One possible solution: Use Chrome. Shut off its cookies. then go to IXquick.com for searching. Ixquick strips out your info and goes to Google anonymously.
--
Dr Philip C D Hobbs
Principal Consultant
ElectroOptical Innovations LLC
Optics, Electro-optics, Photonics, Analog Electronics
160 North State Road #203
Briarcliff Manor NY 10510
hobbs at electrooptical dot net
http://electrooptical.net
It was the crape hanging about Blackberry that I was talking about.
I don't share your confidence in password storage utilities.
Cheers
Phil Hobbs
--
Dr Philip C D Hobbs
Principal Consultant
ElectroOptical Innovations LLC
Optics, Electro-optics, Photonics, Analog Electronics
160 North State Road #203
Briarcliff Manor NY 10510
hobbs at electrooptical dot net
http://electrooptical.net
If your neighbourhood has good street lighting, visible alarms, and neighbourhood watch signs, then burglars will prefer to go to another neighbourhood with none of these things. Adding a steel door, six locks and a bear trap on the garden path makes virtually no difference to the chance of you being burgled, but it makes live a lot more complicated for you. The burglars might not win, but you certainly lose.
Some are strange, but Sticky appears to be put together the right way.
They take precautions to allow you to export the password file, but only in encrypted format. If you want it in plain ASCII, they will do it but you have to persuade them you really want to do it. If you copy the password to the clipboard, they erase it in a few seconds so it is no longer available.
They take precautions to disable keyloggers while the program is active. They won't allow you to have the Password Manager in Firefox when Sticky is installed. You can connect to the desired banking site using the link stored in their database. It loads Firefox with the correct url so there is no possibility of a typo. When the site connects, it loads the username and password automatically. These are filled in with "*********" so the information never appears on screen.
There is no requirement to upload anything to the cloud so you are never concerned about security. You get 15 urls for free, but if you need more, you have to register the program.
The thing I like most is Sticky doesn't require another toolbar, so there is no indication it is present when it is not being used. There is a small icon in the bottom right corner of the Windows toolbar, but you have to know what it means to know what it refers to. You can tell in every way the program operates that they know what they are doing to protect you. I don't have the same feeling with any of the other password managers, like KeyPass, RoboForm, LastPass and the others. They give me a creepy feeling.
In 6 years or so of daily use, I have never had any problem with Sticky. It just works. However, it never appears in any of the password manager reviews that I have seen. You have to know it exists and find it in google to download it.
I forgot to mention in this application, the banking vm is completely separate from the others. It has no email, no connection to the LAN, no Flash, USB, LTspice, music, MS Office, or anything else that is not needed. An infection on the main browsing vm cannot cross over to the banking vm.
There are some issues with possible backdoors in the router, DNS poisoning and other MITM attacks, and stuff the criminals have not dreamed up yet.
But on the whole, it is a lot better than the current method which puts everything in the same basket, with a huge attack surface that is wide open to 0-day attacks and other malware that av cannot detect.
I guess that about wraps up this thread. Thanks for your comments.
In corporate hacking postmortems, it turns out most have been hacked for about two years.
The only reason not to install upgrades is when you think/know the upgrade is less secure, i.e. Java of late and much of the time Apple IOS.
I have the Mozilla repository installed and just put up with the changes. Mozilla doesn't have a record of adding more security flaws as they fix the old ones.
I'm currently running a full software raid (not fake raid or with a raid controller). These latest generation CPUs are plenty powerful to handle the raid task. I use ECC and a server grade Supermicro mobo. The advantage to a total software solution is you are less dependent on the hardware if you need to move the files to another host.
That said, you really should backup to external drives as well.
I have the OS on a SSD, and clone it to an external drive. Only data is on the raid. It took a bit of work make the programs that insist on disk caching load from the SSD but use the raid for cache, especially google earth.
Have you considered doing a write up on how you use git for this application. As you know, it was intended for source control for software. I can pull code via git, but haven't even attempted to learn how to use it for the control function.
You run into feces tossing forum posts on how to use git, so I suspect it isn't that easy. That is, people accuse other people of using it incorrectly.
Sounds nice, but you have no way that I know of to verify its design, nor to verify that it bypasses all varieties of keyloggers.
Cheers
Phil Hobbs
--
Dr Philip C D Hobbs
Principal Consultant
ElectroOptical Innovations LLC
Optics, Electro-optics, Photonics, Analog Electronics
160 North State Road #203
Briarcliff Manor NY 10510
hobbs at electrooptical dot net
http://electrooptical.net
It doesn't matter. It is only used on the banking vm. This has no email, USB, Flash, access to the LAN, or any other function that is not needed for banking. Any function that is not needed is stripped during installation. The banking vm only goes to the banking sites and is not used for general browsing. There is little risk of infection, and an infection on another vm cannot cross over.
On XP, the Win98 System File Checker and various rookit revealers quickly confirm there is no infection.
Since the unused functions are stripped from each vm, the vdi files are small and can be quickly backed up to a separate hard disk. This is done through Ubuntu so there is no way to access the backup from Windows and malware cannot touch the backup hard disk.
If a vm is infected, there is no need to reinstall Windows and all the user programs. Simply overwrite the vdi file with the backup.
There are several addons for Firefox that verify the certificates for the financial sites have not changed. This prevents mitm attacks via DNS cache poisoning. A boot virus will destroy the Ubuntu boot loader. This requires reinstalling Ubuntu.
The router vulnerabilities can be prevented by downloading and installing any of several different free Linux operating systems for routers. The router has wireless disabled and the antennas are removed.
Any one with physical access to the computer could install a hardware keylogger. This can be prevented by restricting access to the machine and by visual inspection.
The basic principle is to separate the various functions so if one is compromised, it does not affect the others. Provide multiple layers of defense so if one layer is broken, other layers will prevent further propagation.
Then provide a means to quickly verify the system has not been altered and there are no infections.
The software needed to provide these functions is free and readily available.
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.