|
I always stress to other people that you can never be too careful with your personal information online. Alas, even if you are careful, it doesn't always protect you. All of my person information was nabbed in this data breach, OPM Hack[^]. The information they got was the complete documentation gathered by federal investigators for secret and top secret security clearances, which is basically your whole life, for 20+ million civilian and military personnel.
if (Object.DividedByZero == true) { Universe.Implode(); }
Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
|
|
|
|
|
And to think, before that I was cagy about giving up my phone number for store loyalty cards.
Every time I STIG software or a database I wonder: WTF OPM DCO?
"There are three kinds of lies: lies, damned lies and statistics."
- Benjamin Disraeli
|
|
|
|
|
They say that 2016 was the year of the hack. 2017 will be the year of data exploitation.
if (Object.DividedByZero == true) { Universe.Implode(); }
Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
|
|
|
|
|
100% agree. The current prevalence of ransomware makes this pretty apparent.
"There are three kinds of lies: lies, damned lies and statistics."
- Benjamin Disraeli
|
|
|
|
|
I have seen ransomware sneak into protected servers. I have no doubt that, this year, we will see ransomware grow in complexity and capability so that it can infect and encrypt corporate share drives, the holy grail of got them by the balls, and guaranteed huge payouts.
if (Object.DividedByZero == true) { Universe.Implode(); }
Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
|
|
|
|
|
Funny you mention this, we just moved a client to PHYSICAL VPNs for their external users, and now, by default all shares are R/O except that persons. And the NAS is being used to send alerts of too many files are being re-written from a single PC, and we ENABLED 48hr NAS recycle bin type feature.
We have all seen too many of these ransomware programs that get in, and encrypt their backups other data, and then the machine itself making it impossible to recover.
I have personally adjusted my backup procedures to backup to a NAS folder that is R/O except for the backup software login credentials...
It's getting dangerous out there.
Kirk Out!
|
|
|
|
|
Ah, so solution 2 is obvious:
Don't join the army; get a Real job!
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
First, I was Navy.
Second, I wish is was that easy but I was not all that smart in my youth. Bad decisions made improving my life neigh impossible and were making jail time increasingly likely. Needed to step out of my life. The military provided a life reboot and I don't regret it. A lot of people in my hometown have never been outside of the state and most have never been outside the country. I, on the other hand, have been multiple countries on both sides of the ring of fire. Seeing how the world actually works and living in different cultures has made me a better human being. You can't put a price-tag on that.
if (Object.DividedByZero == true) { Universe.Implode(); }
Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
|
|
|
|
|
You won't hear me complain about the navy (RN, in my case).
My father was of decent rank, so we got to go with him wherever he was stationed. I'd seen half the world before I was old enough to go to uni -- and the RN puts on terrific events for their kids; it was not an unhappy childhood.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Sounds like a good reason to reinstate the draft. All people over 18 go do time in the military. It may even make the USA a better nation with less infighting.
|
|
|
|
|
...and stop using Yahoo.
Jeremy Falcon
|
|
|
|
|
If it didn't take so much effort and money* to set up a private email server, I would have done it eons ago.
* Unless someone can point me to an open source SMTP server hosting suite
if (Object.DividedByZero == true) { Universe.Implode(); }
Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
|
|
|
|
|
Not sure if this sarcasm, but there are open source SMTP/MTA products out there. Although they have a learning curve.
Jeremy Falcon
|
|
|
|
|
I don't mind the learning curve. I do know the extra costs for private servers (hardware, static I.P., etc...) can become prohibitive.
if (Object.DividedByZero == true) { Universe.Implode(); }
Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
|
|
|
|
|
Ah, gotcha.
Jeremy Falcon
|
|
|
|
|
FWIIW:
2 Open source mail servers (I am sure there are many others):
Linux: Sendmail, looks like steep learning curve.
Windows: hmailserver, fairly shallow learning curve. I went there having Exchange experience. Looks like good support forums, haven't had to use them.
I am running hmailserver in a virtual machine on a Linux host with other VM's. Have a separate domain name (about $10 a year), run all email through an anti-spam/AV service ($30 a year for 5 email addresses), router set up to only accept email from that service (port 25). AS/AV service will also archive email (seems like that was another $20 a year for 5GB), in case my mail server goes off line. I do pay for 5 static IP's (for other reasons) but I suspect that a Dynamic IP service would suffice.
Lou
"The trouble with children is that they are not returnable."
|
|
|
|
|
Could you send me some more details on your setup? The way you have it seems a lot more cost-effective then the way I was envisioning it. It seems that I would have to learn a lot to accomplish it being that my Linux exposure is pretty much zip.
if (Object.DividedByZero == true) { Universe.Implode(); }
Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
|
|
|
|
|
You don't have to use Linux, I use it because I also use it for my Workstation doing most of my development in Windows7/10 virtual machines. You could just as easily run the VM using a Windows system as the host, virtualbox and vmplayer are free to use, don't think player is open source though.
But, if you can program in Javascript, Linux has to be child's play.
If you would like more detail, email me.
Lou
"The trouble with children is that they are not returnable."
|
|
|
|
|
If you get any kind of web hosting it usually comes with an SMTP\POP3\IMAP server you can use and self-administer. There are also loads of mail-only providers too if you look. However if your password is "password123", or "gandalf" or the same password you use on an unrelated site that got hacked then your email is no more secure that using yahoo.
|
|
|
|
|
My broadband provider in the UK is Sky (the firm that made Microsoft rename it's Sky Drive to One Drive) and they used to use gmail is their underlying provider (who does a resell option on their platform so it's all on the sky domain and branded like Sky), but they moved to Yahoo a few years back so all of UK's Sky customers are in this boat too through no real fault of their own.
|
|
|
|
|
That is true. They didn't even bother to try fixing this.
Nothing. Zero. Null.
Instead, they let the internet spread a story how they were hacked. What a lie.
Actualy, how do we know is it any better now?
|
|
|
|
|
Why did she give her phone number to Yahoo/Google at first place? For safety reasons?
Once your/her account data is stolen, the mobile phone number is also stolen.
And bad guys from Russia, Mazambik or Serbia can easily make temporary fake phone from there.
There is no such thing as security on mobile. Smartphone plus internet equals disaster.
Multi-factor authentication is good, yet it cannot help you as long as your internet access point is on public router.
Once again: THERE IS NO SECURITY ON MOBILE!!!!!!!!!!!
|
|
|
|
|
Foothill wrote: Once they got into Sprint, they then proceeded to order 4 iPhone 7's
I wonder if I could somehow tell my bank/credit card company that they should automatically assume my account has been compromised if they ever see a transaction sending money to Apple. Because that should never happen, no matter how small the amount.
|
|
|
|
|
I wish that were possible. Sprint has made it rather easy for customers to manager their account and order new phones all from one simple interface. It also has the side effect of making it rather easy to order new phones and have them shipped anywhere in the U.S. once the account is compromised.
if (Object.DividedByZero == true) { Universe.Implode(); }
Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
|
|
|
|
|
Right.
I'm still genuinely wondering though whether anyone's actually given the idea of blacklisting a legitimate vendor more than a casual thought. I'll never give Apple any money. My folks will never buy anything from Amazon. Etc. Anyone wanting to change their minds should go through a whitelisting process that requires papers to be signed in person at said bank.
|
|
|
|