Two Plus Two Publishing LLC Two Plus Two Publishing LLC
 

Go Back   Two Plus Two Poker Forums > >

Notices

Computer Technical Help Post your questions about computer hardware and software and configuring same here.

Reply
 
Thread Tools Display Modes
Old 06-22-2010, 03:57 PM   #151
Quasar30
old hand
 
Quasar30's Avatar
 
Join Date: Apr 2008
Posts: 1,867
Re: Computer Security for Poker Players (videos)

Great work funkyworms!

I added a couple of things i didnt use earlier and tomorrow im adding untangle and will use truecrypt and then i have everything from your list.

Im doing some things different from you

...my important passwords im not saving in firefox.

...my poker and internet banking passwords are made up of two parts, the first being strong from Keepass and the second weaker and not saved in Keepass.

...I use several secure email-accounts.

...Also, im not using AIM, MSN or similar, but maybe you mentioned this in online behaviour, i dont remember.

...And im using the full version of Avast...and run some other scanners on a regular basis.


I have a question. Keeping a majority of your passwords on Keepass and all your poker accounts on the same email, is that safe?

If they get to your Keepass or your email they basically get access to all your online money except for the sites where you have a security token.

Last edited by Quasar30; 06-22-2010 at 04:10 PM.
Quasar30 is offline   Reply With Quote
Old 06-22-2010, 04:53 PM   #152
Quasar30
old hand
 
Quasar30's Avatar
 
Join Date: Apr 2008
Posts: 1,867
Re: Computer Security for Poker Players (videos)

Also thinking about downloading GnuPG.
Is this good if i want to encrypt my other emails.
Like windows mail and yahoo?
Quasar30 is offline   Reply With Quote
Old 06-22-2010, 05:56 PM   #153
funkyworms
Pooh-Bah
 
funkyworms's Avatar
 
Join Date: Jun 2004
Posts: 4,250
Re: Computer Security for Poker Players (videos)

Quote:
Originally Posted by Quasar30 View Post
Also thinking about downloading GnuPG.
Is this good if i want to encrypt my other emails.
Like windows mail and yahoo?
The easiest way to implement OpenPGP encryption for your email is with Thunderbird + Enigmail + GnuPG.

You should note that in order to send/receive encrypted emails, both sender and recipient must have some OpenPGP compatible client installed. So while installing and configuring OpenPGP might be fun for you, the actual benefits of doing so will be pretty limited unless you convince all of your friends to install it too.
funkyworms is offline   Reply With Quote
Old 06-23-2010, 08:04 AM   #154
Quasar30
old hand
 
Quasar30's Avatar
 
Join Date: Apr 2008
Posts: 1,867
Re: Computer Security for Poker Players (videos)

Quote:
Originally Posted by funkyworms View Post
The easiest way to implement OpenPGP encryption for your email is with Thunderbird + Enigmail + GnuPG.

You should note that in order to send/receive encrypted emails, both sender and recipient must have some OpenPGP compatible client installed. So while installing and configuring OpenPGP might be fun for you, the actual benefits of doing so will be pretty limited unless you convince all of your friends to install it too.
Ok, didnt know that, thx for saving me an hour of unnecessary work.
Quasar30 is offline   Reply With Quote
Old 07-06-2010, 04:32 PM   #155
Quasar30
old hand
 
Quasar30's Avatar
 
Join Date: Apr 2008
Posts: 1,867
Re: Computer Security for Poker Players (videos)

Is a windows mail (i.e non-webmail) account more secure than a gmail account if it is set up in the same way as you recommend for the gmail?
Quasar30 is offline   Reply With Quote
Old 07-06-2010, 05:51 PM   #156
funkyworms
Pooh-Bah
 
funkyworms's Avatar
 
Join Date: Jun 2004
Posts: 4,250
Re: Computer Security for Poker Players (videos)

Quote:
Originally Posted by Quasar30 View Post
Is a windows mail (i.e non-webmail) account more secure than a gmail account if it is set up in the same way as you recommend for the gmail?
No more. No less.
funkyworms is offline   Reply With Quote
Old 07-07-2010, 05:18 PM   #157
Pletho
Pooh-Bah
 
Join Date: Oct 2008
Posts: 4,259
Re: Computer Security for Poker Players (videos)

Are you serious? Thats alot of stuff to implement isn't it? Isn't there some SIMPLE way to protect yourself from would be attackers?
Pletho is offline   Reply With Quote
Old 07-08-2010, 01:24 AM   #158
funkyworms
Pooh-Bah
 
funkyworms's Avatar
 
Join Date: Jun 2004
Posts: 4,250
Re: Computer Security for Poker Players (videos)

Quote:
Originally Posted by Pletho View Post
Are you serious?
Yes
Quote:
Thats alot of stuff to implement isn't it?
Is it?
  • Install a proper Anti-virus (5 minutes to install Avira)
  • Use strong and unique passwords (5 minutes to install Keepass)
  • Use Firefox with NoScript (2 minutes to install)
  • Secure your network (10 minutes to configure router)
  • Don't install junk software (8 minutes to watch video and learn what is junk)
  • Keep all software updated (5 minutes to install Secunia)
  • *Optional* Encrypt your hard drive if you're concerned about personal data (30 minutes to install and learn about Truecrypt)

I'll be generous and assume it takes you twice as long as I quoted above. I'll also assume that you watch all the videos. That's a one-time commitment of 2 hours for a secure computer and a better understanding of computer security. How much simpler do you want? Plus you have a video guide showing you exactly how to do it.

Quote:
Isn't there some SIMPLE way to protect yourself from would be attackers?
Are you serious?

Last edited by funkyworms; 07-08-2010 at 01:42 AM.
funkyworms is offline   Reply With Quote
Old 07-08-2010, 02:18 PM   #159
Eman6969
veteran
 
Eman6969's Avatar
 
Join Date: Jan 2007
Posts: 2,333
Re: Computer Security for Poker Players (videos)

I encrypted my hard drive with truecrypt but I just realized I probaly dont need it. How do I turn my hard drive back to the way it was before truecrypt?
Eman6969 is offline   Reply With Quote
Old 07-08-2010, 02:31 PM   #160
funkyworms
Pooh-Bah
 
funkyworms's Avatar
 
Join Date: Jun 2004
Posts: 4,250
Re: Computer Security for Poker Players (videos)

Quote:
Originally Posted by Eman6969 View Post
I encrypted my hard drive with truecrypt but I just realized I probaly dont need it. How do I turn my hard drive back to the way it was before truecrypt?
Truecrypt > System > Permanently decrypt system partition/drive.
funkyworms is offline   Reply With Quote
Old 07-08-2010, 05:40 PM   #161
pasita
adept
 
Join Date: Mar 2007
Posts: 1,100
Re: Computer Security for Poker Players (videos)

About password security, still a bit unclear on some items:

1) In case I get infected by a keylogger, is Keepass going to help me at all? I still have to enter the password for that and after that, everything stored in the database is open for invaders?
2) Assuming that I have password that are not found by dictionary attacks but I can remember, does Keepass offer me anything other than the ease of copy pasting the stuff on poker clients?
3) If I keep passwords stored on poker clients or my browser, I evade the risk of keyloggers but there are other risks involved. I assume the Keepass route is still considered more safe?
4) If I use an unsafe PC to log in to my email/poker client, is there any way of making that secure, other than right away changing the password from a safe computer (kind of redundant idea... if I had the safe computer at hand, I'd use it in the first place)?

A bonus question: I suppose it's more likely that someone grabs my password from my PC and uses it elsewhere, rather than somehow making use of my data at my PC directly, while I'm happily browsing away at 2+2?
pasita is offline   Reply With Quote
Old 07-08-2010, 07:29 PM   #162
funkyworms
Pooh-Bah
 
funkyworms's Avatar
 
Join Date: Jun 2004
Posts: 4,250
Re: Computer Security for Poker Players (videos)

Quote:
Originally Posted by pasita View Post
About password security, still a bit unclear on some items:

1) In case I get infected by a keylogger, is Keepass going to help me at all? I still have to enter the password for that and after that, everything stored in the database is open for invaders?
2) Assuming that I have password that are not found by dictionary attacks but I can remember, does Keepass offer me anything other than the ease of copy pasting the stuff on poker clients?
3) If I keep passwords stored on poker clients or my browser, I evade the risk of keyloggers but there are other risks involved. I assume the Keepass route is still considered more safe?
4) If I use an unsafe PC to log in to my email/poker client, is there any way of making that secure, other than right away changing the password from a safe computer (kind of redundant idea... if I had the safe computer at hand, I'd use it in the first place)?

A bonus question: I suppose it's more likely that someone grabs my password from my PC and uses it elsewhere, rather than somehow making use of my data at my PC directly, while I'm happily browsing away at 2+2?
I want to preface my response by saying that this is all dealing in the hypothetical. If you follow the advice in the videos you won't get a keylogger. You just won't. I can't put it more plainly. You have a better chance of getting struck by lightning.

1) No, but nothing will. If you get a keylogger and continue using your computer, nothing is safe. Once malware is active on your system your entire system should be considered compromised. Nothing can protect you regardless of their claims. Simply having malware on your system won't allow a would-be attacker to crack your keepass database. However, they would probably have your master password. They would need a keylogger and some sort of access to your computer to have open reign on your keepass database. The important step is not getting a keylogger.

2) Every account should have a unique password. Are you capable of remembering all of your passwords and password recovery questions? If so, I guess you don't need Keepass.

3) Storing passwords in clients doesn't protect you from keyloggers. I store passwords in my poker clients and Firefox.

4) Don't do it.

Bonus: I don't know what you're asking, but someone doesn't just "grab your password" and if they do they almost certainly don't have remote access to your machine. This is a far-fetched situation that simply won't happen if you follow the videos.
funkyworms is offline   Reply With Quote
Old 07-09-2010, 06:05 AM   #163
pasita
adept
 
Join Date: Mar 2007
Posts: 1,100
Re: Computer Security for Poker Players (videos)

funkyworms, first of all, thanks for all the info in the thread. I don't want to appear stubborn, just needed to get some things cleared in my head.

As for 3) I was a bit surprised... if you keep passwords stored in poker client, what is Keepass actually needed for? Generating a strong password? Actually I was under the impression that the client is not the safest place to store the password in the first place. I assume different sites use different (proprietary) ways of securing the data. Do you know about those?
pasita is offline   Reply With Quote
Old 07-09-2010, 07:23 AM   #164
kerowo
lolcat
 
kerowo's Avatar
 
Join Date: Nov 2005
Posts: 33,540
Re: Computer Security for Poker Players (videos)

Sometimes sites will ask you for your password even if you have them remember it. Sometimes sites will forget that you have told them to remember your password. So you may need to re-enter the password even if it is saved. You may have password you don't use very often that you don't want to have to remember. Also, the sites always know what your password is, even if you don't remember it. If you are going to be afraid of trusting the site with a password to that site you may be a bit too paranoid.
kerowo is offline   Reply With Quote
Old 07-09-2010, 09:03 AM   #165
pasita
adept
 
Join Date: Mar 2007
Posts: 1,100
Re: Computer Security for Poker Players (videos)

Quote:
Originally Posted by kerowo View Post
Also, the sites always know what your password is, even if you don't remember it. If you are going to be afraid of trusting the site with a password to that site you may be a bit too paranoid.
I would have though they only know the hash of my password? Although there's one site where online support always asks for 2 first letters of my password before they answer anything, and the password is only a couple of letters and always autogenerated... I don't keep money on that site any more.

Trusting a site with my credentials and money is still different from trusting my password to the client software, as it's somehow stored on my computer (I assume). Unfortunately I don't know how it's stored.
pasita is offline   Reply With Quote
Old 07-13-2010, 02:33 PM   #166
donkontilt4u
old hand
 
donkontilt4u's Avatar
 
Join Date: Sep 2007
Location: At my PC, where else?
Posts: 1,441
Re: Computer Security for Poker Players (videos)

Thanks for all your work on this funky. I might have to give that Yubico key a shot!
donkontilt4u is offline   Reply With Quote
Old 07-17-2010, 09:39 AM   #167
ThePolygraph
newbie
 
Join Date: Oct 2007
Posts: 32
Re: Computer Security for Poker Players (videos)

Thanks a lot for producing these videos funkyworms, they really are so informative! I was pleased to see that I already take some of the precautions you recommend, but there are a few things I'm not clear on:

No-Script

I don't have a clue about how scripts work, but I'd like to understand this better. You mentioned that if one were to use Firefox with No-Script it would be pretty much impossible to get infected from browsing YouTube. But then you allowed (white-listed) the youtube & ytimg domains. Does this mean that if a dangerous script were on that page, it would be listed as something other than those two?

Also, since I installed No-Script, I have only been to a handful of sites but have had to allow scripts at most of them. Right here for example, when typing this post, I had to white-list 2+2 before I could use the bold/italics buttons in the editor. As I'm not an expert on these things and, if I need to keep 'allowing' all the sites I want to visit then isn't it just like a novice who uses a personal firewall and clicks 'allow allow allow'?

I don't mean this to sound like an argument haha. It's just that if I have to allow scripts at every forum, every site that has embedded videos, every site that uses flash etc, then it basically comes down to 'allow everything, but don't visit suspicious sites' which is just like saying 'don't install trash and you won't need to use something like Comodo'. Hopefully I have misunderstood how this works, and will be tutored shortly! I mentioned the firewall thing here because, for some time, I was doing exactly what you said - using Comodo and after deciding that I will install something, then just clicking 'allow allow allow' which is pretty damn pointless lol.

Installing Software

Until I read your advice about osalt & sourceforge my usual procedure for finding new software was to select something and then upload it to Virus Total. If it came back clean I would trust it. Was this a really poor system?

Torrents & Rapidshare etc

Kerowo says "don't use 'em" and don't talk about them.


And one final query was about checking the 'remember my username/password' box in the PokerStars client. Does it mean my details are saved into the user.ini file? Is this not recommended?

Thanks again for all the advice you've given here!!

Last edited by kerowo; 07-18-2010 at 10:28 PM. Reason: No torrent talk
ThePolygraph is offline   Reply With Quote
Old 07-20-2010, 03:31 PM   #168
GRANTCKING
banned
 
GRANTCKING's Avatar
 
Join Date: Feb 2008
Posts: 751
Re: Computer Security for Poker Players (videos)

good work with the videos funky, ur voice soothes my soul
GRANTCKING is offline   Reply With Quote
Old 07-29-2010, 09:46 AM   #169
nytimcar
stranger
 
Join Date: Sep 2005
Posts: 4
Re: Computer Security for Poker Players (videos)

I'm basically a computer illiterate and I am very interested in your thread. I tried firefox as my browser with no script and found them really slow. A tech from some site I can't recall recommended Google Chrome which I'm using as my browser now. I haven't even seen this in the few threads I've read so far. Is Google Chrome an option if I want to follow your thread? TKS nytim
PS I'm going to follow your advise.
nytimcar is offline   Reply With Quote
Old 07-30-2010, 12:50 PM   #170
Antidote
grinder
 
Antidote's Avatar
 
Join Date: Mar 2008
Posts: 695
Re: Computer Security for Poker Players (videos)

funkyworms,
For a laptop user that travels a great deal, would you recommend getting some sort of LoJack program? If so, which one?

What is the best way to backup Windows? I'm looking for something that I can use to boot from an external drive in the event that my primary hard drive somehow became damaged or corrupted.

Thanks.
Antidote is offline   Reply With Quote
Old 08-02-2010, 01:08 AM   #171
Ron Burgundy
banned
 
Ron Burgundy's Avatar
 
Join Date: Aug 2005
Location: sitter/unbuttoner = civilized
Posts: 15,286
Re: Computer Security for Poker Players (videos)

funky,

matousec.com says Avira is among the worst performing security suites. I know you don't care too much about software firewalls and antivirus programs, but do you have any thoughts on that site or their test results?
Ron Burgundy is offline   Reply With Quote
Old 08-02-2010, 10:58 AM   #172
corsakh
Carpal \'Tunnel
 
corsakh's Avatar
 
Join Date: Aug 2006
Location: Flip'landia
Posts: 12,150
Re: Computer Security for Poker Players (videos)

Matousec tests firewalls. Avira firewall sucks, their AV is very good.
corsakh is offline   Reply With Quote
Old 08-05-2010, 06:50 PM   #173
Todd Lapham
centurion
 
Join Date: Oct 2005
Posts: 148
Re: Computer Security for Poker Players (videos)

Hey this might be a really stupid question, but I can't find an answer on here or on google. If your computer crashes and you have to reformat or buy a new one can you still access KeePass passwords or are you screwed? Thanks.
Todd Lapham is offline   Reply With Quote
Old 08-06-2010, 02:59 PM   #174
funkyworms
Pooh-Bah
 
funkyworms's Avatar
 
Join Date: Jun 2004
Posts: 4,250
Re: Computer Security for Poker Players (videos)

Quote:
Originally Posted by Todd Lapham View Post
Hey this might be a really stupid question, but I can't find an answer on here or on google. If your computer crashes and you have to reformat or buy a new one can you still access KeePass passwords or are you screwed? Thanks.
You should keep your Keepass database stored on multiple drives. I also recommend keeping it stored online. You can use Dropbox to keep store it online and keep it synced with all of your computers.
funkyworms is offline   Reply With Quote
Old 08-06-2010, 05:47 PM   #175
funkyworms
Pooh-Bah
 
funkyworms's Avatar
 
Join Date: Jun 2004
Posts: 4,250
Re: Computer Security for Poker Players (videos)

I made this post in HSNL but I believe it belongs here too.

I don't believe this problem has much to do with the AIM client, weak passwords, or weak password recovery questions. The problem is that someone can change your AOL credentials without much information at all. All they have to know is your:
  1. username
  2. birth date
  3. gender
  4. zip code

With this information they can reset your password recovery question and answer. This means they can access your account without any prior knowledge of your email address, password, or password recovery info. Using such public information as an authentication mechanism is a major security failure on AOL's part.

If you insist on using AIM you should either (1) Log on to your account at AOL's website and change your zip code or (2) Create a new AIM account with a fake zip code and birthday. In both cases you should also make sure that your password and password recovery questions are strong. Use Keepass to remember your passwords, recovery questions, fake zip code and birthday.

If you'd like to move away from AOL products completely, I recommend using the open-source XMPP protocol for chat. This is what gChat uses so you already have an XMPP account if you have a Google account. There are many other free XMPP servers if you'd rather not create a Google account (all XMPP accounts can chat with other XMPP accounts so it's possible to talk to gChat people without a Google account). I also recommend using Pidgin for your chat client combined with OTR encryption.

This is what AOL requires if you don't know your password or password recovery question.



For comparison, this is what Google requires.
funkyworms is offline   Reply With Quote

Reply
      

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Forum Jump


All times are GMT -4. The time now is 05:15 AM.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Copyright © 2008-2017, Two Plus Two Interactive
 
 
Poker Players - Streaming Live Online