White House Announces Cybersecurity Labeling Program for Smart Devices

Page 3 of 4 FirstFirst 1234 LastLast

  1. Posts : 2,346
    Linux:Debian, Kali-Linux... 2xWin8.1,1x7Pro, Retro:1x2003server.1xXPpro, 1xW2k,1x98SE,1x95,1x3.11
       #20

    Try3 said:
    Marie,

    That article is stuffed with false statements. For example,
    "anyone who has access to your web browser or uses malicious software to hack it will be able to access the passwords saved in your browser"
    "a cybercriminal would be able to open your browser and view all your passwords in plain text"
    "if someone uses your browser on your device, they will easily have access to the passwords saved in your browser."
    These are all false claims.
    My Firefox passwords are protected by a 'Primary password'.
    I have deliberately used browser password utilities to try to steal my own passwords. They failed to reveal or copy any of them.


    Denis
    I didn't really read it the was the first one popping up on a search.. there is hundreds of articles about malware hijacking passwords from browsers
    If you have a primary password a keylogger etc it is there for grabbing.
    The point is you can not really trust solutions that keeps your passwords.
    there is no such thing as totally secured.. all in IT security will say the same thing.. you can not both have security and ease of use. It is like a taking F1 car and build it for comfort and still think it can top perform in corners.

    You have to choose.. ease of use or security.. you just can't have both.
      My Computer


  2. Posts : 282
    Windows 10 Pro
       #21

    Try3 said:
    And what is wrong with that?

    Denis

    Try to listen to those that actually know the cybersecurity. I can tell you that if a hacker deployed a certain malware payload on your computer (very, VERY easy to do) they can nab the key3.db file from Firefox and crack your so-called master password very, very easily. I actually viewed and saved the code to do this from Github. There are a number of websites that have instructions on how to do it. And I know of at least two ways to crack the key3.db file. Believe me when I tell you it's extraordinarily easy to do. Someone could also hijack your browser session right now with a tool called Beef-xss. All it takes is for you to load a malicious java script code. And your browser will happily do it, too. There are YouTube videos on this stuff as well. It's how I found out about beef-xss. Even though YouTube doesn't allow hacking instructional videos, there are many there and some YouTubers just show the gist and share a link to their website with the full on instructions.

    So I'm telling you, man. Don't think for once your passwords are all secure in a browser. They're absolutely not. Even using a password manager has its own set of risks. For one, the clipboard is not encrypted at the kernel level. So when you happily copy and paste a password from a password manager to a website or whatever it's now up for grabs by any and all malware that may live on your machine that can read the clipboard. And guess what? That malware can live in a virtualized environment completely escaping detection. You get a malware infection you don't remove the malware, you zero out the drive in the case of a platter or use the flash-based hard drive manufacture's instructions to wipe the drive and reinstall the OS. Typically for a platter you'd use a degausser, but those are mighty pricey and meant more for the state department or whatever.

    Back in circa 2007 I was a member of another tech forum and I tried and tried to tell everyone not to trust their browser's password storage ability. Then this happened.

    Back then and even today I use a browser extension called PWDHash which was developed by some dudes at Stanford University. What this does is take a password input (like a master password) and creates a unique password per domain using the MD5 hash algorithm. You'd never know what the password was that was generated in the background from your master password, but it was unique to each TLD (Top Layer Domain) and so being, not only did you have a pretty decent password, each password was unique, but this methodology also helped curtail a website phish attempt since if one single character was out of place in the domain name your master password would never create the real password for the actual domain. So the would-be hacker has nothing.

    Yes, MD5 is weak, but it suffices. Now there's an alternative since PWDHash is defunct.

    MPPwdhash – Get this Extension for 🦊 Firefox (en-US)

    If you use PWDHash you can save this HTML page in the absence of the browser extension... PwdHash

    For me personally, I use a combination of PWDHash and the free and open source password manager Keepass which may be too hard too learn by those less computer savvy. In lieu of Keepass I recommend Bitwarden as of this post. Though, there are a few minor things I don't like about Bitwarden, but all in all it's solid so far... I've done a lot of research on password managers and damn near all had one issue or another that made me skip them to find another more suitable password manager and used secure code that was periodically audited. For what ever that's worth actually...
      My Computer


  3. Posts : 282
    Windows 10 Pro
       #22

    Marie SWE said:
    You have to choose.. ease of use or security.. you just can't have both.

    Security and/or privacy are cumbersome by design. It takes real effort. And therein lies the problem: "ain't no one got time for dat..."
      My Computer


  4. Posts : 2,346
    Linux:Debian, Kali-Linux... 2xWin8.1,1x7Pro, Retro:1x2003server.1xXPpro, 1xW2k,1x98SE,1x95,1x3.11
       #23

    F22 Simpilot said:
    Security and/or privacy are cumbersome by design. It takes real effort. And therein lies the problem: "ain't no one got time for dat..."
    So true, so true.. it is just a few idiots of us that actually spend time on it.. and you do lose a lot of functionality going to far down the rabbit hole, it is a lot of webpages i can't even open as i went a bit to far..... I choose my battles on what i keep really secure and less secure.. forum like this is "meh" i don't keep secrets in here.. offline solutions is the only secure way to go when it comes to keep sensitive information private and secure from the rest of the world.. and that choice makes it "hard of use" (i didn't find the proper word for it)
      My Computer


  5. Posts : 282
    Windows 10 Pro
       #24

    Marie SWE said:
    So true, so true.. it is just a few idiots of us that actually spend time on it..
    LOL You crack me up.
      My Computer


  6. Posts : 2,221
    Windows 11 Pro (latest update ... forever anal)
       #25

    What a great fluff piece (thread replies and responses included). Hardly anything of substance (thread discussion included), real tin-foil hat and Chicken Little the-sky-is-falling stuff.

    Malneb said:
    Great a governing body now want to mandate computer parts
    Meh! So what's new, Microsoft started doing this ages ago
      My Computers


  7. Posts : 282
    Windows 10 Pro
       #26

    Government already mandates computer parts...and pharmaceuticals... and food... and travel... and...

    "In order to form a more perfect union, yo..." The Constitution of the United States: A Transcription | National Archives
      My Computer


  8. Posts : 17,049
    Windows 10 Home x64 Version 22H2 Build 19045.4170
       #27

    Marie SWE said:
    I didn't really read it the was the first one popping up on a search
    Then you should not have endorsed its contents by posting its link in that manner.

    Denis
      My Computer


  9. Posts : 282
    Windows 10 Pro
       #28

    Kinda related.




    I share the concern with Rand Paul, but also that of Ted Cruz. If I were on the floor I'd demonstrate what these devices are doing with a network sniffer like Wireshark and OWASP ZAP to create a man in the middle to show what is actually happening behind the scenes as your smart device communicates over the Internet.
      My Computer


  10. Posts : 2,346
    Linux:Debian, Kali-Linux... 2xWin8.1,1x7Pro, Retro:1x2003server.1xXPpro, 1xW2k,1x98SE,1x95,1x3.11
       #29

    Try3 said:
    Then you should not have endorsed its contents by posting its link in that manner.

    Denis
    No, i should have done the classic forum attitude instead and said... Google on it yourself an read.
    That is the classic attitude.. But you got a detailed answer of F22 Simpilot, so you don't have to google it now.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 18:43.
Find Us




Windows 10 Forums