2023 Security Check-up Reminder

  • 🐕 I am attempting to get the site runnning as fast as possible. If you are experiencing slow page load times, please report it.
AnOminous said:
What's anyone's comparison of using a Raspberry Pi as a pi-hole and then treating it as a secondary router, versus just directly getting a router that can take custom firmware and using DD-WRT or Tomato so that the router is what is connected to a VPN, to avoid the complete unreliability of most so-called "deadswitches" that often don't work.
Click to expand...
the pi method lets you get adblocking and some anti-tracking stuff, but you are still at (some) risk of things doing DNS on their own, or DNS over HTTPS or other bullshit. So random devices or programs may bypass your shit, and if you have a VPN on your computer it may get bypassed intentionally or accidentally.

one huge advantage to the pi is you can get adblock on devices that otherwise can't do it, but those are getting more and more "smart" and basically open VPN tunnels themselves over HTTPS to their cloud servers more and more

Using a router that shoves everything into a VPN tunnel is more secure, especially if you lock down the fuck out of the router so that NOTHING can escape except going down the VPN.

this can still leak info but it's more secure against randoshit

you can also use programs like littlesnitch (mac) https://www.obdev.at/products/littlesnitch/index.html or netlimiter https://www.netlimiter.com (windows) or https://github.com/evilsocket/opensnitch opensnatch (linux) to monitor what the fuck programs on your computer are doing (this probably maybe would NOT have caught the stupid minecraft RAT because it would say "you are sending data to the minecraft server" and claire would be like "ok makes sense"
JoeBidenSniffMe said:
Does KiwiFarm use a yubikey or some type of security token?
Click to expand...
you can configure two-factor with an app, and the yubikey can protect that app (or do the app code thing itself) and of course you can protect your password mangler with the yubikey, too

but it doesn't support direct login with the yubikey
 
  • Informative
Reactions: ekolet and Johnny Apple Sneed
reptile baht spaniard rid said:
the pi method lets you get adblocking and some anti-tracking stuff, but you are still at (some) risk of things doing DNS on their own, or DNS over HTTPS or other bullshit. So random devices or programs may bypass your shit, and if you have a VPN on your computer it may get bypassed intentionally or accidentally.
Click to expand...
You can force all devices on the network to use the pihole as the sole dns server by adding a few NAT masquerade rules in your router's firewall settings. You obviously need a router that can do that first of all. That way no device can bypass the pihole.
 
JoeBidenSniffMe said:
Does KiwiFarm use a yubikey or some type of security token?
Click to expand...
No only TOTP, these are your options:
1678518005205.png
found here
 
Car Won't Crank said:
You can force all devices on the network to use the pihole as the sole dns server by adding a few NAT masquerade rules in your router's firewall settings. You obviously need a router that can do that first of all. That way no device can bypass the pihole.
Click to expand...
they can if they do DNS-over-HTTPS, which is a bit of a problem (you can try to block the endpoints by IP, or do some trickery with deep packet inspection, but that's heavy lifting) - because it's 443 HTTPS it looks like most any other random webtraffic.

you can read some blather about trying to stop it here: https://umbrella.cisco.com/blog/doh-dns-over-https-to-block-or-not-to-block

but pihole and block normal DNS gets you 90% of the way there, except more and more things are trying to do DoH (firefox does by default now, so that can be why things can be wonky: https://support.mozilla.org/en-US/kb/firefox-dns-over-https )
 
  • Informative
Reactions: Johnny Apple Sneed and Car Won't Crank
reptile baht spaniard rid said:
they can if they do DNS-over-HTTPS, which is a bit of a problem (you can try to block the endpoints by IP, or do some trickery with deep packet inspection, but that's heavy lifting) - because it's 443 HTTPS it looks like most any other random webtraffic.

you can read some blather about trying to stop it here: https://umbrella.cisco.com/blog/doh-dns-over-https-to-block-or-not-to-block

but pihole and block normal DNS gets you 90% of the way there, except more and more things are trying to do DoH (firefox does by default now, so that can be why things can be wonky: https://support.mozilla.org/en-US/kb/firefox-dns-over-https )
Click to expand...
I did not know about this. Thanks for the info fren
 
Wait a fucking minute...

You mean to tell me that niggas got fucked over after the DropKiwiFarms hack and Lolcow.email being taken offline meant that Null had to reset everyone's fucking passwords and advised email changes?

God damn, I'm pissed off secondhand by reading through some of the retards who posted here but I can't even imagine how Null feels.

You really can lead a horse to water, but that won't stop the horse from kicking you and spitting on you.
 
Rule number one of the internet: don't click the thing they told you to click. No amount of password managers, VPN, anti spyware/malware/virus (or 10 different alias accounts) can protect you better than simply not giving people unadulterated access to your terminal in the first place.

Seriously, anyone on a forum like this (and theirs) have read variations of that; I chalk this whole thing up to people are just naive as fuck sometimes.

It's the moments of letting your guard down after the false sense of security that CRACKEDOUTVPN and TURINGPASSWORD SCRAMBLER give you, that will always bite you in the ass . Who'd expect a person to secretly try and hack you amongst a group of "peers", in an innocent minecraft server? Fucking. Everyone.
 
You must log in or register to reply here.
Back