Salt Typhoon -- would someone 'plain?

Discussion in 'Fred's House of Pancakes' started by cyberpriusII, Dec 6, 2024.

  1. cyberpriusII

    cyberpriusII Prodigyplace says I'm Super Kris

    Joined:
    Oct 1, 2009
    1,139
    1,624
    0
    Location:
    Iowa
    Vehicle:
    2008 Prius
    Model:
    N/A
    Have read several news stories, still, sort of lost.

    Have android. Use Google message. Messages I send have this weird RCS THING affixed.

    I text sisters, Mom, friends whom all have iphones. We talk about very sensitive matters, such as how much cumin in chili. Or the best way to kill moss on concrete (baking soda).

    I have read several news stories on Salt Typhoon that say we immediately need to stop and use some other app.

    Seriously? I have never sent any sensitive info via text. And, I don't think friends/family do either

    Thoughts?
    kris
     
    bisco and John321 like this.
  2. John321

    John321 Senior Member

    Joined:
    Nov 16, 2018
    1,302
    1,295
    0
    Location:
    Kentucky
    Vehicle:
    2008 Prius
    Model:
    Two
    I am in the same boat you are.

    In my case becoming a senior citizen has force me to give up my 007 license - much like Jethro when the Beverly Hilibillies ended - so also no need for sensitive texting.

    Maybe if a person did online banking over a phone app - that might be a situation where encryption importance enters the picture?
     
  3. ETC(SS)

    ETC(SS) The OTHER One Percenter.....

    Joined:
    Oct 28, 2010
    7,899
    6,689
    0
    Location:
    Redneck Riviera (Gulf South)
    Vehicle:
    Other Non-Hybrid
    Model:
    N/A
    Still sodium-free here.

    Security measures have to proportional to the sensitivity of the data - and EVERYONE knows that cumin tastes like dirt.
    Use a half pint of Guinness instead.
    That will solve your moss problem too - at least on the sidewalks and drives since you will have people beating a path to your house to eat some of the chili.

    Maybe give the other half of the Guinness to the pooches to calm them down.
     
  4. Zythryn

    Zythryn Senior Member

    Joined:
    Apr 28, 2008
    6,334
    4,331
    1
    Location:
    Minnesota
    Vehicle:
    Other Electric Vehicle
    Model:
    N/A
    There are people out there that are horrified that anything they do in public is actually… public.
    Those people will put a very high level of importance to this.

    Of course, there is info on texts that I don’t want to share.
    • When I/family/friends are not at home
    • Medical issues
    • Where and when I am going somewhere
    There are probably other bits of information I don’t want to share. While I don’t see this as a national emergency, I do think it is something people should be aware of.
     
    Trollbait likes this.
  5. bisco

    bisco cookie crumbler

    Joined:
    May 11, 2005
    110,443
    50,202
    0
    Location:
    boston
    Vehicle:
    2012 Prius Plug-in
    Model:
    Plug-in Base
    i never give it a thought, maybe a mistake, but i can't think of anything i wouldn't want some stranger/criminal to know
     
  6. ChapmanF

    ChapmanF Senior Member

    Joined:
    Mar 30, 2008
    25,076
    16,343
    0
    Location:
    Indiana, USA
    Vehicle:
    2010 Prius
    Model:
    IV
    I'm still a customer of a few services that consider sending me a six-digit number by SMS to be an adequate way of proving I'm me.
     
  7. Stevewoods

    Stevewoods Senior Member

    Joined:
    Jun 10, 2014
    651
    1,028
    0
    Location:
    Seattle, WA
    Vehicle:
    2008 Prius
    Model:
    II
    Serious question...is the SMS Verification bad? There is email verify but know that not secure. Some offer voice callback verification. Mostly thinking of my broker accounts...
     
  8. ChapmanF

    ChapmanF Senior Member

    Joined:
    Mar 30, 2008
    25,076
    16,343
    0
    Location:
    Indiana, USA
    Vehicle:
    2010 Prius
    Model:
    IV
    If an adversary is able to eavesdrop on SMS or on a voice callback while signing in to your account, they're in.

    I haven't heard whether this particular ongoing telecom attack really involves eavesdropping in real time that way, or just hoovering up a bunch of comms and reviewing them later. Obviously the code your broker texts you is if no use to the adversary as long as you used it first.

    Some of the accounts I use have changed to at least allow, or even require, use of a TOTP app or token, instead of relying on a code over SMS. But not all of them.
     
    BiomedO1 likes this.
  9. Zythryn

    Zythryn Senior Member

    Joined:
    Apr 28, 2008
    6,334
    4,331
    1
    Location:
    Minnesota
    Vehicle:
    Other Electric Vehicle
    Model:
    N/A
    My biggest concern is I don’t want to advertise to anyone ‘listening’ that the house is empty and ready to be burgled.
     
    bisco likes this.
  10. BiomedO1

    BiomedO1 Senior Member

    Joined:
    Mar 27, 2021
    2,057
    1,047
    0
    Location:
    SacTown, Ca
    Vehicle:
    2021 Prius Prime
    Model:
    LE
    A government agency needs to be targeting you specifically, and they would just use a court order to access your accounts. All electronic communications can be spoofed or listened-in on. It's the massive volume of data that's transmitted, that makes it's almost impossible to listen-in on individuals. Again, there's easier ways to 'skin a cat'. IMHO
     
  11. BiomedO1

    BiomedO1 Senior Member

    Joined:
    Mar 27, 2021
    2,057
    1,047
    0
    Location:
    SacTown, Ca
    Vehicle:
    2021 Prius Prime
    Model:
    LE
    I've found that my nosy retired neighbors are the best defense. All it takes is some kind words, X-mas cookies, and airport trinkets - when I arrive back home. They even pickup any amazon packages on my door step if they've been there for more than 12 hours. They may be a bit intrusive if your a professional spy or something.....:cool::D:rolleyes::ROFLMAO::LOL:
     
    Zythryn likes this.
  12. ETC(SS)

    ETC(SS) The OTHER One Percenter.....

    Joined:
    Oct 28, 2010
    7,899
    6,689
    0
    Location:
    Redneck Riviera (Gulf South)
    Vehicle:
    Other Non-Hybrid
    Model:
    N/A
    That IS a serious question!

    SMS verification is only one 'Two Factor Authentication.' and it's not bad for most things.
    Brokerage accounts are out of my economic depth band but I would do a couple of things:

    1. Bills and banking on a separate, dedicated machine - NOT the thing you carry with you everywhere you go watching cat videos and clicking on bait. I use a locked-down Apple device that's in 'Hellen Keller" mode when not in active use on a pretty dern secure home network.
    If you live in one of America's crime ridden concrete jungles, you may want to lean away from WiFi for business dedicated machines.
    Some people in my orbit have had pretty good success with a dedicated chromebook on a wired home connection - but this is only a five year solution until you have to get another box.
    They're CHEAP and it may pencil out to be less expensive and more effective than a five year old 'usta-Apple.'

    Due diligence, my friend!

    2. See what protections your banks and brokers offer against unauthorized access, IN WRITING.
    Banks are safe as houses (2008....) but I have been told by the Googles that the protection that brokerage accounts offer is somewhat conditional.
    Again - I fix phones for a living. Find out what REAL Protections exist from several sources who are not financially vested in whether or not you change things, and not some know-it-all internet chucklehead.

    I live in a small southern town in "God's waiting room" - or an older retirement neighborhood that is filled with older people, small yippy dogs, lots of Armed Forces - Retired license plates and American flags.
    The HOA Nazis do not allow political signs but there are more than one semi-tolerated P45 flags.
    They seem to draw the line at Brandon flags, though. ;)
    Property crime is not unheard of but there is a neighborhood facebook group that is more efficient and aggressive than CNN used to be back in the 80's.

    I'm thinking that we're a hard target for porch piracy, and I'd rather try to break into an ICBM silo in Montana than go through this neighborhood jiggling door handles or looking in windows - Car or House.

    USAF security isn't as well armed or as alert.
     
    #12 ETC(SS), Dec 8, 2024
    Last edited: Dec 8, 2024
    bisco and BiomedO1 like this.
  13. BiomedO1

    BiomedO1 Senior Member

    Joined:
    Mar 27, 2021
    2,057
    1,047
    0
    Location:
    SacTown, Ca
    Vehicle:
    2021 Prius Prime
    Model:
    LE
    That's a good start. I don't use Chromebooks, but that's a professional preference. I'm more comfortable with MS and familiar with their systems. I was a system admin. for our department and worked closely with IT security. Smaller facility departments called me when they couldn't get a decent response from IT. There was several heated discussions about that with directors, COO, CEO.
    Always activate 2-factor identification. This will at least let you know if there's unauthorized activity on your account. Have at least two devices listed as contact sources along with at least two separate email accounts. You can juggle between them if you lose one of the devices and remotely KILL/BRICK the other device. That needs to be setup, before you lose the other device. If you can afford it, a dedicated financial PC is a nice security air-gap. That's the way I run mine. It boots up disconnected from everything and needs to ask permission to connect to the outside world. It's a bit inconvenient, but you know what's going on, what's updating, and patches that are being applied. Since there's limited automation, I've sidestepped several bad MS patches by doing it this way. I don't even do email on that machine.
    It may seem a bit paranoid, but I grew up programming this stuff in machine language - most security is focused on the menu access portion of the machine.

    Hope this helps......
     
    #13 BiomedO1, Dec 8, 2024
    Last edited: Dec 8, 2024
    bisco likes this.
  14. John321

    John321 Senior Member

    Joined:
    Nov 16, 2018
    1,302
    1,295
    0
    Location:
    Kentucky
    Vehicle:
    2008 Prius
    Model:
    Two
    The two factor SMS text I get are only when I log on. The two factor authorization codes are good for usually 10 minutes at most then they are worthless.
    Any investment account immediately alerts me when any transactions are scheduled as well as if they detected a log in with our name.
    Our bank does the same = if there is a log in to our account we immediately get a notification. You must again receive a code with the two factor authorization and must use it within 2 minutes for our particular bank. And -yes- it does make it hard to log on to our own account sometimes- this two factor authorization is tough for an old man to navigate sometimes- often requiring a couple of login attempts if texts or email is slow at the time.

    Again, being a Senior Citizen who has long ago given up our 007 double not spy designation like- Jethro of the Beverly Hilibillies- I doubt this is a problem that is of concern for me or most others.
     
    #14 John321, Dec 8, 2024
    Last edited: Dec 8, 2024
  15. jdenenberg

    jdenenberg EE Professor

    Joined:
    Nov 21, 2005
    3,886
    1,884
    1
    Location:
    Trumbull, CT
    Vehicle:
    2020 Prius
    Model:
    LE AWD-e
    I do find it funny when I log into a service with my phone and the two factor sends a verification code to the same phone.

    JeffD
     
    John321 likes this.
  16. John321

    John321 Senior Member

    Joined:
    Nov 16, 2018
    1,302
    1,295
    0
    Location:
    Kentucky
    Vehicle:
    2008 Prius
    Model:
    Two
    All our institutions let you choose a way and device to receive your two-way authorization text/emails on - haven't you designated a different device or method to your preference to receive your codes on?

    For example we can receive them on our
    Computer
    Home Phone
    Mobile Phone
    Spouses Phone
    or choose to call them with our account number in hand and PIN to receive a code over the phone.

    You are also able to lock and encrypt sms text if you so desire.

    upload_2024-12-8_12-46-43.png

    No security is not funny - ATT leaked all of our and millions upon millions of its customer and former customer private information to the dark web - we were one of the former customers affected.
     
    #16 John321, Dec 8, 2024
    Last edited: Dec 8, 2024
    bisco likes this.
  17. BiomedO1

    BiomedO1 Senior Member

    Joined:
    Mar 27, 2021
    2,057
    1,047
    0
    Location:
    SacTown, Ca
    Vehicle:
    2021 Prius Prime
    Model:
    LE
    That's the exact reason why you shouldn't be accessing your banking/brokerage/retirement accounts through your phone. It's a small device that can easily be lost or stolen and is software/hardware ID'ed as an authorized device. Attaching a credit card account to the phone isn't an issue, because it's air-gapped by credit cards companies terms of use. You have no such protections with debit cards or bank transfers. That money is DIRECTLY pulled from your bank account, the banks investigate, determine if they are going to reimburse you. In the mean time, your out that money. They will look for the slimiest reason to deny your claim; but then again, they are dealing with a lots of fraud.

    Hope this helps.....
     
    ETC(SS) likes this.
  18. bisco

    bisco cookie crumbler

    Joined:
    May 11, 2005
    110,443
    50,202
    0
    Location:
    boston
    Vehicle:
    2012 Prius Plug-in
    Model:
    Plug-in Base
    i never considered it before, but every year when we leave for florida, i text family that we're leaving, and keep them posted along the way. maybe we need a code, thanks!
     
    Zythryn and BiomedO1 like this.
  19. BiomedO1

    BiomedO1 Senior Member

    Joined:
    Mar 27, 2021
    2,057
    1,047
    0
    Location:
    SacTown, Ca
    Vehicle:
    2021 Prius Prime
    Model:
    LE
    I'm sure most of your neighbors know your gone. I'd watch out for the teenagers, in the community. So your house doesn't become the local "party house", while your gone.
    That happened to a lot of the 2008, bank foreclosed houses in the neighborhood. It only happened once or twice and the kids got the message - Don't try anything like that in our neighborhood. The kids moved over to another sub-division. One of those neighbors asked us during our annual 4th of July block party, how we dealt with that. We also had the city weed abatement office on speed dial.:cry::sick:
     
    #19 BiomedO1, Dec 8, 2024
    Last edited: Dec 8, 2024
  20. John321

    John321 Senior Member

    Joined:
    Nov 16, 2018
    1,302
    1,295
    0
    Location:
    Kentucky
    Vehicle:
    2008 Prius
    Model:
    Two
    In many communities if you let the police know you will be gone they will make a run by your house a couple of times during their patrols to keep an eye on things also.
     
    frodoz737 and Prodigyplace like this.