cancel
Showing results for 
Search instead for 
Did you mean: 

How much do people worry about security?

tampere
Level 7
It's one of those things you read about but don't really consider until you get hacked... how does everyone try to prevent their data from being stolen? It feels like super strong passwords are sometimes not enough.
1,255 Views
16 REPLIES 16

xeromist
Moderator
From your personal machine or a website? Keep personal machines patched, use ad blockers, don't visit shady websites, don't open unsolicited links & files.

On websites use a password manager with randomly generated passwords. Constructed passwords are vulnerable to GPU cracking regardless of length. That way if a website with proper hashing is breached your password cannot (practically) be cracked. Sign up for haveibeenpwned and change your password in the event of a breach.

Anything is possible with a zero-day but most victims fail these basic opsec checks.
A bus station is where a bus stops. A train station is where a train stops. On my desk, I have a work station…

davemon50
Level 11
Good advice by xeromist, I follow it. But to answer the OP's original question, I'm more worried about someone breaking into my house and stealing the equipment. For the latter problem I resort to firearms. 🙂 Security measures can only protect you so much in today's world. Norton produces a pretty good product though.
Davemon50

Korth
Level 14
The mantra of the infosec guys is that no data is ever truly secure when attached to a network. No data. Ever. Simple as that.

But most of us need some networking and internet, lol. Reasonable security is firewall, anti-virus, anti-malware - properly configuring OS/browser/communication software - keeping on top of all patches/updates - and having physical control of your own hardware. Sounds like a lot of things to worry about, that's why Norton and Microsoft and Avast (and all the others) offer all-in-one-complete-security packages which take care of everything for your "convenience and peace of mind".
And, realistically, most of us don't have much on our computers which really needs securing. Personal photos, documents, and what-have-you, all very precious to us (perhaps even to those who know us closely) but generally worthless and mundane to the world at large. Probably all polluting the cloud anyhow.

Our network at work is isolated, no data goes in or out without passing through exhaustive scanning and logging on one controlled terminal, any attempt to bypass the security system is a gravely serious concern. Corporate espionage isn't a serious concern (although it's not lightly dismissed, either), but realistically we're in a business where integrity of data is critical so, unless strictly necessary, integrity of data isn't "compromised" by risky exposure to external networks. The office girls have internet, the guys in the basement do not.
"All opinions are not equal. Some are a very great deal more robust, sophisticated and well supported in logic and argument than others." - Douglas Adams

[/Korth]

Solid answers there, I do agree with physical theft being scary too 😕 I was more talking about stuff like email/Facebook/Twitter etc. As I feel like those are the accounts which are targeted the most. A few Google searches led me to a page about email hacking. But the interesting thing was the websites they linked to - ones that could check your email for breaches. Turns out my old yahoo ones have been breached (no surprise) but Gmail has been good. Check them out for yourself, but definitely keep changing your passwords every 4-5 months, and be careful about which sites you sign up for. I've started using a sort of 'throwaway' address that I don't mind giving to websites. And private one for important stuff.

Korth
Level 14
Well, most of the "personal" information about you that would be of any interest (to criminals, to corporations, etc) isn't even stored on your computers and devices. It's collected and stored on other machines in the cloud. Any "adversary" wanting to hack your email/facebook/twitter/etc is going to hack through email.com, facebook.com, twitter.com, etc.com ... most likely from their own machinery, set up with whatever software tools they need ... they're going to face whatever security barriers those social media sites have in place and any security you may have running on your machines at home is entirely irrelevant.

The important security theme here is that *you* are not in charge of securing your data. Some social media site is in charge instead - if (when) they get hacked then you get hacked, there's nothing you can do about it. Or some online forum, or some shopping/auction site, or some grocery store that's issued you a plastic "savings" card ... anyone anywhere you've registered with and submitted personal information to is security of your personal information that's beyond your control.

Assuming, of course, that they don't have physical access to your machines. If an attacker can sit down in front of your computer then it's already game over, lol.
"All opinions are not equal. Some are a very great deal more robust, sophisticated and well supported in logic and argument than others." - Douglas Adams

[/Korth]

xeromist
Moderator
Well, the responsibility is not entirely out of the hands of the user. Reusing simple passwords is an excellent way to ensure that your data gets stolen eventually because someone will just log into your account normally and scrape whatever is available.
A bus station is where a bus stops. A train station is where a train stops. On my desk, I have a work station…

if NSA really wants your data, they will get it one way or another.

kaufen wrote:
if NSA really wants your data, they will get it one way or another.


Off course.

haihane
Level 13
couple of years back, i had the luxury of reading a Guru3d article about the extents of what the NSA can do to steal your data (if they really wanted it),...

don't get me wrong, the rabbit hole is deeper than what most think possible. it's not just PRISM, X-KEYSCORE (these should be familiar on those who know about snowden), but to have the capability to hijack any cell towers (inc. faking a tower signal), hijacking router shipments and reflashing their own firmware on it for mass surveillances on their own citizens, and the most impressive of all that i read was, they were able to analyze background sound(?) bouncing off from walls and reconstruct what your computer is doing (this is borderline sci-fi for me).
and i doubt i've seen it the entirety of the tip of the iceberg, just what's already leaked out.



and i concluded (for myself): if NSA really wants your data, they will get it one way or another.



that don't mean one shouldn't be not cautious. any average joes cannot reasonably defend themself against NSA. but making other hackers' lives difficult in trying to steal your data is still a prudent thing to do.
no siggy, saw stuff that made me sad.