Little Pig, Little Pig! Let Me Admin! (Security Thread)

User avatar
sei
Posts: 1079
Joined: Mon Jan 20, 2014 6:29 pm

Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby sei » Tue Jan 21, 2014 7:36 pm

Ars Technica article about malware & spyware vendors attempting to purchase access to extensions as a means of backdooring and data collection.

Scary shit. Some suggested having some notifications show up when an extension changes ownership. Chrome's existing job of letting you know when an extension requires new permission is a fair start. Extensions needed to style or inject elements (Stylish, some media downloaders) already have that scary "all data across all sites" permission, so it's not even close to perfect, as a precaution.
Image


User avatar
Angryoptimist
Posts: 18
Joined: Tue Jan 21, 2014 8:16 pm

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Angryoptimist » Sat Jan 25, 2014 1:05 pm

This was bound to happen sooner or later. It's easy to do and, well, it's running code from the Internet; you always have to be careful running code from the Internet, be it an .exe, a plugin, an extension, or even Javascript.

These days, I install extensions only after quick read through of their code and prefer ones licensed under a copyleft license; my theory being that someone who's ideologically motivated to choose something like the GPL is at least less likely to then turn around and insert malicious code.

User avatar
Thad
Posts: 13170
Joined: Tue Jan 21, 2014 10:05 am
Location: 1611 Uranus Avenue
Contact:

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Thad » Thu May 22, 2014 4:29 pm

Reset your ebay password.

But under no circumstances should you listen to ebay's terrible password strength indicators.

User avatar
sei
Posts: 1079
Joined: Mon Jan 20, 2014 6:29 pm

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby sei » Thu May 22, 2014 6:52 pm

Thank you, Thad!
Image

User avatar
Thad
Posts: 13170
Joined: Tue Jan 21, 2014 10:05 am
Location: 1611 Uranus Avenue
Contact:

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Thad » Fri May 30, 2014 2:08 am

Know anyone who's still using Windows XP?

You've probably heard it's not getting security fixes anymore.

Well, not on PC's.

But it is on embedded devices.

And how does Windows Update know the difference between a PC and an embedded device?

By a simple, easily-changed registry key.

My grandfather's still using Windows XP. We're debating whether to switch him to Win7 or Xubuntu. Either one, with proper tweaking, can look pretty much like WinXP.

I'm more concerned about MS Office. He uses Excel heavily, and Office 2003 support ceased at the same time WinXP support did. I think it would be cruel to try to make somebody his age switch to Office 2007 or later, but I'm not sure LibreOffice would be familiar enough to him either.

User avatar
IGNORE ME
Woah Dangsaurus
Posts: 3679
Joined: Mon Jan 20, 2014 2:40 pm

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby IGNORE ME » Fri May 30, 2014 2:28 am

I haven't used LibreOffice in a while but unless it tried to ape the ribbon design for some reason, my experience with introducing people who've been weaned on oldstyle Excel to it is: They couldn't tell the difference, but complained that it was because it was different any time it didn't do something they wanted, that Excel also didn't do.

User avatar
Mongrel
Posts: 21290
Joined: Mon Jan 20, 2014 6:28 pm
Location: There's winners and there's losers // And I'm south of that line

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Mongrel » Fri May 30, 2014 2:45 am

You know what's funny? I did set my Win7 install to be like XP. Not because I'm THAT dependant on clinging to the familiar, but because it has much less wasted space compared to Win7 and later.

Of course, I expect there's a way to make the Win7 native schemes equally minimalist with a little simple work. But it was a lot simpler to just hit the big "look like XP" button.
Image

User avatar
IGNORE ME
Woah Dangsaurus
Posts: 3679
Joined: Mon Jan 20, 2014 2:40 pm

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby IGNORE ME » Fri May 30, 2014 3:32 am

I did that for a while but after a few monitor upgrades I just stuck with the default UI. XP was not designed at a time when 1920x1080 was a standard.

User avatar
Thad
Posts: 13170
Joined: Tue Jan 21, 2014 10:05 am
Location: 1611 Uranus Avenue
Contact:

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Thad » Fri May 30, 2014 11:32 am

Mongrel wrote:You know what's funny? I did set my Win7 install to be like XP. Not because I'm THAT dependant on clinging to the familiar, but because it has much less wasted space compared to Win7 and later.


Not in the taskbar, it doesn't.

But yeah I'm sure he'll want the taskbar to look like XP's. (He won't miss QuickLaunch, though; I can tell by what's in it that he never uses it.)

User avatar
Mongrel
Posts: 21290
Joined: Mon Jan 20, 2014 6:28 pm
Location: There's winners and there's losers // And I'm south of that line

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Mongrel » Fri May 30, 2014 12:06 pm

You can manually add quicklaunch icons to the Win7 taskbar.

And by less wasted space on the taskbar, are you talking about the way Win7 groups all windows of the same program into one icon? Because I don't actually like that - I prefer reaching my programs with a single click. Or do you just mean the size of the taskbar? Because I think the default 7 taskbar is slightly larger?

I'm using it at 1920 x 1200 and it works fine for me :dunno:
Image

User avatar
Thad
Posts: 13170
Joined: Tue Jan 21, 2014 10:05 am
Location: 1611 Uranus Avenue
Contact:

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Thad » Fri May 30, 2014 1:16 pm

Mongrel wrote:And by less wasted space on the taskbar, are you talking about the way Win7 groups all windows of the same program into one icon? Because I don't actually like that - I prefer reaching my programs with a single click. Or do you just mean the size of the taskbar? Because I think the default 7 taskbar is slightly larger?


It's slightly taller (assuming you keep it on the top or bottom) but eliminating the program name and showing just an icon significantly reduces the amount of space each program takes up, and is far friendlier if you want to stick the taskbar on the side of your screen like you probably should if you've got a widescreen monitor.

Again, though, I wouldn't make my grandfather do any of that stuff; he's used to program labels and a taskbar at the bottom of the screen and I'm going to let him have them. This is a guy who stuck with his Mac Classic until it finally died sometime in the late 1990's; he does not like change.

User avatar
Mongrel
Posts: 21290
Joined: Mon Jan 20, 2014 6:28 pm
Location: There's winners and there's losers // And I'm south of that line

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Mongrel » Fri May 30, 2014 1:24 pm

Oh, I don't mind the labels. If I have five Excel windows open, I like to know which is which without actually clicking.
Image

User avatar
Thad
Posts: 13170
Joined: Tue Jan 21, 2014 10:05 am
Location: 1611 Uranus Avenue
Contact:

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Thad » Fri May 30, 2014 1:32 pm

And if that helps you navigate, more power to you. I'm all for keeping things like that as options for users who like them. But I think removing it as the default was a good call, saves a lot of space, and is a practical necessity if you want your taskbar on the side of your screen instead of the bottom, which is a serious consideration if you're looking at reducing negative space now that we're working on 16:9 and 16:10 monitors instead of 4:3.

User avatar
Mongrel
Posts: 21290
Joined: Mon Jan 20, 2014 6:28 pm
Location: There's winners and there's losers // And I'm south of that line

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Mongrel » Fri May 30, 2014 1:44 pm

Yeah, I mean customization is going to come down to preference.

Since I have widescreen, I actually prefer my bottom bar as it's a shorter distance to travel to click than if it was on the right hand side of the screen. You'll note that a common theme of mine is minimizing physical motions and actions. I also have my mouse sensitivity pretty high.

Aesthetically I don't seem to care - I like everything looking barebones and functional such that the XP scheme actually has a bit of a twisted appeal to me in that it's just these bland grey bars. My background is actually just as bland, being a dark blue-grey colour and no image.
Image

User avatar
sei
Posts: 1079
Joined: Mon Jan 20, 2014 6:29 pm

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby sei » Fri May 30, 2014 5:04 pm

truecrypt.org is redirecting to truecrypt.sourceforge.net, which is recommending people switch to bitlocker.

There are some theories flying around as to whether it's a site defacement, an official announcement, or a misfire of an inadvertent activation of a dead man's switch. Dust hasn't settled, but the last thing approaching consensus that I'd seen is that the TC devs were abandoning the project and not giving an especially good reason for doing so. Unsettling stuff; Lavabit incident comes to mind.

Image

User avatar
Thad
Posts: 13170
Joined: Tue Jan 21, 2014 10:05 am
Location: 1611 Uranus Avenue
Contact:

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Thad » Wed Jul 02, 2014 6:20 pm


User avatar
IGNORE ME
Woah Dangsaurus
Posts: 3679
Joined: Mon Jan 20, 2014 2:40 pm

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby IGNORE ME » Wed Jul 02, 2014 8:05 pm

FYI, we're on No-IP dynamic DNS too. Doesn't seem to have caused any problems yet but be aware that shenanigans are taking place within the Brontoforumus infrastructure.

User avatar
Thad
Posts: 13170
Joined: Tue Jan 21, 2014 10:05 am
Location: 1611 Uranus Avenue
Contact:

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Thad » Thu Aug 07, 2014 4:17 pm

You've probably seen the "Russian firm steals 1.2 billion passwords" story making the rounds.

Here's what Schneier has to say about it:

As expected, the hype is pretty high over this. But from the beginning, the story didn't make sense to me. There are obvious details missing: are the passwords in plaintext or encrypted, what sites are they for, how did they end up with a single criminal gang? The Milwaukee company that pushed this story, Hold Security, isn't a company that I had ever heard of before. (I was with Howard Schmidt when I first heard this story. He lives in Wisconsin, and he had never heard of the company before either.) The New York Times writes that "a security expert not affiliated with Hold Security analyzed the database of stolen credentials and confirmed it was authentic," but we're not given any details. This felt more like a PR story from the company than anything real.

Yesterday, Forbes wrote that Hold Security is charging people $120 to tell them if they're in the stolen-password database[.]

User avatar
sei
Posts: 1079
Joined: Mon Jan 20, 2014 6:29 pm

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby sei » Thu Aug 07, 2014 5:27 pm

Malware targeting NAS demands ransom to return access to system.

First noticed it with Synology, but I guess there are other strains and now a site that recovers files locked behind NAS ransomware (via krebs) .
Image

Who is online

Users browsing this forum: No registered users and 27 guests