The 773 Million Record Collection #1 Data Breach

Page 4 of 5 FirstFirst ... 2345 LastLast
  1. Callender's Avatar
    Posts : 1,039
    Windows 10 Home 1809 32-bit
       4 Weeks Ago #30

    FYI:

    Blur

    I never use my personal email address for signing up to websites. I've always had one email address for personal use only plus other email addresses for anything else. For those sites that ask for your email when you want to download software I just use a temporary email like tenminute mail dot net.

    Blur - Chrome Web Store
    Last edited by Callender; 4 Weeks Ago at 10:48. Reason: add info
      My ComputerSystem Spec

  2.    4 Weeks Ago #31

    Anak said: View Post
    Other than I don't trust a third-party to manage my credentials?

    There had been a discussion on the subject awhile ego here:

    Microsoft Wants to Kill Passwords, Starting With Windows 10 - Windows 10 Forums
      My ComputerSystem Spec

  3. Anak's Avatar
    Posts : 520
    10 Home Premium 64-bit | v1803 | Build -17134.523
    Thread Starter
       4 Weeks Ago #32

    Callender said: View Post
    FYI:

    Blur

    I never use my personal email address for signing up to websites. I've always had one email address for personal use only plus other email addresses for anything else. For those sites that ask for your email when you want to download software I just use a temporary email like tenminute mail dot net.

    Blur - Chrome Web Store
    Now he tells me! Just kidding.

    Cr00zng said: View Post
    Other than I don't trust a third-party to manage my credentials?

    There had been a discussion on the subject awhile ego here:

    Microsoft Wants to Kill Passwords, Starting With Windows 10 - Windows 10 Forums
    Thanks! I'll check it out.
      My ComputersSystem Spec

  4.    4 Weeks Ago #33

    Hi @Anak,

    Anak said: View Post
    That's what I don't understand about some of these web sites, your first concern when starting a site should be security not how much you're gonna make from ads or info sold about your members.
    Ideally, yes but companies focus primarily on getting their service as quickly as possible to the market before their share of the pie shrinks. Data security figures somewhere on their list of operational requirements for the solution but it's not their primary focus. They can get away with implementing some basic form of security. As they develop the solution, as long as there are no immediate issues to address, it gets pushed down further on the list of priorities. Most of these companies consider data to be the new oil. Irrespective of whether it's a free or paid service they're offering, they would like to collect as much of it about you as possible.

    Anak said: View Post
    I used to use spybot back in the day but gravitated away from it, IIRC, didn't spybot have some problems back then after a merger? I think it was more about poor scan results and not security.
    Anyways, I'll give it a look along with FireFox's Monitor, I forgot about that until I saw it in Brinkman's article. Thanks for the links!
    Me too. I used to use MSE along with Spybot S&D and Malwarebytes Free on my Vista system. Never had any malware problems. That said, the nature of threats have changed today. I stopped using Spybot S&D after they brought out a new version, which I did not like (don't remember what exactly.) I'm glad you found the links useful. Have a nice day!
      My ComputerSystem Spec

  5.    4 Weeks Ago #34

    Callender said: View Post
    FYI:

    Blur

    I never use my personal email address for signing up to websites. I've always had one email address for personal use only plus other email addresses for anything else. For those sites that ask for your email when you want to download software I just use a temporary email like tenminute mail dot net.

    Blur - Chrome Web Store
    Unfortunately, even services like these aren't immune - my Blur account was compromised in this breach (thankful I hadn't started using it in anger), so I would never consider using Blur ever again.

    Data of 2.4 million Blur password manager users left exposed online - Windows 10 Forums
      My ComputersSystem Spec

  6.    4 Weeks Ago #35

    Cr00zng said: View Post
    Yes, excellent advise on credential management, but...

    When the authentication server(s) hacked and becomes known, the knee jerk reaction of most of the security experts is:




    Like the password strength would matter in the case of data breaches. Does it really matter, if the password is “123456Ab” or “3pHj1P38JVF4A”? Especially, if the the password stored in plain text and/or easily reversible password hash. Yes, end user's credential management matters, but it does not account to much, if the subject of the data breach does not inform its end users and the public about the data breach. As you experienced...

    And for that matter... Biometric or other types of authentication methods may not provide the level of account security sought after either. For cyber-criminals, it does not make a difference, if the stolen account credential is password or fingerprint for example. Well, there is a difference. It is easier to replace the password than the fingerprint. Not to mention that while passwords are unlimited, fingerprints for the end-user in question limited to ten, for most people. Once the biometric credential is out in the open, the end user is toast...

    And that's just on the authentication server side. Hacking the client side is even worse, where smartcards, SecurID tokens, etc., can be exploited with ease.

    Prior to settling the type of authentication that we'll use, both the server and client side security need to change. Without securing the systems at the end points, there's not much reason to change the password based authentication systems. Unfortunatrely, not much effort put in to this, it's much easier to blame the end user for not having credential management in place, lack of 12+ character strong password.

    Entities can also blame APT and point finger at Russia, China, North Korea, or any other other politically correct country for the data breach at hand. That's the "get-out-of-the-jail" card for the lack of security for these entities systems and has been working for every one of them...
    True. Irrespective of who they point their fingers at, the ones impacted most by such data breaches are us - users, especially when our personal and financial security is at stake. All of this data collection, fingerprinting and tracking of users online coupled with data sharing has gone too far. I dread the day biometric data of users gets leaked on the Internet. It could very well be an eventuality considering that Governments around the world are pushing to collect biometric data of citizens. Add to that Government Agencies hoarding vulnerabilities and creating exploits, striving to weaken encryption, pressing for backdoors, etc. - all in the name of keeping us safe. It would just be a matter of time before bad actors discover them and gain access to them. It's all a big mess right now.
      My ComputerSystem Spec

  7. Callender's Avatar
    Posts : 1,039
    Windows 10 Home 1809 32-bit
       4 Weeks Ago #36

    Golden said: View Post
    Unfortunately, even services like these aren't immune - my Blur account was compromised in this breach (thankful I hadn't started using it in anger), so I would never consider using Blur ever again.

    Data of 2.4 million Blur password manager users left exposed online - Windows 10 Forums
    Thanks for the info. I suppose you can use a non personal webmail address and give whatever details you like though.

    Anyway here's what I do when asked for my email address when downloading software:

    Click image for larger version. 

Name:	BitsDuJour Discounts Software Deals - Secure Checkout - Driver Booster PRO 6 months.jpg 
Views:	1 
Size:	73.3 KB 
ID:	221492

    Click image for larger version. 

Name:	10 Minute Mail.jpg 
Views:	1 
Size:	55.4 KB 
ID:	221493

    Click image for larger version. 

Name:	10 Minute Mail*-*Read Mail.jpg 
Views:	1 
Size:	68.7 KB 
ID:	221494
      My ComputerSystem Spec

  8.    4 Weeks Ago #37

    PrivacyFreak said: View Post
    True. Irrespective of who they point their fingers at, the ones impacted most by such data breaches are us - users, especially when our personal and financial security is at stake. All of this data collection, fingerprinting and tracking of users online coupled with data sharing has gone too far. I dread the day biometric data of users gets leaked on the Internet. It could very well be an eventuality considering that Governments around the world are pushing to collect biometric data of citizens. Add to that Government Agencies hoarding vulnerabilities and creating exploits, striving to weaken encryption, pressing for backdoors, etc. - all in the name of keeping us safe. It would just be a matter of time before bad actors discover them and gain access to them. It's all a big mess right now.

    That had been considered a good while ego and the "eventuality" is here, quote:

    The U.S. Department of Homeland Security (DHS) is quietly building what will likely become the largest database of biometric and biographic data on citizens and foreigners in the United States. The agency’s new Homeland Advanced Recognition Technology (HART) database will include multiple forms of biometrics—from face recognition to DNA, data from questionable sources, and highly personal data on innocent people. It will be shared with federal agencies outside of DHS as well as state and local law enforcement and foreign governments. And yet, we still know very little about it.

    Source

    Maybe the definition of biometric based authentication should be changed. It's not just who you are, but it should include whoever has your biometric data. If past history is any indication, the chances are that the DHS databases could be stolen in the future, be that hacking and/or insider job. That's pretty much the nature of the operation, when the database is "shared with federal agencies outside of DHS as well as state and local law enforcement and foreign governments".

    I admit that this is a bit far fetched, or at the very least, I hope it is...
      My ComputerSystem Spec

  9.    4 Weeks Ago #38

    Cr00zng said: View Post
    That had been considered a good while ego and the "eventuality" is here...
    Data leaks of biometric data was the eventuality I was referring to. The data collection has already started.

    Wikipedia: Countries applying biometrics

    What are Risks of Storing Biometric Data and Why Do We Need Laws to Protect It?

    Cr00zng said: View Post
    ...If past history is any indication, the chances are that the DHS databases could be stolen in the future, be that hacking and/or insider job.
    ...I admit that this is a bit far fetched, or at the very least, I hope it is...
    It's not really far fetched. It's very much within the realms of possibility.
    And so it begins...

    The risk of centralized storage for biometric data

    ZDNet: A new data leak hits Aadhaar, India's national ID database

    It's just inevitable.
      My ComputerSystem Spec

  10.    4 Weeks Ago #39

    Here's a realistic view on the issue from Brian Krebs

    Click image for larger version. 

Name:	KOS Comment.PNG 
Views:	1 
Size:	79.3 KB 
ID:	221616
      My ComputerSystem Spec


 
Page 4 of 5 FirstFirst ... 2345 LastLast

Related Threads
Hello how can I delete "saved password" and "form data" of microsoft edge manually ?! after too much search in google .... I trid to delete some value of the following registry address HKEY_CURRENT_USER\SOFTWARE\Classes\Local...
i have been fumbeling around with the microsoft game bar "record that" feature for a bout 3 months now and i hate how limited the button options are, one being that it even in the custom button options revolve around the windows key and i dont want...
Is it possible to change "Open" and "Save As" windows view to "List" instead of "Details" globally without having to set List view in File Explorer? I would like to use Details view in File Explorer and List view for "Open" and "Save As" windows. ...
After i installed windows 10 on my Asus N53SV, the keyboard doesnt work properly. I look on the internet for help, but it looks like im the only one. I tried uninstall and reinstall almost everything i know. From keyboard driver, touchpad, etc....
I am trying to re-install a Windows Store app (AccuWeather) after rebuilding my Windows 10 Mobile on a Lumia 950XL. The app appeared to download correctly in the Store installation queue, but the install appears to be stuck in the "Restoring user...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 06:43.
Find Us