Heartbleed Virus

[C-2]

I follow umpteen security blogs and I am also studying computer security...the good news is, few researchers seem worried about it. In fact, one trusted source put up a great analogy:

After all, if you swiped your credit card in a payment machine that you later felt uneasy about, you'd probably consider cancelling the card and asking your bank for a new one, without waiting to see if fraudulent transactions appeared.

That being said, you should be using different passwords for each site anyways, right?

Also, Google offers 2-facotr authentication for Gmail - where you need a password, and a number code they text you, in order to gain access to your account from a new, different or untrusted computer or phone. That means an attacker would need your password - and your physical phone in order to access your account. I think Yahoo even offers it. And most banks also offer 2-factor authentication.

In fact, I see Bank of America offers a a "smart card" which generates a one-time passcode that is synced to their servers. It looks like a credit card, you press a button and it generates the code. Pretty bad ass.

[Eli]

I follow umpteen security blogs and I am also studying computer security...the good news is, few researchers seem worried about it. In fact, one trusted source put up a great analogy:

After all, if you swiped your credit card in a payment machine that you later felt uneasy about, you'd probably consider cancelling the card and asking your bank for a new one, without waiting to see if fraudulent transactions appeared.

That being said, you should be using different passwords for each site anyways, right?

Also, Google offers 2-facotr authentication for Gmail - where you need a password, and a number code they text you, in order to gain access to your account from a new, different or untrusted computer or phone. That means an attacker would need your password - and your physical phone in order to access your account. I think Yahoo even offers it. And most banks also offer 2-factor authentication.

In fact, I see Bank of America offers a a "smart card" which generates a one-time passcode that is synced to their servers. It looks like a credit card, you press a button and it generates the code. Pretty bad ass.

Great info! Thanks!


Sent from my Bat Cave

[C-2]

Great info! Thanks!


Sent from my Bat Cave

You're welcome.

As a result of this scare, I bet Mateo changed his super secret, SOX compliant password from "password" to "12345".

Eh Mateo?

[Eli]

You're welcome.

As a result of this scare, I bet Mateo changed his super secret, SOX compliant password from "password" to "12345".

Eh Mateo?

Lmao


Sent from my Bat Cave

[ChumpChange]

You're welcome.

As a result of this scare, I bet Mateo changed his super secret, SOX compliant password from "password" to "12345".

Eh Mateo?

I'm more sophisticated than that. drowssap and 54321 are my go to's!

[bubblegoose1]

I'm more sophisticated than that. drowssap and 54321 are my go to's!

Hahaha....

[ptc]

the sites that have been recently 'hacked' are the ones that are screwing around asking you to renew your passwords, pick security pictures, pick new security questions.... its all a bunch of BS. there has to be an easier way to operate securely!

that would be verizon and yahoo.... but craigslist is SAFE! lol

And these hackers -that do this just for fun sake - I think an Ethiopian prison cell for 20 to life would be great punishment. This is serious shit!

[C-2]

the sites that have been recently 'hacked' are the ones that are screwing around asking you to renew your passwords, pick security pictures, pick new security questions.... its all a bunch of BS. there has to be an easier way to operate securely!

that would be verizon and yahoo.... but craigslist is SAFE! lol

And these hackers -that do this just for fun sake - I think an Ethiopian prison cell for 20 to life would be great punishment. This is serious shit!

Security pics and questions are a good thing.

Computer and phone security is inconvenient, no doubt. But then again, so is home and car security. There was a point in time in the early 1970's where a campaign was launched to get people to...lock their car doors.

I go around with wifey all the time about this. It's 2014, not 1999. Learning about computers and phones, and their applications, is no longer an "option"; it is now a requirement. Most companies do a good job of trying to educate their users - it's just the users don't listen.

Overcoming physical computer, network and information security is somewhat manageable - it's the user education which is lacking. Again, mainly because everybody dismisses learning as too cumbersome, or they have the "that won't happen to me" syndrome. Until of course, it does, at which time they blame the company, product or service.

Hackers for fun - those are known as "script kiddies". They call them that because all they are really doing is using an application/program to do the hacking, without understanding the process/function behind it. They don't care about details, script kiddies are like trained monkeys - they push a button to see banana's fall. And since they lack in-depth computer knowledge, they only attack the low hanging fruit - people who use weak passwords and who do not change default passwords on home routers and even voice mail.

A lot of the traditional crime rate is falling. Why? Because it's easier and less risky to sit behind a computer to rob a person. Cyber criminals and gangs are getting pretty sophisticated and unlike users who refuse to learn about security, criminals embrace learning about advanced computing topics. Keeps them out of jail.

Then you have the true "hackers", who plot, conspire amongst each other, surveill, plan and then launch attacks that can reap huge rewards. We're talking about people who dedicate their entire days/weeks/months to find new ways to break into your stuff. It's their full-time profession. Hard to stop them, it's usually more about damage control and insurance claims.

So, take advantage of the free security tools like 2-factor authentication, security pictures and questions, password managers, UPDATES UPDATES UPDATES, and for fucs sake, make sure they have correct and current phone numbers and email addresses for you.

[Eli]

pics .

You may be the person to ask...I went to the Apple store tonight to get my iPhone's missing belly button fixed. Girl 1 helps me and says "it will cost you $149" I'm upset bc I've had the phone 10 months and as a second replacement it's out of warranty. I ask for a manager and girl 2 helps me and says "sorry it will cost you $149 or call apple care and see if they will make an exception" I call Apple Care in the store and no success. I ask a guy, Mike, if I can speak with a manger. Mike says sure can you tell me what happened and I explain the whole story to him. He says have a seat and please don't leave we want to fix this bc you should not have had to call Apple Care. Then Mike goes to talk to someone, comes back and disables my "Find my iPhone" option and tells me they will replace my screen for free. Then has me disable my iPhone password. I joke and said something about how they are going to look at my pics. He adamantly said "No" and said it would take 30 min. I return and have a new screen.

Do you think they just jacked all my info? And pics?


Sent from my Bat Cave

[C-2]

You may be the person to ask...I went to the Apple store tonight to get my iPhone's missing belly button fixed. Girl 1 helps me and says "it will cost you $149" I'm upset bc I've had the phone 10 months and as a second replacement it's out of warranty. I ask for a manager and girl 2 helps me and says "sorry it will cost you $149 or call apple care and see if they will make an exception" I call Apple Care in the store and no success. I ask a guy, Mike, if I can speak with a manger. Mike says sure can you tell me what happened and I explain the whole story to him. He says have a seat and please don't leave we want to fix this bc you should not have had to call Apple Care. Then Mike goes to talk to someone, comes back and disables my "Find my iPhone" option and tells me they will replace my screen for free. Then has me disable my iPhone password. I joke and said something about how they are going to look at my pics. He adamantly said "No" and said it would take 30 min. I return and have a new screen.

Do you think they just jacked all my info? And pics?


Sent from my Bat Cave

Nah, people who do those sorts of things do them surreptitiously, not blatantly where any theft or hacking can easily be traced back to them.

I've changed out an iPhone screen before and disabling the screen lock to make the repair makes life a whole lot easier. They did it in 30 minutes, which is kicking ass, not enough time to mess with your phone AND make the repair.

I'm not an iPhone person, wifey and daughter have them. But, I'm pretty sure you only disabled your screen lock code, for continued access they would need your passwords (email/iCloud), and those are stored encrypted and not in plain text (text as opposed to the dots obscuring the text). True, they could have viewed or even downloaded pics and contacts...but geeks like that are looking for 20-something year old nudie pics. If you were a pain in their butt, they probably just wanted to get you the hell out of there.

Maybe some others can chime in on the iPhone stuff?