Kyle Taylor on 5 Jan 2016 09:18:37 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] password safe

Then those sites are at fault obviously, and I bet you know that. It’s not a solid resolution, obviously, because if I were doing shady things and saw that email address, I would simply just lob that identifier off, knowing that it’ll still get to you. However, ’tis an option. 

On Jan 5, 2016, at 12:12 PM, Rich Mingin (PLUG) <plug@frags.us> wrote:

An awful lot of web forms will tell you that an email containing anything other than letters and numbers is not OK, though. I get noise from some about periods/underscores in addresses, and even get one now and then that flat out tells me that .us is not a valid TLD, it needs to be com, org, net, gov or mil.

On Jan 5, 2016 12:02 PM, "Kyle Taylor" <ornjman@gmail.com> wrote:
For alternative to running your own server, you can also use this technique with a gmail account. You can simply use 


but when you want to differentiate between the people you are giving it out to, then you can use


and it will all be sent to the same account.


On Jan 5, 2016, at 11:58 AM, Keith C. Perry <kperry@daotechnologies.com> wrote:

This is why it's great to run your own mail server.  I can create burnable accounts like this.  :D


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Keith C. Perry, MS E.E.

From: "Rich Mingin (PLUG)" <plug@frags.us>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Sent: Tuesday, January 5, 2016 11:54:07 AM
Subject: Re: [PLUG] password safe

Please, shake that walking stick any time you want to feel better.
I use multiple emails, first.last@gmail, gforge@gmail, lettersnumbers@maricopa.edu, and *@frags.us. The last I use for any insecure/bulk communications, I'm the domain catchall address, and I give out emails like kmart@frags.us and amazon@frags.us and annoying.spam.site.but.it.might.be.ok@frags.us.

Don't send email to microcenter@frags.us or microcenter2@frags.us, I had to block both after Microcenter repeatedly "lost" their email DB to spammers. That's the big advantage, though, I can watch spam flow and usually know about DB break-ins at major retailers at about the same time that the news services do. I've also spotted some "inside job" type attacks where my email info got sold to spammers that way.

On Tue, Jan 5, 2016 at 11:29 AM, Rich Freeman <r-plug@thefreemanclan.net> wrote:
On Tue, Jan 5, 2016 at 11:13 AM, Keith C. Perry
<kperry@daotechnologies.com> wrote:
>
> From what I saw on lastpass's website their encrypted value mechanisms would be acceptable to me but it's still not something I would use.
>

My biggest concern with lastpass is that if they're hacked somebody
can potentially change your client.  It is all _javascript_ with local
encryption, but if you can change the code you can just have it pass
the key back to the compromised server.

So, an attack that just grabs their entire database isn't a huge
threat since the data is all locally encrypted.  However, a persistent
undiscovered attack is a much larger threat since it can be used to
skim passwords as people run the client.

That is actually a threat if somebody compromises your distro and
updates you to a compromised version of Keepass or such as well, but I
don't think people update their software as often as they reload their
browser.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug