[AT] OT - unsecured servers-browser

William Parris william_parris at hotmail.com
Sat Jan 4 10:21:37 PST 2020 

MYPal browser is a up-to-date and maintained browser which supports Windows XP, Windows Vista, and newer versions
of Windows.  Based on Pale Moon which was a fork from Firefox.

William in TX

________________________________
From: AT [mailto:at-bounces at lists.antique-tractor.com] On Behalf Of Phil Auten
Sent: Saturday, January 04, 2020 9:55 AM
To: at at lists.antique-tractor.com
Subject: Re: [AT] OT - unsecured servers


The biggest problem I have with all browsers is that they have quit supporting any version of Windows older than Windows7. Both of my laptops are running older versions of Windows, one on XP SP3 and the other on Vista SP2. I am looking at converting them both to Linux.

Phil in TX

On 1/3/2020 10:18 PM, Spencer Yost wrote:
Yea, TOR isn’t for everyone - just those that care enough about anonymity to use it.   I personally don’t use it.  Brave has been looking promising ever since they ditched muon and based it on Chromium.  Browsers, as far as security and privacy go, rank typically like this(depending on the release and the reviewer).  Best to worst:

TOR
Firefox
Brave
Chromium(not the same thing as Chrome!!!)
Safari
Chrome
Everything else you shouldn’t use

Brave may take 2nd in 2-3 years.  The current concerns with their ICO (most of the coins ended up in a small group of advertisers, kind of defeating the purpose) and their whole model keeps them behind Firefox.  But if they get the backend stuff in the light of day and working smoothly they might have something.

Spencer
Sent from my iPhone


On Jan 3, 2020, at 8:09 AM, Stephen Offiler <soffiler at gmail.com><mailto:soffiler at gmail.com> wrote:

Hi Spencer:

Speaking of Tor, are you familiar with the new browser called Brave?
https://en.wikipedia.org/wiki/Brave_(web_browser)<https://en.wikipedia.org/wiki/Brave_%28web_browser%29>

I've been using it for a few weeks now and it's a dead-ringer for Chrome.  If you do a Ctrl-Shft-N private window in Brave, it gives you an easy option to use Tor.  Otherwise, as far as I know, Tor is kind of cumbersome.

SO





On Thu, Jan 2, 2020 at 10:16 PM Spencer Yost <spencer at rdfarms.com<mailto:spencer at rdfarms.com>> wrote:
Just to be clear, VPNs are primarily used to anonymize you. In other words:  hide origin and identity. While the traffic between you and the VPN service is indeed secure(provided the service is legit and well configured); after it leaves a VPN service your traffic is no different than when leaving your  ISP.

I generally recommend them for people who have enough tech savvy to set them up and use them. And I am not knocking  anonymity - there is something to be said for that.   the services also  provide some additional features such as compression to improve your bandwidth, etc  Also, regardless of it’s limitations it’s more secure than a coffee shop.  But make no mistake:  If you really are worried about a man in the middle attacks(or any of the other attacks I mentioned) VPNs are not a solution.

In other words, VPNs are the cats meow when used between you and your endpoint(e.g. connecting to your employer’s  internal networks).  If the service is not your endpoint your risk profile is only marginally improved.

If your are serious about anonymity you should look into the TOR network.

https://www.torproject.org/

Spencer
Sent from my iPhone


On Jan 2, 2020, at 9:21 AM, Easley, Greg A. <EasleyG at health.missouri.edu<mailto:EasleyG at health.missouri.edu>> wrote:
Very good advice there.

I would add one thing to that - purchase a subscription to one of the commercial VPN services.


Greg

-----Original Message-----
From: AT [mailto:at-bounces at lists.antique-tractor.com<mailto:at-bounces at lists.antique-tractor.com>] On Behalf Of Spencer Yost
Sent: Tuesday, December 31, 2019 9:13 PM
To: Antique Tractor Email Discussion Group
Subject: Re: [AT] OT - unsecured servers

Since cybersecurity is my line of work, I’ll jump in.  Do these things:


Always manually type the url - never click off an email or some other source.
2FA is always awesome(everyone should do this whenever available).
Close the browser, or at least each browser tab, when you are done.
Private browsing tabs with cookies blocked are great too but some sites don’t have authentication procedures that behave well with private tabs or cookies blocked so this is hit or miss.

As an added bonus always clear the cookies, cache, and local storage related to the website before you close the browser.  This will prevent any near-future malware infection from taking advantage of an valid session.

The lack of a secure private Internet connection should not be too much of a concern. The fact of the matter remains that after your traffic leaves your ISP at your home it’s on a public network as well. Between the HTTPS protocol and the steps above you should be fine.

The primary concerns are XSS and CRSF attacks(I’ll let you look them up). Both requires malware (or attempt to trick you into redirecting your attempts to login) and/or an active session for to take advantage of you.   So by following those steps you will thwart them.

2FA helps to thwart password cracking success.   That means even if someone has cracked your password (usually they have cracked a bunch because the site uses a digest hash that was weak - or worse the idiot site stores the password in plain text) they can’t log in without you knowing and confirming.

Of course, if you are already infected, school is out anyways and you have already been compromised and your money is probably already gone.   If it’s still there, you are good.

Waiting for the ball to drop.....

Spencer



Sent from my iPhone


On Dec 31, 2019, at 8:38 PM, Mike M <meulenms at gmx.com<mailto:meulenms at gmx.com>> wrote:

Hi and Happy New Year,
Going on vacation for a while in the Keys. I found out too late that
the place does not have wi-fi. I have some banking items to take care
of and am leery of taking care of it over an unsecured connection.
This is time sensitive and needs to be done. My banks both use 2 step
authentication does that help at all?

Regards,
Mike M

_______________________________________________
AT mailing list
AT at lists.antique-tractor.com<mailto:AT at lists.antique-tractor.com>
http://lists.antique-tractor.com/listinfo.cgi/at-antique-tractor.com


_______________________________________________
AT mailing list
AT at lists.antique-tractor.com<mailto:AT at lists.antique-tractor.com>
http://lists.antique-tractor.com/listinfo.cgi/at-antique-tractor.com
_______________________________________________
AT mailing list
AT at lists.antique-tractor.com<mailto:AT at lists.antique-tractor.com>
http://lists.antique-tractor.com/listinfo.cgi/at-antique-tractor.com
_______________________________________________
AT mailing list
AT at lists.antique-tractor.com<mailto:AT at lists.antique-tractor.com>
http://lists.antique-tractor.com/listinfo.cgi/at-antique-tractor.com
_______________________________________________
AT mailing list
AT at lists.antique-tractor.com<mailto:AT at lists.antique-tractor.com>
http://lists.antique-tractor.com/listinfo.cgi/at-antique-tractor.com




_______________________________________________

AT mailing list

AT at lists.antique-tractor.com<mailto:AT at lists.antique-tractor.com>

http://lists.antique-tractor.com/listinfo.cgi/at-antique-tractor.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.antique-tractor.com/pipermail/at-antique-tractor.com/attachments/20200104/d3ac7ed8/attachment.htm>

More information about the AT mailing list