A couple of days ago I clicked a legit-looking result from a Google search and got to a page of hackery-looking type saying that my system now belonged to somebody else. I backed away fast, but tried it again out of curiosity and the same thing happened. I didn't cap the screen and now I can't find the page, but can somebody hijack my computer (Mac running Safari this week for some reason) just because I clicked a link? This might be a laughable question, but since this has never happened to me before I don't know how seriously to take it!
I am a first time city apartment dweller, and don't have a clue on how/when to use my door buzzer. What is okay, what isn't, and yes, I am over thinking this, but it is bugging the hell out of me because I am already overstressed. [more inside]
I live on the first floor in an apartment building in a very heavily trafficked and busy urban neighborhood. It's not a terribly dangerous place, but it definitely has its illicit activity going on - it's a college town. You don't see a lot of bars on the windows or anything. At some point yesterday, somebody broke into my apartment by forcing a window open, and they weren't in my apartment long. They didn't really ransack the place, it was almost hard to tell someone had been there. I am frankly puzzled by how very little they took and what they did take as it wasn't very valuable. They did rifle through my filing cabinet and they did steal my laptop which they will need a password to use, but if they are able to get past that, they will have access to all of my online accounts and my financial information (which I have already locked down). I'm trying to work out a checklist for everything I need to do now, and I have one complicating factor about ID. [more inside]
How can I deal with a ticked off strata president who is threatening to hold me personally liable for any floods to my suite? [more inside]
Our house got broken into, but the thieve(s) stole slightly strange objects. Why? [more inside]
I live in a rent-controlled apartment in San Francisco, and have been enduring some landlord harassment of various types. (I'm paying a fortune, but rents are so high right now that even what I pay is well below market.) For my peace of mind, I'd like to install some sort of reasonably priced device to ensure that no one's entering my apartment when I'm not there. A huge bonus would be collecting evidence if it does happen. [more inside]
I am about to buy some bluetooth speakers to be used in conjunction with a Windows computer and Itunes. I have heard vague rumblings to the effect that bluetooth has security issues that regular wifi devices do not. Ordinarily, I would buy wifi speakers but the few I can find are awfully damned pricey. Would I be putting myself at risk of compromising my computer's security if I set up a pair or two of bluetooth speakers in my apartment? In general, are there any bluetooth security issues I should be aware of, as a new user of this technology? Many thanks for your time.
I was burgled again this week. Sigh. I need help asking my landlord for specific safety interventions. [more inside]
My old, dormant Twitter account recently started sending out direct messages to everyone on my list with spammy stuff. This happened within the last hour, and I just deactivated the account. The password for the Twitter account is different than the password for the email account that I set it up with. The password on the Twitter account hadn't been changed, and no tweets were sent from it (only DMs). Is this likely a third party app jacking the Twitter account (and therefore isolated) or should I be concerned about the establishing email account as well? I ask because this is my primary gmail account.
I've been tasked with figuring out what firms charge to perform IT Security tests, penetration tests, etc, for commercial clients? What kind of metrics do they base their charges on? Is there a standard rate for this kind of work? Alternately, do you have any tips for getting this kind of info from the companies that do this kind of stuff? [more inside]
Do you have an awesome system that works well? I am looking for advice, experience and any general wisdom as I look to find a replacement entry and video security system for a multi-unit condo building. [more inside]
We rented a house in Skokie, and the landlord used an office-supply-store-pre-printed lease form for the city. It included a copy of the Chicago RLTO as part of the form. Understanding that YANML, does this incorporate the requirements of the RLTO into the terms of the lease? If so, he'd be required to submit receipts meet deadlines for the return of the deposit. Or is he only bound by State Law (which for a single-family home, seems to require bupkus). He only returned half of our security deposit. Is it worth fighting for the other half ($600)? If I accept and deposit the $600 he sent, am I hurting my chances of getting the rest? [more inside]
Can you recommend a source for tiny, personalized, permanent adhesive labels I can use to I.D. my gadgets 'n' doodads 'n' stuff? [more inside]
Microsoft Security Essentials Missing From System Tray. [more inside]
I'm planning to install a simple CCTV system in my house and am looking for recommendations for an entry-level camera. [more inside]
We're going to Vegas in 3 weeks and I want to be able to spend my days walking around without having a purse always looped over my shoulder. My clothes don't have pockets. Fanny packs are the work of Satan. Is it a terrible idea to keep my often accessed stuff (cash, credit cards) in my bra and more important stuff (like health insurance card, driver's licence, etc) hidden in my panties? What should I do with my phone (that is also my camera)? [more inside]
Lavabit's Ladar Levinson was recently quoted as follows: "I'm taking a break from email. If you knew what I know about email, you might not use it either." Why would Levinson warn other people off using email? He's not just saying, "Be careful how you use email," but, "It's probably a good idea not to use email at all. I'm taking a break from it myself." [more inside]
I have a friend moving to a sketchy part of town (and living without a roommate for the first time). I want to get her some sort of security "thing" as an apartment-warming gift. Any suggestions? [more inside]
I'm starting a photography website where privacy and security are important features, and would like to offer SSL encryption to my users, so I'm going to buy a SSL certificate. Where should I get it from and which type should I get? [more inside]
I recently took a job as an overnight security guard. The entire job is standing at the entrance to a company's parking lot, from 10pm to 6am. In theory, I'm supposed to warn off people who look like they don't belong there, but that never happens. No books, smartphones, or other distractions are allowed. Sometimes I'll look at my watch and discover that it's only ten minutes since the last time I checked my watch, even though it feels like an hour has passed. Is there some kind of mental exercise or trick I can use to occupy my mind and make the time go faster?
Is there a relatively easy, inexpensive way to reinforce my apartment door so that it cannot be kicked in during the day? Something very strong and secure but that is easily removable with minimal damage from the inside so that my security deposit won't go towards replacing the door? [more inside]
After renting a room for almost 2 years, I broke the lease 1.5 months early (gave 1.5 months notice). I ensured that someone else was going to move into my room 1 week after I move out (so my landlord only has a 1 week gap in receiving rent checks). It's been almost 2 months and my landlord hasn't sent me my deposit, and is saying he will only give me 1/2 of it back. Details inside... [more inside]
My Dad received a spam email purporting to be from his email provider (BT Yahoo, fwiw) asking him to verify his account. In a moment of utter stupidity, I fell for the scam and entered his email password into a bogus website (I know, I know: STUPID). I was using his iPad at the time, and a ransomware website opened in safari, however the browser didn't lock, and I was able to close it straight away. I immediately logged into his email account and successfully changed his password to something completely different. Google tells me that there is currently no ransomware which can successfully hijack Apple devices, which my experience seems to bear out. I am a bit worried about the risk that I've accidentally compromised his email, though. Is there anything else I should do beyond what I've already done, ie changing the password? Should I contact BT Yahoo about it?
At my place of employment, I have been charged with physically securing our two servers. The decision has been made to bolt them to the concrete floor in a cage. I don't know how to shop for a server rack. We have an old one that they're on now, but it's an open rack, without sides or locks. I need one that's more of a cage, to keep people without the key out. It'll have to fit at least 8U worth of servers, and also accommodate a midsized tower somehow, and be 1000mm deep minimum. How do I shop for this? I can't find any information on whether any of the racks I'm looking at are bolt downable.
Is there any software that allows for encryption of home directories in OSX, a la original FileVault? [more inside]
I read online that the director did a lot of research and consulted with military experts on how an actual terrorist siege on the white house could work. Of course, he also said that white house security experts have already planned for such an attack. I'm curious what would have been done differently in real life by the white house and DC security?
I'm subletting my room in a Capitol Hill, Washington DC rowhouse for 1 month. I pay $1250 for rent, and I'm thinking about charging $1050 in rent for a subletter to make sure I get someone for July. My security deposit with the landlord is about $1000. The landlord knows I'm subletting it and is totally OK with it, as long as I'm responsible for any potential damage. So would it be unreasonable to require a $1000 security deposit for a 1-month sublet? How about $750? $500? [more inside]
I'm thinking about replacing my current mobile phone with an Android device and I'm having a hard time understanding how the Android update / security patch infrastructure for the core system is supposed to work. [more inside]
I recently took a job for a new company and received a company laptop. However, I'll be a remote employee working from home and travelling. The company is a small independent subsidiary of a large Japanese company who hires out their IT functions to an independent contractor. I won't be googling any super-weird stuff, but hey, it gets boring in hotels sometimes. How can I know if my company can monitor any web usage remotely? [more inside]
My small town post office is offering a new feature I'd never heard of, street address deliveries to it, so you don't have to have anything delivered at home anymore. Given that the mailbox of the house I've been renting a room in is extremely insecure, this seems desirable. But given that every action I've taken in the last 10 months has gotten turned to the worst possible outcome, I want to know what the downsides are. Would it affect my credit rating? Would it make me look suspicious? What would be the downsides of using it as a residence address for my drivers license, which is up for renewal before I find a stable situation? [more inside]
I've been tasked with creating (well, refactoring and redesigning) a web app for managing a security company. It includes call logs, encounter reports, regions, locations, duties (patrols), various kinds of bulletins, and other things. If I were to search for existing software that covers the same purpose, what would I search for? What is this kind of thing called? [more inside]
Motivated by a combination of curiosity and laziness, I want to gain root privileges on an Ubuntu 10.04 machine (which belongs to me). I'm pretty sure I failed to apply any security updates, so hopefully there are some unpatched holes. I have an account which I can log in to, but I have forgotten my password so I can no longer sudo. It's not easy to physically access the machine, so I can't boot to single user mode. I have found sites which provide exploit code, but the exploits seem to be crippled in a highly responsible way. Where are the non-crippled versions?
I'm interested in asserting a lot more control of my personal information and communications to prevent prying eyes of both governmental and criminal types. I'm interested in general best practices to secure my personal information, passwords, data and communication (including phones, texting and email). I am not an expert in software or anything of the kind. I use an iPhone and Apple computers. There's a few more specific requests inside. [more inside]
Twice this week, I've fallen for spam emails. Have I compromised my security? Will I die? [more inside]
I'm running the latest LTS version of Ubuntu on my hosting provider's cloud VPS service. I recently noticed a series of weird, spammy looking messages in my server's mail.log file. Tech support at my hosting provider says it does not appear to be compromised; are they wrong? [more inside]
What are the best practices for internet security in China? [more inside]
How can I misuse this bank account information? No, wait, that came out wrong. I’m looking for help justifying data security measures (at my office) for banking info. [more inside]
I am moving into a medium-sized house soon and I need a decent security system. I'd love to avoid paying the big security corporations that force you to sign contracts and all that. Aside from a normal alarm system (I'm thinking Simplisafe), I also want to explore the option of security cameras (on the outside). Does anyone have experience with good consumer products in this space?
How can I enforce a firewall -- built-in or 3rd-party -- in OS X, such that even someone with an admin account can't disable it? [more inside]
Is it possible to write a loan contract which effectively secures the debt against the borrower's property only in the event of bankruptcy or death of the borrower? I.e., as long as the borrower is in control of his financial affairs the lender has no right to the secured assets even if the borrower defaults, but if the borrower dies or goes bankrupt the security kicks in, so that the debt has priority for any third-party trustees managing the estate? [more inside]
Does anyone have a simple method of coming up with a excellent new passwords for every website that you can nevertheless easily remember? I'm thinking some combination of a master password combined with the website url or something like that, but the underlying rule should not be easily guessable by others even if they have a few examples in front of them. Any ideas?
I'm out for a walk taking some pictures and he stops to chat me up. We exchanged email addresses and now I'm regretting it BIG time. [more inside]
Bitcoin paper wallet? [more inside]
I am looking into alternatives to Windows EFS to protect sensitive data on a Linux web server. I know practically nothing about EFS, but I get the impression that the files are effectively plain-text if you are logged into the Windows machine as the user who owns the files, so the same level of "encryption" exists in a Linux environment if the files have only read/write perms for file owner and no perms for anybody else. My colleague says "No, it is not the same level of security" but doesn't provide any further info regarding how/why it's different. What am I missing here? [more inside]
Instead of the usual "username/password" challenge, some bank websites ask you for a username, and then for some letters from your password -- e.g. 'Type letters 1, 4 and 7 of your password'. I understand that the advantage of this is that you never enter your whole password, thereby making life difficult for keyloggers. But I don't see how it's possible to implement such a system without (effectively) storing the password in plain text on the server, which surely not a good idea. What is this practice called? Do security experts consider it good practice? Can you point me to a paper that explains how it is implemented securely?
How secure is Dropbox on an open coffee shop wifi? [more inside]
I want to teach students good computer security habits. [more inside]
So. If you had a wordpress self-hosted website accessed through your name and an ok password and a gmail account associated with the wordpress admin login, what would you do to secure everything from fuckery? [more inside]