<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>The biggest problem I have with all browsers is that they have
quit supporting any version of Windows older than Windows7. Both
of my laptops are running older versions of Windows, one on XP SP3
and the other on Vista SP2. I am looking at converting them both
to Linux.</p>
<p>Phil in TX<br>
</p>
<br>
<div class="moz-cite-prefix">On 1/3/2020 10:18 PM, Spencer Yost
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:10623978-EE77-47A4-8DAB-0924AEF41637@rdfarms.com">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
Yea, TOR isn’t for everyone - just those that care enough about
anonymity to use it. I personally don’t use it. Brave has been
looking promising ever since they ditched muon and based it on
Chromium. Browsers, as far as security and privacy go, rank
typically like this(depending on the release and the reviewer).
Best to worst:
<div><br>
</div>
<div>TOR</div>
<div>Firefox</div>
<div>Brave</div>
<div>Chromium(not the same thing as Chrome!!!)</div>
<div><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);">Safari</span></div>
<div><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);">Chrome</span></div>
<div>Everything else you shouldn’t use</div>
<div><br>
</div>
<div>Brave may take 2nd in 2-3 years. The current concerns with
their ICO (most of the coins ended up in a small group of
advertisers, kind of defeating the purpose) and their whole
model keeps them behind Firefox. But if they get the backend
stuff in the light of day and working smoothly they might have
something. </div>
<div><br>
</div>
<div>Spencer</div>
<div>
<div>
<div dir="ltr">Sent from my iPhone</div>
<div dir="ltr"><br>
<blockquote type="cite">On Jan 3, 2020, at 8:09 AM, Stephen
Offiler <a class="moz-txt-link-rfc2396E" href="mailto:soffiler@gmail.com"><soffiler@gmail.com></a> wrote:<br>
<br>
</blockquote>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">Hi Spencer:
<div><br>
</div>
<div>Speaking of Tor, are you familiar with the new
browser called Brave?</div>
<div><a
href="https://en.wikipedia.org/wiki/Brave_%28web_browser%29"
moz-do-not-send="true">https://en.wikipedia.org/wiki/Brave_(web_browser)</a> <br>
</div>
<div><br>
</div>
<div>I've been using it for a few weeks now and it's a
dead-ringer for Chrome. If you do a Ctrl-Shft-N
private window in Brave, it gives you an easy option
to use Tor. Otherwise, as far as I know, Tor is kind
of cumbersome.</div>
<div><br>
</div>
<div>SO</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu, Jan 2, 2020 at
10:16 PM Spencer Yost <<a
href="mailto:spencer@rdfarms.com"
moz-do-not-send="true">spencer@rdfarms.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div dir="auto">Just to be clear, VPNs are primarily
used to anonymize you. In other words: hide origin
and identity. While the traffic between you and the
VPN service is indeed secure(provided the service is
legit and well configured); after it leaves a VPN
service your traffic is no different than when
leaving your ISP.
<div><br>
</div>
<div>I generally recommend them for people who have
enough tech savvy to set them up and use them. And
I am not knocking anonymity - there is something
to be said for that. the services also provide
some additional features such as compression to
improve your bandwidth, etc Also, regardless of
it’s limitations it’s more secure than a coffee
shop. But make no mistake: If you really are
worried about a man in the middle attacks(or any
of the other attacks I mentioned) VPNs are not a
solution.</div>
<div><br>
</div>
<div>In other words, VPNs are the cats meow when
used between you and your endpoint(e.g. connecting
to your employer’s internal networks). If the
service is not your endpoint your risk profile is
only marginally improved.</div>
<div><br>
</div>
<div>If your are serious about anonymity you should
look into the TOR network.</div>
<div><br>
</div>
<div><a href="https://www.torproject.org/"
target="_blank" moz-do-not-send="true">https://www.torproject.org/</a></div>
<div><br>
</div>
<div>Spencer<br>
<br>
<div dir="ltr">Sent from my iPhone</div>
<div dir="ltr"><br>
<blockquote type="cite">On Jan 2, 2020, at 9:21
AM, Easley, Greg A. <<a
href="mailto:EasleyG@health.missouri.edu"
target="_blank" moz-do-not-send="true">EasleyG@health.missouri.edu</a>>
wrote:<br>
<br>
</blockquote>
</div>
<blockquote type="cite">
<div dir="ltr"><span>Very good advice there.</span><br>
<span></span><br>
<span>I would add one thing to that - purchase
a subscription to one of the commercial VPN
services.</span><br>
<span></span><br>
<span></span><br>
<span>Greg</span><br>
<span></span><br>
<span>-----Original Message-----</span><br>
<span>From: AT [mailto:<a
href="mailto:at-bounces@lists.antique-tractor.com"
target="_blank" moz-do-not-send="true">at-bounces@lists.antique-tractor.com</a>]
On Behalf Of Spencer Yost</span><br>
<span>Sent: Tuesday, December 31, 2019 9:13 PM</span><br>
<span>To: Antique Tractor Email Discussion
Group</span><br>
<span>Subject: Re: [AT] OT - unsecured servers</span><br>
<span></span><br>
<span>Since cybersecurity is my line of work,
I’ll jump in. Do these things:</span><br>
<span></span><br>
<span></span><br>
<span>Always manually type the url - never
click off an email or some other source.</span><br>
<span>2FA is always awesome(everyone should do
this whenever available).</span><br>
<span>Close the browser, or at least each
browser tab, when you are done.</span><br>
<span>Private browsing tabs with cookies
blocked are great too but some sites don’t
have authentication procedures that behave
well with private tabs or cookies blocked so
this is hit or miss.</span><br>
<span></span><br>
<span>As an added bonus always clear the
cookies, cache, and local storage related to
the website before you close the browser.
This will prevent any near-future malware
infection from taking advantage of an valid
session.</span><br>
<span></span><br>
<span>The lack of a secure private Internet
connection should not be too much of a
concern. The fact of the matter remains that
after your traffic leaves your ISP at your
home it’s on a public network as well.
Between the HTTPS protocol and the steps
above you should be fine.</span><br>
<span></span><br>
<span>The primary concerns are XSS and CRSF
attacks(I’ll let you look them up). Both
requires malware (or attempt to trick you
into redirecting your attempts to login)
and/or an active session for to take
advantage of you. So by following those
steps you will thwart them.</span><br>
<span></span><br>
<span>2FA helps to thwart password cracking
success. That means even if someone has
cracked your password (usually they have
cracked a bunch because the site uses a
digest hash that was weak - or worse the
idiot site stores the password in plain
text) they can’t log in without you knowing
and confirming.</span><br>
<span></span><br>
<span>Of course, if you are already infected,
school is out anyways and you have already
been compromised and your money is probably
already gone. If it’s still there, you are
good.</span><br>
<span></span><br>
<span>Waiting for the ball to drop.....</span><br>
<span></span><br>
<span>Spencer</span><br>
<span></span><br>
<span></span><br>
<span></span><br>
<span>Sent from my iPhone</span><br>
<span></span><br>
<blockquote type="cite"><span>On Dec 31, 2019,
at 8:38 PM, Mike M <<a
href="mailto:meulenms@gmx.com"
target="_blank" moz-do-not-send="true">meulenms@gmx.com</a>>
wrote:</span><br>
</blockquote>
<blockquote type="cite"><span></span><br>
</blockquote>
<blockquote type="cite"><span>Hi and Happy
New Year,</span><br>
</blockquote>
<blockquote type="cite"><span>Going on
vacation for a while in the Keys. I found
out too late that </span><br>
</blockquote>
<blockquote type="cite"><span>the place does
not have wi-fi. I have some banking items
to take care </span><br>
</blockquote>
<blockquote type="cite"><span>of and am leery
of taking care of it over an unsecured
connection. </span><br>
</blockquote>
<blockquote type="cite"><span>This is time
sensitive and needs to be done. My banks
both use 2 step </span><br>
</blockquote>
<blockquote type="cite"><span>authentication
does that help at all?</span><br>
</blockquote>
<blockquote type="cite"><span></span><br>
</blockquote>
<blockquote type="cite"><span>Regards,</span><br>
</blockquote>
<blockquote type="cite"><span>Mike M</span><br>
</blockquote>
<blockquote type="cite"><span></span><br>
</blockquote>
<blockquote type="cite"><span>_______________________________________________</span><br>
</blockquote>
<blockquote type="cite"><span>AT mailing list</span><br>
</blockquote>
<blockquote type="cite"><span><a
href="mailto:AT@lists.antique-tractor.com"
target="_blank" moz-do-not-send="true">AT@lists.antique-tractor.com</a></span><br>
</blockquote>
<blockquote type="cite"><span><a
href="http://lists.antique-tractor.com/listinfo.cgi/at-antique-tractor.com"
target="_blank" moz-do-not-send="true">http://lists.antique-tractor.com/listinfo.cgi/at-antique-tractor.com</a></span><br>
</blockquote>
<blockquote type="cite"><span></span><br>
</blockquote>
<span></span><br>
<span>_______________________________________________</span><br>
<span>AT mailing list</span><br>
<span><a
href="mailto:AT@lists.antique-tractor.com"
target="_blank" moz-do-not-send="true">AT@lists.antique-tractor.com</a></span><br>
<span><a
href="http://lists.antique-tractor.com/listinfo.cgi/at-antique-tractor.com"
target="_blank" moz-do-not-send="true">http://lists.antique-tractor.com/listinfo.cgi/at-antique-tractor.com</a></span><br>
<span>_______________________________________________</span><br>
<span>AT mailing list</span><br>
<span><a
href="mailto:AT@lists.antique-tractor.com"
target="_blank" moz-do-not-send="true">AT@lists.antique-tractor.com</a></span><br>
<span><a
href="http://lists.antique-tractor.com/listinfo.cgi/at-antique-tractor.com"
target="_blank" moz-do-not-send="true">http://lists.antique-tractor.com/listinfo.cgi/at-antique-tractor.com</a></span><br>
</div>
</blockquote>
</div>
</div>
_______________________________________________<br>
AT mailing list<br>
<a href="mailto:AT@lists.antique-tractor.com"
target="_blank" moz-do-not-send="true">AT@lists.antique-tractor.com</a><br>
<a
href="http://lists.antique-tractor.com/listinfo.cgi/at-antique-tractor.com"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://lists.antique-tractor.com/listinfo.cgi/at-antique-tractor.com</a><br>
</blockquote>
</div>
<span>_______________________________________________</span><br>
<span>AT mailing list</span><br>
<span><a class="moz-txt-link-abbreviated" href="mailto:AT@lists.antique-tractor.com">AT@lists.antique-tractor.com</a></span><br>
<span><a class="moz-txt-link-freetext" href="http://lists.antique-tractor.com/listinfo.cgi/at-antique-tractor.com">http://lists.antique-tractor.com/listinfo.cgi/at-antique-tractor.com</a></span><br>
</div>
</blockquote>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
AT mailing list
<a class="moz-txt-link-abbreviated" href="mailto:AT@lists.antique-tractor.com">AT@lists.antique-tractor.com</a>
<a class="moz-txt-link-freetext" href="http://lists.antique-tractor.com/listinfo.cgi/at-antique-tractor.com">http://lists.antique-tractor.com/listinfo.cgi/at-antique-tractor.com</a>
</pre>
</blockquote>
<br>
</body>
</html>