Topic: Stay safe. - page 3. (Read 15416 times)
Why can't they just sticky this again? Shouldn't be hard, and would be really appreciated.
Always concerned for my security especially with all the news coming out these days.. thanks alot for sharing the information with the rest of us.
This thread should be stickied.
It once was, then trolls got to me, I took everything in the thread out [Im a to fast of a thinker and what I did was wrong so I very much doubtfully it will be stickied again.] it got unstickied so now it is located through https://bitcointalksearch.org/topic/newbie-readme-177133
I feel I broke the freedom of speech when I removed the thread and betrayed us all by doing it :/, It's something I learned from.
This thread should be stickied.
Useful information for all
Great thread , thanks for valuable info.
Heartbleed bug. List of site reported that was effected.
http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
Lastpass was the last on the list. Fixed and patched.
http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
Lastpass was the last on the list. Fixed and patched.
Thanks for sharing this usefull info 
Thanks OP for the great info. Was looking for tips on security. PGP was on my to do list
Me gusta this thread.
Thanks for the advice op, bookmarked this thread.
Thanks for the advice op, bookmarked this thread.
great information, thanks!
about the software, what about PASSWORD SAFE?
it's open source and it's free!
about the software, what about PASSWORD SAFE?
it's open source and it's free!
Edited and added
Quote
Additional Notes:
With the latest LastPass as of the moment 3.1.0, and you have a system strong computer system you may up the PW iterations. Raise in increments of 100 or 1000. Anything high might be bad for mobile devices or slow computers. I set mine at 200000 Not recommended if you do not know what you're doing..
https://helpdesk.lastpass.com/security-options/password-iterations-pbkdf2/
With the latest LastPass as of the moment 3.1.0, and you have a system strong computer system you may up the PW iterations. Raise in increments of 100 or 1000. Anything high might be bad for mobile devices or slow computers. I set mine at 200000 Not recommended if you do not know what you're doing..
https://helpdesk.lastpass.com/security-options/password-iterations-pbkdf2/
Quote
Block unencrypted content on encrypted sites with Firefox or a browser equivalent to Firefox.
With the latest Firefox ESR or latest release of firefox, you may block mixed content at about:config. I don't know about earlier versions of FF.
Also two addons add two buttons to easily disable or enable these settings.
https://addons.mozilla.org/en-US/firefox/addon/toggle-mixed-active-content/
https://addons.mozilla.org/en-US/firefox/addon/toggle-mixed-display-content/
With the latest Firefox ESR or latest release of firefox, you may block mixed content at about:config. I don't know about earlier versions of FF.
Code:
security.mixed_content.block_display_content : true
security.mixed_content.block_active_content : true
Also two addons add two buttons to easily disable or enable these settings.
https://addons.mozilla.org/en-US/firefox/addon/toggle-mixed-active-content/
https://addons.mozilla.org/en-US/firefox/addon/toggle-mixed-display-content/
Quote
An option too up your google account security.
The security question for google, allows you to change it to a custom question.
I took with my lastpass addon and generated a character password with Show advance options ticked, everything ticked to make your password the strongest. Copy generated password, paste as security question.
Go back to generate a new password and generate a new password with highest strength possible, copy and paste for the answer.
Save/update google settings.
Open a secure note for lastpass and keep these two generated password stored under its title question/answer, which is protected by your masterpassword for lastpass.
It's just a blockade against a security question attack on your google account or any other account that has this security question feature.
The security question for google, allows you to change it to a custom question.
I took with my lastpass addon and generated a character password with Show advance options ticked, everything ticked to make your password the strongest. Copy generated password, paste as security question.
Go back to generate a new password and generate a new password with highest strength possible, copy and paste for the answer.
Save/update google settings.
Open a secure note for lastpass and keep these two generated password stored under its title question/answer, which is protected by your masterpassword for lastpass.
It's just a blockade against a security question attack on your google account or any other account that has this security question feature.
Great site. Thanks for the info.
Do you recommend getting the Xmarks bundle package with LastPass premium?
Cheers,
James
Do you recommend getting the Xmarks bundle package with LastPass premium?
Cheers,
James
keepass has addons which allow sftp of the database file to a selected server. This is a good option to back up you password database.
http://keepass.info/plugins.html#ioprotocolext for sftp addon KeePass 2.x
http://keepass.info/plugins.html#ioprotocolext for sftp addon KeePass 2.x
This is a good safety guide, I'd like to throw in a vote for Password Safe.
I'd also like to suggest you check out TrueCrypt, an Open Source solution for encrypted file storage. It's portable and works under Linux, Windows and Mac.
Finally, I have to wish more sites were willing to use Google's OTP 'Authenticator'. It's one of the reasons I like Slush's pool.
-Edited for spelling
I'd also like to suggest you check out TrueCrypt, an Open Source solution for encrypted file storage. It's portable and works under Linux, Windows and Mac.
Finally, I have to wish more sites were willing to use Google's OTP 'Authenticator'. It's one of the reasons I like Slush's pool.
-Edited for spelling
Block bad stuff with Hosts file by MVPS < Has been edited.
MVPS is now supplying their hosts file with 0.0.0.0 rather 127.0.0.1.
Good move on mvps's part. Saves them space as well.
Edit:
I suppose if you want to be hardcore secure, linux is the route. No windows>linux virtual stuff. No windows period.
MVPS is now supplying their hosts file with 0.0.0.0 rather 127.0.0.1.
Good move on mvps's part. Saves them space as well.
Edit:
I suppose if you want to be hardcore secure, linux is the route. No windows>linux virtual stuff. No windows period.
By "not staying safe", are you referring to using Windows over all..? 
My wife uses this PC also, so unfortunately there really isn't any option for Windows.
Thinking more about this Linux virtualization; theoretically if there where some key tracking malware on Windows, it could read all keys pressed when using the Linux wallet. But I'm not sure if this could cause any problems or not?
How about the wallet file; is it safe when using virtualized Linux? Where exactly would it be stored, and could it be possile that some Windows malware could access it?
My wife uses this PC also, so unfortunately there really isn't any option for Windows.
Thinking more about this Linux virtualization; theoretically if there where some key tracking malware on Windows, it could read all keys pressed when using the Linux wallet. But I'm not sure if this could cause any problems or not?
How about the wallet file; is it safe when using virtualized Linux? Where exactly would it be stored, and could it be possile that some Windows malware could access it?
Interesting. I have tried all before I read this thread though but it's a good one for newbies, especially for those who just can't stay "safe".
If using Windows, would it be a good idea from security point of view to handle all wallets by running a virtualized Linux on top of Windows? This way I wouldn't need to start the computer to Linux with CD everytime I need to handle wallets, but are the any risks from security point of view?
They are still on the same computer and using the same memory, but I would think that if the Windows is affected by some malware, it shouldn't be possible to address Linux applications anyhow.
They are still on the same computer and using the same memory, but I would think that if the Windows is affected by some malware, it shouldn't be possible to address Linux applications anyhow.
Jump to: