WANTED: Happy members who like to discuss audio and other topics related to our interest. Desire to learn and share knowledge of science required. There are many reviews of audio hardware and expert members to help answer your questions.
Click here to have your audio equipment measured for free!
FYI we discovered 3 more today. Our spam filters are catching them after the fact by quarantining the posts. It is possible there are more that we are not seeing although that is unlikely. So scale is small but not zero or random.
Install wordfence (or similar) on your sites, and set it to block an IP after 5 login attempts. Kills brute force attacks. And turn off the account named admin.
Admin has never been on. I actually block for 999 hours after 2 attempts. Otherwise I get too many notifications. Nobody has ever used the correct login let alone the correct login and password.
Admin has never been on. I actually block for 999 hours after 2 attempts. Otherwise I get too many notifications. Nobody has ever used the correct login let alone the correct login and password.
Earlier today I received an email from Credit Karma telling me someone accessed my account from a computer I didn't recognize. So I changed my password and activated 2FA. Afterward, I figured I'd do the same with my Experian account only to find out Experian doesn't support 2FA! I was able to log in from another computer with no problem! How is it that one of the largest credit reporting agencies doesn't have better security on their own web site?
I'm on it, but my priority is changing all the 200 and something credentials that were in my vault that lastpass kindley gave away to bad actors for me.
It was protected by a pretty strong password - but not strong enough to keep me from worrying about it - so everything gets changed, logon id's/emails as well as passwords. I estimate about 2 weeks of 2 hours per day. It's a bloody mess but on the plus side it'll all be neat and tidy once I've finished.
My ASR password was not in last pass, and already strong - so less of a worry.
I'm not non technical - but still choose to believe that "they" are going to better at securing stuff in the cloud than I am in my self hosted system. Given that I want acess when away from home, so would have to open my self hosted system to the net.
I'm on it, but my priority is changing all the 200 and something credentials that were in my vault that lastpass kindley gave away to bad actors for me.
What a palaver. Too many eggs in one basket? Seriously, I have always thought a password manager was a poor solution dressed up as a good one, in that if what happened with lastpass happens, then bad actors have access to EVERYTHING.
Personally, I am coming to thinking a tiered system is needed, where most important stuff is separated from important, which is separated from relatively unimportant. Perhaps better to use an encrypted rar file on your own server (far more innocuous) than lastpass or similar, which is just begging to be hacked, as it broadcasts precisely what it is to the entire world.
I can give you a partial answer from what I have seen. The recent run of hacked accounts have been 100% spambots. Posting links to stuff for sale or other nefarious purposes. I made it a point not to click through to the linked sites. Hope that helps.
What a palaver. Too many eggs in one basket? Seriously, I have always thought a password manager was a poor solution dressed up as a good one, in that if what happened with lastpass happens, then bad actors have access to EVERYTHING.
Personally, I am coming to thinking a tiered system is needed, where most important stuff is separated from important, which is separated from relatively unimportant. Perhaps better to use an encrypted rar file on your own server (far more innocuous) than lastpass or similar, which is just begging to be hacked, as it broadcasts precisely what it is to the entire world.
The convenience afforded by decent password managers, makes it possible to work with unique strong passwords for every system, and to not leave systems logged in to avoid having to lookup passwords in a less easy system (such as an encrypted rar file).
The down side - as you say - is the target they make. This is why they work on a zero knowlege architecture - only strongly encrypted data is stored in the cloud - it is only ever unlocked on your own system.
As ordinary people - we also have the advantage that when the vaults do go walkabout they are burried in hundreds of thousands of others. It is so expensive to even attempt to brute force them, that they are unlikely to go after the likes of you and me. So our systems remain secure. That - unfortunately for me - still doesn't give me sufficient peace of mind to leave my passwords unchanged.
biggest threat about search engines showing scammers sites as first is with banking i think, if you use for instance google search engine to enter your bank, you could just pick the first one from query, so instead of entering the real bank, you are entering something like www.1-23_bankname.com there's a high chance loosing your money that way (scammers are usually using instance bank transfers) so chances getting your money back is close to zip..
so..just a reminder (especially for older folks):
always use your own link, type url, or atleast check url before entering your bank website, if it doesn't feel right, it probably isn't, better safe than sorry..
biggest threat about search engines showing scammers sites as first is with banking i think, if you use for instance google search engine to enter your bank, you could just pick the first one from query, so instead of entering the real bank, you are entering something like www.1-23_bankname.com there's a high chance loosing your money that way (scammers are usually using instance bank transfers) so chances getting your money back is close to zip..
so..just a reminder (especially for older folks):
always use your own link, type url, or atleast check url before entering your bank website, if it doesn't feel right, it probably isn't, better safe than sorry..
If your bank isn't using multi factor authorisation for web sign on, then you should be changing your bank.
I have to get a code from an app on my phone, both to log on - and to set up a new transaction destination. So even if I'm fooled into logging onto a fake site, and the scammers are in paralel logging onto the correct site, the scammers still can't send money anywhere without my cooperation in setting up the destination. And even then - to get the code I have to enter digits from the destination account number - so it will fail if the scammers try to divert that to a different account.
The biggest risk from bank scammers is being fooled into authorising a scam transaction (we are fraud department - you need to move your money into a safe account type stuff), where the scammers have managed to convince you they are someone you can trust.
If your bank isn't using multi factor authorisation for web sign on, then you should be changing your bank.
I have to get a code from an app on my phone, both to log on - and to set up a new transaction destination. So even if I'm fooled into logging onto a fake site, and the scammers are in paralel logging onto the correct site, the scammers still can't send money anywhere without my cooperation in setting up the destination. And even then - to get the code I have to enter digits from the destination account number - so it will fail if the scammers try to divert that to a different account.
The biggest risk from bank scammers is being fooled into authorising a scam transaction (we are fraud department - you need to move your money into a safe account type stuff), where the scammers have managed to convince you they are someone you can trust.
if your bank offers any other means of sign-in other than 2FA, vulnerbility remains, people still get confused, when a web site says 2FA identh isn't possible now, pls use xxxx authentication..
@amirm I need to edit the ASR EQ webpage for the purpose of adding another EQ to the MAC section. The edit function has been disabled. Can you enable that for me?
@amirm I need to edit the ASR EQ webpage for the purpose of adding another EQ to the MAC section. The edit function has been disabled. Can you enable that for me?
Oh... I forgot to add some funds...lol. Silly me... I was thinking the hackers where mucking about and ASR disabled the function. Thanks for the head's up.
Passkeys are not secure. Once passkeys become the norm; everyone will be compromised at once.
The best thing to do is to just have people have better passwords; people being socially engineered will never change.