The Entrepreneur Forum | Startups | Entrepreneurship | Starting a Business | Motivation | Success

GOLD! Take Your Computer Security Seriously! YOU Are At Risk!

Accelerate wealth. Build a business that pays freedom. Join more than 70,000 entrepreneurs and register for the Fastlane Entrepreneur forum. Remove ads? Join the INSIDERS.

eliquid

( Jason Brown )
EPIC CONTRIBUTOR
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
May 29, 2013
1,722
8,716
1,946
Louisville - Kentucky
Went through this thread so many times. Instead of taking any preventive measures, I bashed it off:

"Nah. It won't be me".
"BS. I'm a power user."
"Screw all this victims."

Now, I have to start my 2k Likes Facebook Page from scratch.

I too thought this years ago.

Luckily I have never "lost" anything like a site or page or something else. But over the years as I got more and more emails from great services that blocked attempts from someone else logging into my account from odd geo locations, wrong passwords, etc and blocked my account, I became concerned.

A couple times a year, I might write that off as "expected".

A couple times a month, is something totally different.

Data is being stolen and shared much more now than 3-4 years ago. It's just going to get worse.

Just a couple days ago, I got an email where someone tried to log into a crypto account I never used. They used the wrong password enough times to block the account. Again, I got lucky. But what about the weaker sites that don't block attempts, or don't warn you about it?

What about the sites they do get into and you never know about it?

I finally had to cave and just accept that being a Power User, "it wont happen to me", etc just isn't good enough. The weak chain in the link isn't you or me, it's sadly the banks and 3rd parties we work with.

And once that data is grabbed, it's shared on the web with millions having the potential to look at it. Then it's re-shared hundreds of times more. There is no defense for that other than trying to make it harder on criminals by changing passwords ( front end attacks ) and freezing credits ( back end attacks ), etc.

A lock on a bike just keeps an honest person, honest. If someone really wants your data, nothing will stop them. All we can do is try to keep the lower level criminals at bay with our methods.

.
 
Don't like ads? Remove them while supporting the forum: Subscribe to Fastlane Insiders.
Last edited:

ApparentHorizon

Platinum Contributor
Speedway Pass
Apr 1, 2016
944
2,796
653
Greenville, SC
Take other people's security with your information seriously, as well.

I just found out about Privacy.com, where you can get virtual credit cards. If one of them gets compromised, just shut it down and create a new one. Instead of waiting for one from your bank, then having to change all of your automatic payments on 20 different sites.

Downside is the rewards suck/non-existent.

But if you're buying a couple of things here and there, that are only on non-verified sites, this is great. Ex. Website plugins.
 

eliquid

( Jason Brown )
EPIC CONTRIBUTOR
Read Fastlane!
Read Unscripted!
Summit Attendee
Speedway Pass
May 29, 2013
1,722
8,716
1,946
Louisville - Kentucky
a few days ago I went to the bank.

i have a habit of checking my balance on my cell phone via their secure app at my bank so I know whats in the account before I go in. I tried to log in and it said no user was found with that username and password. I tried a few more times thinking I did the password wrong. Still nothing.

i finally reset the password and was able to get in and do what I needed at the bank.

when i got home, i logged in from my desktop to see what was up potentially. Same error again when I tried to log in now from home.

had to reset the password yet again.

once able to get in, i roamed the security settings and found out a linux device had been logging into my account daily 3-4 times a day at the same exact times every day for the past 90 days. It could have been more but the logs only went 90 days back.

I dont use linux to log into stuff, but I do use it on development servers I have. by the timestamps being the same, it looked like some cron job script was running and logging into my account. I checked the ach/wire/widthdrawl logs and nothing ever came out of my account ever. I do check balances a lot so I know nothing came out I seen before. Could it be some long forgotten app like quicken or mint or something else accessing my account I forgot about years ago? Maybe..

I changed my username and password and pin and have checked every day since and the linux machine is no longer logging in.

I have also had my credit frozen/paused/on hold for months now so I know I am good there too.

I've never gotten a login error before, but it just reaffirms what I have put in this thread before about changing not only passwords, but usernames too and how it isn't really me and you that are the security issue, but possibly other 3rd parties that have our data.

And yes, Im one of those people using VPN's for secure data transfer when I am out and about in public and have all the security settings and more in use to prevent people trying to see my data when I leave the house.

.
 

tommyz7

New Contributor
FASTLANE INSIDER
Read Fastlane!
Read Unscripted!
Jun 30, 2018
18
17
22
Posts here are quite old but I wonder if any of you guys would consider crypto as a solution. Hear me out.

Long story short:
You can use a hardware wallet with USD stable coin and spend money directly from that wallet. This separates money management from your computer and removes the risk of viruses, unauthorized transactions etc.

I wonder if all website accepted crypto USD as they accept CC payments, would you guys use it for its superior security? Would you guys pay with USD using the crypto wallet in day to day life?


Long story for those not familiar with crypto.

The device - let's call it a wallet :)
33514
You can connect it to your phone or computer with Bluetooth. It works right away like a headset.

How do I transfer USD to my wallet?
Ask someone to send you USD directly from their wallet. Alternatively, you can go to currency exchange like Uphold and exchange your bank USD to digital USD. and transfer USD to your wallet. This process is like going to ATM and depositing cash into your account, only digital. From now on, you are the only person in the world that can access and spend this money. I mean it, no hacker, no bank, no government can take it. They really can't, I know because they tried many times already :)

How can I spend the money?**
You go to any website and do your shopping as usual. At checkout, you connect your wallet to your computer. A payment request will be automatically sent to your wallet, check the amount, and confirm if everything is ok. That's it, paid, done.

What if I have a Virus on my computer?
The approval process happens inside the device so even if you have a virus on your computer, it cannot pull your key from the device. It's never recommended but you can use it on a computer with a virus present with no worries.

What if someone steals my wallet like they do with Credit Cards?
With this particular wallet, it's impossible as your wallet key is stored on the device itself and it never leaves it. It's never sent to a merchant nor to your computer so there is nothing to steal. Without that key, your money cannot be accessed.

What if I lose my wallet?
When you start the wallet for the first time, you need to write down 12 random words that the wallet generates for you. This is your way to recover the wallet if you lose a physical device. Keep them on paper in a safe place just in case! Remember, on paper, it's impossible to hack paper :)

No 2 factor authentication?
The wallet itself is already 2 factor authenticator itself. Forget SMS, emails. It's already proven you can hack accounts even with 2FA enabled so why bother.

What about passwords?
Ahh, passwords, forget about passwords, you no longer need them. You can set a PIN for your wallet if you want, tho.

It's all already available except spending.
**that part is still missing from the puzzle.

Again, I wonder if all website accepted crypto USD as they accept CC payments, would you guys use it for its superior security? Would you guys pay with USD using the crypto wallet in day to day life?
 

Lyinx

Silver Contributor
FASTLANE INSIDER
Read Rat-Race Escape!
Read Fastlane!
Read Unscripted!
Speedway Pass
Oct 28, 2019
529
631
274
Lancaster County, PA
Posts here are quite old but I wonder if any of you guys would consider crypto as a solution. Hear me out.

Long story short:
You can use a hardware wallet with USD stable coin and spend money directly from that wallet. This separates money management from your computer and removes the risk of viruses, unauthorized transactions etc.

I wonder if all website accepted crypto USD as they accept CC payments, would you guys use it for its superior security? Would you guys pay with USD using the crypto wallet in day to day life?


Long story for those not familiar with crypto.

The device - let's call it a wallet :)
View attachment 33514
You can connect it to your phone or computer with Bluetooth. It works right away like a headset.

How do I transfer USD to my wallet?
Ask someone to send you USD directly from their wallet. Alternatively, you can go to currency exchange like Uphold and exchange your bank USD to digital USD. and transfer USD to your wallet. This process is like going to ATM and depositing cash into your account, only digital. From now on, you are the only person in the world that can access and spend this money. I mean it, no hacker, no bank, no government can take it. They really can't, I know because they tried many times already :)

How can I spend the money?**
You go to any website and do your shopping as usual. At checkout, you connect your wallet to your computer. A payment request will be automatically sent to your wallet, check the amount, and confirm if everything is ok. That's it, paid, done.

What if I have a Virus on my computer?
The approval process happens inside the device so even if you have a virus on your computer, it cannot pull your key from the device. It's never recommended but you can use it on a computer with a virus present with no worries.

What if someone steals my wallet like they do with Credit Cards?
With this particular wallet, it's impossible as your wallet key is stored on the device itself and it never leaves it. It's never sent to a merchant nor to your computer so there is nothing to steal. Without that key, your money cannot be accessed.

What if I lose my wallet?
When you start the wallet for the first time, you need to write down 12 random words that the wallet generates for you. This is your way to recover the wallet if you lose a physical device. Keep them on paper in a safe place just in case! Remember, on paper, it's impossible to hack paper :)

No 2 factor authentication?
The wallet itself is already 2 factor authenticator itself. Forget SMS, emails. It's already proven you can hack accounts even with 2FA enabled so why bother.

What about passwords?
Ahh, passwords, forget about passwords, you no longer need them. You can set a PIN for your wallet if you want, tho.

It's all already available except spending.
**that part is still missing from the puzzle.

Again, I wonder if all website accepted crypto USD as they accept CC payments, would you guys use it for its superior security? Would you guys pay with USD using the crypto wallet in day to day life?
Isn't this basically 2FA with a USB/smart key? you could do the same thing with a credit card and a smart USB key?

I don't carry a wallet on me (I have a shop on my property) so when I go to buy something online, I have all my accounts setup online or if I need my credit card info, it's written on a paper in my desk.

I get an email for every transaction, if I don't recognize it I would deny the transaction in near-real time.

Even my business credit cards all have emails print out within seconds of being processed, just in case they ever get stolen so I don't get a shock at the end of the week.

I hope my cards never get stolen, but I'm realistic, it's just a matter of time until I have a bad actor website that shares the info. If/when that happens, I'll be on it and deny the charges and they will have problems with my card company.

Much more convenient than having to plug/unplug, but I do see the benefits.
 

tommyz7

New Contributor
FASTLANE INSIDER
Read Fastlane!
Read Unscripted!
Jun 30, 2018
18
17
22
Isn't this basically 2FA with a USB/smart key? you could do the same thing with a credit card and a smart USB key?

I don't carry a wallet on me (I have a shop on my property) so when I go to buy something online, I have all my accounts setup online or if I need my credit card info, it's written on a paper in my desk.

I get an email for every transaction, if I don't recognize it I would deny the transaction in near-real time.

Even my business credit cards all have emails print out within seconds of being processed, just in case they ever get stolen so I don't get a shock at the end of the week.

I hope my cards never get stolen, but I'm realistic, it's just a matter of time until I have a bad actor website that shares the info. If/when that happens, I'll be on it and deny the charges and they will have problems with my card company.

Much more convenient than having to plug/unplug, but I do see the benefits.

I'd say it's more like having a whole swiss bank in your pocket, not just 2FA :)

The above is just one of the possible solutions. Similarily as you have your credit cards setup, you could set up a crypto wallet in your browser or phone and pay wherever you want. The above example is the ultimate security but you can trade a little bit of that for a little bit of convenience with a mobile wallet.

The big difference is that with credit cards, you are being reactive. You are basically sitting and waiting to be attacked because that's how credit cards are designed. Every time you shop, you open access to your account and nothing can be done about that. With crypto wallets, however, you are being proactive. No one ever can access your account except you and payments do not expose your security. You pay it like good old cash, just digital.
 

Lyinx

Silver Contributor
FASTLANE INSIDER
Read Rat-Race Escape!
Read Fastlane!
Read Unscripted!
Speedway Pass
Oct 28, 2019
529
631
274
Lancaster County, PA
you might like this Privacy — Seamless & Secure Online Card Payments
it lets you set up single or multiple use credit cards, which pull $$$ from your regular banking account like a regular credit card... but you can turn it off whenever you feel like it :)
each card can be setup for one vendor
or you can set up a miscellaneous use card for one of the children with a maximum spend of $25/month for purchases.
Really weird, I went unto Amazon last night and this device that you had on your post showed up in my suggested field
 

bence03.02

New Contributor
Read Unscripted!
Mar 22, 2021
4
3
11
Cyber Security Professional here, my list for hardening your machine that I came up with on the spot:
  1. Use a password manager. LastPass is fine, guard the file with your life :) Opensource cloud solutions like bitwarden are fine as well. Fully generated, different passwords everywhere, 19-25 characters long, it will auto-type, so you don't have to worry about it.
  2. Use MFA (Multi Factor Authentication) where you have sensitive data and you can. Time based One Time Password (TOTP) is the best, it is usually under the "Google authenticator" option. SMS is not really secure TBH, but it's more than nothing.
  3. Encrypt your hard drive. If your machine/laptop gets stolen at least nobody can access your data!
    1. Windows users: use Bitlocker, it is only available for Pro and better unfortunately...
    2. Linux: Encrypted LVM when installing
    3. Mac users: Check encryption when installing
  4. Regular updateson software that often accesses risky environments, some to keep in mind:
    1. Browser. A browser exploit is no fun, basically you open a website and they are in your machine. UPDATE
    2. Operating system
    3. PDF/Image/Document viewer/editor software
    4. Media players
  5. This is a hard one: only run trusted software. By trusted I mean it was downloaded from the official site and the site is "trusted", like Microsoft or other big company. I would never run an executable downloaded from freeportableprograms.com or something like that :) Torrents apply here.
  6. Run an Anti Virus softwarefor Windows/Mac maybe on the phone.
    1. But do not trust a file just because it did not find it dangerous. AV evasion is not that hard if the attacker is not a script kiddie.
  7. A good firewall that I can recommend is "Little snitch", it notifies for outgoing connections as well and you can deny/allow them. It is annoying at first though.
  8. Keep backups of the files that you need.
    1. If you get a ransomware, you don't need to pay them to decrypt your files, yay
  9. If you are suspecting of being infected, revoke all network access ASAP (phisically unplug the ethernet cable and turn off the WiFi), try to save your data without infecting the new machine and reinstall your operating system.
    1. You do not have to microwave the RAM though like in Mr. Robot
  10. Cover your cameras, unplug external microphones.
  11. Change your passwords every once in a while.
  12. Also, reinstall your machine every once in a while (once a year is not that much).
  13. If you are concerned about your USB drive's data, encrypt it:
    1. For linux users: LVM encrypted partition
    2. For windows Pro and above users: Bitlocker
    3. For anybody: Veracrypt (a free software)
    4. There are other solutions on the market with PIN locked encrypted devices.
  14. Be aware of scammers and social engineers, scam mails are getting more and more sophisticated. (eg. phishing link in the attached PDF which is hosted under windows.net to steal your MS account, it's crazy)
  15. Learn the difference between HTTP and HTTPS. If you use HTTP everything (passwords provided in the side included) can be seen by peers between you and the website. If you use WiFi, then everybody in the WiFi network can sniff your traffic and read it. If the WiFi is not password protected, they don't even need to be connedted and they can just sniff your traffic undetected.
  16. Treat WiFi with WEP protection as WiFi with no password. WPA2 is fine.
  17. Keep in mind, that a VPN does not mean that it's encrypted. Most of the time it is. But it is only encrypted between you and the VPN server, it is for sure not any more encrypted between the VPN server and the web server than default.
  18. Try to use the same third party payment system when using your card for payment (e.g. PayPal), Try not providing your card details to any random website, use the third party option when possible.
  19. If the site is really sketchy, use a virtual disposable card. Revolut has a free solution called "disposable card" which can be used only once, then it gets destroyed and another one will be generated for you.
  20. Your card should be disabled by default and be enabled when used (balance this to be convenient, I do not disable my phisical card, but I do disable the virtual cards that I use on the internet)
  21. Turn off contact-less payment on your card by default. If your bank do not allow it, store it in an RFID blocker, you get 10 of them for like $1 on Aliexpress. They look like this:
    1. 1625962747141.png
    2. There are more expensive wallets with the same function, they are fine as well.
  22. Don't do stupid sh!t
    1. Do not store your passwords in weird places like in self sent emails (I used to do that in high school)
I am starting to run out things to say :) I can rant about privacy as well, I am not an enthusiast about it, but I keep that in mind. Hit me up if you are interested!
 

EmotionEngine

Bronze Contributor
Read Rat-Race Escape!
Read Fastlane!
Read Unscripted!
Speedway Pass
Sep 15, 2020
50
102
126
United States
BTW. If you're on Windows 10 now, make sure you update. The update is ready as of 7/9 if it didn't auto prompt you on taskbar. Type in "Windows Update" next to start button and click it. Check for updates.

 
G

Guest84834

Guest
Thankfully I use linux and don't execute shitty EXEs from Unknown sites.
If you really want security while travelling, buy a USB. Fine, if you already have one. Install TAILS on your usb and boot to it. Don't use any personal info while travelling. Only use Firefox for personal credentials. Use Tor for non sensitive things. These are all built in inside TAILS. TAILS changes your IP so that it won't be possible to trace back to you (except the ISP can see if you are using VPN or TOR). Use VPN if you want your hardearned cash to go down the drain. Always use open source software. Don't visit HTTP only sites. If you want a really good password manger, there are only two: Keepass or Bitwarden. Bitwarden is simple to use. If you are using Lastpass or any other stupid managers, you can simply export your passwords in a csv file and import it into Bitwarden. You can keep both lastpass and bitwarden. If you use bitcoin for purchases, use Electrum wallet - also built in app inside TAILS.

Quit Windows. It's is the source of all computer-borne illnesses. Install linux. Like right now.
Go here :

Install fedora workstation
Read the freaking documentation.
Don't follow youtube videos.

Double check if you are at the right sites. Bookmark all the sites you use, and don't use search to find a website. Example, you know that you are on the original paypal site if you see the bookmarked icon. Aside from that. Just use common sense.
 
G

Guest84834

Guest
Thankfully I use linux and don't execute shitty EXEs from Unknown sites.
If you really want security while travelling, buy a USB. Fine, if you already have one. Install TAILS on your usb and boot to it. Don't use any personal info while travelling. Only use Firefox for personal credentials. Use Tor for non sensitive things. These are all built in inside TAILS. TAILS changes your IP so that it won't be possible to trace back to you (except the ISP can see if you are using VPN or TOR). Use VPN if you want your hardearned cash to go down the drain. Always use open source software. Don't visit HTTP only sites. If you want a really good password manger, there are only two: Keepass or Bitwarden. Bitwarden is simple to use. If you are using Lastpass or any other stupid managers, you can simply export your passwords in a csv file and import it into Bitwarden. You can keep both lastpass and bitwarden. If you use bitcoin for purchases, use Electrum wallet - also built in app inside TAILS.

Quit Windows. It's is the source of all computer-borne illnesses. Install linux. Like right now.
Go here :

Install fedora workstation
Read the freaking documentation.
Don't follow youtube videos.


Double check if you are at the right sites. Bookmark all the sites you use, and don't use search to find a website. Example, you know that you are on the original paypal site if you see the bookmarked icon. Aside from that. Just use common sense.

EDIT: Don't use antivirus. Does more harm than good.
 
Don't like ads? Remove them while supporting the forum: Subscribe to Fastlane Insiders.

Sponsored Offers

  • Sticky
MARKETPLACE  NEW: The Best School for Going Fastlane (50% Off Deal Now On)
Hey, @Fox! Kudos on your course and all the free content that you have released on your YouTube...
  • Sticky
MARKETPLACE  You Are One Call Away From Living Your Dream Life - LightHouse’s Accountability Program ⚡
What I got was completely unexpected; @LightHouse generously talked with me for 2 straight hours...
  • Sticky
MARKETPLACE  Freelance University: Solve Every Freelance Problem (Especially on Upwork)
FU. 4 DAYS. 50% OFF BLACK FRIDAY SALE! If you're an Upwork freelancer, you'd be a fool not to...
  • Sticky
MARKETPLACE  For Sale: Food Brand with 4 Years of Happy Customers in a Fast-Growing Niche
So to get certified, it cost a fortune? How much exactly? That sucks that these "health...
MARKETPLACE  Fox Web School "Legend" Group Coaching Program 2021
Fox's Web School helps you learn a specialized skill which you can use to get to Fastlane. It's...
MARKETPLACE  Not sure how to start? This free book will teach you how to build a successful web design business
Hi Fox. Starting the book and got through the introduction. Had a conversation with Andy Black...


Don't like ads? Remove them while supporting the forum. Subscribe.

New Topics

Fastlane Insiders

View the forum AD FREE.
Private, unindexed content
Detailed process/execution threads
Ideas needing execution, more!

Join Fastlane Insiders.

Top Bottom