Cybersecurity 101 -

Len Kagamoney

damn you len
True & Honest Fan
kiwifarms.net
You're only in danger of site breaches if you're a dummy that signed up using your real name, personal email, etc.
I'm sure there were Ashley Madison users who did just that, though. I can't find a number of how many members had their info strewn out there.
 
Last edited:

Degenerated

Artesté
kiwifarms.net
Then they probably got busted by the hackers tying the payment info (ssn, credit card numbers, mail addresses) they acquired to real people.
 

AlexJonesGotMePregnant

do you are have stupid
kiwifarms.net
Then they probably got busted by the hackers tying the payment info (ssn, credit card numbers, mail addresses) they acquired to real people.
A big danger in the leak was payment info- in order to process an electronic payment, certain verifiable details are required. For credit cards, this typically includes the card holder's real name, address, and phone number which are used as anti-fraud data when handling electronic payments. The US has some pretty stringent laws around handling credit card related info online but it is a bit onerous and most companies outsource the bulk of the compliance to third-party payment processors. Unfortunately, they think this means they don't have to be careful with anything other than the PIN or CCV/CVV itself which is of course untrue. A major goal of said compliance programs are to allow for continued user identity protection even in the case of a security breach resulting in data becoming accessible.

I don't know the state of the backend systems and what is/isn't encrypted here, but in general just make sure that your "private" profile here (DMs and such) is as anonymous as your public so that if somehow all KF data was leaked, it would make no difference at all.
 

AlexJonesGotMePregnant

do you are have stupid
kiwifarms.net
In normal circumstances do sites give away your IP info? I use a vpn but this thread makes me afraid of getting milked.
Under normal circumstances, every website you visit is tracking your IP unless they state otherwise and you trust them. Anything along the lines of "targeted ads" through google or facebook is likely going to be able to tie your IP address together. It's pretty messy but a VPN from a big provider is a very good step in the right direction for respect to your privacy.
 
  • Like
Reactions: AcolyteOfMilk

AcolyteOfMilk

kiwifarms.net
Nobody will ever be able to call an ISP and get information about a user's IP address, I don't care how good they are. They're going to need a name, DOB, and account number at the very minimum. They treat that shit like HIPPA, call center reps who fuck that up are putting their job on the line.
For his grand finale, Chris had one of his social engineers, Jessica Clark, conduct a “vishing” (voice solicitation) call to my cell phone company, in which she pretended to be my (non-existent) wife and asked for access to my account. To make the act more convincing, and elicit sympathy from the customer service rep, she found a YouTube video of a crying baby and played it in the background, while spinning an elaborate sob story about how I was out of the country on business, and how, if she could just get into the account, she could get the information she needed to apply for a loan. (You can watch Jessica's vishing call at 2:13 in the video above—it's pretty amazing.)

The act worked: the customer service worker believed that Jessica was my wife, and—over the screams of the YouTube baby noises—not only allowed her to access my account, but allowed her to change the password, effectively locking me out.


Be very wary of social engineering. The more correct English you use the safer you are. No mistakes in spelling or grammar that gives your text a "fingerprint". Don't use uncommon words or expressions.
Have cows alts been found because of their writing style? Or is that something used as extra evidence and not defining evidence? Could this backfire if all your alts are strict grammar nazis?
 

AlexJonesGotMePregnant

do you are have stupid
kiwifarms.net
Have cows alts been found because of their writing style? Or is that something used as extra evidence and not defining evidence? Could this backfire if all your alts are strict grammar nazis?
Secondary characteristics like writing style are usually used to confirm but no one serious would accept them alone for a dox. Hard evidence is required, but the other stuff can lead to the good stuff.
 

AcolyteOfMilk

kiwifarms.net
Thanks AlexJonesGotMePregnant!

In this thread a tip is to remove metadata, but can Word just stop saving metadata in the first place all together?
And is it only phones that save EXIF data or do computers also reveal their gps with exif data?

I have not seen this tip mentioned. Lie about the details of your life.
 
  • Like
Reactions: 3119967d0c

AlexJonesGotMePregnant

do you are have stupid
kiwifarms.net
Don't use things like word; any services that have an online access feature (cloud sync, account sign in, etc) could be looking at your data and tracking it. Use text editors or make new, separate accounts. Google docs works great if you keep things segregated well enough.

I'm not sure about EXIF data from PCs, but I suspect not. One somewhat unrelated thing to note: pretty much all printers are traceable via invisible signatures printed on every page. If it is possible to trace the printer's ownership to you, anything you print from it points straight at you to those who can find such data (likely only the government could succeed in successfully getting data from each step of the way). You should keep this in mind with everything you do online because electronic signatures are more common, more accessible, and just as invisible.
 

Krimjob

Resident God-Emperor
kiwifarms.net
So since some people here seem knowledgeable: What's your stance on antivirus? Asking as my AVG is causing DNS leaks (That seem impossible to fix even when asking them directly) and thus I'm considering just uninstalling the damn thing. Supposedly Windows Defender + occasional checks with MalwareBytes should be more than enough, but I honestly feel anxious just getting rid of the antivirus I've used for literally 15 years.
 

Exigent Circumcisions

The autism.. it's coming from inside the house!!!
True & Honest Fan
kiwifarms.net
So since some people here seem knowledgeable: What's your stance on antivirus? Asking as my AVG is causing DNS leaks (That seem impossible to fix even when asking them directly) and thus I'm considering just uninstalling the damn thing. Supposedly Windows Defender + occasional checks with MalwareBytes should be more than enough, but I honestly feel anxious just getting rid of the antivirus I've used for literally 15 years.
Antivirus is more about locking down your system beforehand, in my experience. Don't click links you're not sure about, disable ads and JavaScript, only visit trusted porn sites etc. Maybe once a year I'll install antivirus out of curiosity and I'm usually clean as a whistle or have a couple of minor files that are easily cleaned up.

Then I uninstall that Ram chewing, experience ruining garbage.

ETA: If you're constantly getting viruses on your computer it's probably PEBCAK and you ought to be ashamed.
 

AlexJonesGotMePregnant

do you are have stupid
kiwifarms.net
I agree with the two above posts- behavior modification is most important for protection. As often as possible, let your OS handle itself and don't download/install shit from the interview unless you know what you're doing. Disabling ads and javascript is a really basic and easy way to start. In general, anti-virus software is trying to kill a fly with a boulder.
 
  • Agree
Reactions: nonvir_1984

nonvir_1984

Never amount to anything! And they were right.
kiwifarms.net
Secondary characteristics like writing style are usually used to confirm but no one serious would accept them alone for a dox. Hard evidence is required, but the other stuff can lead to the good stuff.
Writing style can be used not only as a confirmation where you suspect some one, but if say you have a large pool of people, and you want to narrow down to a most likely candidate list for further, closer examination.
There is really sophisticated software that is used, by the NSA, CIA and FBI - the usual suspects, but also social media companies. It one way they ID people who have different accounts aand its also one of the tools used to uncover the Russian/Chinese/NSA/Macedonian hackers.
Style can include spelling (US vs UK vs AUS vs Continental) but it usually focuses on the number of certain words (articles, negations), the reading age (elementary vs High School vs College) and, favorite words, repeated phrases, that a person uses (ideolect - https://en.wikipedia.org/wiki/Idiolect) but also that they use because of their profession - lawyers write in a different style to doctors, say. And syntax. People organize thoughts in specific ways and this is more or less indicative. I once worked with a man who quite literally produced writing like silk. It just flowed. I saw him composing documents, where he would just dictate it to someone to type. Fucking amazing. And you read it and believed it. His colleagues hated this talent. But any document that had been near him you could tell; it had his finger prints all over it. That's what made me look into it.
So, the trick is to limit online posts, and limit length of posts. And strip all identifying data from posts, photos etc - screensnip is useful here, plant false leads, and use a VPN, and linux.
 

NiggerFaggot1488

kiwifarms.net
I'm sure there were Ashley Madison users who did just that, though. I can't find a number of how many members had their info strewn out there.
I remember when our very own weev posted the information of a few government workers who used .gov emails to register there and got leaked.

Also Jesus Christ about unhashed passwords, thats usually a few lines of code to remedy. Pure negligence.
 

AlexJonesGotMePregnant

do you are have stupid
kiwifarms.net
Writing style can be used not only as a confirmation where you suspect some one, but if say you have a large pool of people, and you want to narrow down to a most likely candidate list for further, closer examination.
There is really sophisticated software that is used, by the NSA, CIA and FBI - the usual suspects, but also social media companies. It one way they ID people who have different accounts aand its also one of the tools used to uncover the Russian/Chinese/NSA/Macedonian hackers.
Style can include spelling (US vs UK vs AUS vs Continental) but it usually focuses on the number of certain words (articles, negations), the reading age (elementary vs High School vs College) and, favorite words, repeated phrases, that a person uses (ideolect - https://en.wikipedia.org/wiki/Idiolect) but also that they use because of their profession - lawyers write in a different style to doctors, say. And syntax. People organize thoughts in specific ways and this is more or less indicative. I once worked with a man who quite literally produced writing like silk. It just flowed. I saw him composing documents, where he would just dictate it to someone to type. Fucking amazing. And you read it and believed it. His colleagues hated this talent. But any document that had been near him you could tell; it had his finger prints all over it. That's what made me look into it.
So, the trick is to limit online posts, and limit length of posts. And strip all identifying data from posts, photos etc - screensnip is useful here, plant false leads, and use a VPN, and linux.
absolutely. i generally operate under the assumption the government can tie any regular online activity together with the sort of thing you mentioned so i generally aim more for non-government stuff that wouldn't be easy to associate without the illegal sort of spying the nsa does. the only way to really "hide" from the government is to keep the absolute smallest footprint possible but my autism deficiency would flare up if i didn't post here so i have a doctor's note for my shitposting
 

CumDumpster

camedei707, Evil Overlord of Xedo
kiwifarms.net
I'm just gonna say this about security on the internet in the 2010s.
You're account is as safe as it's entry point, which is why I'd advise the use of Keepass to store passwords instead of the online password managers. You'd still have to add accounts manually, but that isn't much of a problem since a few more clicks of the mouse (or typing more keystrokes) is nothing much to me.

Unlike most other password managers (Dashlane, Lastpass, etc.), a file stores your passwords and the storage and management of the file is up to you. Did I mention that the utilities used to make and manage KeePass files are wide, the Keepass source code is open and it's completely free?
 
  • Informative
Reactions: Alex Poulos
Tags
None

About Us

The Kiwi Farms is about eccentric individuals and communities on the Internet. We call them lolcows because they can be milked for amusement or laughs. Our community is bizarrely diverse and spectators are encouraged to join the discussion.

We do not place intrusive ads, host malware, sell data, or run crypto miners with your browser. If you experience these things, you have a virus. If your malware system says otherwise, it is faulty.

Supporting the Forum

How to Help

The Kiwi Farms is constantly attacked by insane people and very expensive to run. It would not be here without community support.

BTC: 1DgS5RfHw7xA82Yxa5BtgZL65ngwSk6bmm
ETH: 0xc1071c60Ae27C8CC3c834E11289205f8F9C78CA5
BAT: 0xc1071c60Ae27C8CC3c834E11289205f8F9C78CA5
LTC: LSZsFCLUreXAZ9oyc9JRUiRwbhkLCsFi4q
XMR: 438fUMciiahbYemDyww6afT1atgqK3tSTX25SEmYknpmenTR6wvXDMeco1ThX2E8gBQgm9eKd1KAtEQvKzNMFrmjJJpiino