Forums and security worries.

Currently reading:
Forums and security worries.

Joined
Oct 1, 2017
Messages
7,224
Points
2,255
Location
Edinburgh Scotland
Just wondering if anyone has an opinion on this. "This" being security risk when you register to a forum and make posts on it.

I get great enjoyment reading and making posts on our forum and I've also learned a lot about our Panda and my boy's Punto from it - thanks everyone.

As many of you will by now have gathered, I look after quite a variety of family vehicles and lurk around on a few relevant forums. I would gain much more from it if I were to register to them so I can ask questions. I'm not aware of any problem I've ever had which could be attributed to the Fiat Forum and I don't do online banking etc. (I do use a third party when paying with my credit card). I also have a fairly new router and run a market leader's free virus program.

So the question I would like to ask is, are there security issues to be aware of when becoming a forum member or when participating in daily forum life?
 
Hi Jock. I share your concerns in general but have , and continue to, review advice and it seems that use a secure password, keep your operating software up to date and use a decent Anti virus suite is the best current advice. I would be careful to keep your identity beneath hte counter where you can by using a 'handle' thats not your name.

Passwords must be Number, capital letter, small case letter, special charters based. To be secure do not use words at all. If you use more that 13 charater length passwords I am reliably told that you will be pretty safe. Any word or phrase based password can be unwrapped by hacking software in a few minutes. ALL access points to your on line activity and any internet based equipment such as TV are access points to your footprint on line. SO all passwords need to be proper!

Use of a password manager is easier than keeping a record and its clear that there are some decent ones around.

On line banking should not be an issue as banks do guarantee to protect you from fraud. My bank has multiple layers of security and do question all significant activity on my account. They have voice recognition software as a long stop check.

MOST IMPORTANT is to ensure that your anti virus / internet protection suite manages your camera and microphone. These should be set to off for all activity excepting when you activate such things as skype which does need access, and require your authorisation to be activated on EVERY other occasion. Hackers use these things to see what you type and hear what you say giving access to valuable information such as passwords if they can see your hands on the keyboard via illicit activity! I did hear of a story on You and Yours (Radio 4) where this lead to a bank account being cleared out.

I avoid keeping more than required in my regular current account as this also reduces the risk.

A total pain in the backside, and I would not loose a moments sleep over ripping the throats out of the thieving scum who make all this necessary if I ever met any of them!

Change your passwords regularly - again the password managers make this easier and remember all the long daft passwords for you. With the password manager I use I have one long and unwieldy password that I remember. If you dont remember its just one password to have to hide away!

Thats what I do anyway, so hope it may give you an idea or two.
 
Hi Jock. I share your concerns in general but have , and continue to, review advice and it seems that use a secure password, keep your operating software up to date and use a decent Anti virus suite is the best current advice. I would be careful to keep your identity beneath hte counter where you can by using a 'handle' thats not your name.

Passwords must be Number, capital letter, small case letter, special charters based. To be secure do not use words at all. If you use more that 13 charater length passwords I am reliably told that you will be pretty safe. Any word or phrase based password can be unwrapped by hacking software in a few minutes. ALL access points to your on line activity and any internet based equipment such as TV are access points to your footprint on line. SO all passwords need to be proper!

Use of a password manager is easier than keeping a record and its clear that there are some decent ones around.

On line banking should not be an issue as banks do guarantee to protect you from fraud. My bank has multiple layers of security and do question all significant activity on my account. They have voice recognition software as a long stop check.

MOST IMPORTANT is to ensure that your anti virus / internet protection suite manages your camera and microphone. These should be set to off for all activity excepting when you activate such things as skype which does need access, and require your authorisation to be activated on EVERY other occasion. Hackers use these things to see what you type and hear what you say giving access to valuable information such as passwords if they can see your hands on the keyboard via illicit activity! I did hear of a story on You and Yours (Radio 4) where this lead to a bank account being cleared out.

I avoid keeping more than required in my regular current account as this also reduces the risk.

A total pain in the backside, and I would not loose a moments sleep over ripping the throats out of the thieving scum who make all this necessary if I ever met any of them!

Change your passwords regularly - again the password managers make this easier and remember all the long daft passwords for you. With the password manager I use I have one long and unwieldy password that I remember. If you dont remember its just one password to have to hide away!

Thats what I do anyway, so hope it may give you an idea or two.
Thank you so very much for that. It's exactly the sort of advice I was hoping would be given. Point taken about real names. (Jock is a nickname). I'm already doing a lot of what you suggest with my passwords but should probably update some of the older ones and change them more often than I do - by the way, what is "special charters based"? that's something I never heard of before.

Password manager is something I've heard of but wouldn't know where to start with (and frightens me a wee bit - what if I start using one and my laptop fails?) However I think I'll look into using one.

I think I've mentioned the chap who lives a few houses up the street from us who does "deeply technical stuff" for Dell? We are friendly but not "bosom buddies" however he has given me advice in the past (I don't like to bother him more often than absolutely necessary). My previous laptop - the only other one I've owned - did not have a camera whereas this one does and he told me to stick a bit of masking tape over the camera as there was no way even the most "clever" person could defeat that. I also find the low tech simplicity of this solution very appealing!

I too keep my current account "starved" and also have a separate credit card with a low limit which I use for online purchases.

I suppose someone stealing my details so they can take out a loan or make expensive purchases etc frightens me more than anything else.

My neighbour up the road has serious health constraints and is isolating very carefully so, with all this viral nonsense going on just now I'll not be bothering him any time soon. However when things get back a bit nearer to normal - I do wonder though what "normal" is going to be - I think I might ask him to advise me on what I would be best to do.
 
Ive not seen this delay return until the last couple of days..

(Disappointed to hear Jock isn't your Given mame Mr McSporran) :)

I'm not actually called The Panda Nut, but I get a calendar for Christmas with pictures of Fiat Pandas from my youngest. She said this year to the Panda Nut Keep on being nutty....

If the cap fits....
 
by the way, what is "special charters based"?

Password manager is something I've heard of but wouldn't know where to start with

1. what is "special charters based"? that's something I never heard of before.

Just things like !"£$%^&*()_+@}{>< etc Not all sites accept all of them. It all means that combinations needed to get at your passwords increase enormously if you mix it with all the different combinations.

2.Password manager is something I've heard of but wouldn't know where to start with

The top rated one according to google searches is Dashlane and it is really easy to use. Visit Dashlane.com and download it. Its a fairly small program and it works within your browser so each time you visit a site it volunteers to pick a password for you. It then prompts you to save this in Dashlane which you accept. You may need to type into the Dashlane software the web site address and the email you use with that site. It is however very simple and you cant go wrong or muck it up..... I have tried.

You can look up each site as you want it in the Dashlane App or go direct as usual and then it will (mostly) enter the required information to allow you in.
I have tried this and another one and they were both fairly straight forward, (and free) but I also keep a written list of the passwords as I don't trust it! It probably has weaknesses but at this time I believe its better than the risks of poor passwords that I forget to change. There are other features that could be useful but I dont use them. You can also require your master password to be used as well as the random symbols used by the software.

My sons former financial employer in New York thought they were secure until they hired some ex hackers who got into their system and locked them out of their trading accounts containing over 100M$ in 3 minutes. Now they all have to have a 13 digit / symbol password! and better encryption.
 
Special Characters ;)

Im employed by a massive engineering company..
The in house I.T. require all of this

Special Characters.. and a new -unrelated - password every 6 weeks..
you soon run out of ideas.. :(

I think its why I am unemployable. I can't remember so I have to write it down, and they used to object quite a lot when I stuck stickies on the screen with my password on.... My lot used to make you change every two weeks which is really rather silly I think.

2 years ago son was told 13 characters is effectively unbreakable, that's probably out of date now.

The 4 digit pins we use on credit cars are little short of a joke. No wonder everyone is getting robbed. My brother has £6750 fraudulent spend on his credit card in 24 hours refunded recently. It is amazing that crooks can spend more than the credit limit, and draw more cash than the daily limit but if you try and go 1p over their limits they treat you like a crim and start charging interest and charges as absurd rates. How it all works is a mystery. He's now reduced his limit to the lowest amount they do.
 
Last edited:
Short list of does/don'ts when regeristing on public sites

1) Always ensure HTTPS. If any site/forum is not HTTPS then stay away
2) Try (if you can) to use a unique or disposable Email address
3) Be careful with your real name exposure. Can be difficualt to do as if like me you have your own domain name that releates to your real name then you have to be extra careful
4) Never give your real date of birth. It might be nice to have the Fiat Forum send you birthday wishes but DOB is CRITICAL PERSONAL DATA. Ideally sire should just ask for you age group or not at all
5) Don't use the same username eg. BigBalls on multiple sites. Search engines can readily cross correlate and identifiy many aspects of your identiy and interests
6) Always go through your account settings and turn just about everything OFF. eg do you relly want me to Email you? Allow me to send friend or other invites. THINK and ask yourself why you are on a particular site. Your personal interests should not be compromised by general default site settings

Regarding unique Email addresses this is not that difficult to do if you have your own domain name OR use your ISPs account.

So let us say your Email domain is "spacewoman.co.uk". You are now going to register with the Fiat Forum. Chosse an Email address and send yourself a test Email. e.g. [email protected]. If the Email arrives OK then to the Fiat Forum registration process give the unique Email [email protected].

Now for the next bit of your control with dedicated Email addresses. If you were to receive SPAM/other to [email protected] (for whatever reason ... hacking ....) then you can change your Fiat Forum to [email protected] and then in your Email program/web filter out all fiatforum@ rubbish that is now coming through.

One downside of this approach is that some Email servers do not have a default "all". By that I mean that sod@ or me@ or admin@ ..... all get routed to your inbox. In this case then you have to set sod@ or me@ or admin@ as allowed Email addresses.

I have over 200 Email addresses that I've defined over many years and currently of those 200+ fourty two (42) have been compromised. However those 42 now get black holed.
 
Back
Top