"Bad actors" eh?

I blame this guy:




He may have had an accomplice ...

Bobby. wrote on Oct 17^th, 2022 at 1:30pm:


Two iphones ago I was using an encrypted one.  It was good, I thought I was clever and organised.

Then I bought a new phone, restored the last backup onto it then dealt with the usual exceptions.  It said that the pwd manager was no longer supported by the supplier and that the last version did not work on the latest iOS.  I lost the lot probably about 40 -> 50 at the time.

I have not used one since.

random wrote on Oct 17^th, 2022 at 2:11pm:



You were ripped off.

Bobby. wrote on Oct 17^th, 2022 at 1:30pm:


I don't trust them, but I do use the Samsung inbuilt one on my phone.

For the PC - I use an ancient piece of software called PassKeep

It encrypts the manually added passwords. I don't trust my banking passwords to a cloud based password store but I have no real alternative for the ones on the phone.


My master password is 16 characters long so it is "fairly difficult" to crack. and no, it is NOT "fairly_difficult" 

129,629,238,163,050,258,624,287,932,416 possible combinations.


Edit: correction, it is 16 characters long.

random wrote on Oct 17^th, 2022 at 2:11pm:


Oh WOW !!!!!!!!!!

I have thought, what if you forget your password manager password?

I've been looking at a password manager that doesn't include external(to me and out of my control) data and thought this may be the way to go if you have your own "cloud services" to host it your self..

https://www.xbrowsersync.org/

Bobby. wrote on Oct 17^th, 2022 at 7:02pm:


You would have to ask yourself why people publish their code under GPL LGPL or BSD licenses.

Bobby. wrote on Oct 17^th, 2022 at 7:24pm:


Never used something like wireshark?

Here's a good test.

Go to

https://www.grc.com/intro.htm

click shields up

click shields up  again on the list

click proceed

click common ports

see if they are all stealth

go back one page
click all service ports

see if they are all stealth


Also - there are many other good tests on that website.

Setanta wrote on Oct 17^th, 2022 at 7:14pm:


I used to back in the day - not everything is about money

Spot

@ Reply #20,

Good post, food for thought.

Online scam quiz on the ABC website.

https://www.abc.net.au/news/2022-10-17/would-you-fall-for-these-scams-take-the-t...

Frank wrote on Oct 18^th, 2022 at 10:06am:


Some of the questions are a bit dodgy.

Things like you have received the overpayment but then they change the parameters in the answer to be that you didn't receive the money.

Also, an email trail from a known client turns into a "fake letterhead"?

Pfft.

John_Taverner wrote on Oct 18^th, 2022 at 8:51am:




John_Taverner,

That system of a 'hands-on-generation' of a personal p/w code has potential.



Q.
What if the BASE CALCULATOR site you have used previously 'goes down' [is no longer available] ?

For 1/ consistent [same source calculation] and 2/ an 'always available', calculation,     maybe we would have to D/L a stand alone BASE CALCULATOR tool [to your computer] ? ]



Check out the base-36 to base-21 calculation from these 3 diff sites, for the code;
AustralianPoliticsForum

Two produced the same code.    But one calculated a completely different code from the other two !!!

That is worrying.

----- >

http://extraconversion.com/base-number#conversion
AustralianPoliticsForum base-36 to base-21
7iaf2dcf64d01dh87bd618ed46g

https://math.tools/calculator/base/36-21
AustralianPoliticsForum base-36 to base-21
7IAF2DCF64CKG7988EI2B7G35KG


https://www.asknumbers.com/BaseNumberConversion.aspx
AustralianPoliticsForum base-36 to base-21
7IAF2DCF64CKG7988EI2B7G35KG


1st, 2nd, 3rd...
7iaf2dcf64d01dh87bd618ed46g
7IAF2DCF64CKG7988EI2B7G35KG
7IAF2DCF64CKG7988EI2B7G35KG

Bobby. wrote on Oct 17^th, 2022 at 8:08pm:


Wireshark is just a network capable packet analyser it isn't primarily a hacking tool. You need to set your interface to promiscuous mode to enable network packets to be captured. You will get the TCP/IP packets which require a fair amount of knowledge to understand. I have never even looked at IP6 packets.

I remember when I was trained in TCP /IP they the trainer had been a contractor to NASA and the US military. He said that he intended to retire when IP 6 became prevalent. I have a fair idea of what is going on in an IP4 network, IP6 no idea.

Dnarever wrote on Oct 19^th, 2022 at 11:15pm:


I don't have the encryption key but I do have 2 copies of the unencrypted text document saved on external drives.

I also have it printed out and hidden away in case of the unlikely event of losing all 3.

https://arstechnica.com/information-technology/2022/12/lastpass-says-hackers-hav...




Dan Goodin - 12/23/2022, 9:43 AM








LastPass, one of the leading password managers, said that hackers obtained a wealth of personal information belonging to its customers as well as encrypted and cryptographically hashed passwords and other data stored in customer vaults.

The revelation, posted on Thursday, represents a dramatic update to a breach LastPass disclosed in August. At the time, the company said that a threat actor gained unauthorized access through a single compromised developer account to portions of the password manager's development environment and "took portions of source code and some proprietary LastPass technical information." The company said at the time that customers’ master passwords, encrypted passwords, personal information, and other data stored in customer accounts weren't affected.
Sensitive data, both encrypted and not, copied

In Thursday’s update, the company said hackers accessed personal information and related metadata, including company names, end-user names, billing addresses, email addresses, telephone numbers, and IP addresses customers used to access LastPass services. The hackers also copied a backup of customer vault data that included unencrypted data such as website URLs and encrypted data fields such as website usernames and passwords, secure notes, and form-filled data.

“These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture,” LastPass CEO Karim Toubba wrote, referring to the Advanced Encryption Scheme and a bit rate that’s considered strong. Zero Knowledge refers to storage systems that are impossible for the service provider to decrypt. The CEO continued:

    As a reminder, the master password is never known to LastPass and is not stored or maintained by LastPass. The encryption and decryption of data is performed only on the local LastPass client. For more information about our Zero Knowledge architecture and encryption algorithms,