top | item 46941524

(no title)

ALLTaken | 21 days ago

DO NOT GOOGLE EXPRESS VPN!

The GitHub links are one of the nastiest Malware I ever encountered in my life!

I steals your Apple Keychain, all your "Safe" Passkeys, your Google Chrome "Saved Passwords", even your KeePass Database!

Login and security is still not sufficiently solved with attack-proofs for the most important things in life like your Bank, Email, Wallets, Social Logins.

Your "logged-in Sessions" also get stolen! It's unbearable that most cookies expire in months "ON THE SERVER SIDE"! You have no control and can't log the attacker out!

It happened to me, when I was in China and searched for ExpressVPN, because the main website didn't load forever, the GitHub link seemed like an alternative.. damn.. I changed my Google Password 5 times and the attacker was still able to log-in, it was so devastating! I had to change my email passwords multiple times too.

Sessions are what make logins valid and this is the weakest link of all. I wish Sessions used Off-The-Record encryption with One-Time-Pads, such that each acccess requires a new key, that can only be derived with a valid reply that makes safe that the attacker can be logged out safely.

discuss

GaryNumanVevo|21 days ago

Did you download anything? A bad link isn't going to do all of that, unless some NS actor is dropping zero days on random people via Google search. You most likely downloaded a trojan with a a luma stealer, and your computer is probably still compromised.

Asmod4n|21 days ago

You have to consider your machine and all others you connected to to be compromised. Time to reinstall every device with new accounts and passwords. With unused usb sticks and images downloaded from another network you were never connected to.

swordsith|20 days ago

Not to dog on you but I've always had a feeling that password managers or any method of saving passwords are probably the worse net security vulnerability you can open yourself up to. Very silly concept.

unknown|21 days ago

[deleted]