[AT] OT - unsecured servers
Cecil Bearden
crbearden at copper.net
Fri Jan 3 21:26:03 PST 2020
Spencer:
For me it is good to see you ranked Firefox as second. I use Firefox
for everything. Last summer we bought a Toro Zero Turn and got a $300
Visa card for opening a Citi charge card. If we paid it off within a
year the interest was free. We intended to just write a check as we do
not like to deal with payments. However, the $300 was a nice bonus.
When we went to make the first payment, Chrome was the only browser that
would work. After spending nearly 2 hours with the dealer and Citibank,
and the website, we just paid it off and said never again.
Cecil
On 1/3/2020 10:18 PM, Spencer Yost wrote:
> Yea, TOR isn’t for everyone - just those that care enough about
> anonymity to use it. I personally don’t use it. Brave has been
> looking promising ever since they ditched muon and based it on
> Chromium. Browsers, as far as security and privacy go, rank typically
> like this(depending on the release and the reviewer). Best to worst:
>
> TOR
> Firefox
> Brave
> Chromium(not the same thing as Chrome!!!)
> Safari
> Chrome
> Everything else you shouldn’t use
>
> Brave may take 2nd in 2-3 years. The current concerns with their ICO
> (most of the coins ended up in a small group of advertisers, kind of
> defeating the purpose) and their whole model keeps them behind
> Firefox. But if they get the backend stuff in the light of day and
> working smoothly they might have something.
>
> Spencer
> Sent from my iPhone
>
>> On Jan 3, 2020, at 8:09 AM, Stephen Offiler <soffiler at gmail.com> wrote:
>>
>>
>> Hi Spencer:
>>
>> Speaking of Tor, are you familiar with the new browser called Brave?
>> https://en.wikipedia.org/wiki/Brave_(web_browser)
>>
>> I've been using it for a few weeks now and it's a dead-ringer for
>> Chrome. If you do a Ctrl-Shft-N private window in Brave, it gives
>> you an easy option to use Tor. Otherwise, as far as I know, Tor is
>> kind of cumbersome.
>>
>> SO
>>
>>
>>
>>
>>
>> On Thu, Jan 2, 2020 at 10:16 PM Spencer Yost <spencer at rdfarms.com
>> <mailto:spencer at rdfarms.com>> wrote:
>>
>> Just to be clear, VPNs are primarily used to anonymize you. In
>> other words: hide origin and identity. While the traffic between
>> you and the VPN service is indeed secure(provided the service is
>> legit and well configured); after it leaves a VPN service your
>> traffic is no different than when leaving your ISP.
>>
>> I generally recommend them for people who have enough tech savvy
>> to set them up and use them. And I am not knocking anonymity -
>> there is something to be said for that. the services also
>> provide some additional features such as compression to improve
>> your bandwidth, etc Also, regardless of it’s limitations it’s
>> more secure than a coffee shop. But make no mistake: If you
>> really are worried about a man in the middle attacks(or any of
>> the other attacks I mentioned) VPNs are not a solution.
>>
>> In other words, VPNs are the cats meow when used between you and
>> your endpoint(e.g. connecting to your employer’s internal
>> networks). If the service is not your endpoint your risk profile
>> is only marginally improved.
>>
>> If your are serious about anonymity you should look into the TOR
>> network.
>>
>> https://www.torproject.org/
>>
>> Spencer
>>
>> Sent from my iPhone
>>
>>> On Jan 2, 2020, at 9:21 AM, Easley, Greg A.
>>> <EasleyG at health.missouri.edu
>>> <mailto:EasleyG at health.missouri.edu>> wrote:
>>>
>>> Very good advice there.
>>>
>>> I would add one thing to that - purchase a subscription to one
>>> of the commercial VPN services.
>>>
>>>
>>> Greg
>>>
>>> -----Original Message-----
>>> From: AT [mailto:at-bounces at lists.antique-tractor.com
>>> <mailto:at-bounces at lists.antique-tractor.com>] On Behalf Of
>>> Spencer Yost
>>> Sent: Tuesday, December 31, 2019 9:13 PM
>>> To: Antique Tractor Email Discussion Group
>>> Subject: Re: [AT] OT - unsecured servers
>>>
>>> Since cybersecurity is my line of work, I’ll jump in. Do these
>>> things:
>>>
>>>
>>> Always manually type the url - never click off an email or some
>>> other source.
>>> 2FA is always awesome(everyone should do this whenever available).
>>> Close the browser, or at least each browser tab, when you are done.
>>> Private browsing tabs with cookies blocked are great too but
>>> some sites don’t have authentication procedures that behave well
>>> with private tabs or cookies blocked so this is hit or miss.
>>>
>>> As an added bonus always clear the cookies, cache, and local
>>> storage related to the website before you close the browser.
>>> This will prevent any near-future malware infection from taking
>>> advantage of an valid session.
>>>
>>> The lack of a secure private Internet connection should not be
>>> too much of a concern. The fact of the matter remains that after
>>> your traffic leaves your ISP at your home it’s on a public
>>> network as well. Between the HTTPS protocol and the steps above
>>> you should be fine.
>>>
>>> The primary concerns are XSS and CRSF attacks(I’ll let you look
>>> them up). Both requires malware (or attempt to trick you into
>>> redirecting your attempts to login) and/or an active session for
>>> to take advantage of you. So by following those steps you will
>>> thwart them.
>>>
>>> 2FA helps to thwart password cracking success. That means even
>>> if someone has cracked your password (usually they have cracked
>>> a bunch because the site uses a digest hash that was weak - or
>>> worse the idiot site stores the password in plain text) they
>>> can’t log in without you knowing and confirming.
>>>
>>> Of course, if you are already infected, school is out anyways
>>> and you have already been compromised and your money is probably
>>> already gone. If it’s still there, you are good.
>>>
>>> Waiting for the ball to drop.....
>>>
>>> Spencer
>>>
>>>
>>>
>>> Sent from my iPhone
>>>
>>>> On Dec 31, 2019, at 8:38 PM, Mike M <meulenms at gmx.com
>>>> <mailto:meulenms at gmx.com>> wrote:
>>>>
>>>> Hi and Happy New Year,
>>>> Going on vacation for a while in the Keys. I found out too late
>>>> that
>>>> the place does not have wi-fi. I have some banking items to
>>>> take care
>>>> of and am leery of taking care of it over an unsecured connection.
>>>> This is time sensitive and needs to be done. My banks both use
>>>> 2 step
>>>> authentication does that help at all?
>>>>
>>>> Regards,
>>>> Mike M
>>>>
>>>> _______________________________________________
>>>> AT mailing list
>>>> AT at lists.antique-tractor.com <mailto:AT at lists.antique-tractor.com>
>>>> http://lists.antique-tractor.com/listinfo.cgi/at-antique-tractor.com
>>>>
>>>
>>> _______________________________________________
>>> AT mailing list
>>> AT at lists.antique-tractor.com <mailto:AT at lists.antique-tractor.com>
>>> http://lists.antique-tractor.com/listinfo.cgi/at-antique-tractor.com
>>> _______________________________________________
>>> AT mailing list
>>> AT at lists.antique-tractor.com <mailto:AT at lists.antique-tractor.com>
>>> http://lists.antique-tractor.com/listinfo.cgi/at-antique-tractor.com
>> _______________________________________________
>> AT mailing list
>> AT at lists.antique-tractor.com <mailto:AT at lists.antique-tractor.com>
>> http://lists.antique-tractor.com/listinfo.cgi/at-antique-tractor.com
>>
>> _______________________________________________
>> AT mailing list
>> AT at lists.antique-tractor.com
>> http://lists.antique-tractor.com/listinfo.cgi/at-antique-tractor.com
>
> _______________________________________________
> AT mailing list
> AT at lists.antique-tractor.com
> http://lists.antique-tractor.com/listinfo.cgi/at-antique-tractor.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.antique-tractor.com/pipermail/at-antique-tractor.com/attachments/20200103/d152de94/attachment.htm>
More information about the AT
mailing list