Help & FAQs    Search BCF    Members    Groups    Events Calendar
Resend my activation email : Register : Log in 
BCF: Bike Chat Forums


Why I don't trust The Cloud

 Reply to topic
Bike Chat Forums Index -> The Geek Zone Goto page Previous  1, 2
View previous topic : View next topic  
Author Message

Islander
World Chat Champion



Joined: 05 Aug 2012
Karma :
PostPosted: 19:52 - 09 May 2023    Post subject: Reply with quote
MCN wrote:
My beef with cloud is also a network access issue.
I don't always have Internet for weeks at a time.
So manage with sticks and ssd drives.
Sandisc had some apps on one of the sticks that could crash through the work's security system and break out into the www. Freedom. The work blocked all social media and personal email. So it was a nightmare skyping home from brasil. Bastirts...
But the sandisc stick worked.
I don't know how.
We also had a guy wrote software to thwart the Great Wall of China. Not for sale, I gave sticks to his Chinese pals.
We do no know we are living in the west.

I will revisit my cloud aversion. Lots of good info here.


That'll be a VPN then. Your work security is shite. Laughing
 Back to top
View user's profile Send private message You must be logged in to rate posts

Islander
World Chat Champion



Joined: 05 Aug 2012
Karma :
PostPosted: 19:58 - 09 May 2023    Post subject: Reply with quote
Robby wrote:
My stock advice then for people who don't want to learn all this shit, and just want it to work.

Use a password manager. Let the password manager create and store your passwords. This means you never re-use a password.*

Have a strong password for your password manager, and for your microsoft and/or google accounts. They may also be doing password manager stuff for you, or even storing the master password for your other password manager. It's hard to avoid doing this.

Your 3 master passwords (password manager, google, microsoft) do not need to be impossible to remember. You're avoiding them being easily brute forced, or guessed by someone that knows you. The attacker probably only has a handful of attempts before lockout anyway. So don't go locking yourself out of your own accounts over a password you can't remember. It's also OK to write it down and keep that piece of paper somewhere safe - no-one is breaking into your house to find your password.

*re-use the biggest problem. If your google account is the same as your BCF password, and someone extracts that password from BCF, they have your google password.

Apart from that, leave auto-update turned on for everything.


I'd also add that complex passwords with indecipherable text, numbers and special characters are hard to remember and honestly counter productive. Entropy and password length are key here. Use the multiple random word method and you're golden.

The one built into KeepassXC is excellent...
 Back to top
View user's profile Send private message You must be logged in to rate posts

Nobby the Bastard
Harley Gaydar



Joined: 16 Aug 2013
Karma :
PostPosted: 20:17 - 09 May 2023    Post subject: Reply with quote
I use 'SteSucksCock5TimesADay"
____________________
trevor saxe-coburg-gotha:"Remember this simple rule - scooters are for men who like to feel the breeze on their huge, flapping cunt lips."
Sprint ST 1050
 Back to top
View user's profile Send private message You must be logged in to rate posts

xX-Alex-Xx
World Chat Champion



Joined: 12 Sep 2019
Karma :
PostPosted: 21:38 - 09 May 2023    Post subject: Reply with quote
Islander wrote:
panrider_uk wrote:
Why would you trust a password manager not to send your passwords "back home"?


Use an open source password manager with independently audited code and you'll be fine. KeepassXC comes to mind...


I’ll just leave this here:

https://nakedsecurity.sophos.com/2023/02/01/password-stealing-vulnerability-reported-in-keypass-bug-or-feature/
____________________
DILLIGAF
 Back to top
View user's profile Send private message You must be logged in to rate posts

Easy-X
Super Spammer



Joined: 08 Mar 2019
Karma :
PostPosted: 22:21 - 09 May 2023    Post subject: Reply with quote
Nobby the Bastard wrote:
I use 'SteSucksCock5TimesADay"


That must be very.... draining for you Wink
____________________
Husqvarna Vitpilen 401, Yamaha XSR700, Honda Rebel, Yamaha DT175, Suzuki SV650 (loan) Fazer 600, Keeway Superlight 125, 50cc turd scooter
 Back to top
View user's profile Send private message You must be logged in to rate posts

Islander
World Chat Champion



Joined: 05 Aug 2012
Karma :
PostPosted: 22:37 - 09 May 2023    Post subject: Reply with quote
xX-Alex-Xx wrote:
Islander wrote:


Use an open source password manager with independently audited code and you'll be fine. KeepassXC comes to mind...


I’ll just leave this here:

https://nakedsecurity.sophos.com/2023/02/01/password-stealing-vulnerability-reported-in-keypass-bug-or-feature/


Now read again.
 Back to top
View user's profile Send private message You must be logged in to rate posts

xX-Alex-Xx
World Chat Champion



Joined: 12 Sep 2019
Karma :
PostPosted: 09:09 - 10 May 2023    Post subject: Reply with quote
Islander wrote:


Now read again.


Islander wrote:


Use an open source password manager with independently audited code and you'll be fine.


Are you saying Keepass isn't?
____________________
DILLIGAF
 Back to top
View user's profile Send private message You must be logged in to rate posts

Islander
World Chat Champion



Joined: 05 Aug 2012
Karma :
PostPosted: 11:01 - 10 May 2023    Post subject: Reply with quote
xX-Alex-Xx wrote:
Islander wrote:


Now read again.


Islander wrote:


Use an open source password manager with independently audited code and you'll be fine.


Are you saying Keepass isn't?


Keepass is a different fork of the product to KeepassXC. They're both derived from KeepassX but have different code although compatible to some extent. Both were audited independently and both are excellent password managers but KeepassXC has the edge.

They also have locally hosted databases which was the point.
 Back to top
View user's profile Send private message You must be logged in to rate posts

Freddyfruitba...
World Chat Champion



Joined: 20 May 2016
Karma :
PostPosted: 12:41 - 10 May 2023    Post subject: Reply with quote
Islander wrote:
Keepass is a different fork of the product to KeepassXC. They're both derived from KeepassX but have different code although compatible to some extent.

I've used KeePass myself for years; I realise there are two versions available at https://keepass.info/ - v1 and v2 - which are both current but fundamentally different. Which is which? I'm on 1.40.1 myself (can't honestly remember why now). Is that still OK or am I supposed to worry now, in the light of the Sophos article (which is pretty much gobbledegook to me)?
____________________
KC100->CB100N->CB250RS--------->DL650AL2->R1200RS->R1250RS
 Back to top
View user's profile Send private message You must be logged in to rate posts

Islander
World Chat Champion



Joined: 05 Aug 2012
Karma :
PostPosted: 13:44 - 10 May 2023    Post subject: Reply with quote
Freddyfruitbat wrote:
Islander wrote:
Keepass is a different fork of the product to KeepassXC. They're both derived from KeepassX but have different code although compatible to some extent.

I've used KeePass myself for years; I realise there are two versions available at https://keepass.info/ - v1 and v2 - which are both current but fundamentally different. Which is which? I'm on 1.40.1 myself (can't honestly remember why now). Is that still OK or am I supposed to worry now, in the light of the Sophos article (which is pretty much gobbledegook to me)?


I'd update to the latest version (2.53.1) but take a copy of your password database before doing this (just put a copy in a different directory as a precaution but remember to get rid of it when you're done). I've not used Keepass itself for a while now but I assume the change to V2 is the same as KeepassXC and will give you the ability to backup and restore the database - it'll ask you to set a separate password for this.

The other option is to install KeepassXC which should be compatible with your current database (again, take a copy first!).

Whichever you do, it's always a good idea to keep your version current.

As far as the risk goes, it's given a CVSS score of 5.5 which is a medium (the quantitative scale goes from 0 to 10 and is divided into 5 levels - info, low, medium, high, critical) and as such should be scheduled to be mitigated as a part of the normal patching/upgrade cycle. In other words no urgency.

Let's face it, if an attacker has that level of access it's pretty much game over anyway.
 Back to top
View user's profile Send private message You must be logged in to rate posts

Freddyfruitba...
World Chat Champion



Joined: 20 May 2016
Karma :
PostPosted: 17:44 - 10 May 2023    Post subject: Reply with quote
Islander wrote:
Freddyfruitbat wrote:
I've used KeePass myself for years; I realise there are two versions available at https://keepass.info/ - v1 and v2 - which are both current but fundamentally different. Which is which? I'm on 1.40.1 myself (can't honestly remember why now).

I'd update to the latest version (2.53.1)
[...]
The other option is to install KeepassXC which should be compatible with your current database (again, take a copy first!).

Whichever you do, it's always a good idea to keep your version current.

I hear what you're saying about the version currency; however these two Keepass versions (1.x and 2.x) have been supplied by the author in parallel as long as I can remember, and both are in active development - seems more like versions A and B - pick the one you want (https://keepass.info/compare.html). Most of the items on the comparison check list are gobblegook to me, to be honest...

Looks like KeePassXC is specifically for Linux/MacOS, is that right? (https://keepass.info/download.html)
____________________
KC100->CB100N->CB250RS--------->DL650AL2->R1200RS->R1250RS
 Back to top
View user's profile Send private message You must be logged in to rate posts

MCN
Super Spammer



Joined: 22 Jul 2015
Karma :
PostPosted: 17:57 - 10 May 2023    Post subject: Reply with quote
Islander wrote:


That'll be a VPN then. Your work security is shite. Laughing


I was reminiscing about another outfit I worked for.
The used a system that rolled around the the computers on the ship. I could be blocked in the morning but the drilling office wasn't blocked. Then the drilling office would be blocked but I wasn't.

It only blocked access to www. Anything company could be done on the company intranet.

It was loooooong b4 Joe-kuhnt knew what a Vee Pee Enn was.
____________________
Disclaimer: The comments above may be predicted text and not necessarily the opinion of MCN.
 Back to top
View user's profile Send private message Send e-mail You must be logged in to rate posts

Islander
World Chat Champion



Joined: 05 Aug 2012
Karma :
PostPosted: 19:36 - 10 May 2023    Post subject: Reply with quote
Freddyfruitbat wrote:
Islander wrote:

I'd update to the latest version (2.53.1)
[...]
The other option is to install KeepassXC which should be compatible with your current database (again, take a copy first!).

Whichever you do, it's always a good idea to keep your version current.

I hear what you're saying about the version currency; however these two Keepass versions (1.x and 2.x) have been supplied by the author in parallel as long as I can remember, and both are in active development - seems more like versions A and B - pick the one you want (https://keepass.info/compare.html). Most of the items on the comparison check list are gobblegook to me, to be honest...

Looks like KeePassXC is specifically for Linux/MacOS, is that right? (https://keepass.info/download.html)


The two versions have different database standards. You can open a 1.x database with a 2.x client but not the other way around IIRC.

There's a Windows version of Keepass XC and a Mac version as well. It's properly cross platform. I run it on my Win 11 laptop. Smile

https://keepassxc.org/download/#windows
 Back to top
View user's profile Send private message You must be logged in to rate posts

Easy-X
Super Spammer



Joined: 08 Mar 2019
Karma :
PostPosted: 21:31 - 10 May 2023    Post subject: Reply with quote
I occasionally get phishing emails, something along the lines of "we saw you watching pr0n through your webcam* send us 1 bitcoin to shred the evidence!!! To prove we are the haxxor your password is..." and then it's something I haven't used since the '90s (before I knew better) Laughing

*Which would be amazing since desktop PCs don't have built-in webcams.
____________________
Husqvarna Vitpilen 401, Yamaha XSR700, Honda Rebel, Yamaha DT175, Suzuki SV650 (loan) Fazer 600, Keeway Superlight 125, 50cc turd scooter
 Back to top
View user's profile Send private message You must be logged in to rate posts

Nobby the Bastard
Harley Gaydar



Joined: 16 Aug 2013
Karma :
PostPosted: 21:33 - 10 May 2023    Post subject: Reply with quote
I'd respond with 'If you like to see me wanking, please subscribe to my OnlyFans account.'
____________________
trevor saxe-coburg-gotha:"Remember this simple rule - scooters are for men who like to feel the breeze on their huge, flapping cunt lips."
Sprint ST 1050
 Back to top
View user's profile Send private message You must be logged in to rate posts

xX-Alex-Xx
World Chat Champion



Joined: 12 Sep 2019
Karma :
PostPosted: 16:22 - 21 May 2023    Post subject: Reply with quote
Another one for anyone using KeePass 2. Doesn’t appear to affect other versions (so far)…

https://www.bleepingcomputer.com/news/security/keepass-exploit-helps-retrieve-cleartext-master-password-fix-coming-soon/
____________________
DILLIGAF
 Back to top
View user's profile Send private message You must be logged in to rate posts
  Display posts from previous:   
This page may contain affiliate links, which means we may earn a small commission if a visitor clicks through and makes a purchase. By clicking on an affiliate link, you accept that third-party cookies will be set.

Post new topic   Reply to topic    Bike Chat Forums Index -> The Geek Zone All times are GMT + 1 Hour
Goto page Previous  1, 2
Page 2 of 2

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

Read the Terms of Use! - Powered by phpBB © phpBB Group
 
Debug Mode: ON - Server: birks (www) - Page Generation Time: 0.08 Sec - Server Load: 0.32 - MySQL Queries: 17 - Page Size: 101.34 Kb