[Vesuvius]

Should I be concerned about someone stealing my shit through the computer if online?

I was thinking of putting by schwag on a PC not hooked up to the NET for protection? Or can someone still get it?

I'm invested in this endeavor.

Had my identity stolen before.

Surely y'all can understand.

Please don't tell me I'm confined to the quill and ink!

[Badstuber]

It is certainly possible.

Be sure to not download anything stupid and only visit trusted websites.

And get Avira Antivir Personal, the best free AV available. Be sure to keep it up to date too.

http://www.avira.com/en/avira-free-antivirus

[oldnemesis]

(01-08-2011 10:44 PM)Vesuvius Wrote:  

Should I be concerned about someone stealing my shit through the computer if online?

Use Linux, and be safe. Have been using it last ten years, never had an AV or firewall. Best of all, it is free.

[Feo]

Oldnem..Do you have any good sites or tips for using linux? A friend is making me a distribution, but I'm thinking I'll do a partition for a while until I get used to the format. How is it in comparison to MacOS or Windows? Pros and cons.

[Roosh]

I use a secure VPN (http://www.strongvpn.com) in public hotspots.

[oldnemesis]

(01-09-2011 11:05 PM)Feo Wrote:  

Oldnem..Do you have any good sites or tips for using linux?

Get a good, recent, easy-to-use distribution. Latest version of Fedora or OpenSuSE.
Prepare to spend some time learning how things are done in Linux. Use google often. Consider it getting new experience you can add into your resume.
Install familiar software - Firefox, Thunderbird (if you use it), will make things easy.

Quote:

A friend is making me a distribution, but I'm thinking I'll do a partition for a while until I get used to the format. How is it in comparison to MacOS or Windows? Pros and cons.

Personally I very dislike Apple and their products (mostly because of their "golden cage" approach), so my opinion would be biased. I'd say try it yourself. It is not for everyone.

[playa_with_a_passport]

I work in the computer security department at my job. I also have done some work in computer forensics. We have like 20 members on our team plus subcontractors and vendor consultants and we still getting hit even with all of our resources it gets a little overwhelming sometimes. At home what I do is keep two PC's, one is hidden in the closet(I worry more about real burglaries). And the other one is in the bedroom which I used for everyday use. If I need to access anything from the closet machine, I just remote desktop into it. However, this set up leaves me vulnerable for key loggers in shitty cyber Cafes overseas.

I tried linux(OpenSuse) and even thought is light speeds ahead of the Solaris servers I used to telnet into in my undergrad days I wouldn't recommend it for a novice.

[oldnemesis]

(01-10-2011 04:44 PM)playa_with_a_passport Wrote:  

However, this set up leaves me vulnerable for key loggers in shitty cyber Cafes overseas.

In Thailand I used an USB stick with OpenSuSE Live installed. Booted the machine from it. Went through three cafes, the guy running fourth agreed (maybe it was just his English was good enough to understand what I want). If you're really paranoid like me, use the on-screen keyboard widget when you're typing your passwords to protect against hardware keyloggers.

[Badstuber]

Or install keyscrambler on the cyber cafe pc
http://www.qfxsoftware.com/

[Aliblahba]

I use Linux Mint w/ google chrome as the browser. Old Nemesis is right about the learning curve, but it's worth it. The only MS software I use is Office 07 (for resumes) which is run using Wine. I've never had an OS crash that wasn't my fault or a virus. Using Linux is like being liberated from a vicious dictatorship.

[Vesuvius]

Thank you for all the helpful tips. I think what I'll do for now is put the book on another PC not hooked up to the NET.

When I get to the second draft I'll start delving into more NET security.

[Badstuber]

(01-10-2011 07:32 PM)Aliblahba Wrote:  

I use Linux Mint w/ google chrome as the browser. Old Nemesis is right about the learning curve, but it's worth it. The only MS software I use is Office 07 (for resumes) which is run using Wine. I've never had an OS crash that wasn't my fault or a virus. Using Linux is like being liberated from a vicious dictatorship.

You could even use AbiWord to eliminate all Windows software on your pc.

[oldnemesis]

(01-10-2011 07:28 PM)Badstuber Wrote:  

Or install keyscrambler on the cyber cafe pc

It won't help, I'm talking about hardware keylogger - the one between the keyboard and PC (or even built into the keyboard). Logging happens before any scrambler even gets to the data.

Another trick to avoid keylogger issues, besides using on-screen keyboard, is to put a lot of different characters into the "username" field. They you select characters for password with your mouse, and use clipboard (Ctrl+C, Ctrl+V) keys to copy them.

[oldnemesis]

(01-10-2011 08:53 PM)Badstuber Wrote:  

You could even use AbiWord to eliminate all Windows software on your pc.

Are you using it with Office 2007 documents?

[Badstuber]

(01-12-2011 05:12 PM)oldnemesis Wrote:  

It won't help, I'm talking about hardware keylogger - the one between the keyboard and PC (or even built into the keyboard). Logging happens before any scrambler even gets to the data.

That's true. Keyscrambler only works on a software keylogger.

[Badstuber]

(01-12-2011 05:14 PM)oldnemesis Wrote:  

(01-10-2011 08:53 PM)Badstuber Wrote:  

You could even use AbiWord to eliminate all Windows software on your pc.

Are you using it with Office 2007 documents?

I only tried it on Office 2003 documents and they work fine.
I doubt it won't work on 2007/2010 docs.

[Cruatha]

First off, if you've got a hardware keylogger on the machine you are using, you're fucked. Don't use potentially compromised machines.

If you're worried about traffic sniffing, use a VPN like StrongVPN or IPREDator. You pretty much need it these days if you're using public (cafe) wifi.

[Arobin]

What are the threats you guys are trying to mitigate with these security countermeasures? They don't seem especially valuable.

VPN - Mitigates traffic sniffing. But many sites that transmit sensitive information already use SSL which mitigates this already (gmail, online banking, etc).

Keystroke Scrambler - Mitigates software keyloggers. I guess this is sort of reasonable. It can't *really* hide all data from keyloggers because a keylogger has control of the kernel and the kernel can't "hide" secrets from itself, but usage of anti-keyloggers is probably so rare that keylogger developers don't bother trying to defeat them. Though a sophisticated enough rootkit could easily do this.

On Screen Keyboard - Mitigates hardware keyloggers. This seems pretty pointless to me. The odds of finding a hardware keylogger seem very slim, considering that software keyloggers are much cheaper and easier to deploy and collect data from. Using an on screen keyboard mitigates the threat of a hardware keylogger but greatly increases your risk of someone reading your password over your shoulder. In the time it takes you to type out your information via OSK, you could just peek behind the computer to look for a hardware keylogger.

My advice is to above all keep all your software up to date, especially the OS itself and your internet browser. Set Windows Update to download and install updates automatically and have your browser do the same. Don't use OSes that are no longer supported by the vendor (e.g. Windows XP and earlier).

[oldnemesis]

(01-12-2011 05:24 PM)Cruatha Wrote:  

First off, if you've got a hardware keylogger on the machine you are using, you're fucked.

I assume that there is a hardware keylogger on EVERY machine I'm using which is not mine. Especially those used in Internet Cafes.

Quote:

If you're worried about traffic sniffing, use a VPN like StrongVPN or IPREDator.

It is also good if you want to access some web sites from Thailand, for example. Quite a lot of web sites were blocked from there. For example, even access to the Wikipedia article about the Thai King was blocked (but at the same time the article about Queen Sirikit was not). I also found local DNS to be quite unreliable.

[oldnemesis]

(01-16-2011 10:01 AM)Arobin Wrote:  

In the time it takes you to type out your information via OSK, you could just peek behind the computer to look for a hardware keylogger.

Every hardware keylogger I've seen looked just like regular USB-PS2 keyboard connector.

[Arobin]

Just a heads up to those concerned with security on public wi-fi networks. Facebook has added the ability to always use HTTPS, which encrypts your Facebook session with SSL. This prevents others on the network from hijacking your facebook session and logging in as you (trivial to do with Firesheep).

To enable it in Facebook:

1. Click Account > Account Settings.
2. Next to Account Security, click "change".
3. Check the box marked "Browse Facebook on a secure connection (https) whenever possible."

The feature is being rolled out incrementally to users, so if you don't see it, keep checking for it.

[BIGINJAPAN]

Hey guys what do you recommend for a gnu/linux OS ? I want to be free of microsoft, google, apple for the rest of my life. I have a custom built desktop I use for trading with multiple screens and I have a HP pavilion g series laptop. My understanding is I can't have the same OS for both as there is specific OS's for a laptop. So which would be the best gnu/linux for running multiple screens and which one for running a laptop ?