<invalid character>
- Why 0x56?
- It's a special number to me.
- Contributor to
- FactLayer. Links below👇
Joined Jun 2018
Any time a data breach occurs, watch out for piggyback scams. Scams which use recent breaches to try to trick you into giving up your data *again*.
Criminals don't care if you just got hurt, it makes you an easier target.
If an email asks you to sign in to update your credentials from a breach, treat it suspiciously.
Once again people, be very careful about what you put on your phone.
ProTip: when upgrading your yubikey or similar device, make sure you go through *every* account.
I was locked out of my work password manager for 2 days because I forgot that account.
I'm not going to tell you what to do, you've heard and others already.
https://www.wired.com/story/whos-in-town-map-instagram-location-history
With all the ransomware out there, remember: your second (and perhaps final) line of defence is to
do backups to _non-connected_ media.
I think most people here know better, but remind those less technical. Don't click on ads claiming to speed up, clean, or otherwise "fix" your computer.
https://www.infosecurity-magazine.com/news/millions-fall-victim-to-system-1/
Every single contributor to #CoSoSec has said it before.
Don't plug random sticks into your USB ports! Even if you get them from a company you trust.
https://www.vice.com/en_us/article/pajv5k/john-deere-promotional-usb-drive-hijacks-your-keyboard
FFS, these are infosec guys giving up their info!
https://betanews.com/2019/06/07/data-for-donuts/
Here's a little #SecurityHygiene tip. You *can* be tricked into giving personal info up, so don't use it to create a password. Don't use real personal information to fill in those stupid account recovery questions.
For both of those, use a password manager with a strong password generator and an encrypted vault to put the recovery question answers into.
Bruce Schneier uncharacteristically giving up... but still give you some good advice on securing what little identity you have left.
* Enable two-factor authentication
* Don't reuse passwords
* Get a password manager
* Disable the "secret questions" and other backup authentication mechanisms
* Watch your credit reports and your bank accounts for suspicious activity
* Set up credit freezes
* Be wary of email and phone calls you get
https://www.schneier.com/blog/archives/2019/05/protecting_your_2.html
If you want to be safe from credential stuffing, you need to make sure that every single password is absolutely unique and unguessable.
And theres only one way to do that.. use a password manager. If you want an extra layer of protection, also use unique usernames and email addresses. Many email providers accept a plus and some arbitrary characters between the username and @ sign. If not then something like https://guerrillamail.com can help you be unique.
A gentle #CoSoSec / #SecurityHygiene reminder.
Don't let your browser save your passwords, use a full password manager.
The article misses one point... if you're using chrome and signed in to google, then it *does* prompt you with a password request, however, this comes with another attack vector. If your gmail password is compromised, then your passwords are too.
(myself, my chrome passwords are all fake - a sort of honeypot)
ok, I haven't done one of these in a while, but here's a #SecurityHygiene / #CoSoSec post.
A reminder: turn on 2 Factor Authentication (2FA) this makes sure that if an attacker has your password, they still can't get in without a token that you should physically possess.
If given a choice, do not use email or SMS as this 2nd factor. They are easily intercepted.
Use TOTP (app based 2FA list here: https://www.protectimus.com/blog/10-most-popular-2fa-apps-on-google-play/)
Or if you feel like dropping $50 for real security, get a FIDO2 key.
Comcast's weak security helped phone number thieves
they were all defaulted to 0000
#SecurityHygiene tip: never accept a default pin, always change it ASAP.
I know I've said this before
But don't use other people's USB cables. EVER.
For anything.
Take Google's phishing quiz, see how well you do!
Facebook knowingly charged parents credit cards when children unwittingly purchased in-game microtransactions, then refused to refund the money.
https://gizmodo.com/report-facebook-knew-its-games-were-taking-money-from-1831866407
#SecurityHygiene tip: think very carefully about where you allow your credit card data to be saved. Not all vendors are PCI compliant, and others can easily be manipulated by a trusted 3rd party (like your child).
Remember that Town Of Salem breach earlier?
Yeah, well, if you were affected, then as if right now there is a 27% chance that your password is unhashed. (Now readable)
Devs.. don't use MD5 for hashing, but if you must, salt your passwords.
Everybody else... You don't know what kind of password security any given site is using so make sure that the password is unique and not guessable on another site.
Reminder - Tax season is upon us.
Watch out for IRS themed scams preying on fear or laziness.
With this Marriott breach, there's already a bunch of phishing attempts to screw over a second time.
Be wary of any email you get claiming to be from Marriott. Treat it with full skepticism, even if it looks legitimate. And don't click on any links in them until you're 175% sure it's legitimate.
sign up for https://haveibeenpwned.com/ for every email you use - CoSoGuard will alert you of breaches involving the email you use here, but this caught my work email.
<invalid character>
- Why 0x56?
- It's a special number to me.
- Contributor to
- FactLayer. Links below👇
Joined Jun 2018