- Joined
- Dec 29, 2022
This is dumb because if just one of those services gets hacked, your password to it plus every other service is now public knowledge. To see what I mean, try looking yourself up on Breach Directory:
2023 Security Check-up Reminder
- Thread starter Null
- Start date
- Joined
- Jan 23, 2023
I'm not saying she's totally innocent, just that chudbuds was a small time operation for a niche online community. She's not a security professional and I don't think anyone should've expected that. You're right, these precautions should've been taken, but I also don't see anyone else jumping in to start up their own node and do it the "right" way.
- Joined
- Dec 29, 2022
Keep that piece of paper in a fireproof, waterproof lockbox. Fires, floods, and tornados do happen. SentrySafe is a good brand.
troonshite
kiwifarms.net
- Joined
- Jan 15, 2023
Imagine getting doxed from from some spaz downloading Minecraft mods. More disappointing then anything.
TheBigZee
kiwifarms.net
- Joined
- Jan 25, 2021
Any type of file can be an attack vector if the code that processes it has a vulnerability in it.
- Joined
- Sep 28, 2022
the people who know how to do it 'the right way' are aware how much preparation and effort goes into doing everything properly, which discourages them from taking on a project like that
- Joined
- Feb 16, 2021
How hard is it to make a new email account ffs?
Also offline password banks are far superior to the online ones. Literally just get something like keypass and put it on a USB Stick. Plug in the USB whenever you need to login to something and then take it out. I use it in combination with veracrypt, but that's just because I'm a paranoid bastard.
Also offline password banks are far superior to the online ones. Literally just get something like keypass and put it on a USB Stick. Plug in the USB whenever you need to login to something and then take it out. I use it in combination with veracrypt, but that's just because I'm a paranoid bastard.
- Joined
- Aug 16, 2020
Since it's best to have a unique password for everything, a notepad is not a very good option. I think it's decent for tech illiterates but if you're on kiwifarms something like KeepassXC at least for the stuff you really shouldn't even remember.
I don't know my Farms password at all and don't store any in my browser because that's retarded.
Not true, "the right way" is simply mundane and boring. It's not like someone broke into chudbuds or walked through the front door, she took something a stranger gave her and did presumably zero due diligence and got pwned. I guarantee if she ran it through Virustotal, which is free and easy, she'd have decided not to run it.
Update: Virustotal didn't flag it. I was wrong.
Last edited:
- Joined
- Dec 12, 2018
Good thing I don’t play video games
- Joined
- Feb 16, 2021
- Joined
- Jan 25, 2020
Where the fuck Jim finds these retards who just download random shit off mediafire without using shit like VMware to isolate potential harm?
Virtual machines provide additional layer of security, assuming that you disabled guest addition and prevent VMs affecting the system hardware, also use different operating systems, IE Linux - Windows or OS X - Windows.
Even better with different physical devices.
Minecraft runs off a fucking potato at this point just to give kiddy winks possibility of mingling with their favorite pedo on public servers on their off the shelf 300 USD craptop.
Side note Josh forgot to mention following
DO NOT STORE ANYTHING SENSITIVE ON CLOUD STORAGE SERVICES.
For example if you link multiple devices to single account let's say Dropbox and store your password there in plain text, a thief who steals your phone has access to your offline data and locally stored files.
Store most sensitive data on thumb drives or other removable storage like SD cards for example.
Lastly
DO NOT USE PUBLIC WIFI, EVER
Your traffic is unencrypted and your device session can be spied on same manner how could glowniggers and others could spy on you using your phone number
- Joined
- Nov 7, 2018
The immediate red flag was the domain name…
chudbuds.lol (most cringe URL I’ve seen in a while, even jimjokefunny.lol would have been better ffs)
If you decide to register your details on a website with a name like chudbuds.lol or one with a shitty/meme TLD, always make it throwaway as the domain name/service is likely to be offline within a year or not properly patched/secured/maintained.
chudbuds.lol (most cringe URL I’ve seen in a while, even jimjokefunny.lol would have been better ffs)
If you decide to register your details on a website with a name like chudbuds.lol or one with a shitty/meme TLD, always make it throwaway as the domain name/service is likely to be offline within a year or not properly patched/secured/maintained.
- Joined
- Dec 12, 2022
Unironically that's been my password security plan for years until last year when I bought the paper notepad, I've reset everything once at least, even if a service has been hacked... who fucking cares lol, you got a dud because of childhood retardation and shit memory
Jasper2K
kiwifarms.net
- Joined
- Feb 15, 2021
Holy fucking autism. Imagine downloading a minecraft mod and getting your whole website hacked. Holy fuck now 
- Joined
- Aug 16, 2020
Josh linked resources that cover much of what he didn't, he can't brief people on how not to be retarded.
Public Wifi isn't ideal but the traffic is almost always encrypted. Without getting autistic I will leave it at "Only use Public Wifi if you use a VPN." You can not reasonably expect normal people to just not use public wifi at all.
- Joined
- Dec 29, 2022
If they download your password vault and hit you with a keylogger that grabs your master password, it's over. Doing this is trivial once full remote access is achieved, i.e. the second you run a bad plugin or executable. Instead of or in addition to a master password, I recommend securing your password vault with a Yubikey. Most big-name password managers support this.
YubiKey for password manager security
Works with your favorite password manager accounts Protect your password manager against breaches with the strongest hardware-based two-factor authentication using the YubiKey. Why use a YubiKey Ultra secure Zero recorded accounttakeovers in 11 years. Thephysical key requires a humantouch and...
www.yubico.com
- Joined
- Oct 3, 2022
circle of life
- Joined
- Dec 29, 2022
Fastmail has strong security, doesn't mandate account recovery bullshit, and is accepted everywhere. Also lets you create aliases to mask your primary email address. But whenever Protonmail's an option and privacy's a major concern, such as on KF, stick with that.
- Joined
- Oct 7, 2020
It was seeing advertisements for it literally everywhere that rubbed me the wrong way. Internet ads, YouTube creator ads, TV ad spots... it felt wrong to me. Then they had a minor breach a few years back that they weren't really forthright about, conveniently just as my subscription was ending.
- Joined
- Feb 4, 2020
She doesn't need to be a security expert she just needed to speak to one, and once they have the site in a workable form have them audit it, and have them try and find issues with it to fix.
It would honestly be as simple as someone with a checklist working through what is the bare minimum expected in terms of protecting data in the event of a hack, or a data leak.
Normal, right minded people wouldn't want to set one of these things up in this "sektur" because not only does it open you up to massive amounts of shit flinging, you become a target for people to fuck with, spend hours of your time developing and maintaining the site and for little to no remuneration. Only attention seeking weirdos like chudbsre would want that smoke.