Attack vectors in my online security, feedback needed.
I have envisioned this setup that would fit my needs and keep my online accounts safe, and would appreciate if a more knowledgeable security person would revise it and give me feedback:Using a spare phone for 2fa (kept always offline) with recovery phrases written on a typewriter (printers have caches) and keeping them in a safeUsing lastpass for password management with FIDO u2f keyUsing a FIDO u2f key to access my main google account (which is linked to all my relevant online accounts for communication/password retrieval)My main questions with this are:Currently I use my daily phone for 2fa, but due to malware and theft, I consider this to be vulnerable. Am I paranoid, or is using a second phone offline reasonable? Also, one thing that has been bothering me is that many accounts require a telephone number as a second option in case I lose my 2fa authenticator (paypal offers only sms verification). Is it a big security risk to give these services my phone number for account recovery as someone could theoretically social engineer my operator and get a replacement sim card, or is it just paranoia?Would you reccomend any other app (lastpass seemed to have the best UI and supports u2f)? Is using a password management app a possible attack vector ?Would you reccomend using one main google account which is linked to all of my other accounts, with a very strong (30 char) password and a u2f key, or rather use multiple accounts also using u2f? This is more of a convenience issue, whether it is usefull or just a waste of time to have multiple accounts for every major account (banking, paypal, etc.).Some other question regarding general security:I am using norton antivirus on all devices. I have read very good reviews on kaspersky total security, and using norton mobile has been a total pain (significant performance impact). What alternatives would you recommend, It could even be using multiple programs (anitviruses do not catch everything). I have very limited knowledge of detection rates and benefits of using multiple security programs, so more elaboration on this would be helpful.Any help would be greatly appreciated. I know this is a complex post, so thank you to anyone who bothers reading.

Submitted March 18, 2018 at 10:25PM by RiBc_
via reddit http://ift.tt/2DDi7DH

What's your job, how much do you make per year, how old are you and how satisfied are you with your job?
No text found

Submitted March 18, 2018 at 10:05PM by bigpoppaash
via reddit http://ift.tt/2plOxhS

Is free SSL as good as paid SSL?
I want to get SSL for my website and saw that I can get it free at www.letsencrypt.org versus having to pay for it through my website host. Is this free SSL as good as the paid SSL? Are there drawbacks to this free SSL?

Submitted March 19, 2018 at 12:00AM by rkim777
via reddit http://ift.tt/2G6lBnK

Python Based Backdoor That Uses Gmail To Exfiltrate Data - tracks the user activity using Screen Capture and Sends Back Info as Attachment
http://ift.tt/2Gxduyd

Submitted March 17, 2018 at 01:40AM by TechLord2
via reddit http://ift.tt/2tYfcGf

Taking down Gooligan: part 1 — overview
http://ift.tt/2FKjy8I

Submitted March 19, 2018 at 02:07AM by jmichelp
via reddit http://ift.tt/2tYyMSB

Firefox Master Password System Has Been Poorly Secured for the Past 9 Years
http://ift.tt/2FMM6Pt

Submitted March 19, 2018 at 02:12AM by Horus_Sirius
via reddit http://ift.tt/2tYRLwh

Chrome Extension Protects Against JavaScript-Based CPU Side-Channel Attacks
http://ift.tt/2FHMYoz

Submitted March 19, 2018 at 02:02AM by majorllama
via reddit http://ift.tt/2FJyVib

Attempting to find Security Guard Services London
http://ift.tt/2GHaCir

Submitted March 19, 2018 at 05:32AM by guardsace07
via reddit http://ift.tt/2HM4Wmz

Finding a 2FA Bypass by sheer laziness
http://ift.tt/2tYJU1Z

Submitted March 19, 2018 at 06:15AM by redorhcal
via reddit http://ift.tt/2u6KL0L

Leaking Facebook Internal Ip Infrastructure - no bounty payment from facebook
http://ift.tt/2HGCjqA

Submitted March 18, 2018 at 06:53AM by capitan_alfa
via reddit http://ift.tt/2G53o9L

StaCoAn: a Cross-platform tool for static code analysis on mobile applications [Full sources, Compiled and Blog Post - See Comment]
http://ift.tt/2EnwHV0

Submitted March 19, 2018 at 06:45AM by TechLord2
via reddit http://ift.tt/2ICtgsk

Using Proxies for OkCupid Dating Site
http://ift.tt/2GHXs4o

Submitted March 19, 2018 at 11:37AM by Lime_proxies
via reddit http://ift.tt/2HMqnDX

c0c0n XI | The cy0ps c0n - Call For Papers & Call For Workshops
http://ift.tt/2GGE4ov

Submitted March 19, 2018 at 09:34AM by pr4jwal
via reddit http://ift.tt/2tYKs7V

Your smartphones are getting more valuable for hackers
http://ift.tt/2FLg72d

Submitted March 19, 2018 at 03:08PM by GemmaJ123
via reddit http://ift.tt/2tWlvtM

Hacking Facts with Rami Malek and Christian Slater Mr. Robot
https://www.youtube.com/watch?v=OxDoFWvEbuM

Submitted March 19, 2018 at 02:27PM by Iot_Security
via reddit http://ift.tt/2HL0UL1

How to Create Your First Exploit From Scratch
http://ift.tt/2FKDqJl

Submitted March 19, 2018 at 03:05PM by secdevops
via reddit http://ift.tt/2u0AH99

Firefox Master Password System Has Been Poorly Secured for the Past 9 Years
http://ift.tt/2IyvVDf

Submitted March 19, 2018 at 04:02PM by __Joker
via reddit http://ift.tt/2HICJgs

Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS
http://ift.tt/2oReogp

Submitted March 19, 2018 at 03:27PM by jurkov
via reddit http://ift.tt/2FLihil

Implementing Firesheep in AppBandit
http://ift.tt/2tRbNc9

Submitted March 19, 2018 at 05:15PM by _pdp_
via reddit http://ift.tt/2DEHvJc

Session side jacking | sniffing unencrypted traffic
http://ift.tt/2tRbNc9

Submitted March 19, 2018 at 05:12PM by Hardbeattt
via reddit http://ift.tt/2G7QzLY

Security In 5: Episode 197 - At This Point Don't Use Any Facebook Security Products
http://ift.tt/2G5vSjT

Submitted March 19, 2018 at 06:31PM by BinaryBlog
via reddit http://ift.tt/2HOdNnQ