JonCole Posted April 10, 2014 Yeah, I subscribe for Premium because I really think LastPass makes it easy to be secure and I feel confident that they are good stewards of my data. The number of options you have to doubly and triply secure your data is very reassuring. I've tried using KeePass before but found it quite a bit more difficult to figure out that LP. Not only that, but due to the cloud-based nature of the service it's must more accessible on different platforms and different machines than most other services/programs I've encountered. The ease of using the service cannot be overstated. The reasons that people aren't secure with their data is largely based on convenience, it's so much easier to use the same password everywhere so that's what most people do. LastPass is compelling because all it takes is a browser plug-in installation and you can hit the ground running. Share this post Link to post Share on other sites
Professor Video Games Posted April 10, 2014 Yeah I agree with all the things you guys are saying. I brought up KeePass mainly because it's free, and cost, no matter how low or reasonable, can be a weird mental barrier for some people. I stick with it now because I'm used to it and too lazy to bother trying something else at this point. Share this post Link to post Share on other sites
SecretAsianMan Posted April 10, 2014 I said it earlier, but Lastpass is free. It's just certain features that require a premium account but the free version is still pretty robust and includes most of the things mentioned (password generator, vault, autofill, local encryption/decryption, sharing, browser extensions, some forms of 2-factor authentication). The main reason I have a premium subscription is because of mobile use. Typing passwords on a phone is WAY more annoying and Lastpass makes it incredibly convenient. But that isn't a discouragement of the other password managers. Certainly use whatever you think is better. Share this post Link to post Share on other sites
Professor Video Games Posted April 10, 2014 Well then at least it's good to see that my selective reading comprehension skills are still in good form Share this post Link to post Share on other sites
Dewar Posted April 10, 2014 I guess maybe it's time to get a password manager rather than using a combination of same passwords (for non-important sites) and text files on my home PC. Share this post Link to post Share on other sites
cyrix Posted April 10, 2014 I have been using a KeePass and Dropbox setup for a while now, and I highly recommend it.I like having my password safe be in my control and it allows easy integration with my android phone (easier if i had chosen to use google drive instead of dropbox) so I always have access to my keepass file.I used lastpass for a while before switching over to keepass, at the time i did it mostly so i could access my passwords on my phone more easily. things may have changed though.I have also heard good things about 1password but it is a paid application and keepass does what I want it too. Share this post Link to post Share on other sites
Codicier Posted April 10, 2014 BBC have a nice little summary of who's patched/not patched for anyone wondering which sites its safe to change passwords on yet. http://www.bbc.co.uk/news/technology-26971363 Share this post Link to post Share on other sites
Sno Posted April 11, 2014 http://www.cnet.com/news/which-sites-have-patched-the-heartbleed-bug/Cnet compiled a much more comprehensive list that seems to seeing ongoing updates and additions.However, one of the issues here is that while many big sites have patched the hole, many have yet to renew their ssl certificates as a related precaution. Also, at the end-user level, most of your stuff will likely see automatic updates to fix any possible vulnerabilities, but you should all check the manufacturer sites for your routers, or the sites for your custom router firmwares, to see if those are vulnerable. Share this post Link to post Share on other sites
JonCole Posted April 11, 2014 LastPass's tool checks when the certificate was last updated. Share this post Link to post Share on other sites
Sno Posted April 11, 2014 Yeah, it's been useful for that. Share this post Link to post Share on other sites
Codicier Posted April 11, 2014 http://www.cnet.com/news/which-sites-have-patched-the-heartbleed-bug/ Cnet compiled a much more comprehensive list that seems to seeing ongoing updates and additions. However, one of the issues here is that while many big sites have patched the hole, many have yet to renew their ssl certificates as a related precaution. Also, at the end-user level, most of your stuff will likely see automatic updates to fix any possible vulnerabilities, but you should all check the manufacturer sites for your routers, or the sites for your custom router firmwares, to see if those are vulnerable. tnx for that more comprehensive list Sno On a different but related note: I have a old Samsung NC-10 Netbook laptop which has served me well as a back up / away from home, basic work machine the past few years, the problem is that it runs win XP. With Microsoft finally having stopped support for XP and with so much crap going on with heartbleed I'm feeling its not a time for having a vulnerable system which means its also time for a new OS. so... Can anyone suggest a version of Linux that offers a good stable, and secure OS alternative for a low power machine like my ageing Netbook? and which can be installed from a USB flash drive with only a medium level of IT literacy. Share this post Link to post Share on other sites
JonCole Posted April 11, 2014 Probably something like Lubuntu. I thought this was a clever explanation by xkcd of how Heartbleed works: Share this post Link to post Share on other sites
SecretAsianMan Posted April 11, 2014 I was just about to post that comic. I didn't actually know the mechanism of how it worked but that helped me get a better idea. Share this post Link to post Share on other sites
Sno Posted April 11, 2014 The way i understand it, the heartbeat function is used to verify the integrity of a secure connection to a server, it sends packets back and forth between the host and the client and if that goes out of sync or is interrupted, the server is supposed to know something is wrong with the connection. The problem is, it doesn't validate the contents of that heartbeat, so a malicious attacker can say it's sending data to the server when it really isn't, and when the server tries to respond, it starts spitting out random memory contents because there was nothing else to actually send back.The guy who actually wrote the offending piece of code was out there doing some interviews about this, he says it was a simple mistake and makes the argument that for something as important and widespread as openSSL, there aren't enough people peer-reviewing contributions. Share this post Link to post Share on other sites
SecretAsianMan Posted April 11, 2014 I looked at the code (as well as a technical breakdown of the flaw) and it's scary how simple it is. It's literally one line of code that's the problem, and the fix is like 5 lines. It reminds me of college when I was learning about buffer overflow exploits. I complain about the cyber security hoops that I have to jump through at work, but at times like these they really make sense. Share this post Link to post Share on other sites
JonCole Posted April 11, 2014 The NSA knew about Heartbleed for two years and did nothing about it. Fuck everything - http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html Share this post Link to post Share on other sites
Sno Posted April 11, 2014 I concur, fuck everything.What a nightmare.Edit: Also, apparently widespread attacks are now happening. So uh... Has this site been patched yet? Share this post Link to post Share on other sites
Twig Posted April 11, 2014 Yeah I think tabacco patched it basically as soon as it became known. At least I remember him pasting something in chat about it. (I could be wrong, though. Don't trust me on this, I guess!) Share this post Link to post Share on other sites
Dewar Posted April 11, 2014 Interesting, that could potentially be illegal if they obtained information from legimate user accounts that they were not investigating directly. Share this post Link to post Share on other sites
Professor Video Games Posted April 11, 2014 Nothing says national security like leaving potentially devastating vulnerabilities in your nation's infrastructure... Share this post Link to post Share on other sites
Brannigan Posted May 3, 2014 Trying to convert an mp4 into a dvd friendly format, having a terrible time, Has anyone done this? What format/options should I use? Was trying to convert with vlc media player. Share this post Link to post Share on other sites
brkl Posted May 3, 2014 Whenever I have to deal with crap like that I turn to ffmpeg. For some reason it seems like any time I have to deal with video, my use case is so special that it's easier to find the right command than wrangle with some GUI. http://www.kevssite.com/2009/02/22/converting-a-video-file-to-dvd-with-ffmpeg/ Share this post Link to post Share on other sites
Ben X Posted May 3, 2014 Handbrake is also good for converting video files. Share this post Link to post Share on other sites
JonCole Posted May 3, 2014 I like Freemake for converting between various file types, I use it most frequently to turn MP4/MOV/AVI -> WMV for use in Powerpoint presentations for work. Handbrake is what I use for converting between MKV -> MP4 or vice-versa. Share this post Link to post Share on other sites
Brannigan Posted May 3, 2014 Freemake ended up being the one that worked, thanks fellas Share this post Link to post Share on other sites
