General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsGoogle Finally Confirms Security Problem For 1.5 Billion Gmail And Calendar Users
As a rule, one should own and maintain a "banking only" laptop, kept updated, with AV installed - and NEVER used for ANYTHING but accessing your crucial remote online accounts (brokerage, banks, NOT Facebook, Twitter etc).
NEVER used for email, nor apps, nor anything else but the web browser. Make no searches, nor click links or download things.
The sites you visit are never from clicking links, except bookmarks you've MANUALLY created.
Use the native browser, and no added plugins.
Passwords should be maintained in a secure offline password utility. Log into sites by only using the password utility, never save access info in the web browser.
Gmail users are finding themselves on the wrong end of a sophisticated scam which leverages misplaced trust through the use of malicious and unsolicited Google Calendar notifications.
Google Calendar allows anyone to schedule a meeting with you, and Gmail is built to integrate tightly with this calendaring functionality. Combine these two facts and users find themselves in a situation whereby the threat actor can use this non-traditional attack vector to bypass the increasing amount of awareness amongst average users when it comes to the danger of clicking unsolicited links.
https://www.forbes.com/sites/daveywinder/2019/09/09/google-finally-confirms-security-problem-for-15-billion-gmail-and-calendar-users/amp/
underpants
(182,604 posts)Thats should be good, no?
Pluvious
(4,305 posts)Follow these two rules:
No obvious context, and obfuscate them.
Like no URL's and meaningful descriptions
Tac on the end or beginning extra chars that you don't actually use.
But ideally, being viewable isn't good, in case your screen gets captured. And the storing of them should be encrypted.
Passwords should be entered by a paste action, never typed (key logging is a vulnerability).
Cnet site often has top ten lists, I use the open source keepass.org one myself, and download it from GitHub.
defacto7
(13,485 posts)That is the biggest backdoor of all, taking the internet and major sites for granted.
harumph
(1,893 posts)Pluvious
(4,305 posts)uponit7771
(90,301 posts)defacto7
(13,485 posts)Coventina
(27,057 posts)And yes, it drives me CRAZY that people can schedule my time for me.
I never even look at my work Google Calendar, I refuse.
When I get smack about missing something, I always say, "Did you bother to inform me, personally?"
"Well, I put it in your calendar," they whine back.
DRIVES ME NUTS!!
dalton99a
(81,392 posts)unless you want Google to vacuum everything up and keep it forever
defacto7
(13,485 posts)If you don't have an extra laptop or even if you do, follow the mentioned instructions but do all your finanical and banking transactions booting into a USB stick with the TOR operating system installed on it. It's has fully encrypted partitions, your connection is anonymous and it automatically wipes your RAM writing over it with random 1s and 0s when you shut it down.
You could do the same yourself if you make a separate enctypted patition on your computer and install a Linux OS in it. You can easily wipe your ram before you leave.
Pluvious
(4,305 posts)Delmette2.0
(4,157 posts)Never my cell phone.
Thanks to everyone with all the extra information to keep us safe.