Encrypt all the things!

Posted on
Page
of 139
  • Le Monde and le Intercept broke a story on GCHQ surveillance in Africa.

    the NSA systematically monitors telco company employees’ emails with the explicit purpose of collecting roaming documents, which it describes as “necessary for targeting and exploitation.” In other words, roaming managers are not spied on because they are suspected of wrongdoing or because they are of political or economic interest; rather, they are merely viewed as a means to an end.

  • Oh, and in case you missed it, in-flight mobile use has been monitored since as early as 2005

    The spoils of war — observed phone uses — are proudly listed in the GCHQ presentation: voice communication, data, SMS, Webmail, Webchat, social networks (Facebook, Twitter, etc.), travel apps, Google Maps, currency converters, media, VOIP, BitTorrent, and Skype.

  • Just set up an Amazon EC2 instance as a VPN. Currently on a free tier and wanted to learn how to do it, took about 20 minutes to set up from no account to my ip being located in Ireland. Anyone else done this?

    I'm not sure how good the free tier is and how much it'll cost once that runs out but I'll have to see

  • I use a $5 a month Digital Ocean box running OpenVPN-AS ( it's free for 2 license ). Works ok, occationally I need to restart the process as traffic speeds plummet. Generally I get ~110m/s .

    If you want a DO this link will give you $10 in credit ( https://m.do.co/c/7c66f41fdfde )

    Up front, anyone can use that, if you spend $25 I'll get $25.

  • I use the digital ocean one as well, mainly as it's much faster than a paid for VPN.

    I'm pondering the wisdom of that though, all I'm really doing is shifting my IP address from my home to wherever the Digital Ocean machine is. So far as I can tell, the traffic isn't blended with other people unlike using a commercial VPN so it's identifiable as me.

  • So I use it to avoid my ISP directly spying on me. Which Comcast most def do.
    DO probably don't give as much of a shit, esp. as they are US based and it's not legal requirement to do any of it.

    If you really want to hide, follow all of @Velocio suggestions, but still assume you are being watched.

  • http://uk.pcmag.com/ip-act/86389/feature/how-did-labour-vote-on-the-investigatory-powers-act

    Bit of background on why they come up with this law, basically the previous situation was slapped down by the EHRC. But Labour wants to improve the bill, not stop it.

    In principle fine, but hey guys, when do you think you have power again? ;)

  • As a heads up, Evernote changed their policies and allow their staff to read all notes:

    https://techcrunch.com/2016/12/14/evernotes-new-privacy-policy-allows-employees-to-read-your-notes/

  • I see that Yahoo have fucked up and not told anyone about it again. One billion accounts hacked in 2013 and only mentioning it now.

  • Oh Yahoo... They really are the best at ballsing all the things up.

    If you use their shit, change your password and set up 2-factor authentication.

    The only thing I use of theirs is Flickr so ¯_(ツ)_/¯

  • And they sent everyone an unsolicited email advising people not to click on links in an unsolicited email, with a link to click for more information.

  • Yeah, he works for us... it's there in his profile.

    And I'll now ping him to correct the f, the company name has changed to Cloudflare rather than CloudFlare.

    He's really cool, the internal presentation on his Tesla hack was one of the best. Shame it wasn't recorded and aspects cannot be shared.

  • This was declared a while ago, but the scale unknown.

    This is now the result of the investigation into it... and yup, it's pretty much every account.

  • Have been downloading albums from flickr with the intention to close, best alternative photo storage? Google as they already know everything about me?

  • Why not just leave it on Flickr?

  • Yahoo.

    Edit: also the interface is a bit crap, I don't need the community side of things and i mostly use for image back up rather than hosting/sharing etc. Flickr app on iphone doesn't seem to clean up after itself either and just takes more and more space until you reinstall.

  • Lloyds Bank on creating a a secure password

    To create a secure password you need to:

    Use between 8 and 15 characters, without spaces or special characters

  • Why no special characters?

  • why a max of 15 chars?

  • It breaks their database and any transformation... i.e. the password in a JSON file, or XML file, and being concatenated into a SQL insert.

    It means that they aren't hashing the password immediately, and are actually keeping the plain text password.

  • Now that's just incredibly bad. Non hashed passwords!? No thanks.

  • They have a fixed length database field or struct.

  • Barclays is the same - In The login process you have to pick 3 characters out of your password from a drop down select box and it only a -z and 0 - 9

  • If banks can't even get it right how can anyone else. I let out a little cry every time my forgotten password gets emailed to me

  • You should probably leave the service before doing a little cry. Then maybe name and shame on SocialMedia™ as it seems more effective than contacting the company directly half the time. Priorities and all that.

  • Post a reply
    • Bold
    • Italics
    • Link
    • Image
    • List
    • Quote
    • code
    • Preview
About

Encrypt all the things!

Posted by Avatar for Velocio @Velocio

Actions