Brontoforumus Archive

Please login or register.

Login with username, password and session length
Advanced search  

News:


This board has been fossilized.
You are reading an archive of Brontoforumus, a.k.a. The Worst Forums Ever, from 2008 to early 2014.  Registration and posting (for most members) has been disabled here to discourage spambots from taking over.  Old members can still log in to view boards, PMs, etc.

The new message board is at http://brontoforum.us.

Pages: 1 2 [3] 4 5 6 7 8 ... 11

Author Topic: Computer security  (Read 25577 times)

0 Members and 1 Guest are viewing this topic.

Brentai

  • https://www.youtube.com/watch?v=DnXYVlPgX_o
  • Admin
  • Tested
  • Karma: -65281
  • Posts: 17524
    • View Profile
Re: Computer security
« Reply #40 on: February 10, 2009, 08:07:29 PM »

The trick is not to give two shits if people know you enjoy rori.
Logged

Mothra

  • ┐('~`;)┌ w/e
  • Admin
  • Tested
  • Karma: -62198
  • Posts: 3778
    • View Profile
Re: Computer security
« Reply #41 on: February 10, 2009, 08:23:15 PM »

As a general rule people will accept no reality other than that you have exactly three different pictures of Jessica Simpson, Lucy Liu, and Angelina Jolie on your computer at any given time. You enter into a binding contract upon agreeing to try and be friends with people who aren't horrific social trainwrecks that you will entertain this presentation of yourself at all costs.

If only you understood what was at stake, Brentai... a single stray Faye sideboob or blushy Yuki and the delicate house of cards explodes into a fiery inferno of social ostracization. The world isn't yet ready.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #42 on: February 10, 2009, 08:45:06 PM »

I have a tendency to get a bit paranoid so uh, this could just me baselessly overthinking things, but say your roommate is in charge of the wireless network and router and all that jazz, and is hells of computer savvy. With such limitless power, is it conceivable this individual could spy on one's searches, computer content, stuff like that?

Yes.

Every bit that passes between your computer and that router can be observed in transit.

The stuff that's encrypted (ie any site using SSL) can't really be cracked (though if you're that paranoid, it's always possible he could just put a keylogger on your machine and find out your passwords), but E-Mail and standard HTTP are not encrypted.
Logged

Mothra

  • ┐('~`;)┌ w/e
  • Admin
  • Tested
  • Karma: -62198
  • Posts: 3778
    • View Profile
Re: Computer security
« Reply #43 on: February 10, 2009, 08:55:03 PM »

Awwwwwwww dicks
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #44 on: February 10, 2009, 09:00:35 PM »

A couple more general rules of thumb:

  • Worrying about whether your roommate can snoop your data on the router misses the point.  Your computer is not safe from anyone who has physical access to it, period.  If you're seriously worried about being spied on by someone you live with, you're already boned; all he has to do is wait until you leave the house and then he can go into your room and boot from a CD or USB drive, access all your data, and put whatever software he wants on there.  So I'm hoping this is a tongue-in-cheek hypothetical, because if you're serious you could be in real trouble here.
  • The weakest link in any security system is your password.  An attacker isn't going to try to break 128-bit encryption, he's going to try to guess your password.  Ideally you should use a different password for every single thing you do, and they should all be random, mixed-case, and alphanumeric.  Inasmuch as it's rather difficult to actually keep a head full of random alphanumeric passwords (though as a former netadmin it's something I'm perfectly capable of myself), you should at least use strong passwords for the important sites (ones that have access to your bank account, credit cards, SSN, etc.), and again, don't double up, use a unique one for each site.  ...Though again, if he's got physical access to your machine, none of that matters as he can just stick a keylogger on there while you're out.
Logged

Mothra

  • ┐('~`;)┌ w/e
  • Admin
  • Tested
  • Karma: -62198
  • Posts: 3778
    • View Profile
Re: Computer security
« Reply #45 on: February 10, 2009, 09:10:23 PM »

He's a man of solid character, insofar as I've been able to tell. I really don't expect him go into my room and seriously make an attempt to root through my stuff, though I do have a password/anti-keyloggers up for the rest of those ever-scheming and clearly malicious people I live with, thanks again to the before-mentioned baseless paranoia. The roommate's got a job working online like twenty-four hours a day, so I'm mostly concerned with the guy just getting bored or a bit-stir crazy and taking a look through whatever nebulous cloud of shameful information is floating around our router's tubes. It'd be a shitty thing to do, of course, but I can see someone rationalizing it when they know nobody else can tell they've been looking.

Again, though, probably should just assume he's not an enormous asshole and stop worrying like a ninny. I mean it's not like my entire social life is at stake or anything.

also: Much appreciated
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #46 on: February 10, 2009, 09:19:29 PM »

I don't know anyone who sniffs packets for fun.

Now, if he ever has occasion to monitor traffic on the router for any other reason, he might stumble across some of your stuff while he's looking for something else, though it'd take some effort to reconstruct binary files and he'd be much more likely to see, say, websites you've been to and E-Mails you've sent -- plain-text stuff.

I'd say that's a bit of a longshot; the only time I've ever really needed to sniff packets was in a netadmin job, searching for the source of a DoS attack.

My strongest defense against my roommate finding out anything embarrassing about things I do on the Internet is that I don't get embarrassed by anything.  (Also, I know for a fact his porn collection is full of much grosser stuff than mine.  I had the sincere displeasure of finding some pics he'd left in my browser cache some 10 years ago when I was doing that file recovery on KateStory 9 last fall.  Then I gave him shit for it in front of his girlfriend and all our friends, so I consider us even.)

(...actually, I lied.  I got pretty embarrassed by KateStory 9.)
Logged

sei

  • Tested
  • Karma: 25
  • Posts: 2085
    • View Profile
Re: Computer security
« Reply #47 on: February 11, 2009, 02:13:39 AM »

We all did.
Logged

Arc

  • Admin
  • Tested
  • Karma: 0
  • Posts: 3703
    • View Profile
Re: Computer security
« Reply #48 on: February 11, 2009, 08:27:44 AM »

Logged

TA

  • Tested
  • Karma: 29
  • Posts: 3219
    • View Profile
Logged
Do you understand how terrifying the words “vibrating strap on” are for an asexual? That’s like saying “the holocaust” to a Jew.

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #50 on: November 04, 2009, 06:09:18 PM »

...I'm really quite amazed at how Microsoft still hasn't figured out this privilege escalation thing.  UAC's a goddamn sugar pill; you're still running everything as an administrator by default, all malware authors have to do now is code something that says "yes" to the popup that asks you if you're sure you want to run this program.

The real :facepalm: of the whole thing is that it's one trivial change away from being something that might actually, you know, work: it's simple to go into Control Panel and set up an admin account and demote your main account to lower privileges so that you get a password prompt instead of just a yes/no prompt.  But that's not activated out of the box, and the vast majority of users will stick with the defaults.
Logged

Rico

  • Tested
  • Karma: 18
  • Posts: 1916
    • View Profile
Re: Computer security
« Reply #51 on: November 04, 2009, 07:22:27 PM »

Yeah, I used the user/password prompt thing in Vista and it worked exactly like UAC except, y'know, functional.
Logged

Kayma

  • kodePunc Team
  • Tested
  • *
  • Karma: 31
  • Posts: 2692
    • View Profile
    • http://twitter.com/kayma
Re: Computer security
« Reply #52 on: November 04, 2009, 08:45:01 PM »

I've always wondered about that. What could possibly be the reason that UAC prompts don't ask for your password?
Logged

JDigital

  • Tested
  • Karma: 32
  • Posts: 2786
    • View Profile
Re: Computer security
« Reply #53 on: November 04, 2009, 09:24:40 PM »

I've always wondered about that. What could possibly be the reason that UAC prompts don't ask for your password?

Users might get too accustomed to entering their password into any box that asks.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #54 on: November 05, 2009, 09:04:26 PM »

That'd be pretty piss-poor reasoning, though.  Sort of like solving the problem of people living their keys in the ignition by just not putting a lock on it.
Logged

Bongo Bill

  • Dinosaurcerer
  • Tested
  • Karma: -65431
  • Posts: 5244
    • View Profile
Re: Computer security
« Reply #55 on: November 05, 2009, 10:02:25 PM »

Passwords aren't as simple as keys, especially if you didn't grow up with 'em. It's not, after all, like you see thieves walking around disguised as ignition keyholes.

Give it another generation, though, tops.
Logged
...but is it art?

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #56 on: November 09, 2009, 08:16:48 PM »

So, okay.

Annoying:

When a program doesn't have an installer and I just unzip it into Program Files (x86), I have to enter an admin password to:

1. Create a directory.
2. Rename the directory.
3. Extract files to the directory.


Positively enraging, fuck fuck somebody help me fix this bullshit NOW:

When a program isn't digitally signed, it gives me a UAC prompt every fucking time I open it.

There is an "Always ask before opening this file" checkbox.  Unchecking it:
1. prompts me for a password;
2. fucking doesn't do anything.

I found a (slightly outdated) guide on how to disable UAC per-application, but so far it hasn't actually worked.  I've tried the flag it suggested (RunAsInvoker) and also a different one (SpecificNonInstaller); no luck.

Given that this PC is supposed to be a motherfucking media center/emulator launcher, this is a crippling problem.
Logged

Beat Bandit

  • be entranced by my sexy rhythm
  • High-Bullshit
  • Tested
  • Karma: -65418
  • Posts: 4293
    • View Profile
Re: Computer security
« Reply #57 on: November 09, 2009, 08:28:32 PM »

MSConfig - tools - disable UAC. I needed to do it to get a mod working and I'm very glad I did.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #58 on: November 09, 2009, 08:46:40 PM »

Oh, I know how to disable it entirely.  I want to be able to do it on a per-program basis.  Or, to put it another way, get it to treat certain specific unsigned executables the same way it treats signed ones.

The principle behind UAC is perfectly sound, it's just the implementation that's FUBAR.
Logged

Thad

  • Master of Karate and Friendship for Everyone
  • Admin
  • Tested
  • Karma: -65394
  • Posts: 12111
    • View Profile
    • corporate-sellout.com
Re: Computer security
« Reply #59 on: November 10, 2009, 05:37:44 PM »

Got it!

The step I was getting wrong in Compatibility Administrator: I was selecting "None" as the compatibility environment.  Selecting "Windows XP (SP2)" did the job.

(Via.)
Logged
Pages: 1 2 [3] 4 5 6 7 8 ... 11