Jump to content

John L. Galt

  • Content Count

  • Joined

  • Last visited


About John L. Galt

  • Rank
  • Birthday 03/15/1971

Contact Methods

  • MSN
  • Website URL
  • ICQ
  • Yahoo

Profile Information

  • Location
    3rd Rock
  • Interests
    Annoyances, especially M$ related.

Recent Profile Visitors

17,217 profile views
  1. November makes 9 years I've been using (and abusing / testing / bricking / crackflashing / call it what you will) Android phones. I'm all in on using Google's (admittedly no so free) services. I've distanced myself well from Facebook, will never use their mobile apps again and only log in every once and again to check and see what's going on with my fellow classmates - we just had our 30th reunion last year. So, like once a month, if that, on FB. But I use Google stuff daily. Multiple times a day - and that is without even considering anything I do on the phone....
  2. Links in this forum's parent for each of the Browser Guard addons: https://forums.malwarebytes.com/forum/253-chrome/ https://forums.malwarebytes.com/forum/254-firefox/
  3. So, I swapped my database over to using Argon2, with n=m=32 (the value, obviously dif units), and p=4. On my desktop it takes ~1.6 seconds - but in practice it takes a bit more time, usually above 2 seconds. That phone up there that I mentioned? If it is using the same mechanism to decrypt the database, it takes no longer than my desktop does πŸ˜› And as I am about to upgrade my phone in the next month or so to the Pixel 4, I will probably need to revisit this again - and set it to something large like 5-10 seconds on the desktop and see how long the phone takes πŸ˜›
  4. Well familiar with the Gibson one - I've been visiting his site for a very, very long time now (ever since my first ever Click-of-death on an Parallel-port iOmega ZIP drive). Still use a few of his utilities to this day, including DNS Benchmark and securable. And attempting to explain PWs and pw security to my parents was a lost cause - until XKCD tackled it not once but twice (that I used). https://xkcd.com/792/ (with corresponding explanation at https://www.explainxkcd.com/wiki/index.php/792:_Password_Reuse) and https://xkcd.com/936/ (with corresponding explanation at https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength) Believe it or not, he does a great job with the second one, but also takes a couple of jabs at both Gibson and Bruce Schneier....or, whoever wrote the wiki explanation article anyway.
  5. He does mention that Windows Latest site is pointing directly at Lenovo machines. Curiously, though, As I run Windows Insider Preview builds, I had something similar happen to me a few builds back - 1 Machine went green, one went black and white (and looked like I was in an intense foggy situation) and one went almost the same lack-of-blue-light levels as Night Sight. At the time it was because the display driver was force installed by that particular build, and all I did to fix was reinstall the normal display driver available for each GA on each machine.
  6. ^^^^^ 100% That whole OP is a great write. I'm pleasantly surprised that the maker of the video went through all of that detail to show a good way to set up the database. He did a great job (aside from not using Argon2, which the link you provided worked well for me in terms of actually making sense (I live for these computational things). That being said, since I *do* use mobile, what I typically did in the past was to use the AES-KDF method for transformation, using the 1 second delay test, and then removing a single digit to make it compatible with my (then less powerful) mobile device. Now, I realize that I need to revisit that and see just how fast my phone can decrypt it using a full 1 second delay - after all, the 1 second delay I'm deriving is on my ancient Core i7 965 EE (yes, first-gen Bloomfield) CPU, and my current phone is a Pixel 2 XL - pretty powerful in terms of a comparison to the phone I had when I first set the delay up (Original Motorola DROID, now a full 8 years old). And as I use Android, I need to see if the KeePass2Android app can decrypt the database if I set the transformation method to Argon instead of AES-KDF. I have my work cut out for me this evening. Thanks again @AdvancedSetup
  7. I'm not going to argue the semantics - I simply meant you have to be aware of wtf is possible wrt your computer use, whether at home or outside of your home. As for security keys: I think there is a bit of misinformation here. The keys are not used in lieu of PWs at sites - they are used for 2FA. On Windows, since I don't have a key to verify, I think that they do replace the PWs (via Windows Hello, just as the PINs do, which Windows 10 encourages all users to create upon installing Windows - so that is on M$ to begin with), and that was the point of the comment I made early on "But I am not fooled". So, for your home computer, obviously you have to have situational awareness of any and all (including insider, not just external) threats if you implement the use of the key with Windows Hello - and a *LOT* of people are already at a compromisable state by using Windows Hello with a PIN (in lieu of a pw) when using a Micro$oft account top log into Windows 10 (and IIRC, this can *als* be set on local login accounts as well, but I haven't ha a local account for a while, due to my continued testing of Insider Preview builds). Yeah, not safe at all. And I will not disagree with that - it really isn't safe - but it is also what is pushed by M$ as the 'alternative' to using PWs. But for actual sites that you visit? No, it's not a "plug in key and get access", it's enter username and PW, then get asked to plug in key to verify access. PWs by themselves are better than the keys by themselves - but put both together as a part of a multi-factor system of authentication and things get better. Of course, the argument can always be made that we need even more - but at what point are you going to stop? 3 layers? 5? At this point, unless you're physically at your bank, you're probably using some sort of digital interface - and as we always remarked over at CoU - If it is digital, it can be hacked.
  8. IN MB4, did you uncheck the supposed malware found, then select Next and which point you can ignore once / ignore always, and *then* run the FP tracker?
  9. Obviously - but that is also called situational awareness - if you live in a situation where someone could get access to your device, then you don't use said device. Or, conversely, you implement additional layers of security - like a power on PW for the machine itself. And your arguments apply just as much to a PW - if said roommates are willing and able to steal your physical key they're probably just as willing and able to record your PW / PIN / pattern, at which point you kinda have to wonder why you have them as roommates to begin with. In a situation where you cannot control who you live with, you implement additional layers of security - whatever those may be.
  10. Double ditto. But, I also run Windows Insiders builds πŸ˜› And I regularly (at least every 6 months, though I've done this 3 times in the last 2 months) cleanly install Windows to help avoid any issues like that myself - if a build starts acting janky, the first thing I do is look for others experiencing the same issues as me. The second thing I do is look for a fix. If a fix cannot be found, I revert to an image backup and try again. If that fails, I revert again and stick to that image. Sometimes, though, even that is not enough - thus the 6-month clean install cycle.
  11. Agreed, but this feature has been requested more than once for previous versions, and again with the current ßeta v4 that is now out for public testing. Let's hope this can be accomplished with the new version.
  12. Do you have the telemetry settings disabled? https://support.malwarebytes.com/docs/DOC-3444
  13. Also, @f14tmocat, if it makes you feel any better, I started a complete scan of all my drives and let it run overnight - it took well over 3 hours, IIRC.... πŸ˜›
  14. Oh. I guess I could see that - but if I were to implement this for Windows, I most certainly wouldn't leave the device around to begin with πŸ˜› Ayup - one of the reasons I use KP in the first place. And I refuse to store anything in Excel anymore as I use Microsoft Office 365 - the 'always on' aka always phoning home version.
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.