User Panel
I just signed up for uber for the first time ever this morning. No I need to change my password again?
|
|
Quoted:
I just signed up for uber for the first time ever this morning. No I need to change my password again? View Quote No this was patched earlier in the week. Your password isn't in scope. Bigger problem is there is a list of 150 companies (per cloudflare) that were impacted. These guys need to take steps to protect their customers if they didn't have some mitigating technology n place, like agilebits did. |
|
Any of these a problem here?
ar13l.com ar15mods.com ar15ona.com ar15studio.com ar1i.xyz ar1i7w.loan |
|
Quoted:
Same as any other 2 way communication device. Nothing especially risky about it, you just cannot have them in a secured area. If you don't know what a SCIF is, then you have nothing to worry about. If you do know what one is... Then don't take PEDS into a SCIF, and nothing to worry about View Quote Exactly. There is no prohibition once you leave work. |
|
Quoted:
Exactly. There is no prohibition once you leave work. View Quote View All Quotes View All Quotes Quoted:
Quoted:
Same as any other 2 way communication device. Nothing especially risky about it, you just cannot have them in a secured area. If you don't know what a SCIF is, then you have nothing to worry about. If you do know what one is... Then don't take PEDS into a SCIF, and nothing to worry about Exactly. There is no prohibition once you leave work. Lighten up everyone. I'm sure junior is a) being extra careful which is good; and b) is possibly doing some of the age old 'puffing' about a job so as to make pops proud. By the same token, pops IS proud and impressed. Its not something about which it makes any sense for people to have a go at each other. |
|
Let's make a new password for everyone.
find your favorite song. we all know GD loves this one. Taylor Swift - You Belong With Me https://youtu.be/VuNIsY6JdUw take some words from that song. You belong with me add a number on the end, and remove the spaces, and replace a couple letters with a symbol or number. Yoube1ongwithme87 Congrats you now have a 15+ character password that is easy to remember and hardish to crack. |
|
|
Quoted:
Let's make a new password for everyone. find your favorite song. we all know GD loves this one. https://www.youtube.com/watch?v=VuNIsY6JdUw https://youtu.be/VuNIsY6JdUw take some words from that song. You belong with me add a number on the end, and remove the spaces, and replace a couple letters with a symbol or number. Yoube1ongwithme87 Congrats you now have a 15+ character password that is easy to remember and hardish to crack. View Quote I use a password manager and have unique, pseudorandom passwords for each site. |
|
Quoted:
Lighten up everyone. I'm sure junior is a) being extra careful which is good; and b) is possibly doing some of the age old 'puffing' about a job so as to make pops proud. By the same token, pops IS proud and impressed. Its not something about which it makes any sense for people to have a go at each other. View Quote That's great. I just don't want people to be thinking that there are huge threats they don't know about with their FitBit. |
|
Quoted:
Let's make a new password for everyone. find your favorite song. we all know GD loves this one. https://www.youtube.com/watch?v=VuNIsY6JdUw https://youtu.be/VuNIsY6JdUw take some words from that song. You belong with me add a number on the end, and remove the spaces, and replace a couple letters with a symbol or number. Yoube1ongwithme87 Congrats you now have a 15+ character password that is easy to remember and hardish to crack. View Quote Thanks for that. That password looks pretty good. *logs into bank and changes password to that one* |
|
Quoted:
Let's make a new password for everyone. find your favorite song. we all know GD loves this one. https://www.youtube.com/watch?v=VuNIsY6JdUw https://youtu.be/VuNIsY6JdUw take some words from that song. You belong with me add a number on the end, and remove the spaces, and replace a couple letters with a symbol or number. Yoube1ongwithme87 Congrats you now have a 15+ character password that is easy to remember and hardish to crack. View Quote You don't need to add numbers and other crap, it's random and long enough to be uncrackable just having four different words. It would help if they didn't make grammatical sense though. I use phrases for encryption of data (like hard drives), but I use LastPass premium for everything else. So I have a lot of Jie87_!2kkl-%k passwords. |
|
Quoted:
I will be explaining to intelligent (but mostly tarded) corporate infosec people the impact of this and how it's not relevant to them (me) for months.. I'm waiting on UBER's response. At this point if by mid morning PST they don't have something up for their customers I will be pretty torqued. 99.999% of people have no clue about this mess or its scale but the UBER should and must advise their customer base if not force a password change. They have smart people and could figure out a process to make it suck less. The little guys like okcupid, yeah i doubt their cso/ciso (if they have one) is on this, uber should be way out in front. The ONLY platform user at this point notifying or addressing customers is agilebits / 1password6. There are LOTS of large platforms that offer similar services that are probably fuzzing the shit out of their code now. Here's my certs, some intermediate certs i paid millions for in the DLP realm, can you load them on this system shared with 500 other companies, thanks. View Quote By the by, OKCupid is not small. It's owned by Match, which also owns Tinder and a host of other dating sites. |
|
Tell me more about password managers. I just installed 1 password on my android an it's already pissed me off... As it gives you a sign up for free trial... And doesn't tell me what it does what it works with or what it costs. .
|
|
Quoted:
Tell me more about password managers. I just installed 1 password on my android an it's already pissed me off... As it gives you a sign up for free trial... And doesn't tell me what it does what it works with or what it costs. . View Quote I use LastPass, which I love. It has a plugin for Chrome or Firefox and will autofill your webpages. Or it'll put a button on password signup fields and automatically generate your passwords for you. I would originally set it up on a computer. Then you can have an app that fills things in on your phone as well, but it is a little less seamless. I'll answer anything you want to know if you have other questions. It's made my life so much easier, not having to remember which sites had certain crazy requirements for their passwords. |
|
Quoted:
Which may or may not have been sent your UBER password / username in clear text. View Quote Given as I do not and have not used any of those services (Uber, Fitbit, whatever the hell Okcupid is), it's not a problem for me. I tend to be a bit of a Luddite as far as anything more sophisticated than a PC goes, including all these mobile whatsits that are intended solely for urbanite technophiles. Not my thing, NMFP. |
|
Quoted:
I use LastPass, which I love. It has a plugin for Chrome or Firefox and will autofill your webpages. Or it'll put a button on password signup fields and automatically generate your passwords for you. I would originally set it up on a computer. Then you can have an app that fills things in on your phone as well, but it is a little less seamless. I'll answer anything you want to know if you have other questions. It's made my life so much easier, not having to remember which sites had certain crazy requirements for their passwords. View Quote View All Quotes View All Quotes Quoted:
Quoted:
Tell me more about password managers. I just installed 1 password on my android an it's already pissed me off... As it gives you a sign up for free trial... And doesn't tell me what it does what it works with or what it costs. . I use LastPass, which I love. It has a plugin for Chrome or Firefox and will autofill your webpages. Or it'll put a button on password signup fields and automatically generate your passwords for you. I would originally set it up on a computer. Then you can have an app that fills things in on your phone as well, but it is a little less seamless. I'll answer anything you want to know if you have other questions. It's made my life so much easier, not having to remember which sites had certain crazy requirements for their passwords. I use a Dashlane and it does the same basic stuff. It's probably the most user friendly one out there but the premium (that synchronizes the databases between devices) costs a bit more than the others. |
|
Quoted:
Grumble. Google using NSA level resources to create a simple collision is impressive (especially for the tricks used to speed the job from brute force). But, I hate the hyperbole in reporting these stories. SHA1 is on its way out, and this is only a collision. Their demonstration proves more about the malleability of the .PDF format than about SHA1 right now. I'll be interested to see if anyone comes up with a second preimage attack before SHA1 has been cut out of most of the nets. View Quote Correct. I'm not too concerned about a crypto attack that starts with: Step 1: Build super-computer cluster I remember when the first MD-5 collisions were announced. Lots of wailing and gnashing of teeth...and then everyone just quietly moved over to SHA-1. Same thing will probably happen here... |
|
Quoted:
I use a Dashlane and it does the same basic stuff. It's probably the most user friendly one out there but the premium (that synchronizes the databases between devices) costs a bit more than the others. View Quote View All Quotes View All Quotes Quoted:
Quoted:
Quoted:
Tell me more about password managers. I just installed 1 password on my android an it's already pissed me off... As it gives you a sign up for free trial... And doesn't tell me what it does what it works with or what it costs. . I use LastPass, which I love. It has a plugin for Chrome or Firefox and will autofill your webpages. Or it'll put a button on password signup fields and automatically generate your passwords for you. I would originally set it up on a computer. Then you can have an app that fills things in on your phone as well, but it is a little less seamless. I'll answer anything you want to know if you have other questions. It's made my life so much easier, not having to remember which sites had certain crazy requirements for their passwords. I use a Dashlane and it does the same basic stuff. It's probably the most user friendly one out there but the premium (that synchronizes the databases between devices) costs a bit more than the others. I regularly use 3-4 computers, a tablet, a phone, VMs.... Synchronization is a key feature for me. Lastpass is like $12. And it also stores credit cards and Wifi credentials. Haven't tried Dashlane but I'm pretty happy with Lastpass and it would be tough to talk me into leaving it! |
|
Quoted:
You don't need to add numbers and other crap, it's random and long enough to be uncrackable just having four different words. It would help if they didn't make grammatical sense though. I use phrases for encryption of data (like hard drives), but I use LastPass premium for everything else. So I have a lot of Jie87_!2kkl-%k passwords. View Quote View All Quotes View All Quotes Quoted:
Quoted:
Let's make a new password for everyone. find your favorite song. we all know GD loves this one. https://www.youtube.com/watch?v=VuNIsY6JdUw https://youtu.be/VuNIsY6JdUw take some words from that song. You belong with me add a number on the end, and remove the spaces, and replace a couple letters with a symbol or number. Yoube1ongwithme87 Congrats you now have a 15+ character password that is easy to remember and hardish to crack. You don't need to add numbers and other crap, it's random and long enough to be uncrackable just having four different words. It would help if they didn't make grammatical sense though. I use phrases for encryption of data (like hard drives), but I use LastPass premium for everything else. So I have a lot of Jie87_!2kkl-%k passwords. I dont trust programs to hold my passwords, well except Chrome. |
|
I'm not an uber or fitbit user and I don't recognize any of those websites in the list so I'm not affected but...
I have a non tech guy question: If i was using a password manager would I still be affected by this or it's just easier to change my passwords after? |
|
|
For the technically challenged people here. P@sw0rd1 is not a password you should use... ever. 8-15 characters using letters, numbers, capital letters,
and special symbols. Randomness is key. Use a different password for every place, and enable two-factor authentication on your most sensitive places. Banks, Ebay, PayPal, and many others have this option. It makes logging in take about 30 seconds longer as you have to enter a pin you receive by text, but forces someone logging in to have something they know (Password), and something they have (phone or card). Also, make sure you use a password on your phone! |
|
|
Quoted:
Tell me more about password managers. I just installed 1 password on my android an it's already pissed me off... As it gives you a sign up for free trial... And doesn't tell me what it does what it works with or what it costs. . View Quote I prefer KeePass. It's open source, multiple security options, cloud or local storage, multi-platform, etc |
|
Quoted:
I really dont push things on here. But no he does not. He uses a flip phone because that is what he wants. He wouldn't even text if his Sargent and others in his unit didn't communicate that way. Fit Bit is absolutely forbidden period. When they said it I don't think he misheard. He graduated 1st in his class. One that normally has a 40% drop rate. I think he might have listened. View Quote View All Quotes View All Quotes Quoted:
Quoted:
He is vastly exaggerating his importance. I'll leave it, very charitably, at that. I really dont push things on here. But no he does not. He uses a flip phone because that is what he wants. He wouldn't even text if his Sargent and others in his unit didn't communicate that way. Fit Bit is absolutely forbidden period. When they said it I don't think he misheard. He graduated 1st in his class. One that normally has a 40% drop rate. I think he might have listened. Failed To Load Title |
|
Quoted:
No this was patched earlier in the week. Your password isn't in scope. Bigger problem is there is a list of 150 companies (per cloudflare) that were impacted. These guys need to take steps to protect their customers if they didn't have some mitigating technology n place, like agilebits did. View Quote View All Quotes View All Quotes Quoted:
No this was patched earlier in the week. Your password isn't in scope. Bigger problem is there is a list of 150 companies (per cloudflare) that were impacted. These guys need to take steps to protect their customers if they didn't have some mitigating technology n place, like agilebits did. I tried looking for it myself without success, so where can I find this list of 150 affected companies? Also, @slomofo, I found this tidbit while looking: Today I learned that uber does not have a change password option once you are logged in. You have to log out and pretend you forgot the password. Bad UX if you don't know. |
|
|
|
|
|
View Quote lol Now get your ass to Mars |
|
Can I wrap my fitbit in foil so it can't track me? I need to know what to do.
|
|
|
|
|
|
Quoted:
That's great. I just don't want people to be thinking that there are huge threats they don't know about with their FitBit. View Quote View All Quotes View All Quotes Quoted:
Quoted:
Lighten up everyone. I'm sure junior is a) being extra careful which is good; and b) is possibly doing some of the age old 'puffing' about a job so as to make pops proud. By the same token, pops IS proud and impressed. Its not something about which it makes any sense for people to have a go at each other. That's great. I just don't want people to be thinking that there are huge threats they don't know about with their FitBit. I work for a company that does cyber security, not like home computer stuff. If someone here messed up, or if we did not do our job, it would be a real bad day for everyone. I don't do anything important and I work in the other division, but i will try to talk with one of the security guys, and I will let you know what they say about the FitBit and what security vulnerability/risks come with it, if any. |
|
|
Quoted:
I work for a company that does cyber security, not like home computer stuff. If someone here messed up, or if we did not do our job, it would be a real bad day for everyone. I don't do anything important and I work in the other division, but i will try to talk with one of the security guys, and I will let you know what they say about the FitBit and what security vulnerability/risks come with it, if any. View Quote |
|
Quoted:
I work for a company that does cyber security, not like home computer stuff. If someone here messed up, or if we did not do our job, it would be a real bad day for everyone. I don't do anything important and I work in the other division, but i will try to talk with one of the security guys, and I will let you know what they say about the FitBit and what security vulnerability/risks come with it, if any. View Quote I'm in the business. If I could wear one at work I'd own one. |
|
This thread is like the lol fest that happens after a redeployment ceremony and my half tour backfill joe's parents show up and start regurgitating the nonsense theyve been shoveling since they got to AIT.
|
|
Quoted:
I regularly use 3-4 computers, a tablet, a phone, VMs.... Synchronization is a key feature for me. Lastpass is like $12. And it also stores credit cards and Wifi credentials. Haven't tried Dashlane but I'm pretty happy with Lastpass and it would be tough to talk me into leaving it! View Quote View All Quotes View All Quotes Quoted:
Quoted:
Quoted:
Quoted:
Tell me more about password managers. I just installed 1 password on my android an it's already pissed me off... As it gives you a sign up for free trial... And doesn't tell me what it does what it works with or what it costs. . I use LastPass, which I love. It has a plugin for Chrome or Firefox and will autofill your webpages. Or it'll put a button on password signup fields and automatically generate your passwords for you. I would originally set it up on a computer. Then you can have an app that fills things in on your phone as well, but it is a little less seamless. I'll answer anything you want to know if you have other questions. It's made my life so much easier, not having to remember which sites had certain crazy requirements for their passwords. I use a Dashlane and it does the same basic stuff. It's probably the most user friendly one out there but the premium (that synchronizes the databases between devices) costs a bit more than the others. I regularly use 3-4 computers, a tablet, a phone, VMs.... Synchronization is a key feature for me. Lastpass is like $12. And it also stores credit cards and Wifi credentials. Haven't tried Dashlane but I'm pretty happy with Lastpass and it would be tough to talk me into leaving it! I wouldn't try to talk you out of it. They are both good products and would be worth looking at (along with a couple others) if you were just getting a program, but there's nothing that compelling at the moment to switch everything. |
|
Quoted:
Fuck you and I mean it. I know what he was told and he takes his shit serious. Do you really think there is no tracking or surveillance potential in these devices. Might be why it was automatic dismissal if you took a phone into any of his classes. View Quote View All Quotes View All Quotes Quoted:
Quoted:
Your ridiculous statement. Fuck you and I mean it. I know what he was told and he takes his shit serious. Do you really think there is no tracking or surveillance potential in these devices. Might be why it was automatic dismissal if you took a phone into any of his classes. How do you know what he was told? Was he recording the information he was briefed, so that you could listen to it later or was he just relaying information he was given in a classified area to a non cleared person with no need to know? If you love America you need to approach the FBI about this. If you don't come forward, they may just assume you are his handler given you provide him transportation via cut outs to reach his military unit. It's all very suspicious. Run it by your son and let us know what he thinks. |
|
|
|
Quoted:
Idk I have mine on my person all the time. I'm mad if they been taking me the whole time. View Quote View All Quotes View All Quotes Quoted:
Quoted:
I wonder if people were tracking mine sitting in on a nightstand forever Idk I have mine on my person all the time. I'm mad if they been taking me the whole time. My wife's third cousin is a drone gunner, and he says they love it when their target has a fitbit because they can adjust the missile speed based on the targets steps per minute. |
|
Quoted:
Grumble. Google using NSA level resources to create a simple collision is impressive (especially for the tricks used to speed the job from brute force). But, I hate the hyperbole in reporting these stories. SHA1 is on its way out, and this is only a collision. Their demonstration proves more about the malleability of the .PDF format than about SHA1 right now. I'll be interested to see if anyone comes up with a second preimage attack before SHA1 has been cut out of most of the nets. View Quote I was laughing at the joke, easy now. SHA-1 is only partially broken in certain circumstances. Its likely to be replaced in most instances before its completely broken. |
|
Quoted:
My wife's third cousin is a drone gunner, and he says they love it when their target has a fitbit because they can adjust the missile speed based on the targets steps per minute. View Quote View All Quotes View All Quotes Quoted:
Quoted:
Quoted:
I wonder if people were tracking mine sitting in on a nightstand forever Idk I have mine on my person all the time. I'm mad if they been taking me the whole time. My wife's third cousin is a drone gunner, and he says they love it when their target has a fitbit because they can adjust the missile speed based on the targets steps per minute. I'm drone-proof. They're going to miss me by a mile. Attached File |
|
|
Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!
You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.
AR15.COM is the world's largest firearm community and is a gathering place for firearm enthusiasts of all types.
From hunters and military members, to competition shooters and general firearm enthusiasts, we welcome anyone who values and respects the way of the firearm.
Subscribe to our monthly Newsletter to receive firearm news, product discounts from your favorite Industry Partners, and more.
Copyright © 1996-2024 AR15.COM LLC. All Rights Reserved.
Any use of this content without express written consent is prohibited.
AR15.Com reserves the right to overwrite or replace any affiliate, commercial, or monetizable links, posted by users, with our own.