TomTees

  • @Questionable wrote:

    I’m all for learning, but I can’t wait to get where you guys are at before I start using it…

    It’s good that you’re all for learning, I don’t get what you mean by using “it”

    Um, my new MacBook…

    but if you want to become a security expert you’re in for a long an frustrating journey. You should attempt to incorporate the…

    [Read more]

  • @ajohnson wrote:

    Please don’t take this the wrong way, but to be completely candid: if you really cared, you’d spend ~$30 on a book and at least skim it and/or use it as a reference for specific topics.

    Hey, I never said I wouldn’t do that.

    My exact point is that you’re not going to properly secure anything, including your laptop, unless you…

    [Read more]

  • @ajohnson wrote:

    Keeping things out of RAM is not going to leave you with a very usable system 😉

    You think?! Ha ha.

    @ajohnson wrote:

    If someone has that kind of access to your system, you’re pretty much hosed anyway. Who cares about scraping RAM for the encryption key when they can just wait and key-log you?

    I suppose.

    @ajohnson wrote:

    If…

    [Read more]

  • Thanks for the flurry of responses, but I don’t feel like you guys answered the fundamental questions that I had/have…

    1.) Where are you supposed to store they keychains or whatever they are called?

    2.) If you store them on your computer, like I said in my OP, I was under the impression that they were stored in RAM and thus were easily…[Read more]

  • TomTees replied to the topic Recommend FDE Software? in the forum Other 6 years, 5 months ago

    @m0wgli wrote:

    @ajohnson wrote:

    … they’ll probably sooner resort to a rubber hose attack.

    Reading that reminded me of this: http://xkcd.com/538/

    Ha ha  (Yeah, I’ve seen that one before.)

    Tom

  • TomTees replied to the topic Recommend FDE Software? in the forum Other 6 years, 5 months ago

    @ajohnson wrote:

    I don’t understand the TrueCrypt rumors. The source is available right here: http://www.truecrypt.org/downloads2

    I didn’t take notes on everything I read from this weekend, but as a whole, everyone’s comments from across the Internet left me feeling not so confident with TrueCrypt – especially for Mac.

    And again, what’s the…

    [Read more]

  • TomTees replied to the topic Recommend FDE Software? in the forum Other 6 years, 5 months ago

    @UKSecurityGuy wrote:

    Like they always say – the more you know, the more paranoid you become…

    That describes me!!!

    Someone correct me if I’m wrong, but I think the window for these attacks is fairly small.

    It depends on what you define as small. I’ve heard of a cold boot http://en.wikipedia.org/wiki/Cold_boot_attackattack  performed on live…[Read more]

  • TomTees replied to the topic Recommend FDE Software? in the forum Other 6 years, 5 months ago

    @ajohnson wrote:

    I personally use TrueCrypt, but I believe they only offer FDE of the system drive for Windows.

    I’ve read some pretty crazy things about TrueCrypt from “It has backdoors built in it for Law Enforcement” to “You can’t do FDE on a Mac on it” to “The creators are nefarious because they don’t release code and won’t give out their…[Read more]

  • @ajohnson wrote:

    Yes, that is ideal because unencrypted data will never be written to the drive. However, you will still be reasonably secure if you encrypt data in place. You would have to have some insanely valuable data for someone to start rummaging through bad sectors; that is very expensive and time-consuming work.

    Think about the scenarios…

    [Read more]

  • TomTees replied to the topic Recommend FDE Software? in the forum Other 6 years, 6 months ago

    The more I read, the more PARANOID I am becoming.

    Don’t know which direction to go, or who to trust?!

    People say TrueCrypt is insecure.

    Have read some very scary things about Apple’s FileVault 2.

    Going to Sophos, CheckPoint, and Symantec makes me nervous how they want to sign me up before I can even get a contact # or price…

    God, I feel…[Read more]

  • @UKSecurityGuy wrote:

    I’m definately no expert in this area, but….

    Unless your threat actor is a government organisation with a very invested interest in recovering your data – I think you’ll be ok with Truecrypting the existing drive.

    Asked another way, what would software FDE NOT encrypt?

    My understanding is that the difference between…[Read more]

  • @UKSecurityGuy wrote:

    Ok – as this thread is rapidly spiralling out of control.

    Not trying to make it so.

    Is using WiTopia better than using a unsecured access point?

    Yes (probably)

    Is using WiTopia secure enough to manage my VPS

    Depends on how much you trust WiTopia not to sniff your traffic, but it sounds like your down to a “this or no…

    [Read more]

  • @ajohnson wrote:

    Do you have SSH on your VPS?

    I had my Web Host set up FileZilla with SecureFTP for me, but I don’t know anything about SSH?!

    Tom

  • @UKSecurityGuy wrote:

    Just to take this back to basis for my understanding…..

    You’re on the road all of the time, with your own laptop, but with no internet connectivity.

    Correct.

    You use free wireless hostspots (McDonalds et al) to get internet connectivity, but you’re concerned that providers/users of those wireless hotspots will…

    [Read more]

  • @chrisj wrote:

    What I would do, would be to set up OpenVPN like UKSecurityGuy said.

    Much more convoluted, I would look in to getting all traffic not just web traffic going over the VPN connection. It would be rather embarrassing if the browser was safe, but everything else like Toad, SSH, FTP, etc went over the public internet (yes ssh is…

    [Read more]

  • @UKSecurityGuy wrote:

    I was all ready to say “yes, but you run the risk of the vpn provider spying on you”…..until I hit your statement on customer data.

    Protection of customer data typically falls under the law in most countries, depending on the type of data we’re talking about, and if you don’t make a reasonable argument of why the method…

    [Read more]

  • TomTees replied to the topic FireSheep for 2013? in the forum Other 6 years, 6 months ago

    @ajohnson wrote:

    Setup a second system and test on your own traffic system. Using tools you don’t fully understand on others is unethical, reckless, and asking for trouble.

    Nothing unethical here.  Just trying to see what others might be able to see about me…

    Tom

  • TomTees replied to the topic FireSheep for 2013? in the forum Other 6 years, 6 months ago

    I was able to figure out how to install a second instance of FireFox on my MacBook.  (Version 3.6.28)

    When I fire up that version and FireFox, and then click on “Start Monitoring”, I never see anyone or anything.

    I have tried this a few times at McDonalds where I am pretty sure there were some people surfing online, but I never see anyone?!  :…[Read more]

  • TomTees replied to the topic Personal VPNs in the forum Other 6 years, 6 months ago

    @superkojiman wrote:

    From what I’ve seen, there are generally three things most regular people use personal VPNs for: downloading pirated content anonymously, viewing streaming video content that’s not available in their region (eg: US only), and added security when using public wifi.

    I am just interested in additional privacy and security…[Read more]

  • @hayabusa wrote:

    My statement was more or less to say that not ALL VPN’s are equal.  Don’t just assume that ANY VPN is of equal value.

    Not ALL have holes.  But I prefer a VPN solution that uses a ‘full client’, when possible, versus one that is established solely across a browser session, when it’s initiated.  When I said ‘web-based’, I was re…

    [Read more]

  • Load More

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?