How vulnerable are individuals to cyber attacks?

braumeister said:
I've been using 1Password ever since it first came out and it has never disappointed me. Just keeps getting better and better as they continually add more functionality. A pleasure to use and I have confidence in it.
Click to expand...

I wanted to explain why I used KeePass and not something like 1Password. Simple, I control the key and I can save the password files it anywhere I want.
Also, you don't need to pay for this. If you check out "best password managers" you will only find "paid" or limited versions. Why, because they pay the reviewers... some might say they don't at least not directly.. No ads from open source software. KeePass was in the early reviews but strangely dropped a few years ago.

Having said all that I do use the Edge password keeper also, it is encrypted and shared among my devices. Just install Edge (Browser) and you are good to go. Google's Chrome is another option but they make most money from Ads, as does MS so user beware.
 
The only addition to security I've added recently is to download the free version of Malwarebytes. Then I set it for not giving me notifications (plus the sales pitch). Lastly about once a weak I have it check for updates which are usually just downloading recent threats.

I run it manually about once a week. A useful addition to Windows Defender.
 
I just got a email supposedly from PenFed welcoming me to Penfed v2.

What is that about?

It had a link for me to use to start using version 2.
I think it's a fishing attack. I deleted the email.
 
Sunset said:
An attacker can phone schwab and pretend to be the customer, and get around the security of having a token.

Schwab says:
"My physical token or mobile device has been lost or stolen. What should I do?

Please call Schwab at 800-435-4000. We will provide you with a temporary security code to access your account."
Click to expand...

The attacker would have to pass Schwab’s voice ID system and also know your verbal password.

I have both the token and phone app in use and have been happy with their system.
 
Last edited:
target2019 said:
My network manager friend in gov't texted me last night. "Seeing increase in dictionary attacks from outside U.S. Strengthen your passwords."

In the security world there's very little discussion of OS platform. It's about the current threat level.
Click to expand...
Article that explains how quickly an 8-character password can be guessed by a GPU. https://www.techrepublic.com/articl...ssword-could-be-cracked-in-less-than-an-hour/

We're using random 19-character passwords generated by 1Password.

Below is a portion of a dictionary attack.
 

Attachments

  • 2022-03-05 at 4.52.43 PM.jpeg
    2022-03-05 at 4.52.43 PM.jpeg
    58 KB · Views: 15
jim584672 said:
Linux user, so not concerned. No one is going to bother since no one uses Linux, not worth the effort to attack it. Even if they did, Linux is not as easy to attack as Windows.

I only use Windows on machines that don't matter, like Media Center type stuff.
Click to expand...

I actually had a linux box accessed remotely by a scammer. See my post above. It was Ubuntu. I had TightVNC running on an open port I had forgot to close. I also had 2 other windows boxes running it, but only the linux box was used for the scamming. They accessed a chrome browser on it and tried to post an ad for a Toyota camry on craigslist in Los Angeles. I have no idea why the bot did this particular action, it made no sense to me at all.
 
kgtest said:
I actually had a linux box accessed remotely by a scammer. See my post above. It was Ubuntu. I had TightVNC running on an open port I had forgot to close. I also had 2 other windows boxes running it, but only the linux box was used for the scamming. They accessed a chrome browser on it and tried to post an ad for a Toyota camry on craigslist in Los Angeles. I have no idea why the bot did this particular action, it made no sense to me at all.
Click to expand...
I don't think that is a Linux problem, that is a user config error problem. A normal basic firewall config would not permit that kind of access.
 
kgtest said:
I actually had a linux box accessed remotely by a scammer. See my post above. It was Ubuntu. I had TightVNC running on an open port I had forgot to close. I also had 2 other windows boxes running it, but only the linux box was used for the scamming. They accessed a chrome browser on it and tried to post an ad for a Toyota camry on craigslist in Los Angeles. I have no idea why the bot did this particular action, it made no sense to me at all.
Click to expand...
It makes sense if viewed in this manner. Someone is probing for open ports. It does not necessarily have to be a bot, it could be someone in a hacker network trying their toolset. Once they accessed the vulnerable machine, they tried to post an ad, which proves to others that they had penetrated your machine. This access can be offered for sale to others who will try more sophisticated hacking maneuvers.

In effect, you unintentionally created a honey pot.
 
You must log in or register to reply here.

Similar threads

S
I'm FIRE(d)!
Replies
18
Views
3K
Dtail
D
jollystomper
My adventures in collecting and using home weather data
2
Replies
37
Views
4K
JoeWras
JoeWras
Katsmeow
How many Email Addresses to Use
2
Replies
37
Views
3K
Katsmeow
Katsmeow
A
Today Is My Last Day ....... Sort Of
Replies
9
Views
2K
albireo13
A
Telly
Medicare Medigap and Part D provider selection - A Medicare Newby's path
2
Replies
31
Views
5K
saydiver
S

Latest posts

Back
Top Bottom