viking
@viking@infosec.pub
- Comment on [deleted] 2 days ago:
Nah that was Windows XP, where the hard drive was not encrypted by default, and the password was stored in a hashed file on the computer itself, freely accessible via any boot stick. Actually cracking it still took some time (below 7 characters a few minutes, 7 about 1h, 8 chars up to 24h, longer… LONG). But if it was a common word, then a dictionary attack with a long enough word list (most word lists have like 400k words or so) would get it in seconds either.
The funny thing with Windows XP was that since none of the data was encrypted, you could simply delete the password hash and set a flag in the registry and you would boot right into Windows with no password at all, and were then prompted to set a new password. That didn’t work since Windows 7 anymore.
- Comment on [deleted] 2 days ago:
You can buy a hardware keystroke recorder for a few bucks. Just plug it between keyboard and computer and it logs all inputs. Once they have the boot password (and maybe a bunch of others), installing malware and exfiltrating data is pretty straightforward. Doesn’t require a lick of IT knowledge either.
Bit more challenging on a laptop without external keyboard, but there are hardware solutions as well, though they’d require tinkering with your device.
Phones are harder to gain access to. Honestly if I wanted to get into your phone, I’d probably try to set up hidden cameras in spots where you are likely to enter your PIN (bed, toilet) somewhere under the ceiling and angled straight down. I’d probably try to switch the phone off as well any chance I got (long press the start button) so that you’d be forced to boot up and enter the PIN at any given opportunity to max my chances.
Actually hacking secure boot / accessing data from encrypted drives is beyond casual hackers, unless you don’t regularly update your devices and there are some active exploits published.
But seriously, low effort password sniffing is still the biggest vulnerability out there.
- Comment on Even in android Microsoft is still trying to get you to use edge 4 days ago:
I’ve been using it for 12+ years, and still do to this day. The only thing that changed is that you have to use the Microsoft authenticator app to log on.
- Comment on Even in android Microsoft is still trying to get you to use edge 4 days ago:
Fuck outlook, the app is trash.
Nine works great for exchange servers, if you can’t escape the Microsoft infrastructure altogether.
- Comment on [deleted] 4 days ago:
Could be beneficial for your career, but your colleagues might hate you, really depends on the company dynamics (and maybe size). If you actually like hanging out with him, don’t kiss ass and expect any kind of reward and just be yourself, personally I don’t see any harm.
- Comment on Ads when you’re pumping gas 2 weeks ago:
There’s one near my house, and it has no mute button whatsoever. No buttons at all, in fact. You tap your card to the reader, then lift the pump of whichever variety you need, and that moment the ads start. With sound on full blast as well.
I’ve left a negative google review and make sure to update it monthly so that it stays on top, and drive to another station quite a bit further off just to avoid this crapshoot.
- Comment on [deleted] 3 weeks ago:
They are adults, let them figure it our for themselves.
- Comment on [deleted] 3 weeks ago:
Age is just a number. Who cares.
- Comment on The USA spends $15k/student annually which is 30% higher than the global median. Why do U.S. schools have "fundraisers" where kids are incentivized to sell stuff to people? 4 weeks ago:
If I don’t want something, I give nothing. Most fundraisers are pure extortion, and I can’t be bothered to check if something is legit or lining someone’s pocket. “No” is a full sentence.
- Comment on Fallout TV Show Could Run for Six Seasons Says Aaron Moten 1 month ago:
I didn’t really like the first season. There was some good action, decent characters etc, but the story just didn’t excite me.
Now I haven’t played the games, but neither did I play The Last of Us, and that series was excellent.
- Comment on Forced to lie on a questionnaire 1 month ago:
Why bother taking the survey then, or is it somehow mandatory?
- Comment on What is your favorite indie game? 1 month ago:
Yep, agree. Heat Signature was also fun, but getting rather repetitive.
- Comment on What is your favorite indie game? 1 month ago:
Tactical Breach Wizards
- Comment on Rian Johnson Says ‘I Don’t’ Agree With Netflix CEO Over Movie Theater Model Being ‘Outdated’: I Want ‘Knives Out 3’ in ‘Many Theaters For as Long as Possible’ 1 month ago:
I thought the setting is too absurd, didn’t like it at all.
- Comment on Rian Johnson Says ‘I Don’t’ Agree With Netflix CEO Over Movie Theater Model Being ‘Outdated’: I Want ‘Knives Out 3’ in ‘Many Theaters For as Long as Possible’ 1 month ago:
Let’s see how that’s going to fly. I watched the first one in cinema and it was great, the second one at home and it was pretty terrible.
- Comment on 'The Equalizer' Canceled After 5 Seasons at CBS 1 month ago:
I hope S05 ends with no loose cliffhangers, I actually quite enjoyed the series.
- Comment on German teens traveling to US jailed and deported after loosely planned vacation deemed ‘suspicious’ 2 months ago:
Some do, some don’t. The US however requires no such thing from EU citizens.
- Comment on What are some FOSS programs that are objectively better than their proprietary counterparts? 2 months ago:
Unfortunately they use some random font to display the temperature in the toolbar that is not the system font and can’t be changed. Whatever they are using is larger than the clock font and distorts the appearance.
Here it’s side by side with Today Weather.
The original app (geometric weather) as much better, but they stopped updating it, hence the breezy fork came to be. If only they didn’t mess with the fonts, I would have loved to use it.
- Comment on Are most people here left-wing? 2 months ago:
I’d consider myself liberal, but I embrace some traits considered leftist in some areas (universal healthcare, free education) and right in others (restrict immigration based on key economic and educational indicators, deport criminals).
- Comment on 6* months away now. If you're on 10, do you plan to upgrade? Make the jump to Linux? 2 months ago:
I can’t switch to Linux due to software requirements for work. On my personal computer I’m using Xubuntu for well over a decade, I didn’t like the unity window manager of Ubuntu. I heard they changed to something else by now, but I can’t be bothered to switch.
- Comment on 'Don't Buy a Swasticar': Tesla hit by UK boycott campaign over Elon Musk's far-right support 3 months ago:
France and UK have higher purchase powers than UK, thanks to Brexit, so I wouldn’t put that down to people being more sceptical.
- Comment on Are "Lifetime" Cloud Storage Plans scams? 4 months ago:
Yeah what I also saw in the terms was that they reserve the right to sell their company without informing users other than through an update in the terms & conditions, and based on play store reviews, they terminate lifetime accounts if they find that you upload copyright protected files, even if you don’t share them with anyone.
Indexing my stuff and comparing it against external databases is a big no no for me.
So far I’m quite happy with sync.com, been using them for well over a decade. Data is fully encrypted during upload, so no matter if the server is ever breached, they wouldn’t get anything useful out of it.
I also got my own nextcloud instance up and running, but it’s with a shared hosting provider where I don’t feel as secure.
- Comment on Are "Lifetime" Cloud Storage Plans scams? 4 months ago:
pCloud, under business terms fairly towards the end:
Term & Termination
This Agreement may be terminated by either party at any time, for any reason. This Agreement will remain in effect until Customer’s subscription to the Services expires or until the Agreement is terminated. In the event of termination by the Customer, the Customer will remain responsible for payment of all fees and charges applicable to the period during which the Agreement was in effect.
- Comment on [deleted] 4 months ago:
What exactly do you think happened with slaves too old to fulfill their duties?
- Comment on How can a US citizen invest outside the reach of the federal government? 4 months ago:
Anytime! You could also check some blogs like nomad capitalist and others, they offer solutions like incorporating a ltd. company in Georgia (the country) or Belize and stuff, but that also comes with a host of other requirements, reporting and otherwise.
Depending on your assets, there are also some countries like Grenada for example that come with a citizenship by investment program, where you get a passport if you invest either into government bonds or buy a property that you must hold for a certain number of years. If you’d be a citizen from there and casually forget to tick the box for US citizenship when opening your Hong Kong account, you might just get away with it. (Strictly not legal, though).
- Comment on How can a US citizen invest outside the reach of the federal government? 4 months ago:
Outside of the immediate reach requires you to open an offshore brokerage account; however thanks to FATCA reporting requirements, most banks don’t want to deal with you unless you have significant assets under management.
Back when FATCA was first introduced I was working in private wealth management for a bank in Luxembourg, and we decided to terminate all but 3 accounts held by US citizens, all of whom had assets above 700k USD. I believe 500k was the internally communicated cutoff.
Banks in Switzerland now typically require 1M CHF to open new accounts for anyone who isn’t onshore (Swiss citizen or resident), Hong Kong, Singapore and Panama also require minimum amounts between 500k to 1M USD. I think Bahamas, Bermudas, Virgin Islands, Caymans and all the other money islands ask for even higher deposits now.
One thing you could consider are the British channel islands (Jersey and Guernsey in particular), since Brexit they’ve had a bit of an offshore renaissance. HSBC Jersey for example only requires 100k GBP to open offshore accounts (though I didn’t check about FATCA requirements since I’m not a US citizen myself).
If all you want is keep smaller amounts outside of the US, you could look into wise.com, revolut and other money transfer services, they allow you to hold different currencies in physical accounts domiciled in other jurisdictions. Read: If you deposit USD and convert it to GBP, AUD or EUR, those funds will be physically stored in UK, Australia and Belgium respectively. Since wise is a British company (revolut as well btw), the US government at least won’t have immediate access.
If there are any online brokers that accept US customers with casual portfolio sizes, no idea.
Crypto of course is also an option, but I don’t trust it enough as long term asset storage solution.
- Comment on Select a tip 4 months ago:
You bet I would.
- Comment on Select a tip 4 months ago:
Not tipping is not giving my money away for nothing.
Tipping culture creates unwarranted expectations and removes obligations from employers.
I’ve stopped tipping decades ago and won’t look back.
- Comment on Does anyone here speak Portuguese? 4 months ago:
In Luxembourg it’s actual Portuguese, not Brazilians.
- Comment on Does anyone here speak Portuguese? 4 months ago:
There are some Brazilian instances, pretty sure they speak Portuguese as well.
