Hello from Altha, FL!

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

GraysonPeddie

New member
Sep 29, 2020
1
1
41
Altha, FL
graysonpeddie.com
Hi everyone. I am listening to Security Now at the time of writing and just decided to sign up for the forum. I am making use of unique email address specifically for the forum because I am privacy- and security-minded. I have about 150 email aliases. Is it overkill? Yes for most people, but when it comes to compromise of databases, it's important that I know where the breach of coming from so I can change not only my password (I use Bitwarden self-hosted in my home server), but also my email address. That's why, years ago I signed up for Have I Been Pwned service so that I can receive notifications when a data breach occurs. And yes, I use G Suite's Group feature to keep track of email addresses. I treat about 150 email aliases as "classified" only to those that I register my account with.

Anyway, I decided to visit the forum to say "hello." I love to keep up with news regarding security.
 
  • Like
Reactions: Steve
If you are security concious, I hope you signed up using SQRL, not a traditional username/password.

@AlanD I'm not the OP of this thread. But, while I like the idea of SQRL, it doesn't work for my use case. My phone is never connected to the net. My tablet is intermittently connected to the net. But, I would not want to leave the tablet in an authenticated SQRL state in case it gets lost. For me, the best solution is Lastpass. This is pretty safe as long as you use a different long random password (say 32 characters) on each site and have a good master password. It's pretty hard to log into a website on my tablet with the touch screen. I'm OK with that. It would be pretty impossible for someone else as long as I'm logged out of Lastpass. It's a good bit easier on my PC with a full size keyboard. I just log into lastpass while I'm sitting there and logout when I'm gone or let it time out.

Can you please expand on this. Are you referring to Gmail’s + functionality?

@Kermit I'm not the OP of this thread, but I do the same thing. I don't use gmail though. I own a few domain names. Let's say you operate KermitsShakeShop and you ask for my email. I'm going to use the DNS control panel at my ISP to make up something like KermitsShakeShopInfo AT mydomainname. That forwards to my real mailbox. I can set the controls in my email client to send replies from that as well using the identities menu.

So, when you send me cool coupons for tasty shakes, I'm happy. But, if you sell my address, or if you lose it, and it starts attracting rubbish, I will KNOW where the rubbish originated. Of course, that may or may not be your fault. Anyway, I can dump that address and all I lose is your coupons and the spam. It's a bit of trouble to do, but it works quite well. I probably have over 400 aliases set up this way. It also has the advantage that, you cannot spoof the send TO address. Even if you put KermitsGolfShop in the return address line, I still know something is coming to the original address I gave you. This also allows me to automatically filter messages into folders if I wish.

Now, I do get lots of bacon, email that I've requested but don't necessarily have time to read. I probably get 50-100 emails per day. Coupons from a few food vendors. Emails from health sites. Energy sites. Notifications from forums. Etc. That can easily get out of hand. I don't care so much on my PC. I just read what I want and ignore what I don't. But, on the tablet, it's a bit harder (using K9 mail) as, in the past, I had to manually touch and delete each mail. I've recently set up a separate email account I call something like mytabletbacon AT mydomain. I've reset all the forwarding addresses that I consider to be bacon to forward to that address. I've set the tablet to HOPEFULLY auto delete messages in that inbox when they exceed 2500, I think. That should be enough history assuming it works. All the messages still hit my PC, and they don't auto delete there. So, I still have them if I need them.

Hope this info helps.

Ron
 
@AlanD I'm not the OP of this thread. But, while I like the idea of SQRL, it doesn't work for my use case. My phone is never connected to the net. My tablet is intermittently connected to the net. But, I would not want to leave the tablet in an authenticated SQRL state in case it gets lost.

You may not have understood how SQRL works. Your tablet would not be left in a fully authenticated state, at worst, it could be left in a state where a second SQRL authentication could be done using only the first 4 characters of your password. Even then, this times out, and any failure at inputting the correct "first 4" immediately puts it back to "full password required". You only get "one chance" to input the short password.

Compare this with LastPass. Once you have signed in at your PC, anyone going past could use LastPass to enter your credentials.
 
  • Like
Reactions: danlock
You may not have understood how SQRL works. Your tablet would not be left in a fully authenticated state, at worst, it could be left in a state where a second SQRL authentication could be done using only the first 4 characters of your password. Even then, this times out, and any failure at inputting the correct "first 4" immediately puts it back to "full password required". You only get "one chance" to input the short password.

Compare this with LastPass. Once you have signed in at your PC, anyone going past could use LastPass to enter your credentials.

HI @AlanD. That's interesting what you said about the SQRL client. Actually the Lastpass app on the tablet has a similar function where it jumps back to a 4 digit code if you set it up right. So, that's a good thing. I try my best to log out of Lastpass whenever I'm through logging into something so anybody, even me, would be forced to do a full login the next time. I can't see myself leaving either Lastpass or SQRL logged in all the time. Another, fixable, wrinkle is that the case I'm using from an old tablet blocks the camera on my new tablet.

I only use my PC at home, or very rarely in a hotel. And, Lastpass times out after 15 minutes of non use. If I were using it in a library or in an office with a lot more people, I would probably have to be even more conscientious to log out immediately when I walk away, if I walk away.

Still, SQRL is a great idea. I'm definitely going to have to keep that in mind.

Ron