Jump to content


Active Members
  • Posts

  • Joined

  • Last visited

Profile Information

  • Gender
  • Location

Recent Profile Visitors

3,795 profile views

BuckoA51's Achievements


Newbie (1/14)

  1. BuckoA51


    Just catching up on Hak5 and eager to try Keybase too, can anyone please send me an invite?
  2. Well guess what he didn't even bother to e-mail back when I asked him to use Lastpass. Frankly, I hope this kind of thing isn't the norm for Wordpress companies (I had to call out the last firm I used for custom Wordpress work for sloppy security too, but they changed policy based on my recommendations almost immediately). I think it's time to name and shame.. Never EVER buy or advise a client to buy a theme from Skywarrior themes http://themeforest.net/user/Skywarrior
  3. It's a compromise, I can unfuck a website with a backup, I couldn't unfuck a woman. :)
  4. Oh I'll be making a full backup for sure. Frankly if he doesn't agree to the Lastpass suggestion I'll just tell him to get lost and either try to fix the problem myself (be good coding experience) or just get a new theme.
  5. No, he didn't have admin access previously, I installed the theme myself after purchasing it. I offered to send a full backup of the site using the Wordpress duplicator plugin, that can then install on a local XAMPP server for testing. I explained that I had the exact same issue when running my Wordpress site within XAMPP as I do when it is running live. He still refused to help me "Lol you are only person i've meet in my career with such security norms". Frustrating to the extreme! I have one more idea that's to use Lastpass. I don't really like Lastpass as a password manager as I don't want my passwords in the cloud, even encrypted, but it should do for this situation as per - https://foliovision.com/sharing-sensitive-information I'll let you know.
  6. Hi, so here's some background. I run 3 Wordpress sites as part of my own little web empire. The sites use themes I've purchased from various places that included support. Anyway to cut a long story a little shorter, one of my sites themes started acting weird after the latest Wordpress upgrade. I contacted the themes author and asked for support. This is when things get bad. He's demanding that I hand over my admin login to my Wordpress site. Initially he said I should post it on their forum, but make the post "private". I said "No, that's terrible practise, can you use PGP?" At first he said yes but then e-mailed back with "sorry, what is this? i dont know how to use it". So now I'm stuck, this guy wants me to e-mail the keys to my kingdom via unencrypted e-mail. he's saying I'm unreasonable and no other clients have ever asked for this kind of security. Frankly, I think he's the one being unreasonable in not being more professional with HIS security. I suggested a compromise where I sent him a backup of my site instead but he refused, claiming it was no good as he wants to check for hosting issues. What would you guys do? I know I could just e-mail the details then change passwords once he was finished, meaning things would only be at risk for a day or so but the whole thing irks me no end, this is terrible practise and I shouldn't be the one criticised for wanting to do things properly.
  7. Hi all, was listening to the radio this lunchtime (Radio 4, how very intellectual of me :) ) and a piece on these guys came on:- http://www.remapleics.org.uk/ They're kind of like a hacker space that takes and mods all kinds of tech for disabled people. For instance they made a drinking machine (for all kinds of beverages I assume!) and a newspaper reading machine for two of their clients. It sounds like a neat idea and one that other hacker spaces could contribute to, so I thought I'd make you all aware of it. Could make for an interesting segment on Hak5 too.
  8. Hmm, see the thing is the US government is unpopular enough at the moment, if word got out that it WAS the government who put a stop to Truecrypt, there would be a huge outcry. I just don't see it, if you are the NSA and you want in to someones files, much easier to hack their PC while it's running and decrypted, or grab your target and torture them for the password. In short, Truecrypt is probably nothing more than a nuisance to the US govt and not worth risking the potential backlash of taking it down when there are quieter, more effective ways to get what you want. Of course, I could be totally wrong....I mean it's actually really scary that the CIA/NSA is basically getting away with so much as it is.
  9. Drivecrypt plus may also be worth considering, though I don't know if it supports Linux.
  10. The audit so far seems to suggest there's no serious vulnerabilities. Frankly I think I'm going to keep using it in the short term and I see no reason to panic and switch over to another solution just yet. Longer term is another matter of course, lets hope something comes of truecrypt.ch
  11. I use Windows and Linux but honestly I prefer Windows as my "day to day" OS, and I doubt a lot of people who were using Truecrypt because it was free and convenient on Windows would want to change to Linux. I know for instance my dad wouldn't change to Linux and will probably just run his laptop unencrypted.
  12. The more I think about this the more I think it's a massive blow for privacy advocates around the world. I've been looking into alternatives and they are either expensive commercial products (e.g Drivecrypt, PGP Disc, Bitlocker only works with Windows Pro) or somewhat under-developed (DiskCryptor). There's no way Bitlocker is a replacement for Truecrypt, the only product I've found that does hidden volume/hidden OS is Drivecrypt, and it's nearly £100 per computer, the licensing is too inflexible for hackers and hobbyists. I know a number of folks that used Truecrypt because it was free, convenient and relatively easy to setup. Hopefully I've helped a bunch more with my tutorials too. Now, I imagine a lot of people will look at the alternatives and decide they would rather just take their chances and stay unencrypted than shell out a lot of cash or try to get DiskCryptor working. Sad times indeed.
  13. Heartbleed? What has a SSL vulnerability got to do with Truecrypt? Or do you mean that's how logins were stolen for the website?
  14. true but wouldn't that suggest more than a mere website hack?
  15. "the binaries appear to be signed with the same GPG key that the TrueCrypt Foundation used for previous releases." Interesting....
  • Create New...