Browser's security and wallet protection

75andre40 · May 28, 2023, 7:36pm

This is a deeper introduction to security related to browsers, I pretend to make a deeper conversation about this topic.

A lot of you probably don’t know how easy is to steal information from someone using a PC or a Laptop. I don’t know if Linux and MacOS works in the same way, but MacOS is the most secure operating system, and the one that is most likely to not have this issues.

I have some Windows knowledge and I will try to do my best explaining how things work, how easy is to steal your information, and a possible solution to escape from this.

First of all, we need to understand how a computer works, from inside and outside. Lets get started!

BIOS/UEFI

BIOS, which stands for “Basic Input/Output System,” is a fundamental software component, the most important one, found in every PC or Laptop. It is responsible for initializing and controlling essential hardware components during the system’s startup process, as well as to boot to the operating system itself. Although modern systems are transitioning to newer firmware standards like UEFI (Unified Extensible Firmware Interface), the term “BIOS” is still commonly used to refer to the system firmware in general. Both do the same in different ways, so lets just call it BIOS

Bitlocker

Bitlocker is a disk encryption method from Microsoft, the owner of Windows. Its purpose is very simple, it encrypts the drive you want, and anytime you want to have access to it, you need to introduce a password to decrypt it. It’s possible to encrypt it later with a command in CMD and Powershell, or just restarting your computer. You can encrypt your drive where Windows is hosted too!

Website Cookies

Cookies are text files for each website, and they contain information about your activities, preferences, tracking, etc… You’ve probably seen in some websites this message:

If you agree with it, you are giving that website the permission to use cookies. In some websites they don’t have that option because you are already agreeing to use cookies, and it’s stated on the terms of use page.

First of all, you are using a browser right now to access this page, and therefore, every action you do in your browser is stored in your system. Lets say in simple words. Imagine you are logging into your social media account, and you don’t want to waste your time typing your password every time you go there, right? So you just check that box “remember me” and next time you enter in that social media, you automatically authenticate without typing any information. This is where the cookies joins the conversation.

Until now, we know that the social media we logged in, stored the necessary information in my system to login automatically the next time I go there. Pretty simple to understand.

And if someone emailed you with a malicious link to download a PDF file, and you thought it was an important email? If your antivirus don’t detect it, you are infected now. Imagine two people working in the same machine, the same Windows user, at the same time… That’s gonna happen if you get infected. The virus will compress your browser’s files into one, and send it to the virus’s owner, and therefore, if he installs the browser you were using, and decompress that file into the browser’s files location, BOOM! He now have access to that social media that you checked the box “remember me”. And the worst part? He doesn’t need your password, because he’s already inside your account! And if you have some passwords saved in your browser, he have access to it too!

This whole situation can occur in the same way if someone steals your computer, or just the drive itself. Just plugging the drive inside another PC and BOOM! That “someone” can pull the files to his computer without any issue, just like the virus did!

Okay, I know this sounds kinda scary, and it is, but I got some solutions for you:

Protect your PC BIOS with a password

This will prevent someone that stole your computer to run any other system through a flash drive to have access to the files without a Windows User.

Encrypt all drives with Bitlocker

This will prevent someone that stole your drive to pull your files. It will ask for a 48 digit recovery key. This key will be given to you at the time you encrypt the drive, and it’s used when you lost the password, or when someone’s trying to access the drive with another computer.

Be careful browsing in the web

And for virus, you should be very careful with what you click in the internet. Don’t rely on the antivirus, it’s never 100% virus proof.

There’s a lot of things to talk about in the security topic, and I haven’t spoke about the account protection, that’s a new and complex story.
Should I make a new topic about the account protection?

Sure!
Nah, Its fine.

0 voters

Tell me if you find this topic helpful, and spread some love! Took me some time to build this!!

Tanjiro · May 29, 2023, 7:57am

Great great, people dont realy realized how unsave they are on this hole web!!!

toga · May 29, 2023, 8:34am

I think this a really good topic since allot of people are not aware of all scammy situations on web, and by a mistake you literally can loose everthing on web soo its really important to start aware all the time !!!

75andre40 · May 29, 2023, 9:34am

Yeah! Security on the web is so much understimated! People should study more about this topic to get protected!

75andre40 · May 29, 2023, 9:36am

Scams are other security issues too! People should search more about the specific website to make sure if it’s legit or not

0xLeined · May 29, 2023, 2:33pm

Excellent initiation on the subject, and thanks for recommending and complementing my thread, I definitely think it’s worth a deeper approach to the subject, and if you have time for it, many here will appreciate it

Even working with IT for many years, sometimes I fail in one security detail or another, the same as the browser, I knew that it was possible to copy passwords, etc., but I never imagined that even the seed of my metamask could be extracted so easily, this was definitely worrying

Thank you for taking the time to write this thread, it will no doubt make many people more aware of their data security

75andre40 · May 29, 2023, 6:24pm

Thank you for your support! I have a lot of knowledge in windows, I started working with it 10 years ago, and I’m interested in several areas, from security to program development, and security is a major issue, as it’s the most used PC system in the world! Security on Windows is a must know topic.

bigbull · June 19, 2023, 6:09am

How did you make this voting function inside discourse?

Lost · June 19, 2023, 6:22am

Hey @bigbull,

The polling feature the OP used here is a standard feature, which is available to the community.

If you click small cog on the far right of the functionality bar when posting either a reply or a topic on the forum here, you will see several additional options, including “Build Poll”

Does that help?

Yes
No

0 voters

-@Lost

75andre40 · June 19, 2023, 8:16am

Thanks for answering, Lost!

There are tutorials about this, when you reach TL1, you can do the basic tutorial in your message box. There should be a message with “Greetings”. There you start the tutorial. When you reach TL2, you get oppurtunity to do the advanced tutorial, which is named “Now that you’ve been promoted, it’s time to learn about some advanced features!”.

bigbull · June 19, 2023, 8:17am

Improving your posts

Yeah, as this tool isn’t something I or I think most people have used outside of ApeCoin Dao it takes a bit of learning to use it the best way.

Summary

I was hiding

Added here:

Discourse New User Tips and Tricks

Testing

75andre40 · June 19, 2023, 8:19am

Yeah, I only wanted to do the tutorials because I saw someone doing this, and I wanted to do the same eheh