Bitcoin Forum
December 08, 2024, 04:31:33 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 5 6 7 8 »  All
  Print  
Author Topic: Stay safe.  (Read 15422 times)
This is a self-moderated topic. If you do not want to be moderated by the person who started this topic, create a new topic.
escrow.ms (OP)
Legendary
*
Offline Offline

Activity: 1274
Merit: 1004


View Profile
March 27, 2013, 09:44:05 AM
Last edit: April 23, 2014, 07:20:38 AM by escrow.ms
 #1

I am making this thread for ones to protect themselves from being compromised. You may add this to your sig to spread the knowledge for ones to protect themselves from being compromised.

============================================================================================

Note: A) Lastpass is freeware, but for some stuff you can pay, but the general use of lastpass is freeware. LastPass Password Manager is closed source, though many of the extensions can be run in a non-binary mode where the source is available, but LastPass maintains all rights.
Note: B) Keepass is freeware. KeePass is an open source password manager.
Note: C) Password Safe is freeware & opensource. (Courtesy of traderjoe)

A) https://lastpass.com/
B) http://keepass.info/
C) http://passwordsafe.sourceforge.net/

============================================================================================

Create an account with lastpass, use a strong master password. Don't ever forget your master password, as you are the only one that has it.

You may download Lastpass as an Application or as a browser addon for, Firefox, Chrome, IE, etc.

Lastpass application. Download, install, input email that you used to register with lastpass and the master password you created. Get familiar with the program.

Lastpass addons. Install the Lastpass addon that is appropriate for your browser. Once done, you see a Lastpass icon somewhere in one of your toolbars of your browser, input the email you used to register with Lastpass, into the Email section of the login area then following by your master password that you created.


============================================================================================

Keepass, is all saved encrypted with one master password on your pc. No cloud servers or nothing. If you use keepass, backup your file in a truecrypt container file on a cloud server like dropbox or as wuala encrypts data on your pc before it gets sent to wuala servers.

Here is a How-to for Keepass. http://keepass.info/help/base/firststeps.html

============================================================================================

Quote

(Courtesy of traderjoe) About Password Safe & Yubikey(s)

Something kind of cool about Password Safe is:  you can lock it with OTP using Yubikey(s), instructions on the yubikey website.  The web page says its two factor authentication but I haven't had a chance to test that it can be configured to actually require both the Yubikey OTP and a static password.


============================================================================================

I recommend to use a strong Master Password and never use the same password for 2 or more accounts. Never give out your master password. Never use words from a dictionary.

Lastpass encrypts all your data on your pc or mobile device before lastpast sends off it off to their servers and you only hold the key "master password" to all your saved passwords, notes and etc. I find this addon - application the best imo.

Quote
(Courtesy of RandmomQ)
Do not use a Password Generator that is hosted Online unless it uses SSL this may be OK for a normal user.
Do not repeat chars IE "AAA" "BBB" "111"
Use a Special Char if allowed "!@#$%%$^^*&()"
Never use the same password twice
Change password regularly

Additional Notes:
With the latest LastPass as of the moment 3.1.0, and you have a system strong computer system you may up the PW iterations. Raise in increments of 100 or 1000. Anything high might be bad for mobile devices or slow computers. I set mine at 200000 Not recommended if you do not know what you're doing..
https://helpdesk.lastpass.com/security-options/password-iterations-pbkdf2/

============================================================================================

Quote
(Courtesy of RandomQ)

lastpass also supports google auth so you even if you master password is stolen via keylogger, they most likely won't  get all your passwords because google auth codes are only good for ~30 secs.
Lastpass Introduced Support for Google Authenticator for Mobile Devices

Quote
Courtesy of (John (johnthedong))

LastPass itself is worthless if you use only the Master Password as that's easily leaked.


Setting Up LastPass with Google Authenticator

Grid Multifactor Authentication

============================================================================================

Quote
Note: KeyScrambler is not freeware.
Note: Anti-Keylogger is trial-freeware and pay for.

KeyScrambler
Anti-Keylogger

Courtesy of (John (johnthedong))

Use an Anti-Keylogger like Keyscrambler.


============================================================================================

Explanation of PGP Encryption

Courtesy of CypherPunk

Quote from: CypherPunk
PGP is strong encryption software. Think military grade encryption. It allows you to encrypt emails and files in such a way that they are theorhetically unbreakable. It uses the concept of a private and a public key. You give your public key to everyone so they can encrypt stuff to you but whatever is encrypted to you can only be decrypted by your private key (which you protect with a passphrase and your freaking life!)

There is an open source version of PGP canned GnuPG (or GPG for short). It functions the same as PGP and can even read PGP generated files (and vice versa).

Advice: if you are serious about security, do not use ANY program that relates to security and is not open source. You simply can't know what it's doing and it may compromise your security.

HTH,
CypherPunk


pgp tutorial for newbies gpg4win


By GoldenWings91

Proper way to Create & verify GPG Signature using Kleopatra on Windows

============================================================================================


============================================================================================
Android Security

TIP #1 Don't store bitcoins on a rooted cellphone.
Rooting your device increases the security exposure to malicious applications and potential application flaws, thus any malware can steal your wallet/keys stored in a protected directory.
Malware on a rooted phone can also access other applications like google authenticator and read/write phone logs,sms etc which are needed for verification process in many websites/apps.

TIP #2 – Don’t install apps from untrusted third party apps stores.
TIP #3 – Use an anti-virus app for an extra layer of protection.

APK scanners:
http://apkscan.nviso.be/
http://mobilesandbox.org/
http://virustotal.com/
http://scan.netqin.com/en/
https://anubis.iseclab.org/

============================================================================================

These are technique everyone should exercise.

============================================================================================

Here are a few examples why one should use these techniques.

https://bitcointalk.org/index.php?topic=92471.msg1020087#msg1020087
https://bitcointalk.org/index.php?topic=91701.msg1009976#msg1009976

============================================================================================

Block unencrypted content on encrypted sites with Firefox or a browser equivalent to Firefox.

With the latest Firefox ESR or latest release of firefox, you may block mixed content at about:config. I don't know about earlier versions of FF.

Code:
security.mixed_content.block_display_content : true
security.mixed_content.block_active_content : true

Also two addons add two buttons to easily disable or enable these settings.
https://addons.mozilla.org/en-US/firefox/addon/toggle-mixed-active-content/
https://addons.mozilla.org/en-US/firefox/addon/toggle-mixed-display-content/

Block unencrypted content on encrypted sites with adblockplus.

Steps to produce:

Step 1:  -- Click on AblockPlus icon, Click filter preferences.
Step 2:  -- Click Custom Filters Tab.
Step 3:  -- Click add filter group., name it Blocking HTTP Content on HTTPS Enabled Sites
Step 4:  -- Click Add Filter.
Step 5:  -- Add for example, for bitcointalk.org, add
Code:
|http://*$domain=bitcointalk.org
Step 6:  -- For other sites that use https, like google.com, add
Code:
|http://*$domain=google.com

Note: Just replace the domain name with the one you prefer. E.G. |http://*$domain=example.com

To force HTTP to HTTPS.

Step 1: Install Noscript addon.
Step 2: Click Noscript icon, click options, click advance tab, under advance tab is https tab, click https tab, under https tab is a behavior tab, click it.
Step 3: Drop the menu down to
Code:
Forbid active web content unless it becomes from a secure (HTTPS) connections
to Never.
Step 4: Add the domain name you prefer to
Code:
Force the following sites to use secure (HTTPS) connections
Window.
Note: Example: google.com youtube.com www.youtube.com

============================================================================================

Block bad stuff with Hosts file by MVPS

Quote
Also, I would and no doubt this has saved me from a lot of bad stuff, recommend MVPS hosts file.

You can use this on linux, rooted phones and Windows, and probably other stuff that use hosts file.

http://winhelp2002.mvps.org/hosts.htm

mvps now supplies the hosts file with 0.0.0.0's. Below no longer needed. Scratched out.
If you get notepad++, you can ctrl-f 127.0.0.1, click replace all with 0.0.0.0 .

Example.
Code:
127.0.0.1  fr.a2dfp.net > 0.0.0.0  fr.a2dfp.net

By doing this, you save a lot of space.

And you leave
Code:
127.0.0.1  localhost
alone.

============================================================================================

By Tomatocage

[EDU] How to spot a scammer (Read this before doing any transactions!)

============================================================================================

By escrow.ms

Clickable link - Keep your system updated and stay secure. Tips to avoid viruses trojans

============================================================================================

Avoid Link-Scammers

Avoid Link-Scammers

============================================================================================

An option too up your google account security.

The security question for google, allows you to change it to a custom question.
I took with my lastpass addon and generated a character password with Show advance options ticked, everything ticked to make your password the strongest. Copy generated password, paste as security question.

Go back to generate a new password and generate a new password with highest strength possible, copy and paste for the answer.
Save/update google settings.

Open a secure note for lastpass and keep these two generated password stored under its title question/answer, which is protected by your masterpassword for lastpass.

It's just a blockade against a security question attack on your google account or any other account that has this security question feature.


============================================================================================

As always, comments and suggestions are always welcomed to better these techniques as I will do my best to fill them.

If you have enough character count in your signature please represent this in your signature.
Code:
[url=https://bitcointalk.org/index.php?topic=159424.msg1685280#msg1685280][size=8pt]Stay Safe.[/size][/url]

============================================================================================
crazyfingers
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
March 27, 2013, 10:35:01 AM
 #2

Thank you for all the information. I will put it to use.

BTW, can you give a simple explanation of what PGP is and how to use it? And do you have any recommendations for related freeware? Thanks.
MaraC
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
March 27, 2013, 12:36:07 PM
 #3

Great info thanks!!

I have so many passwords now, that it's insane!

Thanks!
pekv2
Hero Member
*****
Offline Offline

Activity: 770
Merit: 502



View Profile
March 27, 2013, 02:28:14 PM
 #4

Thank you for all the information. I will put it to use.

BTW, can you give a simple explanation of what PGP is and how to use it? And do you have any recommendations for related freeware? Thanks.

I do not, I did at one time read up on pgp, my best guess is to check out the wikipedia. As to recommendations I have no idea.

Yup, np.

Great info thanks!!

I have so many passwords now, that it's insane!

Thanks!

Yup, np.

CypherPunk
Newbie
*
Offline Offline

Activity: 6
Merit: 0



View Profile
March 31, 2013, 01:19:53 AM
Last edit: March 31, 2013, 02:23:16 AM by CypherPunk
 #5

Thank you for all the information. I will put it to use.

BTW, can you give a simple explanation of what PGP is and how to use it? And do you have any recommendations for related freeware? Thanks.

PGP is strong encryption software. Think military grade encryption. It allows you to encrypt emails and files in such a way that they are theoretically unbreakable. It uses the concept of a private and a public key. You give your public key to everyone so they can encrypt stuff to you but whatever is encrypted to you can only be decrypted by your private key (which you protect with a passphrase and your freaking life!)

There is an open source version of PGP canned GnuPG (or GPG for short). It functions the same as PGP and can even read PGP generated files (and vice versa).

Related software you should look into is Keepass (open source, secure password storage), Tor (open source, anonymity software), TrueCrypt (open source, drive or file encryption).

Advice: if you are serious about security, do not use ANY program that relates to security and is not open source. You simply can't know what it's doing and it may compromise your security.

HTH,
CypherPunk
pekv2
Hero Member
*****
Offline Offline

Activity: 770
Merit: 502



View Profile
March 31, 2013, 01:34:52 AM
 #6


OP updated, thanks!
Exocyst
Sr. Member
****
Offline Offline

Activity: 266
Merit: 250


Science!


View Profile
April 02, 2013, 05:11:23 PM
 #7

Are there any tools for command line?  I would love a MySQL database of my encrypted passwords, info with some kind of link to an encryption/decryption library like libmcrypt or gnupg.

pekv2
Hero Member
*****
Offline Offline

Activity: 770
Merit: 502



View Profile
April 07, 2013, 12:16:37 AM
 #8

Keepass 2.22 was released on the 5th.
Keimoasd
Newbie
*
Offline Offline

Activity: 30
Merit: 0


View Profile
April 08, 2013, 12:01:42 PM
 #9

Thank you for this information!
Riddar
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
April 08, 2013, 12:04:42 PM
 #10

Solid advice.
tomnavratil
Newbie
*
Offline Offline

Activity: 4
Merit: 0


View Profile
April 08, 2013, 12:19:02 PM
 #11

Regarding security and protection - hardware options are relatively a good choice as well. For example Yubikey, which can be linked to MtGox, which is still used by many. Affordable and acts as an extra layer of protection.
pekv2
Hero Member
*****
Offline Offline

Activity: 770
Merit: 502



View Profile
April 11, 2013, 02:55:17 PM
Last edit: April 11, 2013, 04:39:58 PM by pekv2
 #12

I've updated the end of the OP:

Quote

Block unencrypted content on encrypted sites with adblockplus.

Steps to produce:

Step 1:  -- Click on AblockPlus icon, Click filter preferences.
Step 2:  -- Click Custom Filters Tab.
Step 3:  -- Click add filter group., name it Blocking HTTP Content on HTTPS Enabled Sites
Step 4:  -- Click Add Filter.
Step 5:  -- Add for example, for bitcointalk.org, add
Code:
|http://*$domain=bitcointalk.org
Step 6:  -- For other sites that use https, like google.com, add
Code:
|http://*$domain=google.com

Note: Just replace the domain name with the one you prefer. E.G. |http://*$domain=example.com

To force HTTP to HTTPS.

Step 1: Install Noscript addon.
Step 2: Click Noscript icon, click options, click advance tab, under advance tab is https tab, click https tab, under https tab is a behavior tab, click it.
Step 3: Drop the menu down to
Code:
Forbid active web content unless it becomes from a secure (HTTPS) connections
to Never.
Step 4: Add the domain name you prefer to
Code:
Force the following sites to use secure (HTTPS) connections
Window.
Note: Example: google.com youtube.com www.youtube.com
proper_pizza
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
April 12, 2013, 10:49:43 PM
 #13

Please stay safe
Gabi
Legendary
*
Offline Offline

Activity: 1148
Merit: 1008


If you want to walk on water, get out of the boat


View Profile
April 12, 2013, 11:04:56 PM
 #14

About HTTPS this is the addon i use https://www.eff.org/https-everywhere

Of course you can have https only if the website support it  Wink

ripple
Member
**
Offline Offline

Activity: 287
Merit: 10



View Profile
April 12, 2013, 11:22:02 PM
 #15

Very helpful information. I think the fact that these programs are open source is a good guarantee that they are free of malware which is very important when it comes to password protection.

Teg_men
Newbie
*
Offline Offline

Activity: 32
Merit: 0


View Profile
April 15, 2013, 09:03:57 AM
 #16

Thank you for information.
jt7382
Full Member
***
Offline Offline

Activity: 203
Merit: 100


View Profile
April 19, 2013, 07:48:32 PM
 #17

This is amazing. Bookmarked, thank you for it.
myrkul
Hero Member
*****
Offline Offline

Activity: 532
Merit: 500


FIAT LIBERTAS RVAT CAELVM


View Profile WWW
April 20, 2013, 07:07:12 PM
 #18

Sticky this thread NAO.

Too good to let get smothered in the Newbie sewage.

BTC1MYRkuLv4XPBa6bGnYAronz55grPAGcxja
Need Dispute resolution? Public Key ID: 0x11D341CF
No person has the right to initiate force, threat of force, or fraud against another person or their property. VIM VI REPELLERE LICET
digicoins
Newbie
*
Offline Offline

Activity: 33
Merit: 0



View Profile
April 20, 2013, 07:16:38 PM
 #19

Better safe than sorry! May get a Yubikey, heard good things about it and widely used on exchanges
GGuyZ
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
April 20, 2013, 07:35:52 PM
 #20

Great thread, thanks Smiley.
Pages: [1] 2 3 4 5 6 7 8 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!