How internet security conscious are you?

dfarrall

dfarrall

dfarrall

Permabanned
Joined
21 Nov 2010
Posts
2,315
Location
Newton Aycliffe
So now days pretty much everything is online, our credit cards are saved to our accounts, addresses, information. Plenty enough for ID fraud and the like.
There are dozens of sites out there with vulnerabilities written into them by poor developers, which rarely comes to light until it is hacked by malicious users.

Personally i love computer security, there's nothing that seems to rival it's rapid development and interesting loopholes.

If you found out a site you used was exploitable and people could log in as you, grab your information ect, would you still use it in the future?
If so what would change? Would you be more conscious if you KNEW somebody had this information? Or are you not bothered.
 
If I knew there was a flaw, I would not use it no. I certainly don't tick the "save my billing information for future reference" when buying stuff online...

Good tip: If you use "I have forgotten my password" and they send you the password you used at first in an email, that's a clear indicator they've stored it in plaintext and not hashed - I recommend you use a completely random password for sites like this! If someone hacks it, they've got your password plaintext...
 
diamount said:
That information should be encrypted anyway, so if there was an attack they would be little use to the hacker.
Click to expand...

Should being the important word here. We saw even Sony stores stuff in plain text when they got compromised.

Personally I think everything stored in a database should be encrypted and if you can't remember your password, tough. But there's the overhead that encrypting everything causes.
 
Here's something for you....

At work they changed the password policy from been relaxed where everybody remembers it and rarely has their password reset ... to where people HAVE to write it down and end up having it changed every month.... people are going crazy over this new policy change! All because one guy had his account compromised with slight-ish sensitive data in an email. If anything it's worse now IMO.
 
Problem with encrypting stuff is that you need to be able to unencrypt it, which means the hacker will probably be able to access that as well.

That's why websites hash passwords (ones that don't send them to you in plain text anyway :p), there's no way to get the original input from the hash. The only way to find out the password is to hash (and salt or whatever) words/passwords etc until it matches the hash (it might not even be the actual "password") which can then be used as the password.

If I knew others could log into my account I wouldn't use the site, no. I did carry on using PSN and changed my password back to what it was when it got hacked though :p.
 
Bloomfield said:
Problem with encrypting stuff is that you need to be able to unencrypt it, which means the hacker will probably be able to access that as well.

That's why websites hash passwords (ones that don't send them to you in plain text anyway :p), there's no way to get the original input from the hash. The only way to find out the password is to hash (and salt or whatever) words/passwords etc until it matches the hash (it might not even be the actual "password") which can then be used as the password.

If I knew others could log into my account I wouldn't use the site, no. I did carry on using PSN and changed my password back to what it was when it got hacked though :p.
Click to expand...

Yeh, but could you imagine what it would be like for sites 'not' to have a password reset link? ... you know like... if you forget it tuff you can't get back on and your data lost forever.
 
diamount said:
That information should be encrypted anyway, so if there was an attack they would be little use to the hacker.
Click to expand...

Did you read what I said? If they send your password back to you, they haven't hashed it (not encrypted, encryption is reversible. Hashes aren't, unless you crack them)
 
diamount said:
That information should be encrypted anyway, so if there was an attack they would be little use to the hacker.
Click to expand...

Most encryption methods can be broken given time, the correct method is using reset links to update the password.

OhEsEcks said:
Should being the important word here. We saw even Sony stores stuff in plain text when they got compromised.
Click to expand...

There is a large 4 letter government body dealing with internets that does exactly this, pretty shocking.

So if i were to say OCUK has its fair share of stupid security holes would you be bothered? :D
 
Last edited:
I am yet to upload any personal information to the internet. Except a photo my desk on this forum or talking about my job in a job thread.

I try not to link accounts that do not have to be connected to my real name to any information that is connected to my real name.

For example a forum about firefox, i don't use my real info and don't use my email address with my real name it. That email i don't use anywhere with my real name in it. So if the db of the firefox forum was hacked they wouldn't be any better off with that info. If for example i had used the same login and email at other places they might have a high chance of attacking those.
 
mrbell1984 said:
Yeh, but could you imagine what it would be like for sites 'not' to have a password reset link? ... you know like... if you forget it tuff you can't get back on and your data lost forever.
Click to expand...

That reply was meant for diamount and OSX (the guys talking about how stuff should be encrypted), but by the time I typed it you and a few others had posted :p.

I agree sites should have reset links, but they shouldn't even know what your password is, never mind sending it back to you when you forget it though :).
 
mrbell1984 said:
Here's something for you....

At work they changed the password policy from been relaxed where everybody remembers it and rarely has their password reset ... to where people HAVE to write it down and end up having it changed every month.... people are going crazy over this new policy change! All because one guy had his account compromised with slight-ish sensitive data in an email. If anything it's worse now IMO.
Click to expand...

Unfortunately you have to choose between security and usability. Most companies would prefer the security. You forget your password, you get it reset...no problem.

You get your account/computer hacked for a weak password and you have sensitive details then you have a problem.
 
Monserrat said:
Sure, keep the latest virus / spyware definitions etc. The biggest culprit are those dodgy remote petrol station ATMs that skim your card. That's how I got done in 2007.
Click to expand...

Best to always update your definitions and application updates but you will always have zero day threats. Basically new threats that are unknown to the world.

Nothing is completely safe. You have to just use your common sense when clicking on things and opening things.

Trust no one! :p
 
You must log in or register to reply here.
Back
Top Bottom