After renting a room for almost 2 years, I broke the lease 1.5 months early (gave 1.5 months notice). I ensured that someone else was going to move into my room 1 week after I move out (so my landlord only has a 1 week gap in receiving rent checks). It's been almost 2 months and my landlord hasn't sent me my deposit, and is saying he will only give me 1/2 of it back. Details inside... [more inside]
My Dad received a spam email purporting to be from his email provider (BT Yahoo, fwiw) asking him to verify his account. In a moment of utter stupidity, I fell for the scam and entered his email password into a bogus website (I know, I know: STUPID). I was using his iPad at the time, and a ransomware website opened in safari, however the browser didn't lock, and I was able to close it straight away. I immediately logged into his email account and successfully changed his password to something completely different. Google tells me that there is currently no ransomware which can successfully hijack Apple devices, which my experience seems to bear out. I am a bit worried about the risk that I've accidentally compromised his email, though. Is there anything else I should do beyond what I've already done, ie changing the password? Should I contact BT Yahoo about it?
At my place of employment, I have been charged with physically securing our two servers. The decision has been made to bolt them to the concrete floor in a cage. I don't know how to shop for a server rack. We have an old one that they're on now, but it's an open rack, without sides or locks. I need one that's more of a cage, to keep people without the key out. It'll have to fit at least 8U worth of servers, and also accommodate a midsized tower somehow, and be 1000mm deep minimum. How do I shop for this? I can't find any information on whether any of the racks I'm looking at are bolt downable.
Is there any software that allows for encryption of home directories in OSX, a la original FileVault? [more inside]
I read online that the director did a lot of research and consulted with military experts on how an actual terrorist siege on the white house could work. Of course, he also said that white house security experts have already planned for such an attack. I'm curious what would have been done differently in real life by the white house and DC security?
I'm subletting my room in a Capitol Hill, Washington DC rowhouse for 1 month. I pay $1250 for rent, and I'm thinking about charging $1050 in rent for a subletter to make sure I get someone for July. My security deposit with the landlord is about $1000. The landlord knows I'm subletting it and is totally OK with it, as long as I'm responsible for any potential damage. So would it be unreasonable to require a $1000 security deposit for a 1-month sublet? How about $750? $500? [more inside]
I'm thinking about replacing my current mobile phone with an Android device and I'm having a hard time understanding how the Android update / security patch infrastructure for the core system is supposed to work. [more inside]
I recently took a job for a new company and received a company laptop. However, I'll be a remote employee working from home and travelling. The company is a small independent subsidiary of a large Japanese company who hires out their IT functions to an independent contractor. I won't be googling any super-weird stuff, but hey, it gets boring in hotels sometimes. How can I know if my company can monitor any web usage remotely? [more inside]
My small town post office is offering a new feature I'd never heard of, street address deliveries to it, so you don't have to have anything delivered at home anymore. Given that the mailbox of the house I've been renting a room in is extremely insecure, this seems desirable. But given that every action I've taken in the last 10 months has gotten turned to the worst possible outcome, I want to know what the downsides are. Would it affect my credit rating? Would it make me look suspicious? What would be the downsides of using it as a residence address for my drivers license, which is up for renewal before I find a stable situation? [more inside]
I've been tasked with creating (well, refactoring and redesigning) a web app for managing a security company. It includes call logs, encounter reports, regions, locations, duties (patrols), various kinds of bulletins, and other things. If I were to search for existing software that covers the same purpose, what would I search for? What is this kind of thing called? [more inside]
Motivated by a combination of curiosity and laziness, I want to gain root privileges on an Ubuntu 10.04 machine (which belongs to me). I'm pretty sure I failed to apply any security updates, so hopefully there are some unpatched holes. I have an account which I can log in to, but I have forgotten my password so I can no longer sudo. It's not easy to physically access the machine, so I can't boot to single user mode. I have found sites which provide exploit code, but the exploits seem to be crippled in a highly responsible way. Where are the non-crippled versions?
I'm interested in asserting a lot more control of my personal information and communications to prevent prying eyes of both governmental and criminal types. I'm interested in general best practices to secure my personal information, passwords, data and communication (including phones, texting and email). I am not an expert in software or anything of the kind. I use an iPhone and Apple computers. There's a few more specific requests inside. [more inside]
Twice this week, I've fallen for spam emails. Have I compromised my security? Will I die? [more inside]
I'm running the latest LTS version of Ubuntu on my hosting provider's cloud VPS service. I recently noticed a series of weird, spammy looking messages in my server's mail.log file. Tech support at my hosting provider says it does not appear to be compromised; are they wrong? [more inside]
What are the best practices for internet security in China? [more inside]
How can I misuse this bank account information? No, wait, that came out wrong. I’m looking for help justifying data security measures (at my office) for banking info. [more inside]
I am moving into a medium-sized house soon and I need a decent security system. I'd love to avoid paying the big security corporations that force you to sign contracts and all that. Aside from a normal alarm system (I'm thinking Simplisafe), I also want to explore the option of security cameras (on the outside). Does anyone have experience with good consumer products in this space?
How can I enforce a firewall -- built-in or 3rd-party -- in OS X, such that even someone with an admin account can't disable it? [more inside]
Is it possible to write a loan contract which effectively secures the debt against the borrower's property only in the event of bankruptcy or death of the borrower? I.e., as long as the borrower is in control of his financial affairs the lender has no right to the secured assets even if the borrower defaults, but if the borrower dies or goes bankrupt the security kicks in, so that the debt has priority for any third-party trustees managing the estate? [more inside]
Does anyone have a simple method of coming up with a excellent new passwords for every website that you can nevertheless easily remember? I'm thinking some combination of a master password combined with the website url or something like that, but the underlying rule should not be easily guessable by others even if they have a few examples in front of them. Any ideas?
I'm out for a walk taking some pictures and he stops to chat me up. We exchanged email addresses and now I'm regretting it BIG time. [more inside]
Bitcoin paper wallet? [more inside]
I am looking into alternatives to Windows EFS to protect sensitive data on a Linux web server. I know practically nothing about EFS, but I get the impression that the files are effectively plain-text if you are logged into the Windows machine as the user who owns the files, so the same level of "encryption" exists in a Linux environment if the files have only read/write perms for file owner and no perms for anybody else. My colleague says "No, it is not the same level of security" but doesn't provide any further info regarding how/why it's different. What am I missing here? [more inside]
Instead of the usual "username/password" challenge, some bank websites ask you for a username, and then for some letters from your password -- e.g. 'Type letters 1, 4 and 7 of your password'. I understand that the advantage of this is that you never enter your whole password, thereby making life difficult for keyloggers. But I don't see how it's possible to implement such a system without (effectively) storing the password in plain text on the server, which surely not a good idea. What is this practice called? Do security experts consider it good practice? Can you point me to a paper that explains how it is implemented securely?
How secure is Dropbox on an open coffee shop wifi? [more inside]
I want to teach students good computer security habits. [more inside]
So. If you had a wordpress self-hosted website accessed through your name and an ok password and a gmail account associated with the wordpress admin login, what would you do to secure everything from fuckery? [more inside]
Please help me translate the phrase, "Something that you bought at another store has not been cleared. I can fix that for you. Thank you." [more inside]
So, my debit card number has now been "compromised" twice in as many months. How am I supposed to approach security with cards nowadays? [more inside]
This has happened twice now, and it is freaky. Google chrome on the iMac I use in my office at work (at a university) will have usernames and passwords for people who have never been in my office ever. The first time it happened it was my father's email, and the second time it was my stepmother's. Why would chrome be filling in these odd emails when it doesn't even save my own login information after closing the browser window? [more inside]
Strangers from adjoining neighborhoods have created a path on private land behind my house. What are some ways I can stop them? [more inside]
A former contractor for a small business I'm involved in has told an employee he plans to sabotage the business' 5 trucks, possibly pouring chemicals in the gas tanks. Advice on the best methods and devices to try to prevent this would be very appreciated. [more inside]
What would be the best ways to secure multiple laptops, smartphones, cameras (physically, and also to catch thieves) in a "rustic" foreign country... keeping in mind I need to fit everything in luggage or fashion it out of raw materials in country. [more inside]
Open source software is considered trustworthy because anyone can validate the source code and hold the developer accountable. Usually developers will also make compiled binaries available for convenience. How can we know that these binaries are compiled from the same source code the developer published, and not a malicious variant of it? [more inside]
Android apps seem to grab permissions that I have no desire to give them. My understanding is that the permissions per app are all bundled together: it's all or nothing. At least officially. Is there another way? Also, is there a privacy watchdog site that will help me find apps that actually respect my privacy and support/purchase them over those that do not? [more inside]
I want to only share my identity with the tax man when I write, and allow people to pay me online. How do I do this? [more inside]
The best and simplest way to communicate between a smallish number of (known) people, on a few different devices, with encryption? [more inside]
My department is being mandated to start using Google+ and some other Google apps. Please help me think through the security and privacy implications of what I am afraid might become a real mess. [more inside]
I am new to this so this may be a very basic question. I am starting a mailing list of about 1000 people with 3-4 subgroups. I want to structure it so that people working for me can design and send out campaigns but I want to find a way by which they can't download the mailing list and share it with others or use it for purposes other than my campaigns. Is there a way to do this? If not in MailChimp can I do it in another software?
How do I prevent OCR on a document (typically a PDF but I could use another document format if necessary)? I know that when I scan it from a hard copy to a PDF I can disable/stop the OCR process, but Adobe allows it to happen on any PDF I scan in, whether OCR was eliminated at scanning or not, and I have to stop that (I have work product I'd like to distribute electronically, but my boss would like to make sure it's not searchable and it's as hard as I can make it to copy). I can use any software or process within reason.
Is there a practical way to keep someone from f-cking with my car? [more inside]
Twice recently my Gmail acct. has been hijacked by someone who is sending spam emails to some, but not contacts --seems to be only recently emailed (by me) people. The spam is an ad, as seen on Fox News for Raspberry drops weight loss aid. How do the spammers access my Gmail account? Could it be through my brand new Android cell phone? I am unaware of any other problems on my (Macbook) home computer. I have a secure WiFi router at home. No evidence malware or virus. I've changed my Gmail password, FWIW. Any suggestions on how/where to find a way from this happening again?
My AV program found 'Exploit:Java/CVE-2012-4681' on my laptop. It's a primer that sets up my machine for future exploits, but I haven't found any further infections using AV or Housecall. What steps should I be taking to assure myself that the machine is clean, and what can I do to prevent this kind of problem in the future. [more inside]
With email and website passwords, are successful "brute force" attacks still common, where an automated bot tries thousands and thousands of passwords on the same user account until one works? [more inside]
I need to retrieve the SSID of a wifi network that is not in range from either an iPhone or an old hard drive. [more inside]
What are good resources, online and offline, for information about the average experience in federal prison camps (minimum security prisons)? [more inside]
Help me name my new product, which combines the functionality of popular existing apps, but is specialized with high-security features. [more inside]
Question for the hard-core commerce and security geeks: Always-on SSL, or AOSSL. Last spring The Online Trust Alliance, or OTA, started a PR campaign to convince folks who manage web sites to use SSL to secure the entirety of their web sites — not just forms and checkout pages. OTA points out that some large social sites (Twitter, Facebook, Google) — folks for whom the customer is the product — have implemented AOSSL, or are in the process of doing so. Who I *don't* see coming on-board are large and highly trafficked e-commerce sites. By my survey, none of the top 100 eCommerce vendors (using Internet Retailer's list) have implemented AOSSL, and I'm wondering if there's a reason why... (more inside). [more inside]
Landlord doesn't require a lease or a security deposit. Should I be concerned? [more inside]