murphyj's recent activity
-
Comment on Password manager suggestions? in ~tech
-
Comment on Password manager suggestions? in ~tech
murphyj Link ParentHa! I didn't see this reply. Just replied with almost exactly the same sentiments.Ha! I didn't see this reply. Just replied with almost exactly the same sentiments.
-
Comment on Password manager suggestions? in ~tech
murphyj Link ParentFirstly when they got compromised, and secondly when LogMeIn acquired lastpass a few years ago, there was a lot of concern given their negative reputation. Also, the general consensus for password...Firstly when they got compromised, and secondly when LogMeIn acquired lastpass a few years ago, there was a lot of concern given their negative reputation.
Also, the general consensus for password managers is that you should have the control and ownership of your data. I'm putting trust in lastpass, and that's a risk I'm willing to take. Others aren't happy to take that risk and will use keepass or even something like masterpassword that requires no storage or 3rd party trust.
-
Comment on Password manager suggestions? in ~tech
murphyj LinkI know this won't be a popular opinion, but here goes. I used keepass for a while, but got tired of dealing with conflicts that were created with Dropbox. I now use lastpass which is the most...I know this won't be a popular opinion, but here goes.
I used keepass for a while, but got tired of dealing with conflicts that were created with Dropbox.
I now use lastpass which is the most convenient one I tried out, and I coupled it with a yubikey to increase security.
What I should do (but currently don't) is to rip the current safe and save it to keypass just in case lastpass is unable to Auth me.
The mobile integration is awesome, as is the browser extension. It makes it super easy to create and add accounts.
I use the paid family edition which looks like it costs $48 per year for 6 accounts. You're also able to setup shared passwords, so that makes it easier to get the folks setup.
-
Comment on What's the difference between ~comp and ~tech? in ~tildes
murphyj Link ParentMaybe for some topics it's clear, but I can foresee lots of crossposting which may be solved by a child/parent relationshipMaybe for some topics it's clear, but I can foresee lots of crossposting which may be solved by a child/parent relationship
-
Comment on What's the difference between ~comp and ~tech? in ~tildes
murphyj Link ParentThe fact that it's not immediately clear is a problem. As discussed in the linked thread, I think aliases are a good way to access subgroups. Maybe they could have a different prefix which would...The fact that it's not immediately clear is a problem.
As discussed in the linked thread, I think aliases are a good way to access subgroups. Maybe they could have a different prefix which would help avoid some of the potential name collisions.
-
Comment on <deleted topic> in ~talk
murphyj Link ParentThanks for the link, that's a good call. Totally agree that crazies are going to crazy. May as well limit the more likely scenarios where possible.Thanks for the link, that's a good call.
Totally agree that crazies are going to crazy. May as well limit the more likely scenarios where possible. -
Comment on <deleted topic> in ~talk
murphyj Link ParentSurely whichever side the military is on is the side that would prevail.Surely whichever side the military is on is the side that would prevail.
-
Comment on <deleted topic> in ~talk
murphyj LinkBeing an Australian, US gun culture is something I don't think I'll ever completely understand, but I do appreciate its complex and I certainly don't have the solution. My opinion is that the...Being an Australian, US gun culture is something I don't think I'll ever completely understand, but I do appreciate its complex and I certainly don't have the solution.
My opinion is that the general population doesn't need to hold guns.
I think about the potential maximum amount of damage in a period of time. Worst case for a pistol with 6 rounds is 6 deaths in a span of, let's say 30 seconds. To do the same thing with a knife would take far longer, not even considering the range difference.
I don't have a solution for the process of removing guns, and solving the countless problems that immediate rise because of that, but I think everyone would be better off if access to firearms was extremely limited.
-
Comment on MissingNo: Explaining the glitch next to Cinnabar Island in ~games
murphyj Link ParentThanks for posting this. I love learning about glitches like this. They often highlight the tricks devs were required to use to make the most of their limited memory.Thanks for posting this.
I love learning about glitches like this. They often highlight the tricks devs were required to use to make the most of their limited memory.
-
Comment on FireEye Blog: Bring Your Own Land in ~comp
murphyj LinkVery good technique I've been learning a lot about recently. Avoid execution prevention by creating your own system tool replacements. Along a similar vain, another decent technique is Bring Your...Very good technique I've been learning a lot about recently.
Avoid execution prevention by creating your own system tool replacements.
Along a similar vain, another decent technique is Bring Your Own VM. If you can somehow get a persistent vm, host based detections are suddenly a significantly decreased concern. -
FireEye Blog: Bring Your Own Land
2 votes -
Comment on The Thick Of It - Old show worthy of a binge in ~tv
murphyj Link ParentHaha fancy that, I'm a sucker for Mitchell and Webb. That includes Mitchell's rants on various other shows - such a classic. Another similar one is the Aussie Utopia: https://youtu.be/n1TMpXhwcQwHaha fancy that, I'm a sucker for Mitchell and Webb. That includes Mitchell's rants on various other shows - such a classic.
Another similar one is the Aussie Utopia: https://youtu.be/n1TMpXhwcQw
-
Comment on Linux distro of choice? in ~comp
murphyj LinkGot into the game with Ubuntu (secondary desktops at home and work), and because it's easy I haven't seen a good reason to change. As for servers, I've decided to delve into CentOS. Much steeper...Got into the game with Ubuntu (secondary desktops at home and work), and because it's easy I haven't seen a good reason to change.
As for servers, I've decided to delve into CentOS. Much steeper learning curve, but the learning is good. -
Comment on Bitcoin Phishing Attack in ~comp
murphyj LinkGood catch. I deal with phishing quite a lot. Personally I find urlscan.io much easier than a vm, unless you're doing more dynamic analysis. I find in terms of disabling the site, I will often:...Good catch.
I deal with phishing quite a lot.
Personally I find urlscan.io much easier than a vm, unless you're doing more dynamic analysis.I find in terms of disabling the site, I will often:
- Send an email to the abuse contact of the hosting provider
- Report it to google safebrowsing (https://safebrowsing.google.com/safebrowsing/report_general/)
- Add an entry in at phishtank.com
-
Airgeddon - Wireless auditing made easy
3 votes -
The Thick Of It - Old show worthy of a binge
Anyone here fans of The Thick of It / In The Loop? Here's a sample of one of Malcom F. Tucker's classic bollockings:. https://youtu.be/6pOqqyFH7cU
8 votes -
Comment on Mr. Robot, my favourite show. Any fans already on ~ ? in ~tv
murphyj LinkI'm a big fan of the show. I really like that they have security consultants working for them to build relatively realistic hacks: https://youtu.be/_bBrj6QBPW0 It's the first show/movie I've seen...I'm a big fan of the show.
I really like that they have security consultants working for them to build relatively realistic hacks: https://youtu.be/_bBrj6QBPW0
It's the first show/movie I've seen in terms of security, that's technically accurate, but also has great writers and actors that have been able to capture the attention of the more general population.
The single point of failure with a password manager is the password manager.
The single point of failure with an algorithm is the algorithm.
Anything is better than what most people do, but nothing is foolproof.
I prefer randomly generated password, as opposed to pseudo random ones. Given the amount of breaches, I'd assume reversing the algorithm would be reasonably trivial.
The algorithm reminds me of the reasons you shouldn't roll your own crypto.