[AT] OT - unsecured servers

Stephen Offiler soffiler at gmail.com
Fri Jan 3 05:08:55 PST 2020 

Hi Spencer:

Speaking of Tor, are you familiar with the new browser called Brave?
https://en.wikipedia.org/wiki/Brave_(web_browser)

I've been using it for a few weeks now and it's a dead-ringer for Chrome.
If you do a Ctrl-Shft-N private window in Brave, it gives you an easy
option to use Tor.  Otherwise, as far as I know, Tor is kind of cumbersome.

SO





On Thu, Jan 2, 2020 at 10:16 PM Spencer Yost <spencer at rdfarms.com> wrote:

> Just to be clear, VPNs are primarily used to anonymize you. In other
> words:  hide origin and identity. While the traffic between you and the VPN
> service is indeed secure(provided the service is legit and well
> configured); after it leaves a VPN service your traffic is no different
> than when leaving your  ISP.
>
> I generally recommend them for people who have enough tech savvy to set
> them up and use them. And I am not knocking  anonymity - there is something
> to be said for that.   the services also  provide some additional features
> such as compression to improve your bandwidth, etc  Also, regardless of
> it’s limitations it’s more secure than a coffee shop.  But make no mistake:
>  If you really are worried about a man in the middle attacks(or any of the
> other attacks I mentioned) VPNs are not a solution.
>
> In other words, VPNs are the cats meow when used between you and your
> endpoint(e.g. connecting to your employer’s  internal networks).  If the
> service is not your endpoint your risk profile is only marginally improved.
>
> If your are serious about anonymity you should look into the TOR network.
>
> https://www.torproject.org/
>
> Spencer
>
> Sent from my iPhone
>
> On Jan 2, 2020, at 9:21 AM, Easley, Greg A. <EasleyG at health.missouri.edu>
> wrote:
>
> Very good advice there.
>
> I would add one thing to that - purchase a subscription to one of the
> commercial VPN services.
>
>
> Greg
>
> -----Original Message-----
> From: AT [mailto:at-bounces at lists.antique-tractor.com] On Behalf Of
> Spencer Yost
> Sent: Tuesday, December 31, 2019 9:13 PM
> To: Antique Tractor Email Discussion Group
> Subject: Re: [AT] OT - unsecured servers
>
> Since cybersecurity is my line of work, I’ll jump in.  Do these things:
>
>
> Always manually type the url - never click off an email or some other
> source.
> 2FA is always awesome(everyone should do this whenever available).
> Close the browser, or at least each browser tab, when you are done.
> Private browsing tabs with cookies blocked are great too but some sites
> don’t have authentication procedures that behave well with private tabs or
> cookies blocked so this is hit or miss.
>
> As an added bonus always clear the cookies, cache, and local storage
> related to the website before you close the browser.  This will prevent any
> near-future malware infection from taking advantage of an valid session.
>
> The lack of a secure private Internet connection should not be too much of
> a concern. The fact of the matter remains that after your traffic leaves
> your ISP at your home it’s on a public network as well. Between the HTTPS
> protocol and the steps above you should be fine.
>
> The primary concerns are XSS and CRSF attacks(I’ll let you look them up).
> Both requires malware (or attempt to trick you into redirecting your
> attempts to login) and/or an active session for to take advantage of you.
>   So by following those steps you will thwart them.
>
> 2FA helps to thwart password cracking success.   That means even if
> someone has cracked your password (usually they have cracked a bunch
> because the site uses a digest hash that was weak - or worse the idiot site
> stores the password in plain text) they can’t log in without you knowing
> and confirming.
>
> Of course, if you are already infected, school is out anyways and you have
> already been compromised and your money is probably already gone.   If it’s
> still there, you are good.
>
> Waiting for the ball to drop.....
>
> Spencer
>
>
>
> Sent from my iPhone
>
> On Dec 31, 2019, at 8:38 PM, Mike M <meulenms at gmx.com> wrote:
>
>
> Hi and Happy New Year,
>
> Going on vacation for a while in the Keys. I found out too late that
>
> the place does not have wi-fi. I have some banking items to take care
>
> of and am leery of taking care of it over an unsecured connection.
>
> This is time sensitive and needs to be done. My banks both use 2 step
>
> authentication does that help at all?
>
>
> Regards,
>
> Mike M
>
>
> _______________________________________________
>
> AT mailing list
>
> AT at lists.antique-tractor.com
>
> http://lists.antique-tractor.com/listinfo.cgi/at-antique-tractor.com
>
>
>
> _______________________________________________
> AT mailing list
> AT at lists.antique-tractor.com
> http://lists.antique-tractor.com/listinfo.cgi/at-antique-tractor.com
> _______________________________________________
> AT mailing list
> AT at lists.antique-tractor.com
> http://lists.antique-tractor.com/listinfo.cgi/at-antique-tractor.com
>
> _______________________________________________
> AT mailing list
> AT at lists.antique-tractor.com
> http://lists.antique-tractor.com/listinfo.cgi/at-antique-tractor.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.antique-tractor.com/pipermail/at-antique-tractor.com/attachments/20200103/3e8689de/attachment.htm>

More information about the AT mailing list