In your case, the FBI and NSA have long ago given up reading along over your shoulder.
Tech News and Miscellany
- Thread starter PatrThom
- Start date
ReVanced? Or does it suck?
I was helping one of the crafty ladies get some nasty extensions off her browser that popped up adds over websites she was visiting.
She was using Opera. It took me a full 5 minutes just to figure out what browser it was. My brain just seized up.
Opera got bought. Opera also decided to switch their back-end rendering engine over to Chromium. These two things may be related.
Some forms of malware actually download/install Opera (and/or the base Chromium) on the client's machine just so the software can dress it up and try to pass it off as Chrome (and because that way they install their preferred attack path) and hopefully the client won't notice. Because most clients won't.
--Patrick
That wasn't the case here...she just preferred Opera.
I used to, too. Until they caved and switched to Chromium. Not so much because I hate Chromium, but because I don't want to have duplicate rendering engines. If I flip from BrowserA to BrowserB because of some website error or security concern with BrowserA, I don't want BroswerB to do the exact same thing because it's essentially the same browser but with different branding.
--Patrick
figmentPez
Staff member
Adobe is fucking evil.
I think Pantone should get some of the blame as well, here. I don't say that to absolve Adobe, by any means.
GasBandit
Staff member
Look, I know it's a pain in the ass because I'm doing it myself right now... but... it's time to ditch lastpass and change all your passwords.
www.wired.com
TLDR - the latest (second this year) breach in August was way worse than initially reported, encrypted contents of entire vaults are now in enemy hands, and they can now brute force your master password at their leisure, and they have unencrypted URLs and Usernames for all your vaulted logins, so they can start trying to crack those as well (assuming they don't just get the password from your vault when they crack your master password)
I've moved to BitWarden and am in the process of changing alllll my passwords. At least those that point to anything I care about, like ones that directly involve finances or go to websites with stored payment methods.
Yes, It’s Time to Ditch LastPass
The password manager’s most recent data breach is so concerning, users need to take immediate steps to protect themselves.
TLDR - the latest (second this year) breach in August was way worse than initially reported, encrypted contents of entire vaults are now in enemy hands, and they can now brute force your master password at their leisure, and they have unencrypted URLs and Usernames for all your vaulted logins, so they can start trying to crack those as well (assuming they don't just get the password from your vault when they crack your master password)
I've moved to BitWarden and am in the process of changing alllll my passwords. At least those that point to anything I care about, like ones that directly involve finances or go to websites with stored payment methods.
About a month ago, my company was recommending password managers, and LastPass was on the approved list. I spoke up in a zoom meeting of like 130 people and pointed out this very breach as a reason why I'll never use a password manager where your passwords are stored in the cloud in a central repository with a million other people's passwords. That's a mighty tempting target, yo.Look, I know it's a pain in the ass because I'm doing it myself right now... but... it's time to ditch lastpass and change all your passwords.
Yes, It’s Time to Ditch LastPass
The password manager’s most recent data breach is so concerning, users need to take immediate steps to protect themselves.
TLDR - the latest (second this year) breach in August was way worse than initially reported, encrypted contents of entire vaults are now in enemy hands, and they can now brute force your master password at their leisure, and they have unencrypted URLs and Usernames for all your vaulted logins, so they can start trying to crack those as well (assuming they don't just get the password from your vault when they crack your master password)
I've moved to BitWarden and am in the process of changing alllll my passwords. At least those that point to anything I care about, like ones that directly involve finances or go to websites with stored payment methods.
I've never used a password manager, mostly due to laziness, but also because I thought there had to be something I was missing about them. Surely storing all your passwords in one centralized cloud service or database would create a single point of vulnerability? What was I missing? Why do so many people use them?
So anyway, for decades now my strategy has been "remember only the password to my email account, and for everything else, if I don't remember the password then just go through their 'forgot my password' procedures". I've reset so many passwords over the years.
So anyway, for decades now my strategy has been "remember only the password to my email account, and for everything else, if I don't remember the password then just go through their 'forgot my password' procedures". I've reset so many passwords over the years.
I'm using an older version of 1password that does not store my passwords in the cloud. It stores the file 'locally'. In this case, 'locally' can also mean a cloud drive of some type: Google drive, Microsoft Drive, Dropbox, Mega, etc. Sure, my file is still in the cloud, but it's more of an obscure target than all of the millions of passwords sitting over there at LastPass (or the newer version of 1password). I imagine someone would have to target me specifically before I was vulnerable. And that file is still encrypted. But being on one of my own bought and paid for cloud services means I can access it with my phone, laptop, or other devices at need. And if you don't need that functionality? Keep the file local and don't worry about a cloud breach anywhere.
Keypass is another, open source, password manager that stores your encrypted file locally, and not in their own cloud.
I like password managers, because, like most people, my passwords were not too difficult, and shared across sites. I ended up being exposed in a breach ( https://haveibeenpwned.com/ ) which then saw many of my other sites I used start falling. In less than a day, I had a password manager, and all of the sites where I had accounts had unique 16-digit passwords (where allowed..I still don't get sites that only let you use 8 or 12) with case scrambling, numbers, and symbols. Too much for me to remember, naturally, and a pain to type in, but that's where the password manager shines.
Last edited:
GasBandit
Staff member
Same story as me, mostly. I got pwned in a breach and decided I needed to have unique passwords on every site. But that's 200 sites. So I used lastpass to keep track of them.
To lastpass's credit, the stolen data IS encrypted. But the problem is, with a local copy of that data, they can then try to brute force crack it without running afoul of things like IP blocking safeguards. Bitwarden's a bit better because it's open source and professionally audited, has a bug bounty program, etc etc etc. And unlike Lastpass, "employee accounts" don't have access to your encrypted vault data (which is why Lastpass is now in the shit).
Eh. For some specific sites I have a completely unique password; for some where I think, I'll use this once and never again I just let Google choose a hard PW for me and when I do need it again I just do the Bhamv. For most sites I use the same base pasword and add a bit specific to the site name.
Yes, a human being can probably guess 90% of my passwords if I tell them my Halforums password is "567dfg!HalF" and my facebook pasword is "567dfg!FacE"....but if a human is specifically targetting me, I assume they'll get in one way or another. It's enoguh to keep me from giving access to everything if they breach the DB for one site and just auto-fill that PW across a gazillion sites.
Yes, a human being can probably guess 90% of my passwords if I tell them my Halforums password is "567dfg!HalF" and my facebook pasword is "567dfg!FacE"....but if a human is specifically targetting me, I assume they'll get in one way or another. It's enoguh to keep me from giving access to everything if they breach the DB for one site and just auto-fill that PW across a gazillion sites.
KeepassXC for me. For around 10 years actually. Originally just Keepass normal, but it's "not really" open source.
As others have said, you control where the encrypted archive lives. Or doesn't. But just "remembering" is not a real solution. And having everything subject to your email provider makes you SUPER screwed if that goes wrong.
And, correct horse battery staple.
As others have said, you control where the encrypted archive lives. Or doesn't. But just "remembering" is not a real solution. And having everything subject to your email provider makes you SUPER screwed if that goes wrong.
And, correct horse battery staple.
GasBandit
Staff member
Justice Dept. sues Google over digital advertising dominance
The Justice Department and eight states have filed an antitrust suit against Google. The suit seeks to shatter Google's alleged monopoly on the entire ecosystem of online advertising as a hurtful burden to advertisers, consumers and even the U.S. government.
apnews.com
Cory Doctorow brings the heat to social media about the enshittification stage of their platforms' life cycles. He puts into words well what we all know and have seen on social media.
figmentPez
Staff member
Sometimes I forget that industrial 3D printing tech has continued to advance ahead of consumer models.
figmentPez
Staff member
figmentPez
Staff member
This is an interesting trick for obscuring file extensions that I was not aware of:
EDIT: The TL;DW is that you can use a Unicode character that reverses text direction (U+202E override, right-to-left) to cause the file extension to show up in the middle of the file name. e.g. it could look like SuspiciousFilexe.jpg by naming it SuspicousFil<U+202E>gpj.exe
EDIT: The TL;DW is that you can use a Unicode character that reverses text direction (U+202E override, right-to-left) to cause the file extension to show up in the middle of the file name. e.g. it could look like SuspiciousFilexe.jpg by naming it SuspicousFil<U+202E>gpj.exe
Last edited:
Ford said to be dropping AM radio in its 2024 Mustang
Last summer, the publication said Ford was removing AM radio from its 2023 F-150 Lightning due to interference with the EV's drivetrain.
www.techspot.com
AM radio celebrated its 100th anniversary only a couple of years ago. And now it looks like they're starting to plan its retirement party.
--Patrick
GasBandit
Staff member
Now that I'm driving an EV, I get all the EV-centric news and stuff. So here's an interesting one that came across my feed-
www.nj.com
All N.J. Turnpike and Parkway service areas could soon have electric vehicle charging stations
N.J. Turnpike Authority officials took the first step to negotiate an agreement to have electric vehicle charging stations at every service area.
www.nj.com
I'm sorry, but all these stories ever do for me is make me unreasonably angry at the human race, because as I've said before, we are at a point where, in 10 years' time, everyone everywhere could have access to transportation that was FREE (aside from the vehicle maintenance expenses, of course) to operate. Local, intrastate, interstate, all of it, FREE. The only reason we don't is because the people with enough money/influence to do so just don't want to. We could literally have free electricity worldwide (from a kW/h standpoint, that is. I fully realize the generation and transmission infrastructure will need to be maintained), we just...don't.
Yay for more convenient access to charging stations, but I fully expect there will be a squabble over the rates, which company gets the contract to build/own the chargers, compatibility between EV charging standards, etc., and none of that should matter.
--Patrick