Topic: . (Read 287 times)

Hello there, Point 1 is true, but I believe there are people who don't activate this feature, they choose network manually, so if they choose true network then it will automatically connect, and if they choose wrong network then they will be asked to enter the password and here it begins.

Point 2 is what kevin meant. There are tools that create a Hotspot with the same name as your network, and monitor the access switches, that is, when you type in a password and the network and it does not work, it does not matter to them. The important thing is that the password you are trying to enter has been sent to them, and then they enter your original network through it. Ie: entering the password into the wrong network is same as chatting the hacker your original network password.

Point 3 is true, but I don't think hacker is going to make an open network because their goal is to know your password, so I believe it should be wpa or wp2.

Very good point, i never thinking such social engineering attack. I would fell to such engineering attack and thought i simply mistyped password.

You're being paranoid. Even if attacker create malicious network with conflicting ID, there are few ways to avoid it
1. Your device will auto connect to correct network (if you already connected to it before and set it to auto-connect)
2. If both connection uses password, the malicious network should've use different password, where you shouldn't be able connect to malicious network.
3. If the fake network don't use password, you should realize it by check the security type of the WiFi network.

oh its the honor system on their end, im sure its fine /s

gotta trust at some point or just simply not run AV at all.

Isn't their software closed source though? Excluding folders from scanning and turning off stuff related to file uploading sounds more like turning your phone into airplane mode and thinking it'd stop anyone from eavesdropping..

i use paid AV and have for years. one thing i do is go through and turn off any stuff related to "upload suspicions samples" and anything else that might inadvertently send sensitive data to the AV company.

just make sure to exclude from scanning any folders or drives that have blockchains on them.

Most of the vulnerabilities you are talking about are only exploitable when you and the attacker are connected to the same local network. However, aside from encrypting the traffic, vpns, as the name suggests, connect your device to a private network. Meaning it isolates it which make any other device on the local network unable to access it.
But it always recommended to always update your OS and all the softwares installed on it to patch any known vulnerability.

I disagree. Any device that has a wireless component poses a risk of security. As long as the device emits waves, with the right devices you could get to some pretty significant information through it. Besides this, there's most likely the possibility of finding hidden networks around you. Hidden SSIDs do not mean you're safe from hacks, nor does placing your Bluetooth device on "hidden". Moreover, you're prone to the WiFi attack: someone finds your cloaked SSID and creates a malicious network with a conflicting SSID, making you possibly choose that one instead of yours. Ethernet makes you 100% sure that the network connecti9n is coming from your ISP.

But if you're the one who owns it and you can monitor who are the ones connected, there's nothing to worry about. Yes, it's hackable but there's a feature that you can hide your own wife connection into the other device and that means you're the only one who knows how to unveil it.

Yes, it's a case to case basis. But there are many people that don't think about this matter and it's fine to have them reminded.

^^
If your home WiFi isn't protected by a strong password and doesn't use good encryption such as WPA2 then anyone can connect to it and become part of your local network wich allows him to execute a man-in-the-middle-attack, for example.
It's also possible for anyone who is connected to your local network to intercept all the data your device sends/receives. To mitigate this risk you should connect through a vpn which will encrypt the transmitted data and render it useless for the attacker.

Not using your home wifi?  I dont get this part.  I mean even if you visit bad sites... it shouldn't or can't affect your wifi or internet connection right?

The risk is if you use software that is free and has a very low level of protection, and also collects your data and sells it to third parties. For anyone who uses Windows OS, I would recommend some kind of protection (I mean pay protection), and for me personally Malwarebytes Premuim + Norton do a great job - I haven't had a virus or malware on my computer for more than 5 years.

I know that W10 users have Windows Defender + firewall turned on by default, maybe for some it's enough protection - I personally think that every user can get much better protection for relatively little money - and when it comes to cryptocurrencies, we are all even more exposed to online threats - many realized this after it was too late.

I've heard that before, but are there any case where it actually happen?


On most cases, i agree.

Whole-disk encryption is unrecommended because the encrypting is part of the operating system, and it can lead to lockout problems even if the files themselves are fine. One error can literally lock you out of the whole drive.

File-and-folder encryption can be just as secure as whole-disk encryption.

It's fast because it only encrypt/decrypt file which need to be read/written. I tried it with SSD once and can't notice the difference, unless i run 3D application ir copy lots of files. However, if you use HDD and use it to boot the OS, you'll notice your computer run slower.

But i wouldn't use encryption if you're regular user, since recovering the file will be far more difficult.

It depends on which type of encryption you want to use. The standard settings are "AES" encryption and "SHA-256" hash algorithm, which are very good choices.
AES is a symmetric key encryption cipher, and it is generally regarded as the "gold standard" for encrypting data. Encrypting and decrying data with symmetric encryption much faster than with asymmetric encryption. Generally, symmetric ciphers are said to be around "1000 times faster" than asymmetric ones.

You can read more about how AES encryption work here: https://proprivacy.com/guides/aes-encryption

I get the point and it's useful assuming dangerous application rely on drive letter, but it's possible to access the drive directly (with admin privilege) without drive latter.


It's possible with VeraCrypt, besides the decryption process is quite fast. Here's a guide, https://www.howtogeek.com/howto/6169/use-truecrypt-to-secure-your-data/.

As it has already been said, if one wants to store one's crypto in a secure way, a reliable hardware wallet is the way to go.
Now, implying this si not only about the assest but also about general security, privacy and ways to avoid malware, then I believe some of the measures you described are correct.
But i am afraid the regular user might be not familiarized with Linux for example, for most of people it has always been easier to go mainstream and stay in Windows.

I would avoid using that device to surf internet if I am having a dedicated device for crypto storage, and its possible to make payments from other device which is connected to internet which is normally called airgapped wallet, more secure but little bit complicated for everyday user.

Windows operating systems are definitely a risk, but which OS is 100% secure? I've always used this OS and I never had any serious problem - although a lot depends on how someone uses their computer. Anyone looking for trouble in pirated software, torrents and suspicious sites will pick up something malicious sooner or later.


This is something I fully support, because you never know what a friend or acquaintance may install on your device without your knowledge - or what they can use your IP address for - to send a threatening message to a politician


This has never happened to me, and I have been using AV for a very long time - always of course paid and reputable versions that have always been helpful to me. Why would AV delete any data at all? Each AV I used will quarantine any suspicious file or program, and the user can decide whether to leave it there, delete it, or exclude it as a threat.


Public wireless networks are definitely a bad choice, bad guys have a great selection of hacking tools that can steal everything we type on a compromised public network - avoid it at all costs. A wired connection to a home modem (landline) is the most secure way to access the Internet, although properly protected wi-fi (wpa-psk2 + WPS off + random password) provides a sufficient level of protection for the home network.


I would not agree that people were more aware of computer security before, although we can talk about the fact that some parts of the world use more pirated software than others or have a better education where children learn the basics of using the Internet in primary school. More and more people have moved online since we had the pandemic, which means they spend a lot more time online and are more exposed to various internet threats.