Beginner Questions

Talk about internet security, computer security, personal security, your social security number...
Post Reply
Gregory G.
Posts: 4
Joined: Fri Aug 14, 2009 6:23 pm

Beginner Questions

Post by Gregory G. »

Hello everyone! I'm an older newb at 19. yrs. A huge thankyou to the developers and community for making these great firefox addons like NoScript and FlashGot. I am a new user to computing in general. I mean I'm so bad with computers that I don't know how to make a link to a site or make bold text. (I didn't see a post about this so please forgive me if I made a mistake.)

It amazes me how NoScript keeps me safe on the internet esp. being free. It makes me wonder....

What does a security professional read each day?
What education is required to learn computer security?
Good books and websites?
How can I contribute to this amazing project? It's not that I want to become a professional though I would like to make security a hobby of mine it just seems so interesting about the magic of NoScript it always works!
I am totally clueless though I suppose one would have to know how to build websites to learn NoScript?
Is it true that (I read online looking up wifi security) a good start to learn about it is getting a Comptia A+ certification?

This is off topic though about security too.
For some reason I don't trust FireFox's native password manager. I actually have written down in a journal of mine my passwords for different websites I am afraid to put them onto my computer. Am I wrong to write them down, should I just trust firefox 100%?

Thankyou everyone again! I'm sorry for a long post though a sort of way to learn the path to greatness that you are all!!!
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Beginner Questions

Post by Tom T. »

Hello Gregory, and welcome!

To answer just a few of your questions, I would not trust the password manager of *any* browser or of Windows itself. You might wish to check out Password Safe, whose encryption was created by world-renowned cryptographer Bruce Schneier. I have used it for quite a while, and find it safe, secure, and convenient. It is totally freeware. Be sure to back up your encrypted password database regularly, to a USB drive, a CD, etc., so that you don't lose them in case of a crash. I also write mine down on paper in a very secure location, as a last resort, but that is a personal choice. Please be reminded that since it is not a product of this developer or web site, it is my personal opinion only, and no support can be given here.

As for using the board, you'll finid a toolbar right above the message box. More help is available at http://www.phpbb.com/community/faq.php?mode=bbcode.

As for how to best help with NoScript as a beginner: Tell others about it! ...and please consider donating whatever you can afford and feel is appropriate.
The product has always been free since its inception, no adware, no spyware, only a couple of small ads at the project's home page. Developer Giorgio Maone donates hundreds of hours of his own time to maintaining and improving NoScript, time which could be spent on his paying jobs, and the least we can do is help out a bit.

I'll leave your other questions for others to answer. I hope this is a good start on your extensive post. Happy safe computing!
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20
Grumpy Old Lady
Senior Member
Posts: 240
Joined: Fri Jul 03, 2009 7:20 am

Re: Beginner Questions

Post by Grumpy Old Lady »

Hi,
Most browser password managers are for convenience, not security, and it's the user's decision about what kinds of use those passwords could be put to if hacked whether they want to use managers.
For general web use, over unencrypted connections, it really doesn't worry me personally whether passwords are managed by the browser or not, however for encrypted connections, there's a good argument for a secure password manager to be brought into service. This is because of the risk of keystroke logging and clipboard reading malware being resident in a system, or more likely these days, resident in the boot sector.

Answer in short is, yes, why not make my life easier by letting the browser manage non-critical web passwords.
But, no, never simply trust any software (Fx included) 100 percent for vital passwords on a machine that can be accessed locally. And with web exploits the way they are, any machine is accessible locally these days. With ABE, not :-)
I use the Fx Master Password (encrypts all passwords in storage) for critical stuff, in a virtual machine that is reimaged at each session. For a couple of sites, I have to remember the passwords because their sites block software input.
That master password isn't written down anywhere and most certainly no other critical passwords are written anywhere either. And I also change it at least every 3 months. I'm prepared to re-apply for the passwords that it protects if I forget it (a user loses all password if the Master password can't be recalled), rather than have the risk of it being discovered locally. My home is a lot more open house than many, so a user has to make their own decision about local security of course.
But a master password applies to a whole Fx session, unless Private Data is cleared inside that session, so it's only as secure as that particular session is locally. I suppose the big rule to remember for any vital browser session is to never leave the machine without logging off. Period.
The virtual machine I run Fx on for critical web transactions is NOT a Win one because I don't trust MS to be open, in a timely fashion, about all security problems that may affect my use. Other systems have more public oversight, and I use an Ubuntu Fx/NS session for the most important web connections.
The Keychain app in OS X is a very good password manager too. I used it in Camino on OS X but it hasn't had much development outside apple. I would have preferred to continue using OS X for secure connections, because I have most experience with it, however the cost of maintaining an up to date OS X is prohibitive in my situation.

For the rest of your questions, I have no clue where a person would start; the web is full of interesting reading however and a user could do worse than starting their self-education by becoming familiar with Fx/NS first, then the latest version of IE for comparison, and then perhaps a little understanding of how web pages are made.
This site has a good reputation amongst developers I've dealt with.
http://www.w3schools.com/
Your age has no meaning for me :-)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2
Gregory G.
Posts: 4
Joined: Fri Aug 14, 2009 6:23 pm

Re: Beginner Questions

Post by Gregory G. »

Thank you for welcoming to the community Tom T. and Grumpy Old Lady! I admit that I was nervous posting here at first because I thought that there would be a bunch of posts telling me how stupid I am though it didn’t happen. (That did happen to me when I started World of Warcraft….)
A lot of great information in both posts:

@Tom T. Reading about a free alternative to my carpel tunnel means of typing in password after password manually is AWESOME! What I’d see as a commercial time and time again in computer magazines was AI Roboform and well I was always too cheap to buy it. I did not know of those names:
• Bruce Schneier – Thank you for developing a free! Totally free program to store passwords in now and always.
• Giorgio Maone - Thank you for developing No Script! Without you I wouldn’t have gotten interested in scripts and security in the first place!

In high school (now that I’m out) we were only allowed to use a disc or floppy disc to store documents and reports. It is school policy because they can scan my disc and can’t scan a USB drive. I thought a USB drive was unsafe. I’m completely wrong.
@Grumpy Old Lady I like how you think:

“…it’s the user’s decision about what kind of passwords could be put to if hacked whether they want to use managers.”

I mean; it just makes me think differently about it. Originally I thought that it was an annoyance to type them manually. You make an excellent point!
Then another quote:

“And with web exploits the way they are, any machine is accessible locally these days. With ABE, not :-)

Like my mom says “keep your nose clean” I never have been hacked or pissed off people on forums so I’ve been lucky very lucky. I do like your other tip to change your master password every three months. (I guess Tom T. doesn’t do that. Just kidding!)

When I play World of Warcraft I admit I could be tired and I’d say like maybe about once or twice a month I’ll leave my laptop just online (with me logged in) then collapse from a long long day. So your other tip to always log off. Hmmm….I never personally tried it but I guess someone has made a program where if I’m stuck in WoW too long that my computer automatically logs off for me! Just kidding again!

All of my life I used Microsoft windows so it’s interesting to hear about OS X and Ubuntu. With my luck I’d just confuse the heck out of myself figuring out those programs. I suppose I’m a windows for life kind of guy.

Though the best part of your post Grumpy Old Lady is that website. I never ever heard of it before. Once again it is free like the other password programs you mentioned!!! I mean the site goes on and on….it beats having to bombard this forum with my beginner questions. http://www.w3schools.com/ is like the best thing since I got my driving license.

Thank you both very much!! The best part about you both is that your communication is clear and easy to understand. It’s not like a bunch of numbers and computer code speak. Just to name names to thank again.
Tom. T- Thank you!
Bruce Schneier- Thank you!
Giorgio Maone- Thank you!
Grumpy Old Lady- I love the way you think and thank you too!!!

If anyone else has anything to say please respond! I thank you to anyone who has taken the time to read my post to contribute to this journey too.
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Beginner Questions

Post by Tom T. »

Gregory G. wrote:In high school (now that I’m out) we were only allowed to use a disc or floppy disc to store documents and reports. It is school policy because they can scan my disc and can’t scan a USB drive. I thought a USB drive was unsafe. I’m completely wrong.
No, you're not. USB can easily transmit viruses, etc., and even more so, a U3-enabled one, or any USB or disc drive if you have Autoplay enabled. I have Autoplay disabled in the user interface, but also took the step of editing the Windows registry so that Autoplay is not even an option. However, registry editing is not for novices, as you can easily hose your machine beyond repair, and have to reinstall Windows and start from scratch.

To turn off Autoplay safely from your desktop, let's take, for example, your CD-ROM drive, which we'll assume is D. Open My Computer, right-click the drive (probably called DVD-RAM these days, but whatever), click Properties, click Autoplay tab at the top. Then for each of the choices in the dropdown menu, click the lower button, "Prompt me to choose an action each time". When done, OK out.

Now do the same for each USB drive. Plug the drive in. When prompted, choose "Take no action" so it closes. If it does start doing something, just close that window. Now repeat the steps above for your USB drives E, F, G, whatever.

What are we trying to defend against here? Your turning your head for a moment, someone inserting a disc or drive with malicous code, if only monentarily, and it running without you knowing it or having to do anything. At least this way, the bad person has to click the window to open the drive, then click his malicious program to run it. A good reason never to leave your machine unattended for even a moment in a location or among people whom you do not trust completely.
“…it’s the user’s decision about what kind of passwords could be put to if hacked whether they want to use managers.”
I mean; it just makes me think differently about it. Originally I thought that it was an annoyance to type them manually.
You did note that Password Safe automatically browses to the desired site, then automatically types username and password and hits "login" for you?
“And with web exploits the way they are, any machine is accessible locally these days. With ABE, not :-)
Like my mom says “keep your nose clean” I never have been hacked or pissed off people on forums so I’ve been lucky very lucky. I do like your other tip to change your master password every three months. (I guess Tom T. doesn’t do that. Just kidding!)
The master password itself is stored in well-encrypted form. It never leaves my machine, only the subordinate passwords for each individual site. The main ways in which the master could be gotten would be if someone were to be able to install a keystroke-logger on my machine (which is what all of our safety practices are preventing), or I were waterboarded or rubber-hosed into giving it up. Much easier for the hacker.
All of my life I used Microsoft windows so it’s interesting to hear about OS X and Ubuntu. With my luck I’d just confuse the heck out of myself figuring out those programs. I suppose I’m a windows for life kind of guy.
I too, for various reasons. You are not alone.
Thank you both very much!! The best part about you both is that your communication is clear and easy to understand. It’s not like a bunch of numbers and computer code speak. Just to name names to thank again.
Tom. T- Thank you!
Bruce Schneier- Thank you!
Giorgio Maone- Thank you!
Grumpy Old Lady- I love the way you think and thank you too!!!
Thanks for your kind feedback on our forum. I hope you found the NOSCRIPT QUICK START GUIDE FOR BEGINNERS easy to read and useful as well. All feedback is appreciated. Also, Giorgio's FAQ. I'm sure he'd appreciate any feedback on making them novice-friendly.

Thank you again for taking the time to reply and to share your thoughts. Cheers!
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20
Gregory G.
Posts: 4
Joined: Fri Aug 14, 2009 6:23 pm

Re: Beginner Questions

Post by Gregory G. »

I’m happy that I’m still getting responses because I know very little and am grateful for just one response at the time of this writing.
Thank you Tom T. and let me respond to you please:

Here I thought I knew when I was wrong about something! The USB drives and I wasn’t! (Here I thought my high school policy was something to follow.) Whoops. I’m sorry.

I had no idea about AutoPlay and how I could be deceived from a so called helpful feature. Also even though I don’t own a USB yet, I do understand that menu that appears when you connect or put something in your computer. Like putting in a DVD then I do always choose “play in windows media player” check box so I won’t have to look at that menu again.

I will take your advice with disabling and manually starting the USB drive. I do have friends who love downloading movies and music online from the peer to peer file sharing programs. Yes they do use the USB drive on my laptop. They would remind me of school policy and I couldn’t argue with that point. I just realize now that I’ve been breaking that rule of computer security for a long time. ( I liked getting free music though not anymore!) Oh boy I’m like the turkey in the cartoons:

This is from that cartoon (it’s old) when a turkey, a farm animal is the household pet. The family loves the turkey and is always feeding and loving the turkey. The turkey is always happy to be fed more and more, meanwhile getting fatter and fatter. As time passes and it’s the holidays the family says:

“We’re having thanksgiving and you get to join us!” Then the turkey says “Oh boy! I can’t wait!”

At this point in the cartoon the turkey somehow learns (I forgot how) that he is the one for thanksgiving! And I don’t know if he got away or not. Though I’m the turkey!

Then your other points in your post:
About your mentioning of Password Safe. Ok, ok I haven’t actually downloaded it yet. I was just talking about how I was still entering in passwords now and I know I should have downloaded it just after reading your post I didn’t.
Though I will download it! Right after I’m done typing this post. And to disable auto play too. I don’t know I just felt a bit nervous but I’ll do it. I’m sorry Tom T.

About mentioning of the master password I see how I’m wrong again. Your saying that if you use good security practices (like you already said) then just having 1 strong master password then there’s really no need to change it every three months. I suppose some users like Grumpy Old Lady are really reallllllllyyyy secure. So secure I don’t know the word to describe such impenetrable security.

Then the last point of yours about reading the beginning guide and that sort of introductory things. I was nervous posting here so I just posted (I always type in Microsoft word first because I find it simple to construct a post with word’s grammar rules of course word spellings too) then copy and paste it into my no script post. Then quickly go out of the site then retreat to the WoW forums. I’m a bad no script user. So sorry Tom T.

You are a great teacher and I’m the running away student. Well I won’t runaway again.
Since I still know a bit more then what I knew just a day or two ago from this thread it’s only right to thank you again for all of your help Tom T. and to the community of No Script if you happen to read this and want to contribute!

Just don’t be like me and not download, follow instructions! Just kidding!!!
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)
Grumpy Old Lady
Senior Member
Posts: 240
Joined: Fri Jul 03, 2009 7:20 am

Re: Beginner Questions

Post by Grumpy Old Lady »

Hi Gregory G.
I apologise for writing so much at a level that was probably too much information.
Most people learn by doing, not reading, and I think you will probably benefit a lot by trying things, and breaking them, and then fixing them, yourself.
That's how I learned most things I know, not just about web security.
You may also get a lot more interaction online in other places than here - which is basically a product support forum. Your need for fun and interaction could be well supplied if you join a few newsgroups. This is because there are a lot of people who are members of newsgroups, compared with the very few who are regulars here, and there is a newsgroup for almost any possible topic you could think of, and you have a much greater chance of developing interesting conversations when there's a few people around to interact with.
Here's some introductory reading on newsgroups - - all you need is an email application to get access.
http://computer.howstuffworks.com/inter ... sgroup.htm
My advice is for you to read up on newgroups, then join a few of the ones you think may be interesting, introduce yourself briefly, and then sit back and read the conversations until you get a feel for how the interaction and the etiquette works. This is known as "lurking", and I can highly recommend it as a good start to meeting friends and learning heaps. Once you've found a group where you think you'll fit in, start speaking up.
Web forums are very often filtered by colleges and universities, but newsgroups are by and large never filtered, and so you can get very good access to your community even when there is heavy filtering on a connection.
Of course your participation here in the NS forums is always welcome, but your level of experience seems to need a lot more than just this forum can feed you.
All the best :-)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Beginner Questions

Post by Tom T. »

Gregory: They should be scanning those downloads for viruses, and so should you, *before* opening them. Peer-to-peer and pirate sites especially are notorious for such things, not that I condone pirate sites anyway.

The difference between GOL's POV (point of view) and mine is that she is using PW manager that is part of Firefox, which is an internet-connected application (or "internet-facing", as the geeks say). Therefore, it presents a direct attack surface for hackers. That is why I don't care to use its PW mgr at all, and why GOL gave the excellent advice to change it regularly if you do. And note the difference in her home situation and mine (although I didn't necessarily say that my written PWs are stored at home. ;) ) PWSafe is a program that lives entirely on your own computer and *never touches the internet*, and so cannot be directly attacked over the internet as easily as a browser and its supporting tools and files can. Even if someone gained access to your whole machine (which *does* happen far too often), the PWS database is encrypted such that it would be useless to them. (Want me to send you mine? LOL). But the attacker who gains complete control can install that keystroke logger we talked about... So anyway, GOL and I have different solutions for loss of password.

Incidentally, you'll find that if you ask ten people the same computer question, you'll get ten different answers -- and they might all be right. Each person's system, setup, configuration (settings), and usage habits are different. Eventually, you will find solutions that fit both with your system and your preferences and habits.

One tip: To make strong pws that are easy to remember, either use diceware (google it, it'l come right up), or use my favorite, acronyms. For example, (don't actually use this), if you're from the US and remember Lincoln's Gettysburg address, you could acronym it to 4s&7ya,oFFbfotcanN ... easy to reconstruct in your mind, but meets the test of good pws: Uses both upper and lower case, numbers, and keyboard characters. PWS also will generate strong passwords for you with one click, and you can also find strong passwords offered for free at http://www.grc.com/pass. The connection is secure, the pws change every time you reload the page, the web site has no idea which characters you choose, and they offer three different strings of 63-64 characters each. So you can just choose a 15-20 character string among them.

Composing in a text document and pasting here is a fine idea -- especially if you lose your message partway through, which I've done (accidentally hit "delete", e. g.)

Disabling Auto-play can be reversed just as easily, if needed, so don't be nervous about messing it up. All that disabling it does is give you the window to choose "Play using (your media player), "Take no action", etc. Two extra clicks, that's all.

AS GOL mentioned, you're looking for education in a lot of areas, whereas this forum is primarily for support of Giorgio Maone's two products, NoScript and FlashGot. We're happy to get you started on the security path. Your anti-virus provider should help you there, your firewall provider there (including the built-in Windows firewall), etc. Any time you have questions about using NoScript, or other security-related issues that you can't find elsewhere, I'm sure that someone can lend you a few minutes of their time.

And as for nervous about posting, forget about it! We were *all* beginners once! There's no shame in not knowing; the only shame is in refusing to learn when the opportunity and/or need arises.

Cheers!
Image
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US at an expert level; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 diehard
Gregory G.
Posts: 4
Joined: Fri Aug 14, 2009 6:23 pm

Re: Beginner Questions

Post by Gregory G. »

After waiting a day then coming back to the forums… success once again! I know time is money so there has to be threads read here that are important and the useless ones like mine. Thank you for the time and effort Grumpy Old Lady and Tom. T. you’ve spent with me so far here on the No Script forums. You both are my heroine and hero. It’s only natural to respond one at a time so here goes:

@ Grumpy Old Lady-
You are right about me. My computing skills is so low I have to look up a word from http://www.thefreedictionary.com/ I see:

nu•ga•to•ry (n g -tôr , -t r , ny -)
adj.
1. Of little or no importance; trifling.
2. Having no force; invalid. See Synonyms at vain.

I actually learned about No Script from a player on WoW. Always looking down in the bottom right hand corner and making a guess whether to allow scripts on a page or not got me curious. I mean am I even cancelling out the right ones? After hours of manually clicking on something I didn’t know about has got to get more credit than credit is due. It’s what got me thinking about security in the first place.
To be honest I rarely sign up for a forum not really aware of how forum life is besides WoW. But it’s a game and a game isn’t real life. (You can substitute your real life for WoW…) So you say not many regulars are on here and well I didn’t know. Whoopsies. Every thing counts in my book of life. I wasn’t aware of the newsgroups just the fact that I have No Script forums for a helping hand. Didn’t even know about lurking either though everything you say makes perfect sense to me.

In real life my parents want me to go the military and not college. My father and mother both went to military and met there. Many cousins of mine went into military too naturally I’m supposed to follow along. I want to go to college and not military so since they would throw out any book I had in my room of a computer I’d just safely keep myself here online. Who else besides me thinks the internet is safe? Just kidding!!


P.S. Grumpy Old Lady: I did go on http://www.w3schools.com/ and working on the HTML tutorial. I’m only on lesson 11 then I went back to WoW. (Nervous about those forums too.) I’m bad but hey w3school said “we have over 100 HTML tutorials” so it has to be a way to start in security life. I do use Tom T. his recommendation of Password Safe. I’m always clicking “Never for this site.” In Mozilla so it won’t remember my passwords.


@Tom T. –
I hadn’t actually thought about your point of view, though I try to be respectful while forgetting simple things. Hmmm…for some reason it just seems to be a bad habit of mine. I see that your being nice to me about it. As they say “you can eat your own words” well I am guilty of that crime.
Even though I’ve had just a few posts I guess I have made a positive impact on good security skills 101. Many of which I’m trying to grasp. It has and still always amaze me when I see on TV how there’s supposed to be so many young people like me who I hear “This 15 yr was able to hack into our bank.” Then it goes on and on. Just like there’s this growth of these computer genius’s but whatever. It does matter when you manually click on the S symbol though for No Script! ;p

As far as passwords for me have been going, I did finally download Password Safe. It is nice and simple. Just like me. I have never had to create a master password so it has got to be good, really good.

My master password for Password Safe is actually the bar code off of my favorite cereal box. Now I can’t tell you both what I eat for breakfast!! I’m serious too it’s a long number of sorts. I do like how Password Safe when you open it up, you can choose for it to "browse to url and autotype" which helps my wrists tremendously too.

From WoW again I was told that I should use http://www.mesh.com/ because I could put my most important files on a safe site just incase my laptop did get hacked or was burned in a fire. Got to love that it’s free too. I thought that was an interesting twist on security.
I didn’t actually realize how much work goes into a good password. I just use a lot of WoW words then throw in some numbers for passwords so I thought that is how you’re supposed to do it. As I’m writing this response I just went onto your grc.com/passwords and….

HOLY FREAKING MOLY! MAN THOSE PASSSWORDS ARE INDESTRUCTIBLE!!
Geesh I thought my passwords that I already put into Password Safe made me feel safe but that is like “the only way I’d get hacked is if I physically type every password into forums”. I will be changing my passwords with those super passwords after I post.

When I read your analysis about password management my analogy would to real life:
I’m staying at a luxury hotel. For fun, let’s say the Hilton Inn. Now I’m staying there for two weeks and staying in the $3,000 suite. I do own a car and when I drive into the parking lot I have a choice-
1. I can manually drive my car to a parking space.
2. I could choose valet to park my car.

Now the difference between the two is am I in control or trust someone else? If I trust someone else and go with valet parking they have my car keys go to park the car. Later on when I want to go out and see my car pull up there is some scratches on the side of my car that weren’t there before. Now I could have just chosen to park the car myself safely in the first place.

My example was just a simple one. If you wanted to get technical there could be other reasons for the scratches like:
• The valet driver did park my car safely then another car that pulled up accidentally scratched my car.
• The other driver that pulled up purposely intended to damage my car.
• A person who wasn’t at all parked near my car was looking to damage a car and looked throughout the whole entire parking lot just to damage one. It happened to be mine.
• I lied about the scratches on my car and they were there before I even traveled to the Hilton Hotel and looking for a way to get a free car repair by falsely accusing the valet driver who could potentially lose his job over me. (I bet the driver would do a lot more to my car then scratches already there if I got her fired…)

Those are all of the other possible scenarios I could think about. Back on topic:

I’ve been exposed to a lot of new words and concepts and ways of life. Amazing how much feedback I’ve gotten so far. It’s been enjoyable it’s a nice change from how players type in WoW. Kind of like growing up into more important things in life! I mean we all need to be safe and secure. Wether in real life or computer life.

A good roll call is in order!

Grumpy Old Lady- Thank you!
Tom T.- Thank you!
Giorgio Maone- Thank you! I love click on your S a lot! Just kidding!!!

Thank you if are reading this because the point of this forum is to help one another and that is so true here.

P. S. I admit when I look back I asked way too many questions at once in the first post so I guess a good rule of thumb posting online is to just ask like one or two questions at most. I’m sorry to anyone who I made their head spin from so much.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Beginner Questions

Post by Tom T. »

My master password for Password Safe is actually the bar code off of my favorite cereal box. Now I can’t tell you both what I eat for breakfast!! I’m serious too it’s a long number of sorts.
It's only numbers? Aside from that fact that you just told the whole world your method (don't do that), and there are only so many brands of cereal, it also violates Rule #1 of good pws: Include both upper- and lower-case letters, numbers, and keyboard characters (,.@#$%^&*({}|\'; etc.), at least one of each group.
Math: 10 digit password gives 10^10 possibilities = 10,000,000,000. Some cracking tools can try thousands or millions a second, at least offline. If you still use only ten characters, but you follow the above, even a compact laptop keyboard gives about 90 possible characters. So the number of possibilities is 90^10 = 34867844010000000000 or 3.4 x 10^19, about 3.4 billion times as many to try. The Earth will be a frozen ball of ice by then, or even if NSA is cracking it, all your credit cards will have expired anyway. ;)
From WoW again I was told that I should use http://www.mesh.com/ because I could put my most important files on a safe site just incase my laptop did get hacked or was burned in a fire. Got to love that it’s free too. I thought that was an interesting twist on security.
IMHO, it's a terrible twist on security. How do you know that they don't have a corrupt or bribed employee, a disgruntled one, a fired one who steals data before being evicted? How do you know how strong *their* security is? If banks get hacked, can't they? What if they're bought out by a less ethical company? What if they go out of business -- where are your data?

We all need backups of critical data. *Personally* (again), I would burn mine to CD or DVD. The really sensitive stuff would be encrypted first, with a freeware program like http://www.truecrypt.org. Make two (or more) copies if you like. Put one in your safe, one in your bank safe deposit box, give one to your attorney, grandmother, whomever you trust. Now, if your machine crashes, burns, gets stolen (you've encrypted any sensitive stuff on it with TrueCrypt, right? -- later, you can encrypt the entire hard drive if you like), you just get a new machine, pop in your discs, and you're good to go. I back up almost every new file to a flash drive almost every day in case of a crash, and burn the discs every week or two (you can burn only the new stuff, or get a full-disk-backup program).

Hope this gets you thinking along security lines: "What's the worst that could happen? What can I do to prevent that, or deal with it if it happens?" That approach will get you figuring these things out for yourself. :D Cheers.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US at an expert level; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 diehard
Post Reply