Page 3 of 3 FirstFirst 123
Results 21 to 27 of 27

Thread: I use Apple products because they are not vulnerable to security problems <NOT>

  1. #21
    Senior Member slgrieb's Avatar
    Join Date
    Mar 2014
    Location
    Texas Panhandle
    Posts
    2,647
    vCash
    800
    Points
    578,461
    Bank
    0
    Total Points
    578,461
    Donate
    This is a couple of years old, but some may have missed it the first time around: http://arstechnica.com/security/2012...rd-in-6-hours/
    Yes, Mr. Death... I'll play you a game! But not CHESS !!! BAH... FOOEY! My game is...
    WIFFLEBALL!

  2. #22
    Senior Member Webhead's Avatar
    Join Date
    Jan 2014
    Posts
    1,829
    vCash
    500
    Points
    679,937
    Bank
    0
    Total Points
    679,937
    Donate
    Quote Originally Posted by Gazzak View Post
    So say I had something very valuale to me and HAD to keep it online somewhere. How would you guys go about making it as secure as possible?
    If you HAD to do this, then maybe you could encrypt it with AxCrypt and then bury it in a folder. Maybe name the folder something like, "Grandma's Recipes" or something? Another thing you could look into is Kim Dotcom's "Mega" cloud service. He claims it's very secure. Although I've read that others don't think it is. As long as the encryption level is at least AES 256 and you aren't a celebrity, then I think you are generally pretty safe for all intents and purposes.

  3. #23
    Senior Member CeeBee's Avatar
    Join Date
    Jan 2014
    Posts
    1,677
    vCash
    1792
    Points
    141,454
    Bank
    0
    Total Points
    141,454
    Donate
    Quote Originally Posted by Gazzak View Post
    So say I had something very valuale to me and HAD to keep it online somewhere. How would you guys go about making it as secure as possible?
    2048 or 4096 bit PGP encryption. Even if the cloud is compromised data would be unusable in the absence of the key that I would only keep offline.

  4. #24
    Senior Member slgrieb's Avatar
    Join Date
    Mar 2014
    Location
    Texas Panhandle
    Posts
    2,647
    vCash
    800
    Points
    578,461
    Bank
    0
    Total Points
    578,461
    Donate
    Quote Originally Posted by CeeBee View Post
    2048 or 4096 bit PGP encryption. Even if the cloud is compromised data would be unusable in the absence of the key that I would only keep offline.
    Very good advice. You know, when I first started working with financial service providers, everyone used Shiva Software's (later purchased by Intel) 2048 bit encryption. Now, I'm so used to stuff being done with only SSL, that I have to admit to falling asleep at the wheel on this topic.
    Yes, Mr. Death... I'll play you a game! But not CHESS !!! BAH... FOOEY! My game is...
    WIFFLEBALL!

  5. #25
    Senior Member Webhead's Avatar
    Join Date
    Jan 2014
    Posts
    1,829
    vCash
    500
    Points
    679,937
    Bank
    0
    Total Points
    679,937
    Donate
    Quote Originally Posted by CeeBee View Post
    2048 or 4096 bit PGP encryption. Even if the cloud is compromised data would be unusable in the absence of the key that I would only keep offline.
    That's going overboard and putting your data at risk. I mean, what software would you even use? Some obscure program that only a handful of developers support? And then you have to have that on every computer you are trying to access your data from. You have to consider, that it's very likely that nobody cares about stealing the personal data in the first place. The idea of security is not to try to stop the threat but just to slow it down enough. And to protect your stuff while still being able to use it normally. You have to be practical and consider what it is you are protecting. For example, I don't want my drivers license or credit cards to be stolen. But that doesn't mean I put them in a safe and carry the safe around with me chained to my back. I keep them in my wallet, in my pocket where it's safe enough.
    Last edited by Webhead; 09-09-2014 at 04:29 AM.

  6. #26
    Senior Member CeeBee's Avatar
    Join Date
    Jan 2014
    Posts
    1,677
    vCash
    1792
    Points
    141,454
    Bank
    0
    Total Points
    141,454
    Donate
    Quote Originally Posted by Webhead View Post
    That's going overboard and putting your data at risk. I mean, what software would you even use? Some obscure program that only a handful of developers support?
    PGP if willing to spend, GnuPG if not. Hardly "a handful of developers" supporting it.
    Quote Originally Posted by Webhead View Post
    And then you have to have that on every computer you are trying to access your data from.
    I know you are a fanboy, but real computers have USB ports. Anyway, this is about *storing* data in the cloud, not having it available to sync on all devices - which anyway shouldn't be done with sensitive data.
    Quote Originally Posted by Webhead View Post
    You have to consider, that it's very likely that nobody cares about stealing the personal data in the first place.
    Chances of someone targeting me specifically are basically 0. But I would be just one entity whose data is stored. I guess you wouldn't mind putting 10 years worth of tax returns on Facebook, would you?
    Quote Originally Posted by Webhead View Post
    The idea of security is not to try to stop the threat but just to slow it down enough.
    Wrong, you start with the idea of completely stopping the threat for all practical current future purposes. Someone tries to brute force an account - you lock it, you don't rely on the fact that it will take X years to break it and that is not practical. When I was doing the admin job I had people who would forget their passwords on a regular basis. I could retrieve most of them in under 5 min (yes, you read right, 5 min for 8+ characters with upper&lower case + numbers). Rainbow tables... See, what seems impractical and slowing down "enough" for one is trivial for someone else.
    Quote Originally Posted by Webhead View Post
    For example, I don't want my drivers license or credit cards to be stolen. But that doesn't mean I put them in a safe and carry the safe around with me chained to my back. I keep them in my wallet, in my pocket where it's safe enough.
    Apples to oranges. You don't also carry around your SSN card, do you? Or a copy of your tax return... or $10,000 in cash for that matter.
    What's the worst that can happen if your license and cards get stolen? You spend 20min on the phone to cancel the cards and 3hrs at DMV to get a new license. Now what if you lose sensitive info that can be used for other purposes if stolen? Potentially years worth of trouble with stolen identity and wrecked credit.

  7. #27
    Senior Member slgrieb's Avatar
    Join Date
    Mar 2014
    Location
    Texas Panhandle
    Posts
    2,647
    vCash
    800
    Points
    578,461
    Bank
    0
    Total Points
    578,461
    Donate
    Always pains me when I have to agree with CeeBee, but he's right. PGP is a well supported standard, and these days, you just can't be paranoid enough. With Windows XP, cracking a password protected computer took 5 minutes if you had a break to go out for coffee. Win7 and Win8 are a little harder, but with the right tools, it's still pretty easy.

    Only password I couldn't crack was a 12 character password for an Excel spreadsheet used by the local PD. The guy who wrote the spreadsheet had barely finished it when he had a massive heart attack and literally fell over dead. I ran a password cracker on it, but after 3 days, I wrote it off as a lost cause. That was over 10 years ago, and I expect with the current level of hardware and software available, I could bust it in about 2 hours.
    Last edited by slgrieb; 09-09-2014 at 02:27 PM.
    Yes, Mr. Death... I'll play you a game! But not CHESS !!! BAH... FOOEY! My game is...
    WIFFLEBALL!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •