Motivated by a combination of curiosity and laziness, I want to gain root privileges on an Ubuntu 10.04 machine (which belongs to me). I'm pretty sure I failed to apply any security updates, so hopefully there are some unpatched holes. I have an account which I can log in to, but I have forgotten my password so I can no longer sudo. It's not easy to physically access the machine, so I can't boot to single user mode. I have found sites which provide exploit code, but the exploits seem to be crippled in a highly responsible way. Where are the non-crippled versions?
I'm interested in asserting a lot more control of my personal information and communications to prevent prying eyes of both governmental and criminal types. I'm interested in general best practices to secure my personal information, passwords, data and communication (including phones, texting and email). I am not an expert in software or anything of the kind. I use an iPhone and Apple computers. There's a few more specific requests inside. [more inside]
Twice this week, I've fallen for spam emails. Have I compromised my security? Will I die? [more inside]
I'm running the latest LTS version of Ubuntu on my hosting provider's cloud VPS service. I recently noticed a series of weird, spammy looking messages in my server's mail.log file. Tech support at my hosting provider says it does not appear to be compromised; are they wrong? [more inside]
What are the best practices for internet security in China? [more inside]
How can I misuse this bank account information? No, wait, that came out wrong. I’m looking for help justifying data security measures (at my office) for banking info. [more inside]
I am moving into a medium-sized house soon and I need a decent security system. I'd love to avoid paying the big security corporations that force you to sign contracts and all that. Aside from a normal alarm system (I'm thinking Simplisafe), I also want to explore the option of security cameras (on the outside). Does anyone have experience with good consumer products in this space?
How can I enforce a firewall -- built-in or 3rd-party -- in OS X, such that even someone with an admin account can't disable it? [more inside]
Is it possible to write a loan contract which effectively secures the debt against the borrower's property only in the event of bankruptcy or death of the borrower? I.e., as long as the borrower is in control of his financial affairs the lender has no right to the secured assets even if the borrower defaults, but if the borrower dies or goes bankrupt the security kicks in, so that the debt has priority for any third-party trustees managing the estate? [more inside]
Does anyone have a simple method of coming up with a excellent new passwords for every website that you can nevertheless easily remember? I'm thinking some combination of a master password combined with the website url or something like that, but the underlying rule should not be easily guessable by others even if they have a few examples in front of them. Any ideas?
I'm out for a walk taking some pictures and he stops to chat me up. We exchanged email addresses and now I'm regretting it BIG time. [more inside]
Bitcoin paper wallet? [more inside]
I am looking into alternatives to Windows EFS to protect sensitive data on a Linux web server. I know practically nothing about EFS, but I get the impression that the files are effectively plain-text if you are logged into the Windows machine as the user who owns the files, so the same level of "encryption" exists in a Linux environment if the files have only read/write perms for file owner and no perms for anybody else. My colleague says "No, it is not the same level of security" but doesn't provide any further info regarding how/why it's different. What am I missing here? [more inside]
Instead of the usual "username/password" challenge, some bank websites ask you for a username, and then for some letters from your password -- e.g. 'Type letters 1, 4 and 7 of your password'. I understand that the advantage of this is that you never enter your whole password, thereby making life difficult for keyloggers. But I don't see how it's possible to implement such a system without (effectively) storing the password in plain text on the server, which surely not a good idea. What is this practice called? Do security experts consider it good practice? Can you point me to a paper that explains how it is implemented securely?
How secure is Dropbox on an open coffee shop wifi? [more inside]
I want to teach students good computer security habits. [more inside]
So. If you had a wordpress self-hosted website accessed through your name and an ok password and a gmail account associated with the wordpress admin login, what would you do to secure everything from fuckery? [more inside]
Please help me translate the phrase, "Something that you bought at another store has not been cleared. I can fix that for you. Thank you." [more inside]
So, my debit card number has now been "compromised" twice in as many months. How am I supposed to approach security with cards nowadays? [more inside]
This has happened twice now, and it is freaky. Google chrome on the iMac I use in my office at work (at a university) will have usernames and passwords for people who have never been in my office ever. The first time it happened it was my father's email, and the second time it was my stepmother's. Why would chrome be filling in these odd emails when it doesn't even save my own login information after closing the browser window? [more inside]
Strangers from adjoining neighborhoods have created a path on private land behind my house. What are some ways I can stop them? [more inside]
A former contractor for a small business I'm involved in has told an employee he plans to sabotage the business' 5 trucks, possibly pouring chemicals in the gas tanks. Advice on the best methods and devices to try to prevent this would be very appreciated. [more inside]
What would be the best ways to secure multiple laptops, smartphones, cameras (physically, and also to catch thieves) in a "rustic" foreign country... keeping in mind I need to fit everything in luggage or fashion it out of raw materials in country. [more inside]
Open source software is considered trustworthy because anyone can validate the source code and hold the developer accountable. Usually developers will also make compiled binaries available for convenience. How can we know that these binaries are compiled from the same source code the developer published, and not a malicious variant of it? [more inside]
Android apps seem to grab permissions that I have no desire to give them. My understanding is that the permissions per app are all bundled together: it's all or nothing. At least officially. Is there another way? Also, is there a privacy watchdog site that will help me find apps that actually respect my privacy and support/purchase them over those that do not? [more inside]
I want to only share my identity with the tax man when I write, and allow people to pay me online. How do I do this? [more inside]
The best and simplest way to communicate between a smallish number of (known) people, on a few different devices, with encryption? [more inside]
My department is being mandated to start using Google+ and some other Google apps. Please help me think through the security and privacy implications of what I am afraid might become a real mess. [more inside]
I am new to this so this may be a very basic question. I am starting a mailing list of about 1000 people with 3-4 subgroups. I want to structure it so that people working for me can design and send out campaigns but I want to find a way by which they can't download the mailing list and share it with others or use it for purposes other than my campaigns. Is there a way to do this? If not in MailChimp can I do it in another software?
How do I prevent OCR on a document (typically a PDF but I could use another document format if necessary)? I know that when I scan it from a hard copy to a PDF I can disable/stop the OCR process, but Adobe allows it to happen on any PDF I scan in, whether OCR was eliminated at scanning or not, and I have to stop that (I have work product I'd like to distribute electronically, but my boss would like to make sure it's not searchable and it's as hard as I can make it to copy). I can use any software or process within reason.
Is there a practical way to keep someone from f-cking with my car? [more inside]
Twice recently my Gmail acct. has been hijacked by someone who is sending spam emails to some, but not contacts --seems to be only recently emailed (by me) people. The spam is an ad, as seen on Fox News for Raspberry drops weight loss aid. How do the spammers access my Gmail account? Could it be through my brand new Android cell phone? I am unaware of any other problems on my (Macbook) home computer. I have a secure WiFi router at home. No evidence malware or virus. I've changed my Gmail password, FWIW. Any suggestions on how/where to find a way from this happening again?
My AV program found 'Exploit:Java/CVE-2012-4681' on my laptop. It's a primer that sets up my machine for future exploits, but I haven't found any further infections using AV or Housecall. What steps should I be taking to assure myself that the machine is clean, and what can I do to prevent this kind of problem in the future. [more inside]
With email and website passwords, are successful "brute force" attacks still common, where an automated bot tries thousands and thousands of passwords on the same user account until one works? [more inside]
I need to retrieve the SSID of a wifi network that is not in range from either an iPhone or an old hard drive. [more inside]
What are good resources, online and offline, for information about the average experience in federal prison camps (minimum security prisons)? [more inside]
Help me name my new product, which combines the functionality of popular existing apps, but is specialized with high-security features. [more inside]
Question for the hard-core commerce and security geeks: Always-on SSL, or AOSSL. Last spring The Online Trust Alliance, or OTA, started a PR campaign to convince folks who manage web sites to use SSL to secure the entirety of their web sites — not just forms and checkout pages. OTA points out that some large social sites (Twitter, Facebook, Google) — folks for whom the customer is the product — have implemented AOSSL, or are in the process of doing so. Who I *don't* see coming on-board are large and highly trafficked e-commerce sites. By my survey, none of the top 100 eCommerce vendors (using Internet Retailer's list) have implemented AOSSL, and I'm wondering if there's a reason why... (more inside). [more inside]
Landlord doesn't require a lease or a security deposit. Should I be concerned? [more inside]
How can I setup a website accessible by VPN but by multiple users at different locations? More details inside... [more inside]
What would politics in outer space look like? [more inside]
I'd like my security deposit back, please. [more inside]
Looking for best practices for home data security for an exclusively Mac household. [more inside]
I was checking the security setting on my gmail account this AM and was alarmed to see that govtrack.us had somehow been granted " granted the following services access to your Google Account". Especially concerning since i had never seen that site, or even heard of it. What gives?
I found several "favourited" videos in my YouTube account that were definitely not my or my partner's doing. What could have happened? Was I hacked? [more inside]
Yesterday I added a network print server device to my home network. How can I know that it is secure? Can I firewall it to prevent it from sending anything out to the internet? A few more details inside. [more inside]
Our former landlord is trying to withhold our security deposit and charge us $3,000+ for damages we did not cause. We just received her letter itemizing the "charges" and I just want to make sure we are covering our bases, as it's my first time in this situation. We are in Prince George County, Maryland. [more inside]
Please help me understand the difference (or non-difference) in safety for Firefox vs. Chrome browser extensions (plugins/add-ons). [more inside]
Apparently, I didn't keep the answers to my iTunes security authorization questions. I think I can guess my answers with a few more tries, but I might get locked out before I get there. Will the wrong answer count reset back to zero after a wait time? Meaning, can I try again tomorrow, or will I still get locked out? [more inside]
How to get Adobe Reader to save a secure form? [more inside]