Technology General OPSEC v. don't click that link you shit pirate

[deficiT]

I thought it could be interesting to have a thread discussing the various ways people stay safe online and try the best they can to promote anonymity.

I also just had a question that someone with more IT experience might help me answer.

For example, I was looking up dosage information for a certain substance, and clicked the typical link to the tripsit website, but instead of the usual HR information, I got a warning about the connection not being secure, so didn't proceed. Tried again in a different browser, this one a more secure one, and it said basically invalid security certificate, and that it could be a site pretending to be tripsit to steal some kind of information.

What, if anything is there to be done about this and should I be concerned, beyond the obvious like don't go to the page?

Is this likely a security issue with the tripsit website or something sketch on my end? The urls looked virtually the same between the real site results and the sketchy one.

And I figured if people had general tips on vpns they prefer, browsers they like, or whatever advice they had for people looking to protect their identity online, this could be a cool place to drop it.

 

[Lil'LinaptkSix]

What, if anything is there to be done about this

First... love the title.
Check that date and time (and time zone) are correct on the device that is being used. Reboot.
Can ya not access this website only? Others ya can, obviously here ya are.
I went there and it looks good. Below is where I ended up.

Spoiler: Website

TripSit.Me

tripsit.me

Proxies and vpns have created more issues with connections than solutions for me. I have to use these tools to operate some equipment "away" but some content/websites will not load or connect to.
Could be security setting are too high, needed cookies or the like are blocked or or it has been blacklisted by user instead of whitelisted in some program or app... just a coupla things to say the least as far as possible causes.

 

[deficiT]

First... love the title.
Check that date and time (and time zone) are correct on the device that is being used. Reboot.
Can ya not access this website only? Others ya can, obviously here ya are.
I went there and it looks good. Below is where I ended up.

Spoiler: Website

TripSit.Me

tripsit.me

Proxies and vpns have created more issues with connections than solutions for me. I have to use these tools to operate some equipment "away" but some content/websites will not load or connect to.
Could be security setting are too high, needed cookies or the like are blocked or or it has been blacklisted by user instead of whitelisted in some program or app... just a coupla things to say the least as far as possible causes.

Ah, I see. Well the rest of the website loads fine it's just the one page. Found it odd.

 

[Jerry Atrick]

I thought it could be interesting to have a thread discussing the various ways people stay safe online and try the best they can to promote anonymity.

I also just had a question that someone with more IT experience might help me answer.

For example, I was looking up dosage information for a certain substance, and clicked the typical link to the tripsit website, but instead of the usual HR information, I got a warning about the connection not being secure, so didn't proceed. Tried again in a different browser, this one a more secure one, and it said basically invalid security certificate, and that it could be a site pretending to be tripsit to steal some kind of information.

What, if anything is there to be done about this and should I be concerned, beyond the obvious like don't go to the page?

Is this likely a security issue with the tripsit website or something sketch on my end? The urls looked virtually the same between the real site results and the sketchy one.

And I figured if people had general tips on vpns they prefer, browsers they like, or whatever advice they had for people looking to protect their identity online, this could be a cool place to drop it.

I had a scary experience last weekend trying to watch UFC without paying for the full PPV. My friend recommended a site called MMAShare, went there and paypal'd $11 for the entire main card. Clicked a link I thought would take me to the fights, it asked me to allow popups, which I stupidly agreed to thinking maybe the fights would popup in a window, then all of a sudden I was overwhelmed with anti-virus popups claiming I had been infected. Yikes! Luckily I recognized that all they were were popups and not an actual infection....yet. I closed down the browser, cleared my cache, deleted cookies and history, and ran my AV software for safe measure. Turns out the popups were bullshit and fortunately I didn't click on any of them or they could have potentially infected my computer. Watched the fights although without sound because the unmute button was a link, not on the video itself.

Lesson: Don't allow popups on unknown sites and watch what you click you shit pirate.

 

[Lil'LinaptkSix]

the rest of the website loads fine it's just the one page

That is odd indeed.
Did ya try clicking the link to HR page in spoiler? Same response?
Has cleaning all browsing history, cookies and data been tried? Rarely does it help for me but worth a try as there may be a corrupt file somewhere in all that mess.
You on mobile or pc? Both?

Ed:
Can ya post the link for me to try?

 

[deficiT]

That is odd indeed.
Did ya try clicking the link to HR page in spoiler? Same response?
Has cleaning all browsing history, cookies and data been tried? Rarely does it help for me but worth a try as there may be a corrupt file somewhere in all that mess.
You on mobile or pc? Both?

Ed:
Can ya post the link for me to try?

This be the one. Lmk if it seems off to you

TripSit Factsheets - A-PIHP

 

[deficiT]

And yeah, I'm pretty sure I've done all those other things and nothing worked out.

 

[Jabberwocky]

s it bad that i just don't really care? like i know there are risks, in a previous job every time a new security bug got leaked my team would exploit it for fun, til our boss told us this was illgal and shouldn't be done from company computers. killjoy.

i don't go on too many dodgy websites.

but for professional reasons i am always googling things about pathogens in CDC's category a, and things that could be construed as wanting to build a super pathogen but is actually cos we need to preempt the kinds of genetic signatures man made/super deadly pathogens would have. but its gotta put me on a load of blacklists.

i don't have a bank account that's just mine cos of how badly i fucked up with money when i was using, so if anything awful happened that meant people got my bank details, my dad could pull everything from one bank account and my boyf the other.

anything drug related i search in private browsing, but i know my ISP still gets that.

i dunno if google still shows the profile it has on you, but i once checked it and found out i was a man into football, so if they are still that wrong, i don't care.

if i'm wrong in not caring and there is stuff i can do that takes less than 30 seconds and doesn't cost money, please let me know.

also, i'm mostly concerned about phone security, i have a samsung, so decent brand, and run android with no jail breaking or whatever. but if someone got access to that i'd be fuuuuuucccccked.

 

[Lil'LinaptkSix]

Lmk

yeah it throws the security error. i accepted risk and went to this:

what is the "a-pihp" at the end of your address? is it a drug?
gonna go back and see if i can get the error again but looks generic whatever that means.

 

[deficiT]

s it bad that i just don't really care? like i know there are risks, in a previous job every time a new security bug got leaked my team would exploit it for fun, til our boss told us this was illgal and shouldn't be done from company computers. killjoy.

i don't go on too many dodgy websites.

but for professional reasons i am always googling things about pathogens in CDC's category a, and things that could be construed as wanting to build a super pathogen but is actually cos we need to preempt the kinds of genetic signatures man made/super deadly pathogens would have. but its gotta put me on a load of blacklists.

i don't have a bank account that's just mine cos of how badly i fucked up with money when i was using, so if anything awful happened that meant people got my bank details, my dad could pull everything from one bank account and my boyf the other.

anything drug related i search in private browsing, but i know my ISP still gets that.

i dunno if google still shows the profile it has on you, but i once checked it and found out i was a man into football, so if they are still that wrong, i don't care.

if i'm wrong in not caring and there is stuff i can do that takes less than 30 seconds and doesn't cost money, please let me know.

also, i'm mostly concerned about phone security, i have a samsung, so decent brand, and run android with no jail breaking or whatever. but if someone got access to that i'd be fuuuuuucccccked.

Oh yeah, I have been pretty much given up on any illusions of true privacy on the internet. If you piss off the right people or do stupid enough shit, there's generally always gonna be some kind of trail of crumbs that'll bust your balls.

You would think that with the advance in tech, it would help solve more murders. In the US our murder solve rate anyway hovers around like 50%. I mean that seems pretty shit right? Our solve rate for the most of heinous of crimes might as well be a coin flip, I believe back towards the 20th century it was closer to 80-90 %.

Kinda off topic but just thought was interesting.

 

[deficiT]

yeah it throws the security error. i accepted risk and went to this:

what is the "a-pihp" at the end of your address? is it a drug?
gonna go back and see if i can get the error again but looks generic whatever that means.

Yeah, that is the name of a substance, although it is sometimes called A-PHiP interchangeably. Idk yeah it could be nothing, lol but yeah you're a braver man than me. Could just be some weird thing phishing for people looking into drugs.

 

[Lil'LinaptkSix]

Went back and looks like the end of your url is a dead-end... hence the security error. No destination.

 

[Lil'LinaptkSix]

Just looked again and your url also has "drugs" before tripsit.me and the one i linked to has "tripsit.me" as the target site. may be some shitty shit shit going on. Gonna look further for a sec.

 

[Lil'LinaptkSix]

I think its a clone site.
Dont register...lol

 

[deficiT]

I think its a clone site.
Dont register...lol

This is what I was thinking. Just a phishing attempt to look into traffic on those websites. I'm not super tech savvy but I'm also not completely dense.

 

[Conky]

This be the one. Lmk if it seems off to you

TripSit Factsheets - A-PIHP

I got the same warning from that link

Then typed in the full address manually starting with https:// and no warning but page not found

 

[Jabberwocky]

You would think that with the advance in tech, it would help solve more murders. In the US our murder solve rate anyway hovers around like 50%. I mean that seems pretty shit right? Our solve rate for the most of heinous of crimes might as well be a coin flip, I believe back towards the 20th century it was closer to 80-90 %.

fucking hell. i looked up ours in the UK, and it is also about 50%, dropped from about 70% in the 80s, with murder rates climbing too.

i have heard it hypothesised that advances in tech have prompted a decrease in serial killers, cos they get caught, but an increase in spree killers. but i've listened to enough true crime that i don't buy the psychology of the two types being similar enough that you'll just slip from one to the other based on external factors. just found this interesting article about the decline in serial killers that points to technology as playing a role, albeit minor. and this article about technology of many varieties generally leading to a decrease in crime, including medical science advancements meaning victims of what in the past would be a murder survive.

i'd be fucked if i wanted to kill someone now. i'm addicted to my smart watch, it would likely tell the police everything they needed to know, and taking it off would be suspicious as fuck.

 

[thujone]

For example, I was looking up dosage information for a certain substance, and clicked the typical link to the tripsit website, but instead of the usual HR information, I got a warning about the connection not being secure, so didn't proceed. Tried again in a different browser, this one a more secure one, and it said basically invalid security certificate, and that it could be a site pretending to be tripsit to steal some kind of information.

What, if anything is there to be done about this and should I be concerned, beyond the obvious like don't go to the page?

Is this likely a security issue with the tripsit website or something sketch on my end? The urls looked virtually the same between the real site results and the sketchy one.

Often this is just due to a certificate expiring. It happens. LetsEncrypt, which TripSit uses, issues certificates that only last a few months and have to be renewed by the server to stay valid.

When there really are hackers trying to steal your info by hijacking a site, they're going to try and avoid such a huge red flag like installing a bad certificate and having the browser warn potential targets.

It's more common for hackers to buy up misspelled domain names (e.g. trispit.me) and have a valid certificate generated for those. These days the browser draws so much attention to whether a site is "secure" (HTTPS) or not (HTTP) that people can easily miss that they're on a spoofed site if the domain name is spelled wrong but it still shows as being secure.

Major tech companies are aware of this attack vector and own the common misspelled domain names themselves to prevent hackers from owning them. For small sites like TripSit, it would be a considerable added expense...

 

[deficiT]

fucking hell. i looked up ours in the UK, and it is also about 50%, dropped from about 70% in the 80s, with murder rates climbing too.

i have heard it hypothesised that advances in tech have prompted a decrease in serial killers, cos they get caught, but an increase in spree killers. but i've listened to enough true crime that i don't buy the psychology of the two types being similar enough that you'll just slip from one to the other based on external factors. just found this interesting article about the decline in serial killers that points to technology as playing a role, albeit minor. and this article about technology of many varieties generally leading to a decrease in crime, including medical science advancements meaning victims of what in the past would be a murder survive.

i'd be fucked if i wanted to kill someone now. i'm addicted to my smart watch, it would likely tell the police everything they needed to know, and taking it off would be suspicious as fuck.

If you plan on murdering someone just be sure to throw your smart watch very far!

 

[Jabberwocky]

If you plan on murdering someone just be sure to throw your smart watch very far!

but, but then how will i know how many calories i burned while doing the murder?!? what about my step count!