onelogin has been compromised

Discussion in 'Technical' started by sec_monkey, Jun 2, 2017.

  1. sec_monkey

    sec_monkey SM Security Administrator

    Dont, VisuTrac and Dunerunner like this.
  2. oil pan 4

    oil pan 4 Monkey+++

    That just seemed like a bad idea all around.
    I hope no one here was using it.
    Dunerunner and sec_monkey like this.
  3. natshare

    natshare Monkey+++

    Personally, I utilize the highest of high tech methods, known to mankind.....

    Post-It notes! [LMAO]

    Honestly, imho, storing ANYTHING on the cloud, that you give a sh*t about, is just foolish!
  4. tacmotusn

    tacmotusn RIP 1/13/21

    Dumb question from the resident computer dinosaur. So does that mean that any website that you visit on a regular basis, if you opt to let them save your password, you just might be sending that password to the cloud?
    sec_monkey likes this.
  5. sec_monkey

    sec_monkey SM Security Administrator

    if ya use a pass manager that uses cloud/online storage yep :( :mad:

    if it only uses local storage, nope :) (y)
  6. 3M-TA3

    3M-TA3 Cold Wet Monkey Site Supporter++

    I don't store anything except a few pictures on anybody's cloud. That's just ape5h1t stupid when storage is so cheap. I have my own internal cloud in the form of a NAS that has built in redundancy. You can find 2TB ReadyNas systems with hard drives on eBay for just over $100. Reformat, hook up to your router, follow some easy instructions and you are set. If possible make sure the model you buy is from one of their lines designed for business purposes - those can be upgraded to the latest OS that includes antivirus, advanced security features, and the ability to manage protocols like the version of SMB in use.
    sec_monkey likes this.
  7. sec_monkey

    sec_monkey SM Security Administrator

    [coo] (y)

    however SMB has a number of vulnerabilities as wcry demonstrated :(
  8. BTPost

    BTPost Stumpy Old Fart Snow Monkey Moderator

    I keep all my MANY Logins & Passwords, in an encrypted file on my Computers, as well as my iPhone, iPad Retina, and iTouch.... The PassPhrase for that Encrypted File is Kept in my HEAD, where NONE can get to it.... The Encryption is First Class 4096Bit, a dn All the above locations are multiply Backed Up in other places, but NOTHING, and NOWHERE, outside my own Network... Many of those Passwords, that I use daily are in my HEAD, but I still have to one the File a couple of times a day, for less used
    3M-TA3 and sec_monkey like this.
  9. 3M-TA3

    3M-TA3 Cold Wet Monkey Site Supporter++

    Exactly - I recently upgraded the version on my NAS so I could turn off SMBv1. SMBv2 and SMBv3 do not have those vulnerabilities. Bear in mind, though that wcry only affects Windows SMBv1, so running SMBv1 on your NAS won't expose you to it unless it runs on Windows. I shut SMBv1 off on mine just as a reminder for new Windows systems to shut it off there as well.
    sec_monkey likes this.
  10. sec_monkey

    sec_monkey SM Security Administrator

    the linux version has some security bugs too :(
  11. sec_monkey

    sec_monkey SM Security Administrator

    plus v2 and v3 may not be as secure as folks think
    3M-TA3 likes this.
  12. 3M-TA3

    3M-TA3 Cold Wet Monkey Site Supporter++

    SMBv1 in and of itself has security issues regardless of operating system. For now the hackers are mostly interested in Windows because that's what most computers run. iOS is becoming increasingly exploited. For now Linux is mostly safe, but that's not going to last forever, too many server based applications are Linux based.

    It's interesting to note that my NAS operating system is Linux based and the version I upgraded to has it's own antivirus with definitions updated almost daily.
    sec_monkey likes this.
survivalmonkey SSL seal warrant canary