Pages:
Author

Topic: . (Read 326 times)

jr. member
Activity: 49
Merit: 25
.
May 10, 2021, 04:40:06 AM
#33
Moreover, you're prone to the WiFi attack: someone finds your cloaked SSID and creates a malicious network with a conflicting SSID, making you possibly choose that one instead of yours.

You're being paranoid. Even if attacker create malicious network with conflicting ID, there are few ways to avoid it
1. Your device will auto connect to correct network (if you already connected to it before and set it to auto-connect)
2. If both connection uses password, the malicious network should've use different password, where you shouldn't be able connect to malicious network.
3. If the fake network don't use password, you should realize it by check the security type of the WiFi network.

Hello there, Point 1 is true, but I believe there are people who don't activate this feature, they choose network manually, so if they choose true network then it will automatically connect, and if they choose wrong network then they will be asked to enter the password and here it begins.

Point 2 is what kevin meant. There are tools that create a Hotspot with the same name as your network, and monitor the access switches, that is, when you type in a password and the network and it does not work, it does not matter to them. The important thing is that the password you are trying to enter has been sent to them, and then they enter your original network through it. Ie: entering the password into the wrong network is same as chatting the hacker your original network password.

Point 3 is true, but I don't think hacker is going to make an open network because their goal is to know your password, so I believe it should be wpa or wp2.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
May 10, 2021, 05:02:21 AM
#28
Point 2 is what kevin meant. There are tools that create a Hotspot with the same name as your network, and monitor the access switches, that is, when you type in a password and the network and it does not work, it does not matter to them. The important thing is that the password you are trying to enter has been sent to them, and then they enter your original network through it. Ie: entering the password into the wrong network is same as chatting the hacker your original network password.

Very good point, i never thinking such social engineering attack. I would fell to such engineering attack and thought i simply mistyped password.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
May 10, 2021, 04:07:49 AM
#27
Moreover, you're prone to the WiFi attack: someone finds your cloaked SSID and creates a malicious network with a conflicting SSID, making you possibly choose that one instead of yours.

You're being paranoid. Even if attacker create malicious network with conflicting ID, there are few ways to avoid it
1. Your device will auto connect to correct network (if you already connected to it before and set it to auto-connect)
2. If both connection uses password, the malicious network should've use different password, where you shouldn't be able connect to malicious network.
3. If the fake network don't use password, you should realize it by check the security type of the WiFi network.
legendary
Activity: 4354
Merit: 3614
what is this "brake pedal" you speak of?
May 10, 2021, 03:06:12 AM
#26
i use paid AV and have for years. one thing i do is go through and turn off any stuff related to "upload suspicions samples" and anything else that might inadvertently send sensitive data to the AV company.

just make sure to exclude from scanning any folders or drives that have blockchains on them.
Isn't their software closed source though? Excluding folders from scanning and turning off stuff related to file uploading sounds more like turning your phone into airplane mode and thinking it'd stop anyone from eavesdropping..

oh its the honor system on their end, im sure its fine /s

gotta trust at some point or just simply not run AV at all.
legendary
Activity: 1134
Merit: 1599
May 10, 2021, 02:46:44 AM
#25
i use paid AV and have for years. one thing i do is go through and turn off any stuff related to "upload suspicions samples" and anything else that might inadvertently send sensitive data to the AV company.

just make sure to exclude from scanning any folders or drives that have blockchains on them.
Isn't their software closed source though? Excluding folders from scanning and turning off stuff related to file uploading sounds more like turning your phone into airplane mode and thinking it'd stop anyone from eavesdropping..
legendary
Activity: 4354
Merit: 3614
what is this "brake pedal" you speak of?
May 09, 2021, 08:37:48 PM
#24
The use of anti-virus applications is at your own risk, it only half protection, but for me I do not recommend using it. Firstly because of personal experience, secondly because there were many programs in the past years ago that used to give wrong results and delete applications automatically, and as a result I did not recommend using them and preferred to take safety measures myself. But everyone benefits from his experience. I have not tried modern applications, but I have heard about them from my friends. Perhaps I have a complex from them.

The risk is if you use software that is free and has a very low level of protection, and also collects your data and sells it to third parties. For anyone who uses Windows OS, I would recommend some kind of protection (I mean pay protection), and for me personally Malwarebytes Premuim + Norton do a great job - I haven't had a virus or malware on my computer for more than 5 years.

I know that W10 users have Windows Defender + firewall turned on by default, maybe for some it's enough protection - I personally think that every user can get much better protection for relatively little money - and when it comes to cryptocurrencies, we are all even more exposed to online threats - many realized this after it was too late.

i use paid AV and have for years. one thing i do is go through and turn off any stuff related to "upload suspicions samples" and anything else that might inadvertently send sensitive data to the AV company.

just make sure to exclude from scanning any folders or drives that have blockchains on them.

legendary
Activity: 2744
Merit: 3097
Top Crypto Casino
May 09, 2021, 04:32:28 PM
#23
Hi, VPN does encrypt only the Internet connection, but it doesn't do any thing with local computer. Means if you use VPN through insecure Wi-Fi network, then your files on the local computer are insecure. Why? Because of vulnerabilities on the operating systems, Just a one vulnerability with Media Player (for example) will put all the files in risk, even if using VPN. Basically VPNs doesn't let your ISP track your web requests.
Most of the vulnerabilities you are talking about are only exploitable when you and the attacker are connected to the same local network. However, aside from encrypting the traffic, vpns, as the name suggests, connect your device to a private network. Meaning it isolates it which make any other device on the local network unable to access it.
But it always recommended to always update your OS and all the softwares installed on it to patch any known vulnerability.
legendary
Activity: 1134
Merit: 1599
May 09, 2021, 04:28:29 PM
#22
But if you're the one who owns it and you can monitor who are the ones connected, there's nothing to worry about. Yes, it's hackable but there's a feature that you can hide your own wife connection into the other device and that means you're the only one who knows how to unveil it.
I disagree. Any device that has a wireless component poses a risk of security. As long as the device emits waves, with the right devices you could get to some pretty significant information through it. Besides this, there's most likely the possibility of finding hidden networks around you. Hidden SSIDs do not mean you're safe from hacks, nor does placing your Bluetooth device on "hidden". Moreover, you're prone to the WiFi attack: someone finds your cloaked SSID and creates a malicious network with a conflicting SSID, making you possibly choose that one instead of yours. Ethernet makes you 100% sure that the network connecti9n is coming from your ISP.
hero member
Activity: 3136
Merit: 591
Leading Crypto Sports Betting & Casino Platform
May 09, 2021, 04:16:41 PM
#21
I agree about public networks/wifi. I don't connect to them with my device but if it's your personal or home wifi why wouldn't you connect?
Because WiFi networks are hackable, otherwise you would be using an ethernet cable. Or, be careful with passwords as mentioned here:
But if you're the one who owns it and you can monitor who are the ones connected, there's nothing to worry about. Yes, it's hackable but there's a feature that you can hide your own wife connection into the other device and that means you're the only one who knows how to unveil it.

As long as it's my own flash drive and I know that it's free from any virus or malware, why would I stop connecting it if it's a personal use flash drive?
To take maximum safety measures, no more. But if you know what you're doing then definitely no problem, but I mentioned that to those who don't care, or think it's normal.
Yes, it's a case to case basis. But there are many people that don't think about this matter and it's fine to have them reminded.
legendary
Activity: 2744
Merit: 3097
Top Crypto Casino
May 08, 2021, 06:50:28 PM
#20
^^
If your home WiFi isn't protected by a strong password and doesn't use good encryption such as WPA2 then anyone can connect to it and become part of your local network wich allows him to execute a man-in-the-middle-attack, for example.
It's also possible for anyone who is connected to your local network to intercept all the data your device sends/receives. To mitigate this risk you should connect through a vpn which will encrypt the transmitted data and render it useless for the attacker.
full member
Activity: 1792
Merit: 186
May 08, 2021, 05:54:12 PM
#19
Not using your home wifi?  I dont get this part.  I mean even if you visit bad sites... it shouldn't or can't affect your wifi or internet connection right?


legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
May 08, 2021, 05:37:49 AM
#18
The use of anti-virus applications is at your own risk, it only half protection, but for me I do not recommend using it. Firstly because of personal experience, secondly because there were many programs in the past years ago that used to give wrong results and delete applications automatically, and as a result I did not recommend using them and preferred to take safety measures myself. But everyone benefits from his experience. I have not tried modern applications, but I have heard about them from my friends. Perhaps I have a complex from them.

The risk is if you use software that is free and has a very low level of protection, and also collects your data and sells it to third parties. For anyone who uses Windows OS, I would recommend some kind of protection (I mean pay protection), and for me personally Malwarebytes Premuim + Norton do a great job - I haven't had a virus or malware on my computer for more than 5 years.

I know that W10 users have Windows Defender + firewall turned on by default, maybe for some it's enough protection - I personally think that every user can get much better protection for relatively little money - and when it comes to cryptocurrencies, we are all even more exposed to online threats - many realized this after it was too late.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
May 08, 2021, 05:34:29 AM
#17
However, if you use HDD and use it to boot the OS, you'll notice your computer run slower.

But i wouldn't use encryption if you're regular user, since recovering the file will be far more difficult.

Whole-disk encryption is unrecommended because the encrypting is part of the operating system, and it can lead to lockout problems even if the files themselves are fine. One error can literally lock you out of the whole drive.


I've heard that before, but are there any case where it actually happen?

File-and-folder encryption can be just as secure as whole-disk encryption.

On most cases, i agree.
hero member
Activity: 1456
Merit: 940
🇺🇦 Glory to Ukraine!
May 08, 2021, 05:30:03 AM
#16
However, if you use HDD and use it to boot the OS, you'll notice your computer run slower.

But i wouldn't use encryption if you're regular user, since recovering the file will be far more difficult.

Whole-disk encryption is unrecommended because the encrypting is part of the operating system, and it can lead to lockout problems even if the files themselves are fine. One error can literally lock you out of the whole drive.

File-and-folder encryption can be just as secure as whole-disk encryption.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
May 08, 2021, 04:19:19 AM
#15
It's possible with VeraCrypt, besides the decryption process is quite fast. Here's a guide, https://www.howtogeek.com/howto/6169/use-truecrypt-to-secure-your-data/.

Are you sure its fast? I didn't do research about it so i can't blabla like i do. Can you please tell me what kind of encryption they use? They maybe have a very modern processor to use that software. And it depends on the algorithm/encryption trick that they use. Can you provide more details for it?

It's fast because it only encrypt/decrypt file which need to be read/written. I tried it with SSD once and can't notice the difference, unless i run 3D application ir copy lots of files. However, if you use HDD and use it to boot the OS, you'll notice your computer run slower.

But i wouldn't use encryption if you're regular user, since recovering the file will be far more difficult.
hero member
Activity: 1456
Merit: 940
🇺🇦 Glory to Ukraine!
May 08, 2021, 03:59:10 AM
#14
It's possible with VeraCrypt, besides the decryption process is quite fast. Here's a guide, https://www.howtogeek.com/howto/6169/use-truecrypt-to-secure-your-data/.

Are you sure its fast? I didn't do research about it so i can't blabla like i do. Can you please tell me what kind of encryption they use? They maybe have a very modern processor to use that software. And it depends on the algorithm/encryption trick that they use. Can you provide more details for it?

It depends on which type of encryption you want to use. The standard settings are "AES" encryption and "SHA-256" hash algorithm, which are very good choices.
AES is a symmetric key encryption cipher, and it is generally regarded as the "gold standard" for encrypting data. Encrypting and decrying data with symmetric encryption much faster than with asymmetric encryption. Generally, symmetric ciphers are said to be around "1000 times faster" than asymmetric ones.

You can read more about how AES encryption work here: https://proprivacy.com/guides/aes-encryption
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
May 08, 2021, 03:10:31 AM
#13
What's the point of removing drive letter?

Removing the hard disk character in the case of dual boot only, it makes the only visible volume that which includes the Windows (it cannot be removed at all). Its purpose is to secure windows volume from piracy from the other volume that contains insecure Windows.

I get the point and it's useful assuming dangerous application rely on drive letter, but it's possible to access the drive directly (with admin privilege) without drive latter.

you better use drive encryption (such as LUKS).

Using this will not cause Windows to boot. Simply because the files will be encrypted and it is not programmed to boot from it. This will require a new boot system to be programmed that will completely decrypt Windows files (more than 10 gigabytes) every booting.

It's possible with VeraCrypt, besides the decryption process is quite fast. Here's a guide, https://www.howtogeek.com/howto/6169/use-truecrypt-to-secure-your-data/.
legendary
Activity: 1162
Merit: 2025
Leading Crypto Sports Betting & Casino Platform
May 07, 2021, 07:15:21 PM
#12
As it has already been said, if one wants to store one's crypto in a secure way, a reliable hardware wallet is the way to go.
Now, implying this si not only about the assest but also about general security, privacy and ways to avoid malware, then I believe some of the measures you described are correct.
But i am afraid the regular user might be not familiarized with Linux for example, for most of people it has always been easier to go mainstream and stay in Windows.
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
May 07, 2021, 10:34:04 AM
#11
Your words are certainly true, but I meant a full-fledged device to use cryptocurrencies, including surfing the web, paying, etc.
I would avoid using that device to surf internet if I am having a dedicated device for crypto storage, and its possible to make payments from other device which is connected to internet which is normally called airgapped wallet, more secure but little bit complicated for everyday user.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
May 07, 2021, 09:47:23 AM
#10
    • Do not use Windows, it is more vulnerable to hacking than other operating systems.

    Windows operating systems are definitely a risk, but which OS is 100% secure? I've always used this OS and I never had any serious problem - although a lot depends on how someone uses their computer. Anyone looking for trouble in pirated software, torrents and suspicious sites will pick up something malicious sooner or later.

    • Do not let anyone else use the device - from experience - I tell you, most people activate things that you will never expect, and that may cause you panic in the future, for example, activating Notifactions while browsing a site that loves ads, which may make you suspect the presence of a virus in the future.

    This is something I fully support, because you never know what a friend or acquaintance may install on your device without your knowledge - or what they can use your IP address for - to send a threatening message to a politician Roll Eyes

    • Do not install anti-virus software! (personal opinion). Sometimes these applications erase your private data as viruses, in addition to their black history that has been discussed in forums such as MSFN.

    This has never happened to me, and I have been using AV for a very long time - always of course paid and reputable versions that have always been helpful to me. Why would AV delete any data at all? Each AV I used will quarantine any suspicious file or program, and the user can decide whether to leave it there, delete it, or exclude it as a threat.

    • Do not use Public or Home WiFi networks! It can be tracked and hacked using free tools.

    Public wireless networks are definitely a bad choice, bad guys have a great selection of hacking tools that can steal everything we type on a compromised public network - avoid it at all costs. A wired connection to a home modem (landline) is the most secure way to access the Internet, although properly protected wi-fi (wpa-psk2 + WPS off + random password) provides a sufficient level of protection for the home network.

    Several years ago the safety was not like today, this category of society was being exploited. Many sites offer, for example, photshop for downloading with the crack and still, so far, they can easily stick any tool that monitors you and steal files, pictures, or encrypt files and then ask for money.

    I would not agree that people were more aware of computer security before, although we can talk about the fact that some parts of the world use more pirated software than others or have a better education where children learn the basics of using the Internet in primary school. More and more people have moved online since we had the pandemic, which means they spend a lot more time online and are more exposed to various internet threats.
    Pages:
    Jump to: