Yep that’s how I have Syncthing set up. All global and local discovery disabled, no firewall ports open on the clients, no broadcasting, no relay servers. Just syncing through a central server which maintains versioning and where the backups run. Works like a charm.
Yeah this article is complete garbage. Who upvotes this stuff?
Not that it’s my first recommendation for security reasons, and I would never do this in prod, but you can just add the self-signed cert to the local trusted root CA store and it should work fine. No reg changes needed.
If you do this, put it in the store of the user running the client, not LocalMachine. Then you just need to make sure you connect as something in the cert’s SAN list. An IP might work (don’t know since I never try to put IPs in the SAN list), but just use a hosts entry if you can’t modify local DNS.
Edit: after reading the full OP post (sorry), I don’t think it’s necessarily the self-signed cert. If the browser is connecting with https:// and presenting a basic auth prompt, then https is working. It almost sounds like there is a 301/302 redirect back to http after login. Check the Network tab of the browser’s dev pane (F12) to see what is going on.
Wow Forbes cybersecurity reporting is absolute dog shit. So much text to say absolutely nothing useful.
Anyway, this is just an AITM redirection onto a malicious site in the middle that pretends to be the MFA portal and intercept the session cookie.
most of those drinks are specifically designed with the ice in mind
Citation Needed
I use it for providing a text summary of YouTube videos that I can parse quickly. Because everything has to be a gorram video these days.
Yeah you really need a password or TPM PIN protector to protect from cold boot attacks if that is in your threat model.
Bitlocker is extra vulberable because it stores the key in the TPM and requires no password to boot. An attacker can extract the key even if the computer is off when they get it.
This is not true.
You would additionally need to bypass Secure Boot with a separate exploit such as the one in this article (which is mitigated by disabling USB boot) or LogoFAIL to put the TPM PCRs in a state where the keys can be released.
LUKS2 is no different here as either can be TPM-only or require a separate PIN.
An SSO-like payment system with tracking and revocation is a great idea and would be amazing for us consumers. I’m just not holding my breath waiting for the corpos to implement it.
While nowhere near perfect (far from it, really), as long as the sites you are shopping on are PCI-compliant (most should be), you don’t have to worry too much about a compromised site leaking your payment details for use elsewhere.
Basically just use a password manager and don’t worry about saving credit card (NOT debit card) details in the site as long as they aren’t extra-sketchy.
Same here. Sometimes the same/next day shipping can help in an emergency, but otherwise it’s local if possible, or direct from the vendor if not.
Amazon’s shipping has declined and everyone else’s has caught up to the point it’s not much of a difference anymore.
This is like the epitome of the XY Problem.
I agree with the first part but vehemently disagree with the third paragraph.
I suspect it varies wildly based on where you live, but in Chicago there absolutely ARE places with waitstaff worth getting a burger from.
This was an amazing and informative answer. Thank you.
Holy shit, I remember being excited for 2.4 because of iptables. That was over twenty years ago.
I was one of those people. I still maintain hope, but the fear of what the algorithms will do outweighs that hope some days.
The thinking was that people’s core opinions are formed while they are young. They are mostly inherited from your family and society around you, so that information bubbles are formed early that are hard to break out of.
I thought that if people were exposed to multiple cultures and ideas from a young age through the Internet, they would understand them better – not just as foreign concepts told to them through a thick lens of bias from their parents and teachers.
However, I failed to predict the opposite powers. First were the echo chambers that formed, strengthening the deepest dark sides of humanity that, before, were kept locked away in basements lacking anyone with whom to discuss and provide validity. Then the corpos and MBAs figured out they could psychology game us all with algorithms. They didn’t necessarily know at first that the negative content would be the best for driving engagement; but they didn’t care either.
So right now I think the bad is outweighing the good. But I don’t think it has to stay this way forever.
Yeah, this is FSKAX over 3 years. I have a lot of my portfolio in it and it does well. It’s up 24% over that period.
A) Nope. You’re spreading FUD. Got a link?
B) I’m ignoring you. You’re talking gibberish.
B2) You’re still wrong and in over your head. Remember, the ask was for an out of box solution for full drive encryption, silently decrypted via TPM (using Secure Boot’s PCR 7) that still supports OS hibernation.
C) Wut?
“To read the purported PDF document, victims are persuaded to click a URL containing a list of steps to register their Windows system. The registration link urges them to launch PowerShell as an administrator and copy/paste the displayed code snippet into the terminal, and execute it.”
This is not new, nor is it newsworthy.