Search the Community
Showing results for tags 'read this!'.
Found 2 results
This post will cover the latest major breach of our data, how to check if any of your data has been involved, and then I discuss the best passowrd managers paid and free, for 2019 according to PC magazine articles. There are things you can do. This goes across OS' as if they get a Linux user's passwords and email etc. it is not because of OS choice or OS of choice vulnerability. When major data breaches occur many folks don't know what to do. Did they get mine? How do I know? Go here: https://haveibeenpwned.com/ and enter your email address to see if your passwords have been taken. If so you might want to consider getting a password manager. I will be doing that for the first time in addition to my VPN, which for some sites and streaming services I have to turn off. The two breaches of mine were one from 2013 with Adobe which email and password have never been used again. The other was from River City Media, and while they did get addresses, they got no passwords on the second. However the 2012 Disqus breach announced in 2017 did get an old password no longer used. Scroll down when you check if you were pwned to see your details if any. They are important. (My wife's emails had no pwns!) My details, pwned results are these: Adobe: In October 2013, 153 million Adobe accounts were breached with each containing an internal ID, username, email, encrypted password and a password hint in plain text. The password cryptography was poorly done and many were quickly resolved back to plain text. The unencrypted hints also disclosed much about the passwords adding further to the risk that hundreds of millions of Adobe customers already faced. Compromised data: Email addresses, Password hints, Passwords, Usernames River City Media Spam List (spam list): In January 2017, a massive trove of data from River City Media was found exposed online. The data was found to contain almost 1.4 billion records including email and IP addresses, names and physical addresses, all of which was used as part of an enormous spam operation. Once de-duplicated, there were 393 million unique email addresses within the exposed data. Compromised data: Email addresses, IP addresses, Names, Physical addresses Disqus: In October 2017, the blog commenting service Disqus announced they'd suffered a data breach. The breach dated back to July 2012 but wasn't identified until years later when the data finally surfaced. The breach contained over 17.5 million unique email addresses and usernames. Users who created logins on Disqus had salted SHA1 hashes of passwords whilst users who logged in via social providers only had references to those accounts. Compromised data: Email addresses, Passwords, Usernames Read about this latest huge breach! Excerpt: " The best time to stop reusing old passwords was 10 years ago. The second best time is now. In one of the largest public data breaches, a collection containing more than 87 gigabytes of personal information was leaked online. The data dump, titled "Collection #1," was hosted on the cloud service Mega, and had 772,904,991 email addresses, and 21,222,975 passwords. The treasure trove of private information was discovered by Troy Hunt, a security researcher and founder of the "Have I Been Pwned" service. The login credentials appear to have been stockpiled over years, as some passwords and emails come from 2008, Hunt said on his blog. The information comes from more than 2,000 different sources, Hunt said. You can check if you were affected by the breach by entering your email address on Have I Been Pwned. And you can see if individual passwords were compromised by clicking here. Breaches continue to happen on a massive scale as companies collect data on millions of people and fail to protect them properly. Marriott experienced one of the largest personal data breaches in history, losing personal information belonging to 383 million guests, while hackers hit Yahoo and stole data belonging to 3 billion accounts. The big numbers don't always equate to dire after-effects; the breach of Yahoo accounts, for instance, isn't likely to have the same potential for damage as the compromising of 147.7 million Social Security numbers taken in the Equifax breach. With this recent leak, it's a reminder for people to change their passwords, or start using a password manager that can automatically generate secure passwords for you. The best defense...: Data breaches can sucker-punch you. Prepare to fight back." The full article is here with a lot of good hotlinks to other related information: https://www.cnet.com/news/massive-breach-leaks-773-million-emails-21-million-passwords/?ftag=CAD1acfa04&bhid=20640562413884385817807471581031 I would like the members here to open a new topic on the connecting on the road forum citing this article and recommendations for password managers and tips. I would like to read them myself from folks using password managers because I found old passwords breached when I went to the haveIbeen pwnd website (Link above)on both of my email addresses. It is a royal PITA to change all my email addresses. More of a PITA to get identity theft resolved or monies returned. Fortunately I have already begun moving my email addresses in preparation for our move to another state. I am now changing the passwords to our important websites for shopping and banking. And after I read all of these links, I will pick a free or paid password manager. Here is an excellent description of password managers: https://www.sans.org/security-awareness-training/ouch-newsletter/2017/password-managers Here is PC Magazine's The Best Password Managers for 2019 Still using your kid's birthday as your universal password? You're heading toward trouble. With a password manager, you can have a unique and strong password for every secure website. We've evaluated two dozen of the best password managers to help you choose. https://www.pcmag.com/article2/0,2817,2407168,00.asp All of the products in the chart above earned at least 3.5 stars, and all of them cost money (though you can use some of them for free if you accept certain limitations). If you don't want to spend money and don't want limitations, don't worry. We've rounded up free password managers in a separate article. Most of the free tools lack the most advanced features, but they get the job done. Whether free or paid, a password manager is something everybody needs. Here are the best free ones article: The Best Free Password Managers for 2019 A password like '123456' may be easy to remember, but it's also equally easy to guess or hack. These are the best free password managers that can help you keep track of strong, unique passwords for every secure site you use. https://www.pcmag.com/article2/0,2817,2475964,00.asp I am likely to go with the #1 or #2 password manager on the free list. But if anyone has experience with Password managers for pay and why one of them might be better with personal experience please chime in. Safe surfing and travels!
Folks, You'll need to read the article, then check out the list of OK third party AV/anti-malware and make sure you get this done because if not, MS won't risk bricking your computer. The good news is that Malwarebytes and Microsoft's Windows Defender are fine. I use Malwarebytes Premium (paid for) and the built in Windows Defender. Excerpt: "Microsoft won't let you install future security updates until your antivirus vendor sets a specific registry key that certifies compatibility with Windows. As part of this week's security updates for the Meltdown and Spectre CPU attacks, Microsoft required that all third-party antivirus vendors confirm compatibility with its CPU fixes and then to set a registry key in their products to certify compatibility. Without the key being set, Microsoft's security update simply won't install." Because some antivirus vendors are using very questionable techniques they end up [causing] systems to blue screen of death -- aka get into reboot loops. This shouldn't be possible in the latest operating systems, but some antivirus vendors have managed it by taking themselves into the hypervisor... Antivirus makers really shouldn't be messing with systems like this." He estimates there are five key vendors that use this technique. Beaumont argues Microsoft should set a date for when it will no longer require the compatibility registry key or risk a large number of machines going without patches. On the flip side, the vast majority of consumer PCs would not be using next-gen security products. Currently, the list of fully compatible antivirus currently includes Avast, AVG, Avira, Bitdefender, ESET, F-Secure, Kaspersky, Malwarebytes, Sophos, and Symantec. McAfee, Trend Micro, and Webroot are among the firms that will soon join this group." The full article with links is here: http://www.zdnet.com/article/microsoft-no-more-windows-patches-at-all-if-your-av-clashes-with-our-meltdown-fix/?loc=newsletter_large_thumb_related&ftag=TRE49e8aa0&bhid=19724681974700635514865380622813 Now once you read the article, go here for the complete list of compatible security programs: https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview