Page 1 of 2 1 2 LastLast
Results 1 to 15 of 17

Thread: Watch Your Hack -- Online Security Manual & Helpful Tools

  1. #1
    Verified Companion Companion
    Join Date
    Apr 2018
    Location
    New Orleans, LA
    Posts
    790

    Lightbulb Watch Your Hack -- Online Security Manual & Helpful Tools



    since the stickied thread is nearly a decade old,
    here's a website I found with much more recent security tools....


    WATCH YOUR HACK






  2. #2
    Verified Hobbyist BCD Lovinglifeinaustin's Avatar
    Join Date
    May 2018
    Location
    Austin West of Weird
    Posts
    3,021
    Phoenixx, this is an EXCELLENT link. It should be required reading for everyone using computers and the Internet. Thank you so much for sharing.
    James
    Loving life in Austin

  3. #3
    Registered Male (Not Verified)
    Join Date
    Jan 2010
    Posts
    110
    P,

    You rock!

  4. #4
    Verified Hobbyist BCD DocHoliday's Avatar
    Join Date
    Apr 2018
    Location
    In a secret underground lair somewhere in the OH2 Badlands
    Posts
    9,304
    Thanks for the tip babe.
    Newbie members friendly. Troll inhospitable & I have an ongoing troll ignore list!!!
    I’m your Huckleberry and this hobby is just my game. Ladies, just say when!!
    If you’re BSC, probably BSC, a drama Queen/King, WK or troll, DON’T PM me or post in my threads
    Thanks for your cooperation.
    Email for issues is support@ourhome2.net The OH2 verification process is HERE The review gremlin patch is HERE

  5. #5
    Verified Hobbyist BCD mathguy's Avatar
    Join Date
    Sep 2018
    Location
    ATX
    Posts
    1,314
    Quote Originally Posted by Phoenixx View Post


    since the stickied thread is nearly a decade old,
    here's a website I found with much more recent security tools....


    WATCH YOUR HACK





    Excellent link Phoenixx ! Nice job cutie!
    Link again: https://watchyourhack.com

    I did not read it thoroughly yet but I did skim the entire thing, all relevant sections, to evaluate the quality.

    I endorse the link with caveat I mention in the notes below about tbe password section (only applies to paper/pen passwords).

    Good info! Definitely use if you need help with security or tools or want to understand more about being anonymous online, as well as keeping your accounts secure.

    Caveats/Notes about Passwords:
    Something I noticed in the link that I disagree with and do not encourage anyone to do under any circumstances is the section about pen + paper password managing. They offer a decent way to protect yourself if you simply can't get away from paper passwords, but it's not something anyone should be doing today. Use an app.

    Everyone should be using a password manager. Even if you don't use a true pwd manager app at least use a file on your particular OS password protect the file with a "strong master password" that you commit to memory.

    Do not recycle or template passwords. That's the part I also disagree with regarding that same section. They suggest using the same word at the begining of each password. This is not a good practice. Recycling or templating passwords in any way is a sure way to end up a victim of identity theft. If one account gets out a hacker or cracker now has access to potentially dozens of your accounts using that one user name/pwd. Even if you slightly modify passwords, like adding a 1 or $ to different ones, but everything else is the same, the hacker will use cracking tools that automatically try all variations. If you only add one letter/number at the end then there are only a total of 26x2 (upper/lower case) + 10 (digits 0-9) or 62 possible variations.

    A password should be at minimum 8 characters, alphanumeric + symbols, at least 2 upper case, at least 2 numeric, at least one symbol when possible (#,$,[,!...). If symbols are not allowed minimum password length should be 10-12.

    Your WPA2 wireless ome router password for your internet connection should be even stronger. I suggest min 12-16 characters, alpha+num+sym.
    -MG

  6. #6
    Registered Male (Not Verified) Westley's Avatar
    Join Date
    Dec 2018
    Location
    Third planet from the Sun in a Solar System near the outer edge of the Milky Way.
    Posts
    308

    Exclamation

    All good stuff in this thread. This is the kind of critical thinking and bespoke application y'all gonna need more of going forward. Digital literacy is fast becoming a necessary business competency for companions and providers these days as LE and predators are becoming comfortable hunting on the Internet.

    As variables of the operating environment (supply, needs, economic conditions, risk appetite, political climate, technology, laws, enforcement priorities) change so must the strategic and operational plans of the participants that operate in that environment. New laws and disruptive technologies can inspire rapid change. Full-time hobbyist that manage their playtime as a business endeavor can benefit from business forecasts, risk assessments and contingency planning to manage change and human inspired mishaps that evolve into crisis.

    Change is ever present and change management is best leveraged as a continuous process. One could argue the most sucessful business leaders, resource managers and entrepreneurs (independent contractors) focus their work efforts toward a shared vision of a better future in a process of continuous improvement. Empathy is good. However, empathy with empirically sound contingency plans is way better.

    Business plans based on shared accumulated knowledge and empirical evidence than emotional, hasty, knee jerk reactions or crisis driven trial and error will usually produce better outcomes. Can you feel me?
    Last edited by Westley; 09-07-2019 at 02:48 PM.
    "Love all, Trust few and Do harm to none" - William Shakespeare

    I prefer the company of a lady that is "Newbie", "Reference" and "AA" friendly.
    No review policy. Just pretend I'm the love of your life and Do it!

    The soundtrack to the Netflix series "Disenchantment" is my musical theme.
    Bons Temps Rouler!

  7. #7
    Verified Companion Companion Universal's Avatar
    Join Date
    Dec 2018
    Location
    Tour MS,LA,&TX
    Posts
    4,276
    Quote Originally Posted by Phoenixx View Post


    since the stickied thread is nearly a decade old,
    here's a website I found with much more recent security tools....


    WATCH YOUR HACK





    Quote Originally Posted by Lovinglifeinaustin View Post
    Phoenixx, this is an EXCELLENT link. It should be required reading for everyone using computers and the Internet. Thank you so much for sharing.
    Quote Originally Posted by F117 View Post
    P,

    You rock!
    Quote Originally Posted by DocHoliday View Post
    Thanks for the tip babe.
    She's the best & forget the rest
    I NEVER ask4 real names or face pixs
    I NEVER
    do outcalls 2private homes

    GFE· full Hr· QV· Fetish·Pegging ·Dinner Dates· Incalls Only·SiteSeeing· Travel Partner· I cater to MEN· No Greek Food or Bareback horse riding !!!
    CALLS ONLY 5O4*345*8787


    adultaffairs.escortbook.com
    REVIEW >>https://cutt.ly/Rtcnjao

  8. #8
    Verified Companion Companion
    Join Date
    Apr 2018
    Location
    New Orleans, LA
    Posts
    790
    Quote Originally Posted by Universal View Post
    She's the best & forget the rest


    thank u, darlin’

    I’m also glad to see that it was helpful for you all

    <3


  9. #9
    Administrator ck1942's Avatar
    Join Date
    Jan 2009
    Location
    Always searching for UTR redheads, hot chocolattes & my next cuppa purrfect java
    Posts
    5,053
    One more important detail not really discussed much these days:

    PROTECT YOUR

    ===>>> LOG IN <<<===


    there are sites out there -- mostly banks -- mainly newly created medical portals and a few other hosts (hint hint OH2 ever since 2009!) in which the log can be way different from the user's handle

    and some sites also require a secondary PIN in addition to the password.

    ijs


    = = = = =

    I must laugh at the "paper/pen" issues.

    There are ways to create paper/pen reminders that do not give away close details for your logs/passwords.

    For example, my customary "blueprint" for building passwords:

    use at least two or three "fields" such as

    s.o.'s middle name
    first dog name or breed
    favorite color or your house color
    your kid's birth year (or s.o. or yours)
    use @ or ! or & in place of a letter or digit

    you get the drift ^^^

    and on your post it note

    jot only the clues, and maybe a reminder Y for yahoo, E for eccie, 2 for oh2, B for bank (not the name of the bank) etc. etc. etc.

    Or just be careful to stick the post it under the desk drawer and not under the laptop.

    Somewhere, perhaps the refrigerator door, stick a reminder of how to locate the sticky.

    LOL

    In these trying times, your patience and support are greatly appreciated. Stay safe out there!

    = = = = =

    Beating the review template gremlin! LINK

    https://home.ourhome2.net/vb/showthr...e-Verification for hobbyists

    IMPORTANT! LINK TO NOTICES

    FAQ: OH2's RULES! A Quick Read

    2020 Social Events - CVQ hiatus easing up
    San Antonio's Next Happy Hour - TBA, mini lunches now

    Austin's Next Hump Day Happy Hour - Wednesday - TBA

    ===> LINK: INVITATION RULES <===

    Ladies, please note:
    -- Staff members don't text ladies for photos.
    ck1942 doesn't vouch for hobbyists.
    -- "Verified hobbyist" is a member title; it doesn't mean the member has been screened/vouched to any companion's standard.

  10. #10
    Verified Hobbyist BCD Lovinglifeinaustin's Avatar
    Join Date
    May 2018
    Location
    Austin West of Weird
    Posts
    3,021
    Quote Originally Posted by ck1942 View Post
    One more important detail not really discussed much these days:

    PROTECT YOUR

    ===>>> LOG IN <<<===


    there are sites out there -- mostly banks -- mainly newly created medical portals and a few other hosts (hint hint OH2 ever since 2009!) in which the log can be way different from the user's handle

    and some sites also require a secondary PIN in addition to the password.

    ijs
    Agree with CK, multi factor authentication seems to be the wave of the future. So CK, when will you adopt that here?

    P411 recently installed reCAPTCHA.

    Using longer passwords (or pass phrases) with letters, numbers, special characters, and small/lower case is our best bet. Each additional character added to a password makes it exponentially more difficult for a hacker to break your password. Check this out.

    https://www.betterbuys.com/estimatin...racking-times/

    But using long passwords can be frustrated by the policy of the web site. For example, one of the banks I use restricts passwords to eight characters. Not seven, not nine, eight....period. Weak. But they use multi factor authentication.
    Last edited by Lovinglifeinaustin; 09-08-2019 at 01:16 PM.
    James
    Loving life in Austin

  11. #11
    Verified Hobbyist BCD mathguy's Avatar
    Join Date
    Sep 2018
    Location
    ATX
    Posts
    1,314
    Yea the multifactor authentication that James and CK hint at greatly reduces the password issues. Still passwords should be random, fairly long, & don't recycle (that is one of the worst offenses - any security expert or CISSP will concur). As James said adding a digit exponentially complicates things particularly if it's truly random/different. That link you listed is a nice tool James. Many password managers will also give you an indication of how strong the password is. There are many sites like that if you guys want to lookup to play with how long it will take to crack (using different powered cpu/gpu systems).

    One thing important to understand about the password cracking is that many of them are based on the current GFLOP range for that era/year. A gigaflop is a measure of how fast a processor can compute. 1GFLOP means it can do 1 billion floating point ops per second (decimal operations for second - technically the base measurement is typically a multiply & accumulate). However the process power can change depending on if we mean single precision, double, 16bit, 32bit, 64bit....

    The reason I mention this though is b/c the other important thing to realize is that even todays PC's (not super computer or even fancy servers) are measured in TFLOPs (teraflops also known as 1 trillion per second or 1000 giga/billion ops per sec).

    That website was basing it on an Intel i5 processor from 2015 (if you don't move the slider). Realize that today's computers, even regular desktops, but *especially* bleeding edge servers, paralleled gpus, supercomputers, etc that hackers use are vastly more powerful.

    To show how massively this has changed over time:

    1975 Cray SuperComputer: 150 MFLOPS. Yep. That's an abysmal 150 million floating point arithmetic ops per sec from a "supercomputer". Hehe. (the phone in your pocket can piss all over that heh).

    Current CPUs: 250GFLOPS to 1+ TFLOPS

    Xbox One X custom AMD GPU (graphics processing unit): 6.1 TFLOPS.

    New XBox Scarlett project in 2020: rumored @ 14-18 TFLOPS (using AMD Ryzen Zen 2 CPU & custom Navi AMD GPU)

    Today's bleeding edge GPU (not CPU -- Graphics Processing Unit), like an Nvidia Titan RTX: nearing 30 TFLOPS (30 trillion ops per second)

    Parallel GPU processing: 100+ TFLOPS

    Current "Supercomputer" (i.e. IBM Summit): All top 10 SCs on the top 500 list today are above 20 PFLOPS. The IBM Summit can do nearly 150 PFLOPS (i.e. 150 quadrillion ops per sec OR 150,000 trillion ops per sec OR 150 million billion ops per sec! Yea....zooooom!! )

    Point is password cracking whether it's dictionary, crypto hash attack, rainbow table attack, or brute force attack are all based on how many calculations per second a CPU and/or GPU (or a parallelization of those) can perform. So keep that in mind.

    Yea there are ways to keep a paper/pen pass somewhat safe but most people won't go to the length necessary (or just get lazy about it, none of us are immune to that) and using proper techniques would require remembering/committing even more to your memory than just using 1 very good strong password (known as a "master password") to get into your password manager app list. Oh and for those paranoid about online data collection not even the company themselves can get your data, even if they wanted to. You lose your master or forget it, shit outta. Everything is encrypted with a public & private key, the data cannot be decrypted without your private key which is even further complicated with your master password. No possible way anyone, not them, not the FBI, not the NSA, not the biggest hacking group on earth could realistically get that data.

    It's simply the best option today. Along with 2FA as James mentioned and CK as well. Definitely

    Edit: The CAPTCHA that James mentioned is very important. Nice addition. Greatly reduces "brute force" attacks.
    Last edited by mathguy; 09-08-2019 at 04:57 PM.
    -MG

  12. #12
    Verified Companion Companion MissHotMegan's Avatar
    Join Date
    Jun 2019
    Location
    Dallas/Vegas/Denver
    Posts
    20
    S. L. U. T. T. Y.(Slutty Lusty Uber' Tasty Treat 4-You)

    320/hour 220/hhr 460/90mins 600/2hrs Doubles 600/hr
    P411 Preferred Join P411 for short-notice requests.https://preferred411.com/P215712

    Text Only Please 4696293313

  13. #13
    Verified Hobbyist BCD pmdelites's Avatar
    Join Date
    Apr 2018
    Location
    Dallas, TX
    Posts
    1,800
    a question regarding all this compute power at the crook's fingers...

    "... the hacker will use cracking tools that automatically try all variations. ..."

    "... Point is password cracking whether it's dictionary, crypto hash attack, rainbow table attack, or brute force attack are all based on how many calculations per second a CPU and/or GPU can perform..."

    raw computer power is needed, but dont most websites (like banks, brokerages, medical providers, etc.) lock a user account if someone attempts to login w/ the wrong credentials??
    while there are some systems that dont, surely the crooks are not hitting up against a website w/ calculated pswds over and over and over?

    i remember reading somewhere that the crooks using various hashing functions to get a hashed value and use that to access the systems.

    mathyguy, any comments??
    it's always afternoon!!

    have fun out there.

    dont let the negatives get you down.

  14. #14
    Verified Hobbyist BCD mathguy's Avatar
    Join Date
    Sep 2018
    Location
    ATX
    Posts
    1,314
    Good question PMD. You are right about the lockout on any decent site. This would be an issue in a "brute force" attack. This is an attack where a hacker is literally trying to enter combinations on a live website. In this case, yes, they are quite limited in their ability to crack the password due to lockout features.

    Where the processing power is needed and where the primarily issue lies is in "offline attacks". These are attacks that are not being done on the live website. A program is not literally entering (in some programmatic way) countless passwords into a website form and submitting it until they have success. In a live online attack that would certainly result in a lockout.

    What is an "offline attack"? This is typically a situation where a bad actor or another hacker or possibly an individual within the company has gained access to the database of users, a user/password file, etc... That being said these passwords are not stored in plain text. They are cryptographically masked and a hash value entered in it's place. The system knows how to decrypt that hash and match it to what a real user (i.e. the legitimate user) enters into a website form as their password (if it matches, they get access).

    The trouble here is in an offline attack a person can run algorithms "offline" until it finds the correct decryption to match a hash entry. At this point it will have found the correct password for that entry/user.

    They can now sell or use this data themselves to gain access on the live site. The website can't stop the hacker b/c the hacker is not actively working on the site in this case (e.g. they are not entering password entry upon password entry to a live system or web login form until it finally finds the right one). Nope. Not at all. This would lock them out for sure. They are using a list of hash values that have been obtained for either a single user, many users, or even the entire user database. This data was probably retrieved from a bad actor, internal employee, or a separate large database/file hack to retrieve the database of users, etc... That data can then be sold to hackers on the dark web or black market who want it in order to crack large user databases using password cracking software and algorithms.

    I hope maybe this helps understand the process a bit more? Let me know if you have any other questions or if anything isn't quite clear.
    -MG

  15. #15
    Verified Hobbyist BCD pmdelites's Avatar
    Join Date
    Apr 2018
    Location
    Dallas, TX
    Posts
    1,800
    mathguy, thx for the "short" tutorial.

    if the crooks have to go from hashed value back to a password, are the hashing functions that easily figured out?


    (on magnum, p.i. last night, they had to decrypt a list of cia operatives. higgins, that cute uk blonde, couldnt figure it out, so they found the guy who had encrypted the list.b interesting episode (it was an hawaii 5-0 cross-over episode).
    it's always afternoon!!

    have fun out there.

    dont let the negatives get you down.

Page 1 of 2 1 2 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •