Honest Answers Episode 3

[nicklmg]

Amazon Prime: http://geni.us/sdX5S

 

What's up with Amazon Associates, the hack, and more here on Honest Answers Episode 3!

 

 

[Skiiwee29]

1st

[vanished]

Impromptu?  So,... that FLIR review...  

[vanished]

Wait, the third party and vector has been revealed... my memes will spread the word!  

[Kobathor]

I find it crazy how easily these groups have used "simple" social engineering tactics to break into accounts. All they need is a good dump of your personal info, and they can get into pretty much anything.

[nicklmg]

5 minutes ago, Kobathor said:

I find it crazy how easily these groups have used "simple" social engineering tactics to break into accounts. All they need is a good dump of your personal info, and they can get into pretty much anything.

People are the weakest link in any good security system...

[vanished]

5 minutes ago, nicklmg said:

People are the weakest link in any good security system...

So, the take away is any good security system won't involve people

[Markmjb]

Hi LTT,

I'm an IT student who did 1 Semester of Cyber Security specialization last 6 months. So as someone who has been hacked himself, I sympathize with you guys for what has happened. But as student, this is kind of interesting to see  

 

Social Engineering is really scary. If I know a few personal details like date of birth, address, or bank account nr,  chances are I could call into *random canadian company where you are customer*  and get your password reset. The problem is usually lacking awareness at that company's customer service. 

 

I do hope you guys hired some external company now to do a security audit. Really, let someone who specializes in this look at it.

 

1 hour ago, Ryan_Vickers said:

So, the take away is any good security system won't involve people

So, Linus should post this guy as the door guard
https://www.youtube.com/watch?v=u0-N4gDRtN4

[risk]

Hi Linus / Nick,

 

There's lots of security tips for individuals, things like never share passwords, always use 2 auth, change all of your passwords regularly, use lastpass or similar to help you with all of that, use "password alert" extension so you don't leak your gmail password (turning your 2 factor auth into phone number auth), never log in on anyone else's device (e.g. don't check your email at an internet cafe, sigh), always encrypt your backups.

 

I'm sure there's probably a techquickie or similar video on all of this for individuals

 

But what if you're a business, how do you stay secure? What's a good checklist to follow? e.g.

 - Using phone/sms numbers as 2factor auth is bad, as a business use yubikeys / u2f.
 - Never use personal machines on corporate network, have a guest wifi for that.

 - Don't use papers, but shred when you have to

 - Never plug in random usb keys into business devices.

 - Utilize compartmentalization, don't use personal accounts for business needs, and vice-versa (e.g. use browser profiles or ideally a separate computer/laptop for your personal stuff). You don't need write/root/admin access to everything all the time. Use test accounts that can be reset when you need an account on an "unmanaged" or temporary machine containing foreign hardware.

 - Make sure your accountant can't run with the money, or your janitor can't run with your safe?

 

Is there a good long checklist online for this type of stuff?

[limjh16]

On a separate note, Vessel needs to fix things. I can watch the FLIR thing on vessel now w/o a premium subscription

[nicklmg]

7 hours ago, limjh16 said:

On a separate note, Vessel needs to fix things. I can watch the FLIR thing on vessel now w/o a premium subscription

That's because it has been up for over 7 days at this point. When we do simultaneous releases like this, some videos get pushed, as unfortunate as that is

If you want to go check it out over there feel free!

[nicholasfd]

how did this all start? was it when linus leaked his twitter info in the wan show? and someone just got his email, and it all went sour from there?

[nicklmg]

4 minutes ago, nicholasfd said:

how did this all start? was it when linus leaked his twitter info in the wan show? and someone just got his email, and it all went sour from there?

No, the hack occurred before that show. There were no negative repercussions as a result of that WAN Show.

[nicholasfd]

1 minute ago, nicklmg said:

No, the hack occurred before that show. There were no negative repercussions as a result of that WAN Show.

oh, well thats good.

[JorithZ]

Not sure if this is the same for everyone or a new thing, but i just had te request a new sim for myself.

After i went trough the process i got a conformation email about the order and the following warning:

Please keep your old sim card in the phone when you activate the new sim online, an activation code will be send to the old sim to activate the new one. (i loosely translated this myself, so do not expect to find exactly this wording.)

 

Is this new since this happened or do they not do this in other countries? This was t-mobile.

[Camtek]

Did you pull the video, or did they?    Its gone!

 

[vanished]

1 hour ago, Camtek said:

Did you pull the video, or did they?    Its gone!

 

what? no, it plays fine for me...