Posts by NonSSL-Login

He probably thought he would be more likely to end up the US if he got airborne anywhere.

Look at how the US diverted the Bolivian presidents plane with political pressure when they thought Snowden was on it.

He was right not to trust the US to use dirty tricks to get him but if he was right overall in the path he took the last few years will be subject to debate once things pan out for him in the next couple of years...

The USA put most of its eggs and budget in to the spy on everyone's internet and cyber warfare and probably will continue to do so because of the economic advantages industrial espionage gives its businesses and keeping the rich wealthy.

Rather than divert funds they will ask for more to power a new arm of the industrial military complex.

Re: anon who?

Trying to control an organised mess is like trying to keep hold of a cat covered in baby oil

Almost impossible to spot except....for their clearly visible and known MAC addresses which make them stand out like a sore thumb if you are looking for them in signals of any frequency.

Commercial drone scanners do exactly that on the usual frequencies and the police or the army used something like that at the time and found sod all. That's when they started going on about it being a complicated attack as they assumed the 'drone' either had a pre-programmed path so no radio signal or it had been modified by an 'expert' to run on a different frequency which 2.4ghz scanners could not see

Re: Actually

That may be the case but....all that will happen is the hackers will post the data publicly as a result of the court action which shows that this company does not intend to pay.

We can argue that might have happened without the court case anyway so this company is one up but what are they going to achieve by punishing one person they may catch with the data further down the line of the hundreds, if not thousands who will have their hands on it.

Re: An iframe? Really?

I wondered if there was an iframe on their site that took content from another site and the other site was hacked and the code put in there, so it was executed as if on the same domain.

Or it was a RFI and a message was sent to the admin that did something similar.

Re: We can't believe people use browsers to manage their passwords

There is exploitation in the context and memory of the memory and theres sandbox breaking RCE.

In theory its easier to grab stuff the browser has access too, like cookies and passwords from a drive by exploit than full access which gives you access to memory and files outside of that context.

If you are fully compromised then the passwords can be grabbed from anywhere. Password managers weak spots are the unencrypted passwords in memory and despite a few tricks some employ, its trivial to read them once unlocked. If the password manager isnt active though, there is small chance of anyone cracking the dormant database of some of these that use decent passwords. You have to wait until its used.

I have not used the browser to save most passwords since I first used a tool to extract passwords from most browsers some 20 years ago. Then there was other browser exploits to do the same and bEEf/beefproject and some of that stuff is enough to frighten you away from saving passwords and cookies past each session.

The advice I never see given is to use different emails as well as different passwords. Use a different email address for your bank and finance stuff than you do other things. Even if you use the same password, credential stuffing is not such an issue. Not that I recommend using the same password except on all the genuinely unimportant sites that can't be used to gain more info or social engineer info out of others.

As for 2FA....depends on the 2FA (sms is not secure) and where did you save your seed for your code generation? Use it on important things but handle the backups of codes carefully.....

Stating the obvious and leaving out a lot of the obvious.

Re: Global operating system

In this particular topic one assumes Global operating system = Communication networks.

If you don't want to use chinese or russian hardware in your telephone and internet structure then you have to make your own equipment. Same with China and Russia if they want to get rid of western technology out of theirs.

The problem is we can't trust our own UK or US government to do the right thing when creating our own equipment as they are hellbent in creating back doors and breaking the security, so its not much better than accepting the superior chinese 5g hardware for example.

He talks about "industry standards" and its those standards both the GCHQ and the NSA like infiltrate and sway to a point they are insecure and not fit for purpose. Until they get off their mass surveillance horse I dont see how they can complain about foreign gear.

Re: Shitcoin.....

I don't want to put a label on any crypto as being for criminals but Monero/XMR is preferable over bitcoin because of its anonymous nature.

Bitcoin just more well known among the public and easier to buy, which is probably why its used in ransomware etc but I wouldn't be surprised if it gets changed in to XMR, moved around a bit and then even possibly converted back to bitcoin or another coin later.

Re: On a more serious note...

If he doesn't, Celebrite can never be sure they have closed all 'known' vulnerabilities in their software which would keep their evidence in court questionable.

Ok they will most likely start compiling with address randomising and stuff with the compiler and other features to make it more difficult to exploit but its slim they will find all the original bugs, especially when they have to parse so many different types of files.

I have a feeling the software will leak to a site like the Piratebay in the near future and some reverse engineering coders will have some fun if their phone ever gets confiscated at the border or by the police :D

Re: Legacy is always a problem

It can be costly to upgrade to Wife 2.0 depending on how long Wife one was in place.

Too often

UK ISP's often send firmware updates to their routers. Sometimes a few times a week when they get it wrong the first times.

Often around midnight to 2am they would update and reboot, causing a smart device in the bedroom to flash brightly to tell me it had no wifi access and causing some random wifi lights not to reconnect.

Removing ISP's routers out the equation solves 99/100 problems

Re: KeePass implementations

KeePassXC is great for linux and KeePassDX on android is a good pairing with it as both support v4 databases with the different encryption options which many other versions don't.

Its been there a good few months.

Considering how well the Tor browser goes to avoid fingerprintable data to be sent, down to things like the window size, I did wonder if Brave sends its Own UserAgent and other info which would make it stand out like a sore thumb on the Tor network,.

Depends on what you want. Short version, if you just want basic secure chats with friends or some groups, use signal. If you like all the bells,whistles and pretty stuff + more functionality and not so worried about security/nasty threat actors, use Telegram. There is nothing to stop you using both and getting the best of both worlds.

Signal is encrypted with end to end and does some neat tricks to store any data it has to in a way that signal can't read it itself. Its great as a replacement SMS program but obviously only msg's send from other signal users will be encrypted so it relies on more people on it to be more useful as an encrypted SMS replacement.

Signal only recently introduced groups and while the feature is pretty basic, it works just fin for group chats. Encrypted voice calls work ok too as long as you have a decent data connection.

Telegram isn't as secure by default as Signal (doesnt encrypt one to one chats unless you manually set it as a private chat) but has more features. Lots more animated stickers/icons if you like that kind of thing in your chat but where it stands out is the extra things you can do with it, especially in group chats. Polls, bots that do things. An API so you can create your own bot/do your own thing which relates to whatever interest you have.

Telegram has introduced some features Signal had like messages that delete after however long you set. Good for security in case someone got psychical access to your phone to read your messages but also as a way of keeping your phone and chat clean.