EVE Search - General Warning: Two way authentication is useless

All Channels

EVE General Discussion

General Warning: Two way authentication is useless

» Click here to find additional results for this topic using Google

Monitor this thread via RSS [?]

Pages: 1 2 :: [one page]
Author	Thread Statistics \| Show CCP posts - 0 post(s)
Nalia White Tencus 255	Posted - 2017.06.15 20:27:28 - [1] - Quote Hey there Just want to throw it out there. I was using Google authenticator for EvE and despite this i found my accounts closed and ccp told me there was a third party that logged into my accounts and deleted all the skills and other stuff... just logged in again to check a few things. not too much missing i think. Haven't got the time to go through all stuff but looks not too bad. I really want to thank CCP for this. It was always a nightmare for me since i play online games to have my accounts get stolen or hacked or whatever... That is also why i used two way authentication. However... I still got hacked... No idea how, i even use mobile authentication with my main e-mail address now... I have searched my PC at home and in the company with malwarebytes and other tools... nada. Quite paranoid at the moment. So yeah. go secure your e-mail addresses as good as possible. Syndicate - K5-JRD Home to few, graveyard for many My biggest achievement
Marcus Tedric Zebra Corp Goonswarm Federation 139	Posted - 2017.06.15 21:16:10 - [2] - Quote Nalia White wrote: ..................... So yeah. go secure your e-mail addresses as good as possible. After having been hacked just once - it wouldn't surprise me to find out that you have e-mail access on your mobile phone. Unless you have as robust a firewall and anti-malware s/w on your phone and your PC - then you are wide open. Personally I'll never have e-mail on my phone again - and will never use any banking apps. Don't soil your panties, you guys made a good point, we'll look at the numbers again. - CCP Ytterbium
Nalia White Tencus 255	Posted - 2017.06.15 21:30:02 - [3] - Quote i use my private e-mail maybe once a week and don't need to use it one my phone. there i only have the e-mail of my company. it's rather strange. Syndicate - K5-JRD Home to few, graveyard for many My biggest achievement
Axhind Eternity INC. Goonswarm Federation 368	Posted - 2017.06.15 21:35:08 - [4] - Quote My guess would be reuse of login credentials combined with CCP implementing fallback in case you lose your authenticator data.
Boni d'Age Big Blue Test Icicles 0	Posted - 2017.06.15 21:45:06 - [5] - Quote Came back after few years, couldn't remember original account. Finally figgred out cha names and what address I used after alot of chatting to help. Result Apparently my account was banned, while I've been away. Due to account sharing and other actions and passwords are our problem, so they won't discuss it any further. I did point out how I be lived it was likely hacked or stolen (lost my pc years ago) but they won't answer anymore as password security is not there concern and totally customers fault (obviously hacking and stuff is a myth) Luckily I still had an old account on another e-mail.
Mr Epeen It's All About Me 11409	Posted - 2017.06.15 22:40:49 - [6] - Quote Nalia White wrote: secure your e-mail addresses That's what I've always done. I've played a lot of games over the last few decades. Many of them MMOs and many more that require an email address for online DRM. Never once have I had any acct compromised. I don't know what you are doing wrong, but you are doing something wrong. Mr Epeen
Blade Darth Room for Improvement Limited Expectations 247	Posted - 2017.06.16 00:22:55 - [7] - Quote Damn. It might have been your network or even google that got compromised. Omen Navy Issue Tutorial
Elenahina Agony Unleashed The Bastard Cartel 1731	Posted - 2017.06.16 00:35:45 - [8] - Quote Mr Epeen wrote: Nalia White wrote: secure your e-mail addresses That's what I've always done. I've played a lot of games over the last few decades. Many of them MMOs and many more that require an email address for online DRM. Never once have I had any acct compromised. I don't know what you are doing wrong, but you are doing something wrong. Mr Epeen This more or less. Eve is like an addiction; you can't quit it until it quits you. Also, iderno
Wanda Fayne 646	Posted - 2017.06.16 01:58:19 - [9] - Quote Never use duplicate passwords anywhere. Ever. Unique passwords for everything. "your comments just confirms this whole idea is totally pathetic" -Lan Wang- - "hub humping station gamey neutral logi warspam wankery" -Ralph King-Griffin-
Shallanna Yassavi Imperial Academy Amarr Empire 554	Posted - 2017.06.16 08:36:38 - [10] - Quote If you use duplicate or similar passwords anywhere, there will be that one fail admin who stores your password in plaintext and loses it. 16 characters of pure random won't help you if someone was that stupid. I remember a single Tahiti (R9 280X, Radeon HD 7970 and family) GPU could make about 400M guesses against MD5 (an old, fast method for one-way encryption) every second. If you use any kind of predictable pattern or stupid dirty trick (i.e. "password1", "p@$$w[zero]rd", or any clever thing where you have a base pattern), your password isn't anywhere near as strong as you think it is and needs to be taken out of service before something bad happens. Also check here and see if they've seen your email address before. Also something about how encrypted passowrds are broken. A signature :o
Marek Kanenald Federal Defense Union Gallente Federation 20	Posted - 2017.06.16 08:52:08 - [11] - Quote I use a password manager for every online site I do not care about. And memorized unique passwords for he actually important things.
Elenahina Agony Unleashed The Bastard Cartel 1732	Posted - 2017.06.16 12:02:26 - [12] - Quote I use password123.?!#_blurp for all of my web logins. It's just easier that way. Also, if you don't use your computer for shady **, you minimize the risk of getting infected with something. It's like if you don't sleep with the neighborhood ho, you reduce the risk of your ** rotting off. Eve is like an addiction; you can't quit it until it quits you. Also, iderno
ISD Max Trix ISD Community Communications Liaisons 1920	Posted - 2017.06.16 12:56:57 - [13] - Quote From what you posted it, there was no failure with 2FA. Seems more like you failed to secure your email. ISD Max Trix Lieutenant Community Communication Liaisons (CCLs) Interstellar Services Department I do not respond to EVE mails about forum moderation.
Aedaxus Digital Zone Corp 82	Posted - 2017.06.16 16:40:56 - [14] - Quote Make sure you split things up. This worked will with the Titanic. Unless you have a ****** captain that keeps clicking on everything except "NOT THROUGH THE F*CKING ICEBERG" to which the captain says "Calm down, miner!" and keeps going. The most insecure thing someone can do is have 1 email account, use it for all games, work, access to top secret data, vpn and combine that with a single ultracomplex password, not only does that guy store it in every browers and addon, those people also click one EVERY bleeping fake link they get on their youpoop, twatter and facialbook accounts. I can give tons of tips on securing a password but none, NONE OF THEM will do any good if the single point of failure is the person himself blaming "Russian Hackers" for their perverted click depravity. WTF is wrong with "you people"? HTFU. Or at least stop clicking every site, link and mail you can find on your screen. You are not the special snowflake that I am. Your life is ending one click at a time. Also, if you stop using devices maybe, just maybe you could put in an effort to remove them as trusted? Unless you trust everyone that will get their filthy hands on it to watch pr0n and fap at your recovered pics while logging in all of your accounts thanks to your "remember password", "Password keepers" and general clicking the "don't ask for the password or 2nd auth". If you want to clean a device, think like Hillary Clinton and use "BLEACHBIT" so no one finds out about your EVE Accounts. Even if you store the password on a draft mail on your blackberry or ipad.
Axhind Eternity INC. Goonswarm Federation 371	Posted - 2017.06.16 16:43:17 - [15] - Quote Marek Kanenald wrote: I use a password manager for every online site I do not care about. And memorized unique passwords for he actually important things. This is a terrible idea. Use an offline password manager (keepass), add rounds to its encryption so it takes several seconds to decrypt on your computer (makes brute force attack infeasible) and make a single high quality password for it. You can even write it down and hide it at home. A password that is easy to remember is not a strong password!!!
Nalia White Tencus 255	Posted - 2017.06.16 16:52:19 - [16] - Quote ISD Max Trix wrote: 2FA on the EVE account is a good first step. Having it on your Email is even better. It makes it a lot hardered to compromise the accounts. I did exactly that. And I asked my E-Mail provider for country blocking but they won't do that sadly. I asked the EvE support about that feature but sadly it isn't available either... Alas, as I still have not found a keylogger on any on my 2 machines with which i log in to my webmail, I really wonder how they got that password which is completely unique to all my other passwords and it is only 3 months old... makes me absolutely paranoid. Tried F-Secure (the only tool which prevented ransomware attacks on our company!), Eset online Scanner, malwarebytes and panda antivirus and sophos virus removal tool... Nada. if you have any tips i would be realy glad. Just not possible to reinstall completely at least on my workstation in the company... Well with sms authentication on my e-mail I realy should be safe now... the only possible option to breach now would be to steal the login session token or some **** like that and there is nothing on my end i can do to prevent that. I still have an itch all the time and an urge to check my e-mails if there is someone else requesting some account information, god damn that made me absolutely paranoid... probably scarred for life Thanks again to ccp to restore my stuff! Syndicate - K5-JRD Home to few, graveyard for many My biggest achievement
Linus Gorp Ministry of Propaganda and Morale 1578	Posted - 2017.06.16 17:27:10 - [17] - Quote To me, this looks like a case of bad user ed (the standard), weak password (also the standard) and bad security management (standard as well). Give me more detailed information and I'll likely be able to tell you where you got compromised. When you don't know the difference between there, their, and they're, you come across as being so uneducated that your viewpoint can be safely dismissed. The literate is unlikely to learn much from the illiterate.
Axhind Eternity INC. Goonswarm Federation 371	Posted - 2017.06.16 17:31:09 - [18] - Quote Nalia White wrote: ISD Max Trix wrote: 2FA on the EVE account is a good first step. Having it on your Email is even better. It makes it a lot hardered to compromise the accounts. I did exactly that. And I asked my E-Mail provider for country blocking but they won't do that sadly. I asked the EvE support about that feature but sadly it isn't available either... Alas, as I still have not found a keylogger on any on my 2 machines with which i log in to my webmail, I really wonder how they got that password which is completely unique to all my other passwords and it is only 3 months old... makes me absolutely paranoid. Tried F-Secure (the only tool which prevented ransomware attacks on our company!), Eset online Scanner, malwarebytes and panda antivirus and sophos virus removal tool... Nada. if you have any tips i would be realy glad. Just not possible to reinstall completely at least on my workstation in the company... Well with sms authentication on my e-mail I realy should be safe now... the only possible option to breach now would be to steal the login session token or some **** like that and there is nothing on my end i can do to prevent that. I still have an itch all the time and an urge to check my e-mails if there is someone else requesting some account information, god damn that made me absolutely paranoid... probably scarred for life Thanks again to ccp to restore my stuff! Edit: @Aedaxus You speak the absolute truth and i should have set up two factor authentication for my e-mail a looong time. I swear to you that i never clicked on any bad link :) I work in IT and while i am not an expert in security I know how to move in the internet... i also use noscript addon for my firefox and the days where i watched some series on some dubious streaming sites are definitely over... still it happened. Granted the unique password was not to complex so it may have been brute forced but which service doesn't have a protection against these types of attacks nowadays? It's always more important not to share the same usernames/passwords for different services... and as said i never log in to my private mail from my mobile phone. well lessons learned the hard way i guess. Please, please DO NOT ever use SMS as a second auth. It is trivial to defeat and should never be even offered by the companies. Always use time based auth (OATP with google authenticator). That is the only remotely secure 2FA other than actual dedicated U2F devices. If your mail provider doesn't offer proper auth then change the provider!
Nalia White Tencus 255	Posted - 2017.06.16 17:38:53 - [19] - Quote Linus Gorp wrote: To me, this looks like a case of bad user ed (the standard), weak password (also the standard) and bad security management (standard as well). Give me more detailed information and I'll likely be able to tell you where you got compromised. already wrote everything down just a post above you. would be happy to get a clue my friend. :) 3 month old unique password 12 letters, one upper, 2 digits, a small sentence in my native language (swiss german, only a spoken language, so the words are not in any dictionary :)) it's clear my e-mail got breached, i just have not a clue how... just checked, of course the login site would shut down after some attempts so brute force should be out... on the site https://haveibeenpwned.com/ only my e-mail is there, not one of my usernames what i have done: searched the 2 computers i use for logging in to my mail for threats to no avail... enabling sms authentication on e-mail, should do the trick for the future changed password again... this time to something i have to write down and pin it at my pinwall :) sadly country blocking is not available for my e-mail service or for eve online yeah i have all my gaming services on this one e-mail... Syndicate - K5-JRD Home to few, graveyard for many My biggest achievement
Nalia White Tencus 255	Posted - 2017.06.16 17:43:56 - [20] - Quote Axhind wrote: Nalia White wrote: ISD Max Trix wrote: 2FA on the EVE account is a good first step. Having it on your Email is even better. It makes it a lot hardered to compromise the accounts. I did exactly that. And I asked my E-Mail provider for country blocking but they won't do that sadly. I asked the EvE support about that feature but sadly it isn't available either... Alas, as I still have not found a keylogger on any on my 2 machines with which i log in to my webmail, I really wonder how they got that password which is completely unique to all my other passwords and it is only 3 months old... makes me absolutely paranoid. Tried F-Secure (the only tool which prevented ransomware attacks on our company!), Eset online Scanner, malwarebytes and panda antivirus and sophos virus removal tool... Nada. if you have any tips i would be realy glad. Just not possible to reinstall completely at least on my workstation in the company... Well with sms authentication on my e-mail I realy should be safe now... the only possible option to breach now would be to steal the login session token or some **** like that and there is nothing on my end i can do to prevent that. I still have an itch all the time and an urge to check my e-mails if there is someone else requesting some account information, god damn that made me absolutely paranoid... probably scarred for life Thanks again to ccp to restore my stuff! Edit: @Aedaxus You speak the absolute truth and i should have set up two factor authentication for my e-mail a looong time. I swear to you that i never clicked on any bad link :) I work in IT and while i am not an expert in security I know how to move in the internet... i also use noscript addon for my firefox and the days where i watched some series on some dubious streaming sites are definitely over... still it happened. Granted the unique password was not to complex so it may have been brute forced but which service doesn't have a protection against these types of attacks nowadays? It's always more important not to share the same usernames/passwords for different services... and as said i never log in to my private mail from my mobile phone. well lessons learned the hard way i guess. Please, please DO NOT ever use SMS as a second auth. It is trivial to defeat and should never be even offered by the companies. Always use time based auth (OATP with google authenticator). That is the only remotely secure 2FA other than actual dedicated U2F devices. If your mail provider doesn't offer proper auth then change the provider! How many of the people here actualy even use a second auth method on their e-mail? would a skript kiddy go to the length to try and circumvent a sms authentication? man i am just a gamer not a specific target :) Or at least i hope that in the end i will use a top secure service and lose the authenticator and lose my accounts this way lol Syndicate - K5-JRD Home to few, graveyard for many My biggest achievement
Linus Gorp Ministry of Propaganda and Morale 1578	Posted - 2017.06.16 18:15:22 - [21] - Quote Nalia White wrote: How many of the people here actualy even use a second auth method on their e-mail? I can tell you that I don't. I'm administrating my own mail server and I care a lot more about keeping that tightened up than about the possibility of someone really managing to crack a random 120-byte string. But I'm also a itsec professional and have the knowledge to keep my infrastructure reasonably secure. 2FA is definitely worth it for average Joe. Nalia White wrote: would a skript kiddy go to the length to try and circumvent a sms authentication? man i am just a gamer not a specific target :) Script kiddies are too dumb for that. All they can do is use tools and run scripts written by others without any understanding about them or the underlying techniques. Script kiddies are no threat to anyone remotely intelligent. Nalia White wrote: already wrote everything down just a post above you. would be happy to get a clue my friend. :) 3 month old unique password 12 letters, one upper, 2 digits, a small sentence in my native language (swiss german, only a spoken language, so the words are not in any dictionary :)) it's clear my e-mail got breached, i just have not a clue how... just checked, of course the login site would shut down after some attempts so brute force should be out... on the site https://haveibeenpwned.com/ only my e-mail is there, not one of my usernames what i have done: searched the 2 computers i use for logging in to my mail for threats to no avail... enabling sms authentication on e-mail, should do the trick for the future changed password again... this time to something i have to write down and pin it at my pinwall :) sadly country blocking is not available for my e-mail service or for eve online yeah i have all my gaming services on this one e-mail... That doesn't really tell me anything useful, short of the fact that you were registered on one or more websites that have been breached. Since you claim to have used a unique password for your mail account, it's unlikely that's the cause. You can scan your PC for viruses all you want. Almost all AV solutions are junk that don't reduce the attack vector, but increase it by an exponential factor. So let's go down the checklist. Is your OS up-to-date with the latest patches? Do you have an adblocker installed? (Seriously, that is THE #1 source for malware; If not, install UBlock Origin a.s.a.p.) Do you have a Intel CPU with AMT (active management technology) provisioned? Have you opened any dubious emails? Remember someone claiming to be customer service, technician, w/e, asking for your passwords or personal information? (Social engineering attempts) Browser up-to-date? There are way more attack vectors than I could possibly list here, but these are among the most common ones. When you don't know the difference between there, their, and they're, you come across as being so uneducated that your viewpoint can be safely dismissed. The literate is unlikely to learn much from the illiterate.
Nalia White Tencus 255	Posted - 2017.06.16 18:40:13 - [22] - Quote Linus Gorp wrote: Nalia White wrote: How many of the people here actualy even use a second auth method on their e-mail? So let's go down the checklist. Is your OS up-to-date with the latest patches? Do you have an adblocker installed? (Seriously, that is THE #1 source for malware; If not, install UBlock Origin a.s.a.p.) Do you have a Intel CPU with AMT (active management technology) provisioned? Have you opened any dubious emails? Remember someone claiming to be customer service, technician, w/e, asking for your passwords or personal information? (Social engineering attempts) Browser up-to-date? There are way more attack vectors than I could possibly list here, but these are among the most common ones. Thanks for your time. It's very much appreciated. As said I work in IT my whole life and while I am no expert in security (didn't knew about the ATM vulnerability, thanks a lot for this, will have to look at it at work too!) i know how to handle myself :) OS is win10 home always updated. in the company it's still windows 7 over wsus with staggered updates so yeah, not so good i know... no adblocker. I use noscript for an always uptodate firefox. in the company nothing... I will have a look into that, thank you my cpu is fine at home. I checked it with the intel tool. have to check at work too. Again, thanks a lot for this! the last points i know to handle well. but funny enough once an uncle once got called by a supposed microsoft technician... crazy times... I rarely even use my private e-mail in the company and now that i have such a complex password that i had to write it down it's even better so i will never log in anyway. Syndicate - K5-JRD Home to few, graveyard for many My biggest achievement
Linus Gorp Ministry of Propaganda and Morale 1578	Posted - 2017.06.16 19:28:53 - [23] - Quote Nalia White wrote: I rarely even use my private e-mail in the company and now that i have such a complex password that i had to write it down https://www.keepassx.org/ When you don't know the difference between there, their, and they're, you come across as being so uneducated that your viewpoint can be safely dismissed. The literate is unlikely to learn much from the illiterate.
Aedaxus Digital Zone Corp 85	Posted - 2017.06.17 09:41:56 - [24] - Quote Linus Gorp wrote: Nalia White wrote: I rarely even use my private e-mail in the company and now that i have such a complex password that i had to write it down https://www.keepassx.org/ That is the security equivalent of posting it on Facebook.
Axhind Eternity INC. Goonswarm Federation 371	Posted - 2017.06.17 10:32:35 - [25] - Quote Aedaxus wrote: Linus Gorp wrote: Nalia White wrote: I rarely even use my private e-mail in the company and now that i have such a complex password that i had to write it down https://www.keepassx.org/ That is the security equivalent of posting it on Facebook. While it is true that android is a security disaster it is far more difficult to breach his exact android phone than it is to brute force bad passwords that humans can remember. In this case it is better to use keepass on the phone (better would be on a PC which is far easier to secure than android) than the alternative.
Linus Gorp Ministry of Propaganda and Morale 1581	Posted - 2017.06.17 17:17:32 - [26] - Quote Axhind wrote: While it is true that android is a security disaster it is far more difficult to breach his exact android phone than it is to brute force bad passwords that humans can remember. In this case it is better to use keepass on the phone (better would be on a PC which is far easier to secure than android) than the alternative. KeepassX doesn't run on Android. Aedaxus wrote: Linus Gorp wrote: https://www.keepassx.org/ That is the security equivalent of posting it on Facebook. I'm sorry, what? Does the clueless person have anything meaningful to say, or is spreading idiotic misinformation all you're good for? When you don't know the difference between there, their, and they're, you come across as being so uneducated that your viewpoint can be safely dismissed. The literate is unlikely to learn much from the illiterate.
Axhind Eternity INC. Goonswarm Federation 371	Posted - 2017.06.17 20:16:14 - [27] - Quote Linus Gorp wrote: Axhind wrote: While it is true that android is a security disaster it is far more difficult to breach his exact android phone than it is to brute force bad passwords that humans can remember. In this case it is better to use keepass on the phone (better would be on a PC which is far easier to secure than android) than the alternative. KeepassX doesn't run on Android. My bad. I mixed it up with the android version. Anyway keepass is excellent software that I also use and I have no idea why anyone would not use it. Offline password manager is far safer than online ones like lastpass.
Aedaxus Digital Zone Corp 85	Posted - 2017.06.17 21:07:59 - [28] - Quote Linus Gorp wrote: Aedaxus wrote: Linus Gorp wrote: https://www.keepassx.org/ That is the security equivalent of posting it on Facebook. I'm sorry, what? Does the clueless person have anything meaningful to say, or is spreading idiotic misinformation all you're good for? One small vulnerability will make your heart bleed. Open source is something I like, but make sure it's funded enough to put secrets behind. But yes, "clueless person" is a good technical explanation why it is secure. Good job...
Axhind Eternity INC. Goonswarm Federation 371	Posted - 2017.06.17 23:54:29 - [29] - Quote Aedaxus wrote: Linus Gorp wrote: Aedaxus wrote: Linus Gorp wrote: https://www.keepassx.org/ That is the security equivalent of posting it on Facebook. I'm sorry, what? Does the clueless person have anything meaningful to say, or is spreading idiotic misinformation all you're good for? One small vulnerability will make your heart bleed. Open source is something I like, but make sure it's funded enough to put secrets behind. But yes, "clueless person" is a good technical explanation why it is secure. Good job... Are you on drugs or something? You are not making any sense whatsoever. Where is this fancy security issue you are talking about? Heart bleed was in OpenSSL not in keepass.
Aedaxus Digital Zone Corp 85	Posted - 2017.06.18 00:10:34 - [30] - Quote Axhind wrote: Aedaxus wrote: Linus Gorp wrote: Aedaxus wrote: Linus Gorp wrote: https://www.keepassx.org/ That is the security equivalent of posting it on Facebook. I'm sorry, what? Does the clueless person have anything meaningful to say, or is spreading idiotic misinformation all you're good for? One small vulnerability will make your heart bleed. Open source is something I like, but make sure it's funded enough to put secrets behind. But yes, "clueless person" is a good technical explanation why it is secure. Good job... Are you on drugs or something? You are not making any sense whatsoever. Where is this fancy security issue you are talking about? Heart bleed was in OpenSSL not in keepass. Yes, I am a clueless, dumb, on drugs and not making sense. Let me have another drink of vodka and explain before I pass out ; OpenSSL = Open Source Keepassx = Open Source Heartbleed was caused by lack of funding. That was probably too hard for you IT Security specialists from CIA/NSA/HomeLand I guess Obama put you guys in charge to fend of the Russian Hackers in the recent elections, right? How did that go? I am to dumb to google that. Isn't this EVE Online? I should only say "Here's google. Bleep you!" and you guys figure it out all by your selves, right? Right? ;)
Linus Gorp Ministry of Propaganda and Morale 1585	Posted - 2017.06.18 06:18:50 - [31] - Quote Aedaxus wrote: OpenSSL = Open Source Keepassx = Open Source Heartbleed was caused by lack of funding. No, it wasn't insufficient funding. Every software has bugs and closed source software is far more dangerous in that regard than open source software. Let alone that closed source software can not be trusted by design. I don't feel like wasting my time on educating you about why you're wrong. When you don't know the difference between there, their, and they're, you come across as being so uneducated that your viewpoint can be safely dismissed. The literate is unlikely to learn much from the illiterate.
Aedaxus Digital Zone Corp 85	Posted - 2017.06.18 08:00:22 - [32] - Quote Linus Gorp wrote: Aedaxus wrote: OpenSSL = Open Source Keepassx = Open Source Heartbleed was caused by lack of funding. No I guess the development team of OpenSSL disagrees with you but as you are probably more security skilled, who are they to question your general x is more secure than y without any arguments backing it up right? http://heartbleed.com/ "What can be done to prevent this from happening in future? The security community, we included, must learn to find these inevitable human mistakes sooner. Please support the development effort of software you trust your privacy to. Donate money to the OpenSSL project." Linus Gorp wrote: NSA pwnage is bound to be found in both. OMG You are some badass security guy, NSA has "pwnage" ! They should have used that pwnage against those "Russian Hackers" :D Right Linus Gorp wrote: They've also had spyware code in the Windows Kernel since at least 1999. Imagine that i'm some tinfoil hat wearing freak... just imagine, out of all the people you could nonsense your way out with the load of unsupported general blabla you spew you choose to arguewith me... How come that when I put the windows updates off and some other services I don't need ZERO information passes my router to the internet. Now you'd blab about _your_ router but why don't you have passive and active scans and reporting and logging like me ? If you would you could know that IF NO PACKETS GO OUT they can't spy on you. I'm sorry that I spend my time talking to some security wannebee but as I saw the news you could as well be the Top Security guy at Homeland Security. Good job, and good luck in the fututre as you will have to crutch on luck instead of skill and knowledge, Mr. SuperSecurity.
Linus Gorp Ministry of Propaganda and Morale 1587	Posted - 2017.06.18 12:22:12 - [33] - Quote Aedaxus wrote: Linus Gorp wrote: Aedaxus wrote: OpenSSL = Open Source Keepassx = Open Source Heartbleed was caused by lack of funding. No I guess the development team of OpenSSL disagrees with you but as you are probably more security skilled, who are they to question your general x is more secure than y without any arguments backing it up right? http://heartbleed.com/ "What can be done to prevent this from happening in future? The security community, we included, must learn to find these inevitable human mistakes sooner. Please support the development effort of software you trust your privacy to. Donate money to the OpenSSL project." Linus Gorp wrote: NSA pwnage is bound to be found in both. OMG You are some badass security guy, NSA has "pwnage" ! They should have used that pwnage against those "Russian Hackers" :D Right Linus Gorp wrote: They've also had spyware code in the Windows Kernel since at least 1999. Imagine that i'm some tinfoil hat wearing freak... just imagine, out of all the people you could nonsense your way out with the load of unsupported general blabla you spew you choose to arguewith me... How come that when I put the windows updates off and some other services I don't need ZERO information passes my router to the internet. Now you'd blab about _your_ router but why don't you have passive and active scans and reporting and logging like me ? If you would you could know that IF NO PACKETS GO OUT they can't spy on you. I'm sorry that I spend my time talking to some security wannebee but as I saw the news you could as well be the Top Security guy at Homeland Security. Good job, and good luck in the fututre as you will have to crutch on luck instead of skill and knowledge, Mr. SuperSecurity Your reading comprehension skills are an utter failure. No surprise there. As I already wrote, I won't waste my time trying to educate the likes of you. When you don't know the difference between there, their, and they're, you come across as being so uneducated that your viewpoint can be safely dismissed. The literate is unlikely to learn much from the illiterate.
Aedaxus Digital Zone Corp 85	Posted - 2017.06.18 12:32:52 - [34] - Quote Linus Gorp wrote: Your reading comprehension skills are an utter failure. No surprise there. As I already wrote, I won't waste my time trying to educate the likes of you. Aw man, i'll be totally insecure unlike the people you advise... :D Anyways have a good day.
Linus Gorp Ministry of Propaganda and Morale 1587	Posted - 2017.06.18 12:50:50 - [35] - Quote Aedaxus wrote: Linus Gorp wrote: Your reading comprehension skills are an utter failure. No surprise there. As I already wrote, I won't waste my time trying to educate the likes of you. Aw man, i'll be totally insecure unlike the people you advise... :D Anyways have a good day. Yeah, don't think that would be a bad thing. At least then there's an ever so tiny chance you'll learn from your own misery. When you don't know the difference between there, their, and they're, you come across as being so uneducated that your viewpoint can be safely dismissed. The literate is unlikely to learn much from the illiterate.
Gogela Caldari Provisions Caldari State 3456	Posted - 2017.06.18 16:38:03 - [36] - Quote Axhind wrote: Linus Gorp wrote: Axhind wrote: While it is true that android is a security disaster it is far more difficult to breach his exact android phone than it is to brute force bad passwords that humans can remember. In this case it is better to use keepass on the phone (better would be on a PC which is far easier to secure than android) than the alternative. KeepassX doesn't run on Android. My bad. I mixed it up with the android version. Anyway keepass is excellent software that I also use and I have no idea why anyone would not use it. Offline password manager is far safer than online ones like lastpass. I'm 100% on the KeePass train too. When you have it, there is absolutely no reason not to have long, strong passwords that are unique to everything you might log into. No recycled passwords. 2 stage authentication anywhere it's available. I do a lot of web work and can't take any chances... but knowing what I know now I would say some kind of password vault it crucial these days. Most of the time when I research a site hack or something it wasn't the site that got hacked... it was a stupid client that used the same 8 character password for everything for the last 10 years. Signatures should be used responsibly...
Axhind Eternity INC. Goonswarm Federation 374	Posted - 2017.06.19 17:03:02 - [37] - Quote Gogela wrote: Axhind wrote: Linus Gorp wrote: Axhind wrote: While it is true that android is a security disaster it is far more difficult to breach his exact android phone than it is to brute force bad passwords that humans can remember. In this case it is better to use keepass on the phone (better would be on a PC which is far easier to secure than android) than the alternative. KeepassX doesn't run on Android. My bad. I mixed it up with the android version. Anyway keepass is excellent software that I also use and I have no idea why anyone would not use it. Offline password manager is far safer than online ones like lastpass. I'm 100% on the KeePass train too. When you have it, there is absolutely no reason not to have long, strong passwords that are unique to everything you might log into. No recycled passwords. 2 stage authentication anywhere it's available. I do a lot of web work and can't take any chances... but knowing what I know now I would say some kind of password vault it crucial these days. Most of the time when I research a site hack or something it wasn't the site that got hacked... it was a stupid client that used the same 8 character password for everything for the last 10 years. One thing to remember is that none of this helps against a spoofed site. If they mess with your DNS you are screwed unless you are lucky enough that your browser has correct cert pinned or you pay a lot of attention. There really needs to be a lot more work done on authenticating the server to the user too. This is why threema is the only really secure IM. They make the key exchange easy so that even non technical people understand it and that is the only way to have proper security.
Ima Wreckyou The Conference Elite CODE. 4197	Posted - 2017.06.20 06:51:50 - [38] - Quote Aedaxus wrote: Heartbleed was caused by lack of funding. Bugs are caused by lack of founding now? So why did Wannacry happen? Because Microsoft is poor? OpenSSL is used by a lot of companies who earn money with selling products based on open source. The problem is not that there isn't money around to fix the problems, but that this particular project was neglected for too long by people who should have known better. Well people are aware now and there are multiple new and revived projects to remedy the situation and actually address the core problems of this mess. But that is kinda offtopic. Keepass is a very nice program and in my opinion a requirement if you want to keep track of your passwords which should be complex and different for every single site, service and application. I use it on all my devices and distribute the encrypted database with syncthing so it never touches a public cloud. Even my phone is all free software because I could not use Android. That just reeks of spyware and all the features would be completely useless to me because I could never use them knowing I don't control the device. the Code ALWAYS wins Elite PvPer, #74 in 2014
Aedaxus Digital Zone Corp 85	Posted - 2017.06.21 07:38:59 - [39] - Quote Ima Wreckyou wrote: Aedaxus wrote: Heartbleed was caused by lack of funding. Bugs are caused by lack of founding now? So why did Wannacry happen? Because Microsoft is poor? OpenSSL is used by a lot of companies who earn money with selling products based on open source. The problem is not that there isn't money around to fix the problems, but that this particular project was neglected for too long by people who should have known better. Well people are aware now and there are multiple new and revived projects to remedy the situation and actually address the core problems of this mess. But that is kinda offtopic. Keepass is a very nice program and in my opinion a requirement if you want to keep track of your passwords which should be complex and different for every single site, service and application. I use it on all my devices and distribute the encrypted database with syncthing so it never touches a public cloud. Even my phone is all free software because I could not use Android. That just reeks of spyware and all the features would be completely useless to me because I could never use them knowing I don't control the device. Did ms test it maybe did they report it probably did someone fix it? Yes but too late due to lack of resources my intelligent eve friends.
Ima Wreckyou The Conference Elite CODE. 4205	Posted - 2017.06.21 08:40:38 - [40] - Quote Aedaxus wrote: Did ms test it maybe did they report it probably did someone fix it? Yes but too late due to lack of resources my intelligent eve friends. You really bend backwards to make your stupid argument work right? They have billions, so the issue is probably not funding but that software just has bugs my super cyber specialist forum friend. Evil RatKid
Aedaxus Digital Zone Corp 85	Posted - 2017.06.21 11:07:03 - [41] - Quote Ima Wreckyou wrote: Aedaxus wrote: Did ms test it maybe did they report it probably did someone fix it? Yes but too late due to lack of resources my intelligent eve friends. You really bend backwards to make your stupid argument work right? They have billions, so the issue is probably not funding but that software just has bugs my super cyber specialist forum friend. It is not up to them to fix the base code. No company will fix another company's problem for free. Capitalism -corpotrations maybe inject that skill. No amount of nonsense can counter the fact that there were not sufficient resources to fix the problem.i
Ima Wreckyou The Conference Elite CODE. 4205	Posted - 2017.06.21 14:26:42 - [42] - Quote Aedaxus wrote: Ima Wreckyou wrote: Aedaxus wrote: Did ms test it maybe did they report it probably did someone fix it? Yes but too late due to lack of resources my intelligent eve friends. You really bend backwards to make your stupid argument work right? They have billions, so the issue is probably not funding but that software just has bugs my super cyber specialist forum friend. It is not up to them to fix the base code. No company will fix another company's problem for free. Capitalism -corpotrations maybe inject that skill. No amount of nonsense can counter the fact that there were not sufficient resources to fix the problem.i But the problem was actually fixed once discovered. And since it is open source and used by a lot of companies in their products there are a lot of people who can potentialy discover and fix those bugs, which actually happens. While on the other hand microsoft is the only one able to fix their codebase and they have repeatedly shown that they are really lazy fixing bugs and security problems people discover while sitting on more than enough funding. This my mislead slave of proprietary software is a problem and the cause is that closed source and solitary access to that source code tends to create a monopole like situation and we all know that a monopole is the natural enemy of a free market. Capitalism, maybe inject that skill. Evil RatKid

Pages: 1 2 :: [one page]

COPYRIGHT NOTICE
EVE Online, the EVE logo, EVE and all associated logos and designs are the intellectual property of CCP hf. All artwork, screenshots, characters, vehicles, storylines, world facts or other recognizable features of the intellectual property relating to these trademarks are likewise the intellectual property of CCP hf. EVE Online and the EVE logo are the registered trademarks of CCP hf. All rights are reserved worldwide. All other trademarks are the property of their respective owners. CCP hf. has granted permission to EVE-Search.com to use EVE Online and all associated logos and designs for promotional and information purposes on its website but does not endorse, and is not in any way affiliated with, EVE-Search.com. CCP is in no way responsible for the content on or functioning of this website, nor can it be liable for any damage arising from the use of this website.