Community Abyss Nuyube's Discussions

Nuyube Nuyube's Discussions

I had an idea to release sets of images for sale on my website, and I was wondering if it's allowed to link to something I sell.

Thanks in advance <3

2 years ago

I hadn't thought of the social engineering type attack. I had thought of some 200 IQ crazy exploit they'd use, not just getting information directly from you. I guess that's why it's such a common attack- it's not something that you'd immediately think of as suspicious. Not as much as someone going after your phone, at least.

3 years ago

Mr. West,

It's great to see a reply from you! I understand that 2FA might not be important for Alpha Coders yet, but I just felt like it might be a good idea to do it soon rather than later. Speaking of, what's the security flaw with SMS verification? Is it something like SMS Hijacking, or how does it work? 

Looking forward to your reply!

3 years ago

I recently had a pretty massive security breach, and I wanted to talk about it. I'll be giving a TL;DR here, but if you want to read my entire experience and takeaway, you can read it here (nuyube.xyz).

Before we get into that though, I changed my name to Nuyube. I had picked Rezuru because I thought it sounded kind of cool and I didn't see anyone who had taken the name, so I committed to it. I hadn't realized that it means something. I'll leave it up to you to find that🙂

Anyway, the problem started with my main email address that I had put nearly every account under. This account was secure by itself, but when paired with my entire system became insecure because of a recovery email that hadn't been protected sufficiently. This recovery email was compromised (the guy signed me up for things like YogaPlex too😟), which meant that he had a way into my main email address. In only four or five minutes, he was in my PayPal account, and drained it. It was actually PayPal that tipped me off that something was going on. I managed to cut off his access by cutting the recovery emails, changing my password, and changing 2FA to use a different method.

The problem came when I realized that since my main email had been compromised, all of my accounts had become compromised - he had access to my entire password list from Google Chrome's password sync, too. Whether or not he actually accessed it is up in the air, but that's when the eight-hour-change-your-passwords session began. It was tiresome, but it's probably good that it happened with that specific guy - if someone had silently just recorded all of my passwords, it wouldn't have been difficult to run several attacks at once. This guy went straight for payment, and luckily didn't hit my main bank (I'd forgotten I even had a PayPal.)

Also, sidenote, if you're going to steal money from someone, don't use an address somewhere near you. That's not very smart at all. I say that because he put (presumably) his address into my account, which I can see.

The best thing I could have done in the long run was put two factor authentication on everything. Sure, it's annoying to need your phone (especially if it's dead), but it really does ramp up security a lot. So please, spend these next ten minutes securing at least your email addresses. Save yourself that headache later on, and reduce the chance of your single point of failure being broken.

 

I know that sometimes admins will pop into CA and read some of the posts, so I'd like to suggest adding 2FA to your login system. Google's got an authenticator system that might work well for you. Maybe SMS would be an option? I'm not sure how sending SMS works (I've never really needed to do it), but it could be worth investigating. That way, these accounts can be just that bit more secure. 

Thank you for reading.

3 years ago

Posted In: I changed my name

I'm now known as Rezuru. I've been wanting to change my main username for a long time now (mostly because Kirbykirby56 is cumbersome not only to write but to say), and now I have. 

I'm going to start watermarking my images (180x40 at 1/3 opacity) so that people who come across my stuff can find me. It shouldn't be a huge deal, but I thought it best to say something about it and give you guys an input on it.

Also, I recently got new hardware, and I can put out a 3840x2160 at 1K quality render in about 10-15 minutes, so I can make many more fractals in a fractal of the time. No wait- fraction of the time.

 

4 years ago

I've been having a bit of difficulty coming up with new things to call my fractals, and I'm wondering if it's even worth spending time trying to come up with one. 

On the one hand, names give something to refer to an image as. Without names, you are tasked with describing the image or giving a link. Moreso, it makes an image easy to find again.

On the other hand, not giving it a name allows the community to make up their own names, or enjoy the art without any suggestion of what it might be - thus allowing them to think of it in their own way.

What do you think?

4 years ago