*HTML is OFF *UBB Code is ON Smilies Legend
Smilies Legend
If you have previously registered, but forgotten your password, click here.
T O P I C R E V I E WDualGemV2I wasn't sure if I should say anything..But if one person has an account that has been compromised on lindaland it can effect other people that are on the contact list.I'm sure most of you have email accounts that link to each other.There are other risks associated too...Generally, I try to avoid online scanners as there is the risk that they contain malware themselves. However, I know the website below has been sanitized and checked. Check your email account with the link provided. http://haveibeenpwned.com My Planets=========================================☉‘ ♊, ☽ ♈, ASC ♑, ☿ ♊, ¡÷ ♉, ¡ö ♋ , ♃ ♒, ♄ ♏, ♅ ♐, ♆ ♑RandallThe only way an e-mail account can be compromised here is if people openly post it, which is forbidden, but people still keep doing it. Bots are looking for e-mail addresses at LL and any large site. I would not recommend any program that scans your computer. Is it selling anything? If so, it will likely find a "problem." If an e-mail has been compromised, it will likely be on the dark web, and Credit Karma will scan that for free without scanning your computer.DualGemV2I'd also be currious into looking what kind of hashing technique for the logins is used for the accounts as well and how there stored.My Planets=========================================☉‘ ♊, ☽ ♈, ASC ♑, ☿ ♊, ¡÷ ♉, ¡ö ♋ , ♃ ♒, ♄ ♏, ♅ ♐, ♆ ♑RandallThe NSA can hack almost any site with impunity if they use the https protocol. When it was leaked that the NSA developed it and promoted it through private companies for security, there was an outrage, but people seem to have forgotten. DualGemV2 quote:Originally posted by Randall:The NSA can hack almost any site with impunity if they use the https protocol. When it was leaked that the NSA developed it and promoted it through private companies for security, there was an outrage, but people seem to have forgotten. What is mentioned above has nothing to do with https, completely different security concept.Https makes no difference once you can gain access via a compromised account.My Planets=========================================☉‘ ♊, ☽ ♈, ASC ♑, ☿ ♊, ¡÷ ♉, ¡ö ♋ , ♃ ♒, ♄ ♏, ♅ ♐, ♆ ♑RandallI’m saying that the security of https is worthless as it relates to the NSA, because they created the program. You need more than just an e-mail address to become compromised for a site. You also need a password. It isn’t very technical. Mainly what happens is the contact list is sent a spoof e-mail hoping to convince the recipients to click on a link. Don’t open any suspicious e-mails, and don’t click on links. Go to the familiar site directly, and you will be fine. DualGemV2 quote:Originally posted by Randall:I’m saying that the security of https is worthless as it relates to the NSA, because they created the program. You need more than just an e-mail address to become compromised for a site. You also need a password. It isn’t very technical. Mainly what happens is the contact list is sent a spoof e-mail hoping to convince the recipients to click on a link. Don’t open any suspicious e-mails, and don’t click on links. Go to the familiar site directly, and you will be fine. It's not a program it's called ssl/https striping were you downgrade the encryption to a lower level....anyone can do it.Anyway back to the email...Not true, remember the Ashley Madison leak?One compromised account lead to the hash functions being reveled for all the accounts being stored. If you can gain access by compromising one account possibly by email you gain the rest.Never ever get confident with the level of security you have.My Planets=========================================☉‘ ♊, ☽ ♈, ASC ♑, ☿ ♊, ¡÷ ♉, ¡ö ♋ , ♃ ♒, ♄ ♏, ♅ ♐, ♆ ♑Randall“Program” may have been a misnomer. But the NSA created it and uses it to hack those sites who implement it—which is almost all sites. Hell, I would get an SSL certificate myself if LL sold anything that required users to input their credit cards. I think the official line is that no one knows how Ashley Madison was hacked.MoonMysticDualGemV2, I've personally had no compromise. Happy to say I get barely any email. My spam folders take in the small amount I ever get. My mother's event didn't spread beyond her and it's been resolved. I check my machine consistently +never open unknown emails, or links. I honestly don't even open newletters I'm signed up for. I get too busy. I'm curious why the "s" drama on the "https" here@LL. I know when removing "s" the secure socket is gone. I hope not but felt need to ask, by our offering clickable links like (http vs https) that place any one here in a compromising position? RandallNever enter your credit card at any site without a current SSL certificate. Even then, be careful about providing personal information that is stored on a site. Huge sites have been hacked, even including one of the three credit bureaus, Equifax.PixieJaneHey, dropping by briefly.I wanted to add that I'm getting A LOT of "was this you" by scammers claiming to be Microsoft. They look legite. But the real address of them should be: account-security-noreply@accountprotection.microsoft.comI've reported them all as phishing rather than clicking on it for what it's worth. I'm still getting a lot of others, including Facebook when I never have (and never will) had a FB account. NEXT DAY: got another one. They're trying to get closer to the actual email address, I think it was only off by adding "23" to "account protection." It asked if I'd tried to change my password.Don't let these scumbags pwn you! EDITED TO ADD 3/9/22: the most skilled phishing yet, I had to double check. But it was phishing. They tried to add a fear factor of someone signing into my account from Moscow. ******** . Though in truth, the technocracy (Microsoft, Facebook, Suddenlink, etc) are about as low (if not lower) than these scumbags.xxxxxAs one more bit of advice, Avast is overrated, at least beyond free. I got it, and after a year I figured the right thing to do was to start paying them, and I did. Their reaction: "Sucker, let's milk her for all she's worth!"It stopped working (even the free stuff, but they were going to keep charging me for it), and tried to sell me software that was over 3x what I'd already paid to "fix" the problem, and looking up others who had the same problem, they say sometimes they'll then try to sell you more after you buy the first software package to get it to work. In any case, Avast acts in bad faith.I told them to remove it, I'd no longer use them, not even their free stuff. They wouldn't until I gave notice of legal action, at which point they quickly complied (and tried, unsuccessfully, to get me to trust them again). (ETA: I was also never refunded what I did pay them though I got no further use once I paid, but I let it go as for the first year that I used them for free, and tired of the hassle of dealing them, just glad I wouldn't be forced to pay the bad actors anymore.)And for the cherry on top, one of the "pwns" comes from Avast. They kept my info for YEARS after I discontinued, and it was stolen in the breach.Someone has to speak up against Avast given how many swear by them. Gotta run RandallThanks, Pix. Lots of helpful info.DualGemV2 quote:Originally posted by MoonMystic:DualGemV2, I've personally had no compromise. Happy to say I get barely any email. My spam folders take in the small amount I ever get. My mother's event didn't spread beyond her and it's been resolved. I check my machine consistently +never open unknown emails, or links. I honestly don't even open newletters I'm signed up for. I get too busy. I'm curious why the "s" drama on the "https" here@LL. I know when removing "s" the secure socket is gone. I hope not but felt need to ask, by our offering clickable links like (http vs https) that place any one here in a compromising position? I'm glad you read my post.. I read your "pirate post" and really wanted to be helpfull in someway. Off topic GalacticCoreExplosionV2 sounds like a interesting and cool guy..So if I help you i'm also helping him in someway!!! at least i'd like to think so.Https just makes it a bit harder for an eavesdropper to tamper with your browser...The catch is you have to be on the same network...so if you use the public wifi at starbucks you will end up being on the same network as someone else.If it's your home or private network..I whouldn't worry, I was a little concerned if someone else was also connected to your network or you were connected to a public network and accesed a website with http when the phishing happened.=========================================☉‘ ♊, ☽ ♈, ASC ♑, ☿ ♊, ¡÷ ♉, ¡ö ♋ , ♃ ♒, ♄ ♏, ♅ ♐, ♆ ♑RandallWell-said.vivietteI think the last one was an attempt on people's Wordpress accounts.My concern is some people may have credit card info stored on there, if they pay for their website? If that had been me, I'd order a new card. Also you can be more prone to phishing emails if a 3rd party gets hold of your email with some of your personal info, hoping you'll click on enclosed links, but I didn't notice anything like that when me email was pwned.DualGemV2 quote:Originally posted by viviette:I think the last one was an attempt on people's Wordpress accounts......In the case of wordpress it has a known vulnerability called Cross-Site Scripting (XSS) which is what's called an injection type attack.An injection type attack basically involves a malicious user adding an outside script(s) to make a website or application do something different then what it should be doing.(XSS) Cross-Site Scripting attacks come in three forms, stored, reflect and DOM based.I won't go through them all, the easiest for an attacker is Stored XSS.This involves a malicious script being added via links or by content being added to the site.Pintrest is a big violator of this because users are basically "pinning" and adding other scripts from other sites onto there site.Advertisements would be another way for malicious scripts to enter. quote:Originally posted by viviette:......My concern is some people may have credit card info stored on there, if they pay for their website? If that had been me, I'd order a new card. Now in the case of your credit card info I know it costs a little bit more money or might be a bit of an inconvenience.But if I suspect the site isn't secureand I'm given the option to pay by paypal, google pay, apply pay or anything similar I will select that option. The reason is your adding one extra layer of protection. Paypal will not reveal any of your data it will simple make a payment on your behalf.......It's like getting a family member to buy something on your behalf without you having to reveal yourself.I mentioned this on another fourm, I'm sure your aware of the truckers protestin Canada that had a gofundme.Well, the gofundme was hacked and anyone that directly put there credit card info whould have had all there information reveled.Had they used paypal instead, paypal would have paid the donation and whould have kept things confidential. quote:Originally posted by viviette:.... Also you can be more prone to phishing emails if a 3rd party gets hold of your email with some of your personal info, hoping you'll click on enclosed links, but I didn't notice anything like that when me email was pwned.Not only that if your on a chain mail and one of your friends account is compromised it will spread to you.Best thing is to keep any eye for anomalies, on your email account...anything that doesn't seam normal will indicate something on unusual. =========================================☉‘ ♊, ☽ ♈, ASC ♑, ☿ ♊, ¡÷ ♉, ¡ö ♋ , ♃ ♒, ♄ ♏, ♅ ♐, ♆ ♑
But if one person has an account that has been compromised on lindaland it can effect other people that are on the contact list.
I'm sure most of you have email accounts that link to each other.
There are other risks associated too...
Generally, I try to avoid online scanners as there is the risk that they contain malware themselves.
However, I know the website below has been sanitized and checked.
Check your email account with the link provided. http://haveibeenpwned.com
My Planets=========================================☉‘ ♊, ☽ ♈, ASC ♑, ☿ ♊, ¡÷ ♉, ¡ö ♋ , ♃ ♒, ♄ ♏, ♅ ♐, ♆ ♑
quote:Originally posted by Randall:The NSA can hack almost any site with impunity if they use the https protocol. When it was leaked that the NSA developed it and promoted it through private companies for security, there was an outrage, but people seem to have forgotten.
What is mentioned above has nothing to do with https, completely different security concept.
Https makes no difference once you can gain access via a compromised account.
quote:Originally posted by Randall:I’m saying that the security of https is worthless as it relates to the NSA, because they created the program. You need more than just an e-mail address to become compromised for a site. You also need a password. It isn’t very technical. Mainly what happens is the contact list is sent a spoof e-mail hoping to convince the recipients to click on a link. Don’t open any suspicious e-mails, and don’t click on links. Go to the familiar site directly, and you will be fine.
It's not a program it's called ssl/https striping were you downgrade the encryption to a lower level....anyone can do it.
Anyway back to the email...Not true, remember the Ashley Madison leak?One compromised account lead to the hash functions being reveled for all the accounts being stored.
If you can gain access by compromising one account possibly by email you gain the rest.
Never ever get confident with the level of security you have.
I'm curious why the "s" drama on the "https" here@LL. I know when removing "s" the secure socket is gone. I hope not but felt need to ask, by our offering clickable links like (http vs https) that place any one here in a compromising position?
I wanted to add that I'm getting A LOT of "was this you" by scammers claiming to be Microsoft. They look legite. But the real address of them should be: account-security-noreply@accountprotection.microsoft.com
I've reported them all as phishing rather than clicking on it for what it's worth. I'm still getting a lot of others, including Facebook when I never have (and never will) had a FB account.
NEXT DAY: got another one. They're trying to get closer to the actual email address, I think it was only off by adding "23" to "account protection." It asked if I'd tried to change my password.
Don't let these scumbags pwn you!
EDITED TO ADD 3/9/22: the most skilled phishing yet, I had to double check. But it was phishing. They tried to add a fear factor of someone signing into my account from Moscow. ******** .
Though in truth, the technocracy (Microsoft, Facebook, Suddenlink, etc) are about as low (if not lower) than these scumbags.
xxxxx
As one more bit of advice, Avast is overrated, at least beyond free. I got it, and after a year I figured the right thing to do was to start paying them, and I did.
Their reaction: "Sucker, let's milk her for all she's worth!"
It stopped working (even the free stuff, but they were going to keep charging me for it), and tried to sell me software that was over 3x what I'd already paid to "fix" the problem, and looking up others who had the same problem, they say sometimes they'll then try to sell you more after you buy the first software package to get it to work.
In any case, Avast acts in bad faith.
I told them to remove it, I'd no longer use them, not even their free stuff. They wouldn't until I gave notice of legal action, at which point they quickly complied (and tried, unsuccessfully, to get me to trust them again). (ETA: I was also never refunded what I did pay them though I got no further use once I paid, but I let it go as for the first year that I used them for free, and tired of the hassle of dealing them, just glad I wouldn't be forced to pay the bad actors anymore.)
And for the cherry on top, one of the "pwns" comes from Avast. They kept my info for YEARS after I discontinued, and it was stolen in the breach.
Someone has to speak up against Avast given how many swear by them.
Gotta run
quote:Originally posted by MoonMystic:DualGemV2, I've personally had no compromise. Happy to say I get barely any email. My spam folders take in the small amount I ever get. My mother's event didn't spread beyond her and it's been resolved. I check my machine consistently +never open unknown emails, or links. I honestly don't even open newletters I'm signed up for. I get too busy. I'm curious why the "s" drama on the "https" here@LL. I know when removing "s" the secure socket is gone. I hope not but felt need to ask, by our offering clickable links like (http vs https) that place any one here in a compromising position?
I'm glad you read my post.. I read your "pirate post" and really wanted to be helpfull in someway.
Off topic GalacticCoreExplosionV2 sounds like a interesting and cool guy..
So if I help you i'm also helping him in someway!!! at least i'd like to think so.
Https just makes it a bit harder for an eavesdropper to tamper with your browser...
The catch is you have to be on the same network...so if you use the public wifi at starbucks you will end up being on the same network as someone else.
If it's your home or private network..I whouldn't worry, I was a little concerned if someone else was also connected to your network or you were connected to a public network and accesed a website with http when the phishing happened.
=========================================☉‘ ♊, ☽ ♈, ASC ♑, ☿ ♊, ¡÷ ♉, ¡ö ♋ , ♃ ♒, ♄ ♏, ♅ ♐, ♆ ♑
My concern is some people may have credit card info stored on there, if they pay for their website? If that had been me, I'd order a new card. Also you can be more prone to phishing emails if a 3rd party gets hold of your email with some of your personal info, hoping you'll click on enclosed links, but I didn't notice anything like that when me email was pwned.
quote:Originally posted by viviette:I think the last one was an attempt on people's Wordpress accounts......
In the case of wordpress it has a known vulnerability called Cross-Site Scripting (XSS) which is what's called an injection type attack.
An injection type attack basically involves a malicious user adding an outside script(s) to make a website or application do something different then what it should be doing.
(XSS) Cross-Site Scripting attacks come in three forms, stored, reflect and DOM based.
I won't go through them all, the easiest for an attacker is Stored XSS.
This involves a malicious script being added via links or by content being added to the site.
Pintrest is a big violator of this because users are basically "pinning" and adding other scripts from other sites onto there site.
Advertisements would be another way for malicious scripts to enter.
quote:Originally posted by viviette:......My concern is some people may have credit card info stored on there, if they pay for their website? If that had been me, I'd order a new card.
Now in the case of your credit card info I know it costs a little bit more money or might be a bit of an inconvenience.
But if I suspect the site isn't secureand I'm given the option to pay by paypal, google pay, apply pay or anything similar I will select that option.
The reason is your adding one extra layer of protection. Paypal will not reveal any of your data it will simple make a payment on your behalf....
...It's like getting a family member to buy something on your behalf without you having to reveal yourself.
I mentioned this on another fourm, I'm sure your aware of the truckers protestin Canada that had a gofundme.
Well, the gofundme was hacked and anyone that directly put there credit card info whould have had all there information reveled.
Had they used paypal instead, paypal would have paid the donation and whould have kept things confidential.
quote:Originally posted by viviette:.... Also you can be more prone to phishing emails if a 3rd party gets hold of your email with some of your personal info, hoping you'll click on enclosed links, but I didn't notice anything like that when me email was pwned.
Not only that if your on a chain mail and one of your friends account is compromised it will spread to you.
Best thing is to keep any eye for anomalies, on your email account...anything that doesn't seam normal will indicate something on unusual.
Copyright 2000-2023 Powered by Infopop www.infopop.com © 2000 Ultimate Bulletin Board Version 5.46a
Powered by Infopop www.infopop.com © 2000 Ultimate Bulletin Board Version 5.46a