Quantcast
Where r the computer geeks at? - Page 3
Page 3 of 3 FirstFirst 123
Results 21 to 23 of 23

Thread: Where r the computer geeks at?

  1. #21
    Late to this conversation. I use an ioSafe portable SSD.

  2. #22
    Software developer here. Golden rule of backup is 3 copies at least one of which should be on second location.

    In general about encryption - every encryption is susceptible to thermorectal/rubberhose cryptoanalysis. So if someone is really interested and don't mind doing a few felonies they will get the info just by beating the keys out of you. In that case you need obscurity too - the entity should not now you even posses it.

    A little about NSA and encryption - there are two main kinds of encryption. Symmetrical and asymmetrical. The first is used for data storage, the later for web security, bank transfers, electronic signings. The second is vulnerable because it is relying on math quirks - so NSA probably could hide a few aces up their sleeves. The symmetrical is very different beast - is usually uses a lot of very simple math operations (plus, rot, xor) scrambling data lots and lots of times and there aren't many theoretical attacks that could be used.

    What NSA and the likes usually do is use vulnerabilities in the implementation of the algorithms and the operating systems/browsers themselves. So unpatched computer is greater danger than the NSA ability to crack the key. If you have something that may get their attention - make an airgap. On https://www.schneier.com/ there are some very good tutorials and explanations.

    A good home setup is you create a truecrypt volume with a strong key/strong passphrase that you mount and fill. Then store it in some cloud storage, on your hard and on a flash if needed. Or external hard drive. It is pretty secure and simple to use. And due to the way dropbox and the other operate - if you change something inside you will only sync the changed parts.

  3. #23
    Senior Member
    mr drinky's Avatar
    Join Date
    Feb 2011
    Location
    St. Paul, MN
    Posts
    3,099
    I largely keep mine on paper. And I don't always record it correctly on the sheets on purpose, but I know my patterns so I can still fill in the blanks for my use. This way if someone finds my sheet of paper among thousands in my house, they will still have to decipher them to some degree. I've gone retro, but I used to keep them on key drives encrypted.

    I also create a system where I often don't know my own passwords. I simply shift my fingers over, up, or down on the keyboard and type a common long phrase. Your fingers will respond to muscle memory while typing and you don't even need to look at the screen or keyboard, and that is it: you now have a password that even you don't know. I kid you not when I say that I have not known my password for gmail for the last four years and yet access it multiple times a day (I also never save my important passwords to my computer). It does really suck though when you try to log in on a mobile device.

    Lastly, I used to work anti-fraud in a couple of different fields, and it is useful to keep in mind a couple of things: (1) fraud/theft usually seeks out low transaction cost. Difficult and expensive fraud is usually conducted less often, and in conjunction with that (2) value is also important. Fraud is still a business, and seeking out higher value targets versus cost is often more worth while. Would you want to hack someone's account with a nice expensive zip code or someone on the other side of the tracks? Redlining was a frowned-upon practice, but somehow I don't think hackers give a crap.

    Also, for example, US debit cards have had horrible security (compared to Europe) for 10+ years [low transaction cost] and often did not provide the same protections/security that credit cards did and ALSO linked directly to bank accounts [high value]. I never use or used debit cards at transaction terminals. I think it is no surprise that the Target breach involves a company with extensive debit card issuance that links to people pins and bank accounts. Now in Minnesota it is finally required to use a pin with all debit card transactions. We are only 15 years behind Europe on this one. Bravo.

    Anyhow, I am rambling -- but any system IMO can be hacked. The more high-tech you go, you can also get beat in some other low-tech way. Target debit card holders who did everything right still had their information compromised regardless of how they stored their data on some flash drive (or in my case: a piece of paper).

    Just as a side story: I remember watching Penn and Teller (the comedians) on a TV show once and they talked about a magic trick on Letterman that they did once. Their response when asked how it was done was something to the effect: "As long as you can pay a very small man some money to sit in a cramped box with his hand in a fish for 20 minutes, you can pull off most any trick."

    There is always some way to do get it done: the best you can do is try to raise that transaction cost as much as possible so people have a hard time doing it.

    k.
    "There's only one thing I hate more than lying…skim milk, which is water that's lying about being milk." -- Ron Swanson

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •