Fuel Economy, Hypermiling, EcoModding News and Forum - EcoModder.com - View Single Post

redpoint5 · 11-29-2023, 02:30 AM

I went online in 1995. The small scale of things then meant the risks were also smaller. In such simple times, I used a single username, and 2 password iterations so that I could remember it without writing stuff down. Unimportant stuff like forum logins had a more simple password, and important stuff like bank accounts had a more complex password. I've probably created a hundred accounts or more using that logic.

About a year ago, I was locally remotely (it's not an oxymoron) connected to a server and got disconnected. That almost never happens on an internal network. I got paranoid that someone else had used my credentials to remotely connect to it and boot me from my session. Then I attempted to log into my WiFi router, and the credentials had been changed. I unplugged it, and then reset to factory default. Changed credentials to something new. Removed the idiotic port forwarding for RDP to my server using the default 3389 port. Changed server password...

Yesterday I couldn't get into Netflix. Someone changed the credentials. It took 90 minutes for me to wrestle back control of my account. I dismissed the incident as probably forgetting to sign out of a device somewhere, and someone taking advantage of that fact.

Today I got a text message that Kahil started shopping for my Walmart order. Then a text that Ryan was picking out my order. Then a text that Darren was gathering my Walmart order.

Asked my wife if she ordered anything from Walmart and she said no. Looked at my current email account and saw no Walmart activity except the twin mattress I ordered a few days ago (1.5 year old can plank, pivot, and drop from the crib rails). Tried to log into my old email account, and the credentials didn't work. Filthy Russian hackers had gained control of it. I hadn't used that account since 2009. I wrestled back control of that email account, and called Walmart to cancel the orders.

The hackers deleted the Walmart emails on the legacy email platform to try to conceal them. The hackers changed both the password and email address of that old Walmart account, meaning I had no way to recover that account, so I canceled it. Somehow it had a valid credit card of mine on it, and my parents received nasal spray and dog treats today, addressed to my sister. At one point, 2 Walmart carriers were at my parents at the same time. Very funny kids. $220 of nonsense items sent to my parents by identity thieves.

My comment is that as technologically sophisticated as I am, it strikes me that less savvy folk stand even less chance than me at thwarting attacks.

My question is what are some best practices to harden technology and reduce attack footprint?

Seems the old logic of 1 username and 2 passwords depending on importance is not good enough. I've enabled 2FA (two factor authentication) on the important stuff now.

My sense is that AI will make people extremely vulnerable in the future, and the counter will be AI. My other scary thought is that I can only see a few possible outcomes:

1. high trust society
2. no trust society
3. no society

1 seems unlikely. 2 seems probable and unfortunate. 3 is the result of the failure of 1 and 2.

11-29-2023, 02:30 AM	#1 (permalink)
redpoint5 Human Environmentalist Join Date: Aug 2010 Location: Oregon Posts: 12,588 Acura TSX - '06 Acura TSX 90 day: 24.19 mpg (US) Lafawnda - CBR600 - '01 Honda CBR600 F4i 90 day: 47.32 mpg (US) Big Yeller - Dodge/Cummins - '98 Dodge Ram 2500 base 90 day: 21.82 mpg (US) Chevy ZR-2 - '03 Chevrolet S10 ZR2 90 day: 17.14 mpg (US) Model Y - '24 Tesla Y LR AWD Thanks: 4,263 Thanked 4,428 Times in 3,397 Posts	Identity Theft I went online in 1995. The small scale of things then meant the risks were also smaller. In such simple times, I used a single username, and 2 password iterations so that I could remember it without writing stuff down. Unimportant stuff like forum logins had a more simple password, and important stuff like bank accounts had a more complex password. I've probably created a hundred accounts or more using that logic. About a year ago, I was locally remotely (it's not an oxymoron) connected to a server and got disconnected. That almost never happens on an internal network. I got paranoid that someone else had used my credentials to remotely connect to it and boot me from my session. Then I attempted to log into my WiFi router, and the credentials had been changed. I unplugged it, and then reset to factory default. Changed credentials to something new. Removed the idiotic port forwarding for RDP to my server using the default 3389 port. Changed server password... Yesterday I couldn't get into Netflix. Someone changed the credentials. It took 90 minutes for me to wrestle back control of my account. I dismissed the incident as probably forgetting to sign out of a device somewhere, and someone taking advantage of that fact. Today I got a text message that Kahil started shopping for my Walmart order. Then a text that Ryan was picking out my order. Then a text that Darren was gathering my Walmart order. Asked my wife if she ordered anything from Walmart and she said no. Looked at my current email account and saw no Walmart activity except the twin mattress I ordered a few days ago (1.5 year old can plank, pivot, and drop from the crib rails). Tried to log into my old email account, and the credentials didn't work. Filthy Russian hackers had gained control of it. I hadn't used that account since 2009. I wrestled back control of that email account, and called Walmart to cancel the orders. The hackers deleted the Walmart emails on the legacy email platform to try to conceal them. The hackers changed both the password and email address of that old Walmart account, meaning I had no way to recover that account, so I canceled it. Somehow it had a valid credit card of mine on it, and my parents received nasal spray and dog treats today, addressed to my sister. At one point, 2 Walmart carriers were at my parents at the same time. Very funny kids. $220 of nonsense items sent to my parents by identity thieves. My comment is that as technologically sophisticated as I am, it strikes me that less savvy folk stand even less chance than me at thwarting attacks. My question is what are some best practices to harden technology and reduce attack footprint? Seems the old logic of 1 username and 2 passwords depending on importance is not good enough. I've enabled 2FA (two factor authentication) on the important stuff now. My sense is that AI will make people extremely vulnerable in the future, and the counter will be AI. My other scary thought is that I can only see a few possible outcomes: 1. high trust society 2. no trust society 3. no society 1 seems unlikely. 2 seems probable and unfortunate. 3 is the result of the failure of 1 and 2. __________________ Gas and Electric Vehicle Cost of Ownership Calculator Give me absolute safety, or give me death!