The Prevailing winds of the Lastpass Breach — How it affects you!

hacking, cyber, security, hacker, technology, web, coding, internet, face, mask, identity, hack, virus, danger, protection, anonymous, code, crime, criminal, firewall, illegal, password, spy, stealing, thief, illustration, font, graphic design, art, graphics, clip art, Free Images In PxHere

Photo by mohamed_hassan from PxHere

Understanding the Lastpass Breach

Let us be clear about this, people really don’t truly understand what is going on with this breach.   It however will not stop the threat actors from taking control of your data if they get a chance.   This means they will go after the websites you will visit or maybe impersonate you in some way to get the access they are seeking.   Either way it isn’t like we can just sit back and do nothing.

“It is possible to crack those passwords,” Melissa Bischoping, director of endpoint security research at Tanium, said via email. “Instead of running the math to determine how complex your password would be to crack with modern equipment, it’s best to go ahead and do some credential hygiene.” — CyberSecurity Dive

Credential hygiene is necessary in our day to day routines because it helps stops theft of our accounts and our personal information.  However that doesn’t that the Meta data associated with your vault was encrypted, in fact it wasn’t and can be used to exploit this issue.   So even if they don’t brute force yoru password vaults, they can do fishing or means to get the access they are seeking so they can get even more information about you to use against you.

The Lingering effects of Password Managers

Password managers are a necessity in today’s time because of the all too common breaches.  Even if Lastpass wasn’t breached, some other site or sites would of breached and you’d still have to change your password or add multi-authenticator access to prevent any authorized access.  This goes without saying, we will see other breaches and it will not just be Lastpass.   Sooner or later some other Password manager will be a target and we will see this again but that shouldn’t deter you from using a Password manager it is the one tool we will always need to create even better Passwords than we could by our selves.    Although Many in the Security field are advicing users to go to another Password Manager.  I too have not like the taste of what Last Pass has done.  They way they made it sound less important that it truly is but that just might be because they’re lawyers got involved.   Either way I will suggest three things to better help you even if you keep Last pass.

  1.  Check your interations and make sure you have them high.   I think the minium we should have is over 500,000 interations to make sure they can’t be hacked the next time as easily.   Also if they are low, now is a good time to bump them up even though it makes you more of a target right now.  This will help in the future, in case there is another breach.
  2. Change all your imporant sites passwords, don’t just wait to get hacked might as well go through and see which sites you are truly using right now and go ahead and change your password and if you can add an authentication method to help protect you incase there is another hack down the road.
  3. Create a new masterpassword which isn’t anywhere close to what you have now.  If you can create your own acronym with a minium of 12 digits that would help. (What is an acronym?)  I suggest not using the most common acronyms but creating one that you can only remember and use that.   It may take some time but it could be something you have to say everytime you type in on your computer, just don’t let everyone else hear it.

Those Password Managers

Finally, let’s talk about your choices in this matter. Even though I talked about this in the previous post, we should at least look at the ones that might want to go another service.  Here are a few of them that I saw around the internet:

  • Bitwarden  — This is the one I perfer to go to because it is so opened sourced and you have several options to choice from.   It is where a lot of people are going right now after the LastPass Breach, I am sure of it.
  • 1Password —  This one I only know about through what i’ve heard.  I’ve heard good things about this but there are not many options to those who are wanting free.   This is good because they’ve been in this for quite sometimes.  I’ve heard of this company for MANY years and still has some great value to give to their users.
  • Dashlane — I’ve never heard of this product but it comes highly recommended by other because of how security focused they are.  You will have to pay a yearly subscription fee and there is only a demo version that means you do not have a free version.
  • Roboform — I’ve talked about Roboform way in the past and still it was a very useful password manager when I was using them 10 or so years ago.  So they must ast least be doing something right to still be in the business.   I haven’t explored them lately but I might just do that again to see how they are doing.

As you can see you have several choices to choose from if you decide you want to get away from Lastpass but ultimately you will have to decide what you want to do.  I am still going to possibly go to Bitwarden because of the open source or I might go back th Roboform if I can find my license that i had with them in the past.  I haven’t really decided I think Bitwarden would be my best choice because I know people can look at their code and help keep my passwords secure.   Are you planning on changing or staying with Lastpass?  Who will you be going to if you are going to change Password Managers?  Why not leave a comment and tell me your options.  I’d love to hear them and find out exactly what you are thinking about this LastPass breach.

Is it time to say NO to LastPass?

Lastpass Recent Incident

Lastpass in the recent has been an excellent password manager and I was one of the many supporters.   The problem with it now is that it is going down hill.   They seem to not want everyone to know just how severe this incident is and have not really done the job that we should of expected.   In December they sent out a small notice to people and reference their blog post.   Who is going to go look at a blog post around Christmas.   I sure as heck was to busy with other stuff to worry about a small email telling people to check out the blog post.   LastPass you should of done better and put out the warning bells for everyone to know just how much you screwed up.

In there blog post:

The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data.

Vault and Robbers

You see this isn’t very nice how much information they didn’t send out on the email.  This should of been “Danger, Will Robinson, Danger!” type of warning.  Yet, Lastpass didn’t sound the alarm.  Shame on you for not doing the right thing.   As you can see they got your vault data and mine, althought they can’t really use it without the master password but it is only going to take time and then they will have all our passwords for sites across the internet.   There’s the problem they don’t seem to care that it got out.   The threat actors will use GPU’s and other hardware to finally figure out one user at a time their passwords and it could be years before they get to yours or it could be next month depending on how good you Master Password was.   Was it long or was it Short?  What about enterations?  Did you bump it up to keep it from getting hacked and making it harder for them to figure out your Master Password?

The threat actor may attempt to use brute force to guess your master password and decrypt the copies of vault data they took. Because of the hashing and encryption methods we use to protect our customers, it would be extremely difficult to attempt to brute force guess master passwords for those customers who follow our password best practices.

As you can see even Lastpass has stated they will eventually do that to each and every vault password they can, but did you their suggestions?  Probably not and I wouldn’t blame you because we don’t always have time to keep track of what they recommend.

They claim it could take thousand of years for threat actors to crack the Master Password:

f you use the default settings above, it would take millions of years to guess your master password using generally-available password-cracking technology.

However that isn’t alwasy true if they have enough computers put enough effort into cracking a vault it could be sooner and not later.   The way technology is growing and the speeds of comptuer now would mean threat actors could start usurping people processing powers and have thousands of computers world wide to crack the Master Password keys.   That is how Bitcoin came into being but we wouldn’t know it until it could be too late.

Is it time to switch to another Password Manager?

I’m inclined to switch to Bitwarden just because it is open sourced and I really feel like at least I won’t have to worry about my passwords being leaked.   I will also probably go through every site that I visit and change my password and also use 2FA (2nd Factor Authentication) to prevent threat actors from taking control of my accounts.   I’m going to explore my options but I am more and more thinking about going somewhere else where my data can be safer than with Lastpass.  What’s your throughts on this?  are you staying with LastPass or are you Planning to go somewhere else?

Getting my Movies my way is the best way.

film, video, streaming, button, watch, home, show, entertainment, electronics, control, games, room, animation, furniture, recreation, screenshot, Free Images In PxHere

Photo by mohamed_hassan from PxHere

Time to use my DVD collection

I’ve got a really big DVD collection that I want to be able to use when I want to use them.   I’ll tell you when we were at home for those two months, I should of done that then in 2020 but I didn’t think about it until now.   However that doesn’t mean it is to late to do it.  I have a plan for the my Steam Deck and this will allow me to do that.  Although gaming streaming and video streaming are two different beasts it still has some of the princples that you might not think of.   You will still need to stream through wifi or wired if you are trying to get the best quality.    My plan is to have my DVD’s available anywhere I go, so I even can play on my phone if I wanted to.   I’ve found this awesome streaming service that will do just that on the Steam Deck and any other device.   I’ve installed Plex.tv and created a server for myself.   I’ve got this old NAS (Network attached storage) that hasn’t been used very much.   I’ve been upgrading it lately for just this occasion.   I want to put all my DVD’s and Music on their to listen to or use as I wish.  You can buy a NAS for really small amount of money and add storage as you see fit.

What’s the Purpose

The Truth of the matter is, because I can and it can help with not paying for streamin services as much.  I can be more selective of which services I want to subscribe to and save money in the long run.   I can also buy cheap DVD’s and copy them onto my NAS with realtivity easy process.   The really hard part is the CopyProtection that the big names do to prevent you from do just this.   The problem is that we own these DVD’s and we have the right do what we want with them.  Also there a movies that I want to watch that aren’t either on the streaming service or would need to buy another subscription to another service.  There’s to many services and with the prices going up and I have this NAS hardly being used it should be used more.

Understanding the Basics

We’ll not going to talk about the ethics as much as you want but if you are curious how to do it, you can watch this video and learn something.   I’ll talk a little bit about the copy protection that can be hard to circumvent but can be if you really want to own your media.   The problem is that not all this works with but can be useful to understand.   The copy protection of DVD’s has been something that has plagued mankind since the dawn of the DVD.   They deserve their money for the making the movies and films.  Even TV shows should get what is owed to them but that doesn’t mean people haven’t pirated them around the world through other means.

Copy Protection Software

Here’s where it gets a little bit more interesting to some because if you are like me and have some movies in either DVD or Bluray.  You’re going to need these software to do what is necessary to get to the information you might need. I’ll say this much, use as your own risk or own use.  I will not be responsible for anything that might happen.

I’ll say this I’ve only used DVD Decrypter right now because it works with all that I needed but the others look promising and I will try them out later.  It’s up to you on which one you will want to use to decrypt those DRM heavy DVD’s or Blurays.   I think it all depends on which one will work for you and how you like to use them .  Each one has their own unique way of getting the files needed to copy the main movie file.   So it just depends on what you are looking to do.

Are you planning to do this?  What do you think it will be like when you watch movies on the Steam Deck? I plan to try it out on the steam deck and see how well Plex.tv does the only thing that is problem right now is that you need to buy the server software either monthly or lifetime to do it.  I am going to look into buying the Lifetime because I am really curious as to how well this will work outside of my house.   I also might buy a little Pi board and use that as my server because I can use less energy that way instead of using my tower to do the serving of the movies.  What’s your plans for yoru steam deck?  I’d love to hear your plans on what you want to do with yours.

PolyMC no longer working on any Platform

“The account has expried and needs to be logged in manually again.”

No More PolyMC for Steam!

According to sources Lenny, the owner of the polymc program, decided to remove all contributators for the GitHub depository due to a political Mess. Everyone thought he got hacked and I am going to guess it was something he didn’t think to entirely about when he decided to all this. He’s has his reasons, and I will not debate those reasons or even try to comprehend them. I’ve tried PolyMC on my desktop Windows 10 Computer and I get this same error. You can’t even link your account back to polymc, this seems like Microsoft is serious about keeping some of their younger users safe. They blocked the app from being used and now no one can use it anymore. I don’t know how long Microsoft will ban or if there is even a chance to get this game unbanned by Microsoft. Due to that issue we will need to find another game launcher to play on Steam and others platforms. Many people are urging players to go to other launchers and I really can’t blame bloggers from saying this. You just don’t know what is in the code and why the author did what he did.  Now my tutorial will not work and we should focus on a new Minecraft launcher.

Other Minecraft launchers on Steam Deck

There are several good launchers on steam deck, if you are using JAVA.   You can always get them either through the Discovery App or through Pacman in Console.   Here are a few that I have seen that might work just fine with a few tweaks:

  • The Official Minecraft Launcher— You Will need to install gnome-keyring with a few strings to keep yoru minecraft creditials from having to be entered everytime it launches.
  • ATLauncher — Is best know for me as least with Sky Factory and other mods for a serious good time in Minecraft.  It however may not work as well as we hope.  I’ve seen comments where this doesn’t work, so only time will tell.
  • Minecraft Bedrock Launcher — If you like play the bedrock version this is the luancher for you on Steam or even Arch.   I haven’t tested this one out either.  It however looks to not be working on arch.

There are several other launchers on Arch but they seemed dubious and I don’t want to recommend them until we get more comments and more people trying them out.

Minecraft Launcher

I will be using the Minecraft official, until I can find a better one and hope I can figure out how to get it to save my profile for offline and online use.  I’d hate to have to keep putting in my when I want to use it and have to be online all the time to do it.  Other than that, I am not sure what else to try to play Minecraft on Steam.   I know I’ll be looking for ways to play Minecraft on Steam again without have to do much hacking or doing anything that might be too difficult.  I’ll probably even post a tutorial on how to install a good Minecraft launcher once I find one that will work with my Steam Deck.

What’s your Plans on playing minecraft on steam?  Do you know any good ways to do it now?  or are you like me just searching for another way to play on the Steam Deck?   Let me know your thoughts, I’d love to hear them.

How to move your Minecraft World from PC to SteamOS (Archlinux)

Installing Minecraft

See Link here for more information

After you get done install Minecraft on your Steam deck you will then be able to log into your Minecraft Java Edition. I suggest setting updifferent version for the game if you have several different versions for example 1.16.2 and 18.1 and Maybe even 1.19.0+. I’ve found this to be the very easy to use and keep your from having to log into to your minecraft java edition. Once you have Micraft installed and ready to played. You really should go ahead create test world so you can verify that it is working properly. Once done you’ll want to process to the next step.

Zipping your saved worlds

This next step is important because you never know what could happen. You’ll want to hit “Win + R” and type in “%appdata%\.minecraft” while you are logged into your Windows device. This should bring your to C:\users\[loginID]\Appdata\.minecraft. Once there you will want to navigate to saves directory. You’ll find in most times it is there unless you have designated another location in the Minecraft Java launcher where to go. I’m going to assume you know where your save directory and we’ll talk about what you will need to do next.  I’d use something like 7zip or even Windows Zipping utility.  For the People who are absolutely beginners with this.   I recommend copying these to a USB and then copying them to the Steam Deck that way or you could use the microSD card if you have have a MicroSD card reader to move the zip files over.   Once you have zip the worlds you want to play on you Steam Deck.   You basically just want to zip the whole directory of the world name for example if you have a Test World on your Windows computer, it will probably be something like “Test World” folder.  Zip the whole directory up and copy it over.   Don’t change anything when it get’s zipped up.

If you have multiple worlds and have them set up with different version.   I’d suggest zipping them up and creating folders with the different version onto the USB or MicroSD card.  So when you create and import them into PolyMC you will know which versions you will need to create in Java PolyMC.

Importing world into PolyMC

Once you have them zip files copied over or at least installed on the MicroSD card and inserted into the the Steam Deck.    You are going to want to start PolyMC in Desktop mode if you are using this on the Steam Deck.   One you run it you’ll want to view the worlds:

View Worlds _ PolyMC

Then once you do that, The next screen you will want to click Add (saved world).

Add worlds as Zip files

Once you hit Add you will then want to go to the directory on the MicroSD card or USB drive or Where ever you moved the zip files. Once you find it and click OPEN. It should start to add it to the PolyMC World. If you created the right version you will not have to worry about it when you start the game. After Adding all the worlds you want to play with, you can then get out of Steam Deck Desktop mode and go back to the the Steam OS and play your game that you were playing on your PC. I haven’t tried moving these back to the PC or keeping them syncorized but at least you can play your favorite worlds on Steam Deck.

Like this little quick tutorial. Why not share it and tell people so more people can play Minecraft and or use your worlds you were using it on the PC. This will only work for the JAVA version of Minecraft. Bedrock will probably not work, I haven’t tried or thought about trying it for Steam Deck. Hope this helps. Have a Good Monday Morning.