The importance of multi-factor authentication
-
I wish that were possible. Sprint has made it rather easy for customers to manager their account and order new phones all from one simple interface. It also has the side effect of making it rather easy to order new phones and have them shipped anywhere in the U.S. once the account is compromised.
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
Right. I'm still genuinely wondering though whether anyone's actually given the idea of blacklisting a legitimate vendor more than a casual thought. I'll never give Apple any money. My folks will never buy anything from Amazon. Etc. Anyone wanting to change their minds should go through a whitelisting process that requires papers to be signed in person at said bank.
-
...and stop using Yahoo. :^)
Jeremy Falcon
My broadband provider in the UK is Sky (the firm that made Microsoft rename it's Sky Drive to One Drive) and they used to use gmail is their underlying provider (who does a resell option on their platform so it's all on the sky domain and branded like Sky), but they moved to Yahoo a few years back so all of UK's Sky customers are in this boat too through no real fault of their own.
-
If it didn't take so much effort and money* to set up a private email server, I would have done it eons ago. * Unless someone can point me to an open source SMTP server hosting suite
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
If you get any kind of web hosting it usually comes with an SMTP\POP3\IMAP server you can use and self-administer. There are also loads of mail-only providers too if you look. However if your password is "password123", or "gandalf" or the same password you use on an unrelated site that got hacked then your email is no more secure that using yahoo.
-
Foothill wrote:
Once they got into Sprint, they then proceeded to order 4 iPhone 7's
I wonder if I could somehow tell my bank/credit card company that they should automatically assume my account has been compromised if they ever see a transaction sending money to Apple. Because that should never happen, no matter how small the amount.
Ha, I've learned that some credit cards are MUCH better at detecting fraud than others. In the past 5 years, the family has lost 6 credit cards due to corporate fraud (Home Depot, Target, etc). Last year, I'm pretty sure a gas pump / station was skimming cards (and I'm careful about this) and got our main card. $1800 worth of iTunes purchases later (all in 3-4 days), every single transaction went through. CC company was not happy when I called them. "Are you sure you did not make these purchases?" yeah, right. On the other hand, my business cc company calls me at the slightest whim.
Charlie Gilley <italic>Stuck in a dysfunctional matrix from which I must escape... "Where liberty dwells, there is my country." B. Franklin, 1783 “They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
-
Ha, I've learned that some credit cards are MUCH better at detecting fraud than others. In the past 5 years, the family has lost 6 credit cards due to corporate fraud (Home Depot, Target, etc). Last year, I'm pretty sure a gas pump / station was skimming cards (and I'm careful about this) and got our main card. $1800 worth of iTunes purchases later (all in 3-4 days), every single transaction went through. CC company was not happy when I called them. "Are you sure you did not make these purchases?" yeah, right. On the other hand, my business cc company calls me at the slightest whim.
Charlie Gilley <italic>Stuck in a dysfunctional matrix from which I must escape... "Where liberty dwells, there is my country." B. Franklin, 1783 “They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
why do people freak out about entering a credit card number on amazon, and not have a problem handing their actual card to a waiter at a restaurant who takes it away and pokes it into a machine to generate your charge slip? They could also poke it into another machine to copy the stripe and image the card number including the cvv on the back of the card - and when they get ripped of for charges in Hong Kong or whatever probably blame it on "on-line transactions"
Sin tack ear lol Pressing the any key may be continuate
-
why do people freak out about entering a credit card number on amazon, and not have a problem handing their actual card to a waiter at a restaurant who takes it away and pokes it into a machine to generate your charge slip? They could also poke it into another machine to copy the stripe and image the card number including the cvv on the back of the card - and when they get ripped of for charges in Hong Kong or whatever probably blame it on "on-line transactions"
Sin tack ear lol Pressing the any key may be continuate
I had my CC compromised in restaurants twice -- nope, couldn't prove it, but everything pointed to the server being the culprit. Since then I pay cash in restaurants unless it's a situation where the CC does not leave my sight.
-
I always stress to other people that you can never be too careful with your personal information online. Alas, even if you are careful, it doesn't always protect you. All of my person information was nabbed in this data breach, OPM Hack[^]. The information they got was the complete documentation gathered by federal investigators for secret and top secret security clearances, which is basically your whole life, for 20+ million civilian and military personnel.
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
And to think, before that I was cagy about giving up my phone number for store loyalty cards. Every time I STIG software or a database I wonder: WTF OPM DCO?
"There are three kinds of lies: lies, damned lies and statistics." - Benjamin Disraeli
-
I had my CC compromised in restaurants twice -- nope, couldn't prove it, but everything pointed to the server being the culprit. Since then I pay cash in restaurants unless it's a situation where the CC does not leave my sight.
-
I've refused a free meal on my birthday in a restaurant where the catch was that I had to hand in my drivers license for scanning.
Never heard of that before, but like you, I'd refuse.
-
Ha, I've learned that some credit cards are MUCH better at detecting fraud than others. In the past 5 years, the family has lost 6 credit cards due to corporate fraud (Home Depot, Target, etc). Last year, I'm pretty sure a gas pump / station was skimming cards (and I'm careful about this) and got our main card. $1800 worth of iTunes purchases later (all in 3-4 days), every single transaction went through. CC company was not happy when I called them. "Are you sure you did not make these purchases?" yeah, right. On the other hand, my business cc company calls me at the slightest whim.
Charlie Gilley <italic>Stuck in a dysfunctional matrix from which I must escape... "Where liberty dwells, there is my country." B. Franklin, 1783 “They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
I have set a threshold with Discover. I get an email for any transaction over that threshold. Immediately. Lou "The trouble with children is that they are not returnable."
-
And to think, before that I was cagy about giving up my phone number for store loyalty cards. Every time I STIG software or a database I wonder: WTF OPM DCO?
"There are three kinds of lies: lies, damned lies and statistics." - Benjamin Disraeli
-
Not sure if this sarcasm, but there are open source SMTP/MTA products out there. Although they have a learning curve.
Jeremy Falcon
FWIIW: 2 Open source mail servers (I am sure there are many others): Linux: Sendmail, looks like steep learning curve. Windows: hmailserver, fairly shallow learning curve. I went there having Exchange experience. Looks like good support forums, haven't had to use them. I am running hmailserver in a virtual machine on a Linux host with other VM's. Have a separate domain name (about $10 a year), run all email through an anti-spam/AV service ($30 a year for 5 email addresses), router set up to only accept email from that service (port 25). AS/AV service will also archive email (seems like that was another $20 a year for 5GB), in case my mail server goes off line. I do pay for 5 static IP's (for other reasons) but I suspect that a Dynamic IP service would suffice. Lou "The trouble with children is that they are not returnable."
-
They say that 2016 was the year of the hack. 2017 will be the year of data exploitation.
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
100% agree. The current prevalence of ransomware makes this pretty apparent.
"There are three kinds of lies: lies, damned lies and statistics." - Benjamin Disraeli
-
I always stress to other people that you can never be too careful with your personal information online. Alas, even if you are careful, it doesn't always protect you. All of my person information was nabbed in this data breach, OPM Hack[^]. The information they got was the complete documentation gathered by federal investigators for secret and top secret security clearances, which is basically your whole life, for 20+ million civilian and military personnel.
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
Ah, so solution 2 is obvious: Don't join the army; get a Real job!
I wanna be a eunuchs developer! Pass me a bread knife!
-
100% agree. The current prevalence of ransomware makes this pretty apparent.
"There are three kinds of lies: lies, damned lies and statistics." - Benjamin Disraeli
I have seen ransomware sneak into protected servers. I have no doubt that, this year, we will see ransomware grow in complexity and capability so that it can infect and encrypt corporate share drives, the holy grail of got them by the balls, and guaranteed huge payouts.
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
-
Ah, so solution 2 is obvious: Don't join the army; get a Real job!
I wanna be a eunuchs developer! Pass me a bread knife!
First, I was Navy. Second, I wish is was that easy but I was not all that smart in my youth. Bad decisions made improving my life neigh impossible and were making jail time increasingly likely. Needed to step out of my life. The military provided a life reboot and I don't regret it. A lot of people in my hometown have never been outside of the state and most have never been outside the country. I, on the other hand, have been multiple countries on both sides of the ring of fire. Seeing how the world actually works and living in different cultures has made me a better human being. You can't put a price-tag on that.
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
-
FWIIW: 2 Open source mail servers (I am sure there are many others): Linux: Sendmail, looks like steep learning curve. Windows: hmailserver, fairly shallow learning curve. I went there having Exchange experience. Looks like good support forums, haven't had to use them. I am running hmailserver in a virtual machine on a Linux host with other VM's. Have a separate domain name (about $10 a year), run all email through an anti-spam/AV service ($30 a year for 5 email addresses), router set up to only accept email from that service (port 25). AS/AV service will also archive email (seems like that was another $20 a year for 5GB), in case my mail server goes off line. I do pay for 5 static IP's (for other reasons) but I suspect that a Dynamic IP service would suffice. Lou "The trouble with children is that they are not returnable."
Could you send me some more details on your setup? The way you have it seems a lot more cost-effective then the way I was envisioning it. It seems that I would have to learn a lot to accomplish it being that my Linux exposure is pretty much zip.
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
-
First, I was Navy. Second, I wish is was that easy but I was not all that smart in my youth. Bad decisions made improving my life neigh impossible and were making jail time increasingly likely. Needed to step out of my life. The military provided a life reboot and I don't regret it. A lot of people in my hometown have never been outside of the state and most have never been outside the country. I, on the other hand, have been multiple countries on both sides of the ring of fire. Seeing how the world actually works and living in different cultures has made me a better human being. You can't put a price-tag on that.
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
You won't hear me complain about the navy (RN, in my case). My father was of decent rank, so we got to go with him wherever he was stationed. I'd seen half the world before I was old enough to go to uni -- and the RN puts on terrific events for their kids; it was not an unhappy childhood.
I wanna be a eunuchs developer! Pass me a bread knife!
-
Could you send me some more details on your setup? The way you have it seems a lot more cost-effective then the way I was envisioning it. It seems that I would have to learn a lot to accomplish it being that my Linux exposure is pretty much zip.
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
You don't have to use Linux, I use it because I also use it for my Workstation doing most of my development in Windows7/10 virtual machines. You could just as easily run the VM using a Windows system as the host, virtualbox and vmplayer are free to use, don't think player is open source though. But, if you can program in Javascript, Linux has to be child's play. If you would like more detail, email me.
Lou "The trouble with children is that they are not returnable."
-
I have seen ransomware sneak into protected servers. I have no doubt that, this year, we will see ransomware grow in complexity and capability so that it can infect and encrypt corporate share drives, the holy grail of got them by the balls, and guaranteed huge payouts.
if (Object.DividedByZero == true) { Universe.Implode(); } Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
Funny you mention this, we just moved a client to PHYSICAL VPNs for their external users, and now, by default all shares are R/O except that persons. And the NAS is being used to send alerts of too many files are being re-written from a single PC, and we ENABLED 48hr NAS recycle bin type feature. We have all seen too many of these ransomware programs that get in, and encrypt their backups other data, and then the machine itself making it impossible to recover. I have personally adjusted my backup procedures to backup to a NAS folder that is R/O except for the backup software login credentials... It's getting dangerous out there. Kirk Out!
