[sf-lug] Safer Browsing

Tom Turner seameadowlake at gmail.com
Fri Mar 1 15:19:41 PST 2019 

Michael, thanks for the page of Firefox safety links.

One of the "safety links" is https://monitor.firefox.com/

When I entered one of my email addresses at the above page, the report
indicated my email address and data were exposed in two events:
(1) Apollo and (2) Linux Forums. Here is a link to a Wired article about
Apollo https://www.wired.com/story/apollo-breach-linkedin-salesforce-data/,
and below is the report from Firefox

Firefox Monitor <https://monitor.firefox.com/>

   - Share
   <https://www.facebook.com/sharer/sharer.php?u=https://monitor.firefox.com>
   - Tweet
   <https://twitter.com/intent/tweet?url=https://monitor.firefox.com>

Your information was part of a data breach.

Accounts associated with your email address appeared in the following 2
breaches.
Apollo Breach date:July 23, 2018 Compromised accounts:125,929,660 Compromised
data:Email addresses, Employers, Geographic locations, Job titles, Names,
Phone numbers, Salutations, Social media profiles
Linux Forums Breach date:May 1, 2018 Compromised accounts:275,785 Compromised
data:Email addresses, IP addresses, Passwords, Usernames
Breach data provided by Have I Been Pwned <https://www.haveibeenpwned.com>
Sign up for Firefox Monitor alerts.

Your detailed Firefox Monitor report shows if information from your online
accounts has been leaked or stolen. We’ll also alert you if your accounts
appear in new website breaches.
What to do when your information is exposed in a data breach.

Change your passwords, even for old accounts.

If you can’t log in, contact the website to ask how to update it. See an
account you don’t recognize? Your data could have been sold or
redistributed. This could also be an account you forgot you created or a
company that changed names.

Stop using the exposed password, and change it everywhere you’ve used it.

Hackers may try to use that same password and your email to get in to other
accounts. Create a different and unique password for every account,
especially for your bank account, email, and other websites where you save
personal information.

Take extra steps to secure your financial accounts.

Most breaches only expose emails and passwords, but some do include
sensitive financial information. If your bank account or credit card
numbers were exposed, alert your bank to possible fraud. Monitor statements
for charges you don’t recognize.

Get help remembering all your passwords and keeping them safe.

Password managers like 1Password, LastPass, Dashlane, and Bitwarden store
your passwords securely and fill them into websites for you. Use a password
manager on your phone and computer so you don’t have to remember them all.
Scan Another Email Address
Must be a valid email.
Your email will not be stored.
<https://www.mozilla.org/?utm_source=monitor.firefox.com&utm_medium=referral&utm_campaign=fx_monitor_downloads&utm_content=site-footer-link>

   - Support
   - About Firefox Alerts
   <https://blog.mozilla.org/security/2018/11/14/when-does-firefox-alert-for-breached-sites>
   - Give Feedback <https://qsurvey.mozilla.com/s3/Firefox-Monitor-Feedback>
   - Terms and Privacy
   <https://www.mozilla.org/privacy/firefox-monitor/?utm_source=monitor.firefox.com&utm_medium=referral&utm_campaign=fx_monitor_downloads&utm_content=site-footer-link>
   - <https://github.com/mozilla/blurts-server/>


   - Firefox
   - Download Firefox Quantum
   <https://www.mozilla.org/firefox/new/?utm_source=monitor.firefox.com&utm_medium=referral&utm_campaign=fx_monitor_downloads&utm_content=site-footer-link>
   - Download Firefox Mobile
   <https://www.mozilla.org/firefox/mobile/?utm_source=monitor.firefox.com&utm_medium=referral&utm_campaign=fx_monitor_downloads&utm_content=site-footer-link>
   - Features
   <https://www.mozilla.org/firefox/features/?utm_source=monitor.firefox.com&utm_medium=referral&utm_campaign=fx_monitor_downloads&utm_content=site-footer-link>
   - Beta, Nightly, Developer Edition
   <https://www.mozilla.org/firefox/channel/desktop/?utm_source=monitor.firefox.com&utm_medium=referral&utm_campaign=fx_monitor_downloads&utm_content=site-footer-link>

Portions of this content are © 1999-2019 by individual mozilla.org
contributors. Content available under a Creative Commons license.
<https://www.mozilla.org/foundation/licensing/website-content/>

On Tue, Feb 26, 2019 at 10:32 PM Michael Paoli <
Michael.Paoli at cal.berkeley.edu> wrote:

> > From: "Rick Moen" <rick at linuxmafia.com>
> > Subject: Re: [sf-lug] Safer Browsing
> > Date: Tue, 26 Feb 2019 15:52:09 -0800
>
>
> > I wasn't going to say anything, but posting links like
> > "
> http://links.nordvpn.com/u/click?_t=f675640029a34d1f9a5b14c05f06483a&_m=f7d48b5add0a43e081be8227eb53f86b&_e=KbL78jwVf3VoQqu1p9r-iuC8Dv9p9cjBePJhdwYDe9W3FQ-f-A8LwNNhy8no6r92iAUD2VXkkK2h2ehyhEGn0Z_h3VCxfdF0GHt_M2jFscrLh5r1RsAbrzQI6FGP30i4jtt1wp7ZDc3IoSqZbOdKjoYZlAHKcy_uTCvRDaDmLB7swsT8qtm63TWAn4UA2w6F6IaYFts40cYa4LfnUBo6BI4FPr7bSARtBkHwxhaJRAa0Sa-FplHke-WTAF-kcq7p3fzcbykia7kFgKfp3BoH6gvXn-61yEfN2Za7y_yOorhrN0-5_xspAO-JtynWPTkPNnWCQVwbgG_RvClfXBwD4aWyGvr5PU3XCvLl-IyVmkc%3D
> "
> > in a posting about "tools for security and privacy online"
> > did strike me as ironic in the extreme.
>
> Yum, look at all those tracking bits! <cough, cough>:
> $ curl -I
> '
> http://links.nordvpn.com/u/click?_t=f675640029a34d1f9a5b14c05f06483a&_m=f7d48b5add0a43e081be8227eb53f86b&_e=KbL78jwVf3VoQqu1p9r-iuC8Dv9p9cjBePJhdwYDe9W3FQ-f-A8LwNNhy8no6r92iAUD2VXkkK2h2ehyhEGn0Z_h3VCxfdF0GHt_M2jFscrLh5r1RsAbrzQI6FGP30i4jtt1wp7ZDc3IoSqZbOdKjoYZlAHKcy_uTCvRDaDmLB7swsT8qtm63TWAn4UA2w6F6IaYFts40cYa4LfnUBo6BI4FPr7bSARtBkHwxhaJRAa0Sa-FplHke-WTAF-kcq7p3fzcbykia7kFgKfp3BoH6gvXn-61yEfN2Za7y_yOorhrN0-5_xspAO-JtynWPTkPNnWCQVwbgG_RvClfXBwD4aWyGvr5PU3XCvLl-IyVmkc%3D
> '
> HTTP/1.1 303 See Other
> Date: Wed, 27 Feb 2019 06:21:32 GMT
> Content-Length: 0
> Connection: keep-alive
> Server: openresty/1.13.6.2
> Vary: Origin
> Location:
>
> https://www.mozilla.org?utm_source=SecurityTips&utm_medium=email&utm_campaign=2internetbrowsers_all
> Set-Cookie
> <https://www.mozilla.org?utm_source=SecurityTips&utm_medium=email&utm_campaign=2internetbrowsers_allSet-Cookie>:
> iterableEndUserId=seameadowlake%40gmail.com;
> Max-Age=31536000; Expires=Thu, 27 Feb 2020 06:21:32 GMT; Path=/;
> Domain=.nordvpn.com
> Set-Cookie: iterableEmailCampaignId=503620; Max-Age=86400;
> Expires=Thu, 28 Feb 2019 06:21:32 GMT; Path=/; Domain=.nordvpn.com
> Set-Cookie: iterableTemplateId=712942; Max-Age=86400; Expires=Thu, 28
> Feb 2019 06:21:32 GMT; Path=/; Domain=.nordvpn.com
> Set-Cookie: iterableMessageId=f7d48b5add0a43e081be8227eb53f86b;
> Max-Age=86400; Expires=Thu, 28 Feb 2019 06:21:32 GMT; Path=/;
> Domain=.nordvpn.com
> Set-Cookie:
> XSRF-TOKEN=96d7d0b0d4e29af9971a7a12c5802c98f2021d01-1551248492791-707c198a644a9cd89a2d00bc;
>
> Path=/
> Request-Time: 4
> Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
> X-Frame-Options: sameorigin
> X-XSS-Protection: 1; mode=block
> X-Content-Type-Options: nosniff
> X-Permitted-Cross-Domain-Policies: master-only
> Content-Security-Policy-Report-Only: ; report-uri
>
> https://sentry.io/api/22065/security/?sentry_key=d6d9333ad25747ba8107e7681de79ec4
>
> $
>
> Ooooh, and http, so it can go across in the clear, so it can be
> sniffed, manipulated, ...
>
> So ... I think perhaps somebody meant to say:
>
> https://www.mozilla.org?utm_source=SecurityTips&utm_medium=email&utm_campaign=2internetbrowsers_all
>
>
> _______________________________________________
> sf-lug mailing list
> sf-lug at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/sf-lug
> SF-LUG is at http://www.sf-lug.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/sf-lug/attachments/20190301/b9ff9aa7/attachment-0001.html>

More information about the sf-lug mailing list