A Linux host and Windows guest is what I consider an ideal setup for a poker computer. While nothing other than your brain can protect you from every form of malware (including keyloggers), your setup is very secure as long as you follow a couple of steps.

1. Keep Vista updated, don't use it for web browsing, and only install the necessary poker apps (Stars, HEM, etc)
2. On the host, only use packages from the official repository.

Some people will say you should still run anti-virus software on your Windows guest but I disagree. I don't think it's needed.

I would still run NoScript on the host.

Just watched all the vids- Really cool of you to do this as it helped a lot.

As a side- Do you like Butterscotch? Anywhere you point me will be cool.

Thanx again

www.butterscotch.com - this is the home of a lot of Creative Commons licensed content including indie bands, movies, and documentaries

http://www.butterscotchbutterschotchbutterscotch.com/ - good pudding

http://butterscotch-lover/ - concert recordings from bootleg-friendly artists.

http://www.hownowbutterschotch.com/ - a bunch of butterscotch recipies that have fallen into the public domain.


Not all butterscotch is bad, but most of it is so we don't talk about it much.

Thanks for taking the time to write this (and so quickly )

Just finished adding no-scripts to my [new] firefox browser with secunia and Avira on my list...

Thanks again- much appreciated to a computer newbie

I just megafailed securing my passwords. I was in the process of changing my poker email account password to something more secure. Problem is I accidentally didn't save my KeePass db so I don't know the password to the email account.

It's a yahoo account and I don't remember ever setting the challenge question and my incorrect guesses lead to my account being locked. Considering all of my poker accounts are connected to this email I'm royally fudged if I can't recover the account.

Anybody ever have the same thing happen to them? It took me about 20 minutes to find a way to get in touch with yahoo support so I've sent them an email explaining the situation.

first of all, thank you for this very helpful information and those epic vids

I got a general question: Is not a RSA security token limitating the likelihood of being hacked towards zero?

The RSA token is extremely effective at preventing malicious access to your accounts but it is not 100% effective.

Even with an RSA token there are still plenty of ways to get hacked if you are not following proper security practices.

Hi funkyworms, thanks a lot for the videos much appreciated.

Do you know whether or not my email is it a higher risk of begin hacked if I have it setup on my BB so that they get sent directly to my phone? Ie I dont have to type in a password.

Also, I use noscript like you advised, although didnt fully understand what its purpose is and after researching it I'm still not too sure anyway basically it will block scripts on any site I go on which means I cant see everything on the webpage, unless I click allow scripts.. how do I know if I should allow scripsts on a site, or if I trust a site? It seems to me that it is just a sort of website blocker that asks if you trust the site when you go on one, and if yes you can view it.. but how does one know if the site is safe or not?

Thanks man

I am getting a new laptop funkyworms from Dell. I am defiantly going to install my own operating system because of all the junk that Dell installs. I am wondering what your thoughts are on using Linux (probably ubunutu) as the main operating system and then using virtualbox for windows xp or 7. Also would virtualbox be better or dual boot? Another thing what is recovery like? For example if linux corrupts and breaks can I still get access to the Windows virtual machine? Something else would using a virtualbox lag with a big hem database and 6 tables?

Great, just what I needed.

My keepass doesnt have a 'memory' option in the tools section??

Sweet!

I have covered Virtualbox in a previous post.

I recommend Virtualbox over a dual-boot.

Yes you will have access to clone your VM if Linux becomes corrupted assuming that the corruption wasn't the result of a disk error.

It just depends on the speed of your machine and the size of your DB, but even with a very large DB and modest laptop specs you should be able to handle 6 tables with no lag.

If you lose your phone then someone will have access to your emails, but your password is still being entered somewhere along the way so no I don't think it increases you likelihood of being hacked. You might consider password protecting your BB, though.

Don't worry too much about which scripts to allow in NoScript. If a page is broken then allow scripts on that domain. If the page is still broken then start temporarily allowing other domains. Once you learn which scripts are required then revoke all of the temporary permissions and make the required permissions permanent. Eventually you'll learn which domains are needed and which are simply serving ads/crap.

If a page looks sketchy just move along and don't allow any scripts. Recognizing sketchy pages will have to be learned on your own.

surely the idea of keeping all your passwords in one database is kinda dumb? if people know this is popular attention and effort from dubious folk will be put into crcaking these?

Um, no you can't crack keepass provided you have a decent master password. You can hack it through human error like anything else but to crack the encryption it would take 50 years on a consumer class computer with technological advances taken into account to do so. To help the case get one of those http://www.yubico.com/products/yubikey/ It works with keepass.

like the sound of the yubikey, do you have one? hoe does it work, does it enter your passwords for you or just allow you to get onto your machine?

am i screwed if i lose it?

It works on any computer that has USB and it acts as a keyboard. You press a button and it automatically enters a long password that you set earlier. You can lock computer with it or use it to open you keepass db or check email etc.

It can also work similar to the RSA token from Stars and its actually more secure than RSA token. But the website you access would have to support it. So far none of the poker websites do. But google apps, fastmail and many security software products like keepass and truecrypt support it. Since it is opensource and so cheap it grows fast.

Also since it is opensource you don't have to worry about whats built into it.

And you can just use a second yubikey as a back up. Or write the password down on a piece of paper and store it in a safe place old fashioned way.

Also, heard good things about this http://www.youtube.com/watch?v=tggvtg1hX2U Works with Windows and Mac and there are limited Linux drivers too.

good shout cheers for the help

Can you get it to work to log into windows?

If you want to use it simply to store a long complex password it should work with anything I think. If you want an extra strong two way authentication to log into Windows, similar to RSA token, you can get something like this http://www.rohos.com/2008/07/yubikey/

When there is a keylogger on your computer and you don't know it yet. Is there a programm wich can make your passwords unreadable for a keylogger?

There are programs that claim to do so, but I can not vouch for them. Keyscrambler is an example of such programs. The reason I don't recommend any such program:

1. If you get a keylogger then your system should be considered completely compromised. All data and all actions on your system are subject to monitoring.
2. I can't verify that they actually work.
3. Keyloggers are 100% preventable.

The best way to thwart keyloggers is to practice safe computing habits. If you follow the advice in the videos you will not get a keylogger. I almost guarantee it.

What's the deal with DivX player? Is it ok? It keeps telling me to update and install the divx control panel?

I stream some stuff online, mainly from deleted (great site). There is a divx video link on there, but i dont really use it...

You probably don't need the DivX player. The VLC plug-in should play divx videos. The whole divx suite is the type if crap software I recommend avoiding.

That site you mentioned is also one of the sketchy sites that you should be avoiding.