Coming up on this week’s episode of Destination Linux: Google & Canonical are teaming up to bring Flutter to Linux for a cross-platform game changer. How Important is Disk Encryption & Security Keys – should you be using them or do you just prefer being hacked? We’ve got community feedback, a DRM FREE Game called Drox Operative and our beloved tips/tricks and software pick. All of this and so much more on this week’s Destination Linux.

Hosts of Destination Linux 182:

Michael of TuxDigital = https://tuxdigital.com
Ryan, aka DasGeek = https://dasgeekcommunity.com
Noah of Ask Noah Show = https://asknoahshow.com

Want to Support the Show?

Support us on Patreon = https://destinationlinux.org/patreon
Support us on Sponsus = https://destinationlinux.org/sponsus
Destination Linux Network Store = https://destinationlinux.network/store

Want to follow the show and hosts on social media?

You can find all of our social accounts at https://destinationlinux.org/contact

Sponsored by: do.co/dln
Sponsored by: bitwarden.com/dln

Segment Index

Comments

  1. Noah was saying “NVR” is dead with Unifi. It’s not true. Unifi Video is dead. NVR is a separate product which is still being manufactured.

    Points about proprietary surveillance product etc is still true.

  2. Your security thoughts about MFA, and SMS and authenticator auth is not secure enough. My gosh I think you guys live with tinfoil hat on your head. Yes what you said is probably true and relevant when someone is a high value target or a corporation with millions of dollars at stake.

    But for Joe Schmoe out there, the chances his phone’s sim will be targeted and the hacker will also have access to Joe Schmoe password to the particular website is small to nill.

    Instead of pushing all this “don’t trust MFA unless hardware based” is just nonsense for most people out there. Instead push people to use secure passwords and change the passwords every 3-6 months. That mixed with MFA with whatever mechanism - is good enough.

  3. I get why you would not want to use Google Auth or Authy but what about opensource OTP clients on android like freeotp+, Aegis Authenticator , or on flathub there is also OTPClient.
    I think especially because these can be used completely offline as long as the clock is synced they are not a bad option even if they are not as secure as yubikey.

  4. Let’s say this is true. The problem is it only takes one Joe Schmoe to target 100s of Joes.

    Assuming Joe Schmoe has nothing of value to steal directly, his accounts have long established trust which when combined with traditional attacks like credit fraud, phishing and malware (in something like an office doc or video) makes his account valuable. Every Joe is usually just 1 hop to several richer Joes.

    Also as cloud email with no deletion is normative and chat logs are usually permanent, it can leak everything anyone has ever said to Joe online (possibly ever) for purposes of blackmail and more access if he’s sent or received passwords for other accounts similarly lacking in 2FA.

  5. I couldn’t agree with you more, Ulfnic. :grin: :+1:

    Attackers definitely mask their activities through their victims and it’s the victim who suffers the worst of it (financial, reputation damage, broken trust, cleaning up the mess, etc.). Hardware tokens are definitely the most secure form of adding 2FA to any account, but they aren’t the “silver bullet” for everything. Great security focuses on many security layers of protection which includes strong/separate passwords for every online account (password manager tool is great for this), 2FA, definitely not running Windows as an OS :stuck_out_tongue_winking_eye:, firewalls, staying up on latest patches, and many other security techniques.

    Despite all of the “technology” that you can throw at staying safe online, the weakest link is always the user which is where education and security awareness is the best tool. If you can help users become more security-minded, it will greatly give technology a chance to do its job the way that it was intended. :smile: Anyway…those are my thoughts for now. HA!

Continue the discussion at discourse.destinationlinux.network

22 more replies

Participants