Shran Config

Windows Edition
Education
User Access Control
Always notify
Real-time security
Norton Security
VoodooShield Pro [lifetime]
Firewall security
Microsoft Defender Firewall
Periodic malware scanners
Emsisoft Emergency Kit
GlassWire Basic [paid, lifetime] (not a malware scanner, but not running in real time either, so I put it here)
Malware sample testing
Browser(s) and extensions
Chrome, Firefox; LastPass
Maintenance tools
CCleaner, Process Lasso Pro
System recovery
Acronis True Image [WD Edition]

Shran

Level 5
Thread author
Verified
Well-known
Jan 19, 2015
230
ADDED: Private Internet Access VPN.

I'm going to be using a lot of public wifi at my library in the coming times, so I need a VPN. Also, for reasons completely unknown to me, one of my favorite online games uses an UNSECURED http connection to send login information when logging in :eek::mad: so a VPN being doubly important there. How do I know for sure it's an unsecured connection? Well, to test it, I used Kali Linux on one of my computers to do a MiTM attack on another of my computers (don't worry, I did this to my own computer in my own home)... just a basic, ettercap + urlsnarf MiTM. No certificate tampering, just a very basic ettercap MiTM. I logged into the game on the victim computer and was very easily able to see my own log in information with the attacking computer. Again, I did not tamper with SSL certificates to read encrypted traffic, nor did the game website on the victim computer ever throw a certificate warning (usually when you are the victim of an attack like this, the browser will give you a certificate error, unless there was certificate tampering (such as the weakness with SHA1 where you could fool the browser into still thinking the connection was legitimate, thus not providing a warning), but like I said, there was no certificate tampering, no warnings... just plaintext traffic containing my precious log in details :eek:).
 

Shran

Level 5
Thread author
Verified
Well-known
Jan 19, 2015
230
A nice addition, a well done test, & a very eye openingo_O result!
Your handle may now be upgraded with MI5 to "Shran-MiTM-Attacker"!;)

My parents do not use a VPN; and my mother used to always ask for my help getting connected anytime a place had public WiFi - and I always refused. I tried explaining that on a public network someone who knows what they are doing can easily capture your network traffic but she thought I was being paranoid. I told her that one of these days I'm going to show you why I refuse to connect you to public WiFi - so a couple weeks ago I did a MiTM (again, my own house & computer) and said "Hey, Mom! Come use my computer!" She proceeds to use my victim computer. "Your username and password for *website name* is *name&password*". I showed her how I poisoned her network connection with an ARP spoofer and showed her the logs for all her traffic. She hasn't asked me for help connecting to public WiFi since. I think I got my point across finally.
 

Cats-4_Owners-2

Level 39
Verified
Honorary Member
Top Poster
Well-known
Dec 4, 2013
2,800
I love stories with happy continuations!:):)
The role reversals of parents & their children, particularly when you have gotten your point across by teaching something important to your mother which now protects her, further indicates your parents not only did a good job raising you, but also reveals the rewards of their loving job well done through you!:);) You should be very proud too for she listened (in the end) and this is something wondrous you have probably inherited too!:D
 

Shran

Level 5
Thread author
Verified
Well-known
Jan 19, 2015
230
Update:

Removed the PIA application itself, but am still using PIA. Instead of using the PIA application which I have found to be very buggy - I have instead set up Windows to connect to PIA's servers using a L2TP tunnel (using Window's built in VPN connection capabilities). Now I have the VPN without the actual PIA manager bugging around. Also, I have found that my connection is much, much faster connecting to the VPN this way. When using the PIA manager, my connection was about 35 - 50 (sometimes as low as 20) Mbps. Using the L2TP tunnel with the VPN abilities built in to Windows, my connection is now around 75-80 Mbps. My actual connection without VPN is 100 Mbps; 75-80 is much better than 20-50.
 

Shran

Level 5
Thread author
Verified
Well-known
Jan 19, 2015
230
Update:
~ Manually disabled IPv6 for all network adapters - no need for it and a possible source of data leak.

~ Manually disabled Webcam in system BIOS - can't be activated now even if someone tried :D

~ Readded: PIA Application due to reasons discussed in this thread: L2TP/IPSec vs OpenVPN
In order to deal with some of the bugs in PIA's application, I have disabled PIA's DNS leak protection, but I manually set my DNS servers to PIA's for all network adapters - thus getting the same DNS leak protection manually without having to deal with the PIA app being buggy about it (on advice of PIA tech support).

Now if only the PIA kill switch would actually work...
 
Last edited:

pneuma1985

Level 4
Verified
Aug 30, 2015
189
Update:
~ Manually disabled IPv6 for all network adapters - no need for it and a possible source of data leak.

~ Manually disabled Webcam in system BIOS - can't be activated now even if someone tried :D

~ Readded: PIA Application due to reasons discussed in this thread: L2TP/IPSec vs OpenVPN
In order to deal with some of the bugs in PIA's application, I have disabled PIA's DNS leak protection, but I manually set my DNS servers to PIA's for all network adapters - thus getting the same DNS leak protection manually without having to deal with the PIA app being buggy about it (on advice of PIA tech support).

Now if only the PIA kill switch would actually work...
Manually disabled as in all of IPV6? Not just the tunneling? Jw b/c i've read a bunch of security posts about the tunneling but that there is absolutely nothing to gain by turning it off completely. Not that I tested it you may have I know MS recently released an IPV6 patch so maybe there is a data leak in IPV6 if you tested it let me know? And this is strictly over VPN right?
 

Shran

Level 5
Thread author
Verified
Well-known
Jan 19, 2015
230
Removed: Private Internet Access - Application is just too buggy for my taste. Their Customer Service however, was great and really did try their best to solve my issues, so based on their good CS I would still recommend PIA to someone looking for a VPN - if the Kill Switch isn't essential to you.
Removed: GlassWire
Added: Zemana AM [free]

Updated OP to reflect current set up.
 
Last edited:

Shran

Level 5
Thread author
Verified
Well-known
Jan 19, 2015
230
Removed: Shadow Defender

I have been having random issues with my computer crashing, locking up, or windows explorer not loading properly since installing Shadow Defender a while ago; at first they were rare but now are occurring more and more often. Uninstalling Shadow Defender to see if it is what is causing the issues. Note: I had these issues with my computer before installing ZAM, so that is not the source of issue.
 

Shran

Level 5
Thread author
Verified
Well-known
Jan 19, 2015
230
Well LastPass thinks my passwords are good ;)
I am the 1%... hahahaha
upload_2016-2-4_17-18-21.png
 

Shran

Level 5
Thread author
Verified
Well-known
Jan 19, 2015
230
Changed: Default browser from Chrome to Firefox. For some reason, CCleaner no longer cleans Chrome history, cookies, etc. even though it is supposed to. Not sure if an issue with latest Chrome version or CCleaner version.
 

Shran

Level 5
Thread author
Verified
Well-known
Jan 19, 2015
230
Loving LastPass so far - Just a couple things I need to check regarding the multi-factor authentication. The way multi-factor authentication works with Google Authentication is that LastPass (or, whatever website you have paired with GA) and the authentication exchange a secret key linking the two. I.E. when you set up LastPass to use Google Authentication by scanning the barcode or entering the code manually, LastPass sends a secret key to GA which will be stored in the GA appl linking the two and enabling GA to generate one time codes for LP. This key is what enables GA to generate codes which LP will accept - basically the secret key identifies that the code generated is for that account. It could theoretically be possible that if a trojan or MiTM attacker were on your network that they could obtain that secret key and thus bypass the multi-factor authentication by generating their own codes. Also, it might be possible for said trojan to obtain the one time code generated, and initiate its own login session using that code (even though it's supposed to be a one time code).

I will research this and update here with my findings.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top