder to install or use than any other operating system. Since it costs me very little in terms of money, time or even skills, I don't see the downside. Really, these security systems have been made so user-friendly that I don't understand understand why more people aren't using them, unless, of course, this is another example of the costs of using microsoft products.
edited 25th Oct '17 11:15:01 AM by DeMarquis
My Hair Provides Affordable Healthcare
I actually wouldn't mind De Marquis having access to nuclear codes, unlike someone else . . .
I'm less likely to blab them out to a Russian journalist...
Lost in Space
Really, social engineering is always the best hack.
"It's Occam's Shuriken! If the answer is elusive, never rule out ninjas!"
I feel that I should mention, before leaving this topic, that anyone concerned with keeping themselves safe from online hacking and harassment can find a lot of support and helpful guidelines at this site
. It's a resource center provided by Zoe Quinn, the victim of the Gamer-gate scandal and author of "Crash Override", a book about her experiences.
United Earth
Ooh. If anyone has first-hand experience with this, it's her.
Darkness cannot drive out darkness; only light can do that. Hate cannot drive out hate; only love can do that.
Lost in Space
Indeed. People who are, or are likely to be, targets of online harassment definitely have good reasons to take additional steps to protect their privacy that most people would find unnecessary.
"It's Occam's Shuriken! If the answer is elusive, never rule out ninjas!"
My Hair Provides Affordable Healthcare
Cybersecurity researchers from Kaspersky described the malware, dubbed Bad Rabbit, in a blogpost on Tuesday, October 24. They explained how the previously unknown malware takes control of computer systems and encrypts data so that people can’t access it.
A ransom is then demanded in order to unlock the computers.
Security researchers are comparing the Bad Rabbit ransomware to Wanna Cry, which disabled 300,000 computers earlier this year.
“Currently, it’s unclear as to whether or Bad Rabbit will be able to reap the same damage as Wanna Cry, but undoubtedly businesses will be holding their breath,” Jamie Graves, CEO of security firm Zone Fox, said in an email to Newsweek. “This highlights the need for a robust security posture, based on both technology and education.”
Victims of the Bad Rabbit ransomware include the Kiev Metro and Odessa International Airport in Ukraine, as well as Russian news agency Interfax and other media organisations.
Bad Rabbit works by holding the infected computers and networks to ransom before spreading in a “worm-like fashion” to other computers.
The Kaspersky researchers describe the method of initial distribution as “drive-by attacks” that make use of a fake Adobe Flash installer that requires victims to click on it to execute the ransomware.
Once infected, a ransom message appears on the device that states: “Oops! Your files have been encrypted. You might have been looking for a way to recover your files. Don’t waste your time. No one will be able to recover them without our decryption service.”
A link to a website hosted on the dark web is provided in order to make payment for a decryption password that the attackers claim will unlock the data.
“We’ve detected a number of compromised websites, all of which were news or media websites,” the researchers said in their blogpost.
The researchers also noted that the cybercriminals behind Bad Rabbit appear to be fans of the popular book and TV series Game of Thrones. Code used in the malware contains the names of different characters from the series.
Advice from security professionals is to keep computers updated with the latest security software and avoid suspicious links. If your computer is already infected, the advice is to not pay the ransom.
“Best practice advice is not to pay the ransom and ensure that data is backed up so systems can be recovered if impacted,” says Andrew Clarke, a director at cybersecurity firm One Identity.
“Also [my advice is] to ensure systems are patched and up to date, as well as control administrative access across a network.”
With all the talk of how Kaspersky has been used as an avenue for Russian cyber operations, I can't help but wonder how deep is the extent by which the company is just as responsible for creating viruses as it is addressing them.
Lost in Space
Well, this looks like a bog standard "click here to destroy your computer, you idiot" social engineering attack, which probably has nothing to do with any Russian government activity.
"It's Occam's Shuriken! If the answer is elusive, never rule out ninjas!"
Causing freakouts over sourcing since 2018
Today in "why is this Internet of Things enabled?", adult toys. Site is NSFW due to images of sex toys.
BLE isn’t difficult to attack.We gave a short demo and explanation at B Sides Manchester this year. There are some good guides and tools out there, but the consequence of compromise isn’t often particularly significant. However, one category of smart device we found that often had weak BLE security were smart sex toys. You’ll doubtless know that we were shocked how easy it was to hijack a wi-fi camera dildo, we updated this work at Steel Con and reviewed a number of smart adult toys that used Bluetooth.
The other big issue is the lack of RF range, meaning that it isn’t easy to find devices in the absence of a http://wigle.net equivalent for Bluetooth. So we went hunting… and found some devices in an exploitable state… in people.
We had to give this a name. It didn’t take long: hunting for Bluetooth adult toys = screwdriving.
Shortly after I started at PTP, I took interest in a colleagues project reverse engineering the camera vibrator. Rather loudly, I announced in the office that I had a smart butt plug…. for research.
So of course my colleagues suggested that my next project should be to reverse engineer it.
Backing Big Brother: Chinese facial recognition firms appeal to funds
At stake for firms such as Sense Time Group, Face++ and Deep Glint, is a multi-billion dollar global public and private market for facial recognition technology that can quickly identify individuals by measuring major elements of their faces, such as the distance between the eyes and the curve of the cheekbones.
With the use of artificial intelligence (AI) the technology can recognize and track those wanted by the authorities by seeking a match from a database of photographs. In the commercial world it can be used for security at homes, workplaces and ATM machines, and as a part of payments systems at stores and restaurants.
I guess we will all soon need to start buying these kinds of things.
Given that you live in the US, unless you have something you want to hide or you're just a plain technofobe, I can't see why these devices would bother you so much.
I use a linux based operating system called "Tails", which includes a browser that access a network called Tor. The end result is that information I send over the internet is automatically encrypted, my anonymity is preserved because my ISP is concealed, and no one can access my hard drive.