Ahhh DDoS attacks

Strange how Buddha accurately predicted the ransomware attacks :/

1995: Viruses create funny VGA effect
2000: Viruses send SPAM e-mails
2010: Viruses steal credentials
2016: Viruses launch DDoS attacks
2017: Viruses demand ransom
2018: Viruses mine crypto coins

Welcome back to practiseSafeHex's most incompetent co-worker!

*sitcom audience cheers*

Thank you, thank you. Ok so far we've had a developer from hell and a CEO who shot to fame for being the first rectum to receive a passport and be given a job.

2 pretty strong entrants if you ask me. But its time to slow it down and make sure everyone gets a fair chance. Its not all just about the psychopaths and assholes, what about the general weirdo's and the stoners who just made life awkward?

So here we go, Most incompetent co-worker, candidate 3, "A".

"A" was a bit of an unusual developer, despite having a few years experience in his home country, he applied for an unpaid internship to come work with us ... probably should have rang alarm bells but hey we were all young and dumb back then.

I had to say I felt very bad for A, as he suffered from 2 very serious, and job crippling personal conditions / problems

- Email induced panic attacks
- Extreme multifaceted attachment disorder (also known in layman terms as "get the fuck away from me, and do your job" syndrome)

While he never openly discussed these conditions, it was clear from working with him, that he had gone undiagnosed for years. Every time an email would come in no matter how simple ... even the services team asking to confirm his staff ID, would send him into a panic causing him to drop everything he was doing and like a homing missile find me anywhere in the building and ask me what to do.

Actually "A" also suffered from a debilitating literacy issue too, leaving him completely unable to read our internal wiki's himself. Every week we had to follow a set of steps to upgrade something and every week to mask his issue, he'd ask me what to do instead ... no matter how many times I sat with him previously ... must have been truly embarrassing for him.

But "A"'s finest moment in the company, by far, was the day where out of the blue, at the top of his voice (as if wearing headphones ... without wearing headphones) he asked

"DO YOU KNOW ANYONE WHO SELLS POT?"

... why no, manager of the entire department standing behind you, I do not

... why no, tech lead talking to manager, I do not

... why hello 50% of my team staring at me ... no "A", I do not!

Needless to say all our team meetings were a little awkward for the next few weeks after that but hey who doesn't like being thought of as a stoner / drug dealer by their team mates huh?

Will A make it to the top of the list of most incompetent? Well he has some truly logic defining competition yet to be announced.

Tune in later for more practiceSafeHex's most incompetent co-worker!!!

So someone is constantly ddos'ing the privacy/security blog.

Just wondering if they really think that 500 hits a second will bring the site down?!

500 h/s consumes about 0.1 percent CPU and 1mb/s.

At least give me a challenge 😥

Hacking/attack experiences...
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜

Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.

First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.

Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.

Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.

Dealing with attacks and getting hacked.

Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.

linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)

How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!

One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)

Dealing with different kinds of attacks:

Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.

So yah, hereby :P

How to secure yourself from flash 0-day attacks:

1. Uninstall flash
2. Don't reinstall flash
3. Seriously, you don't need flash

Fuck Microsoft.

No, not in any relation to windows this time.

Dear Microsoft, why on earth did you put us on your spam blacklist? There haven't been any spam attacks from our side, our servers have nearly the highest 'reputation' that email servers can get, we comply to all security standards and yet you're blacklisting us.

If for some reason you think something is wrong at our side anyways, we've tried to contact you and we either get ignored or get a very late response saying that we'll get delisted again within a day/week or whatsoever.

Microsoft, please go fuck yourself.

One week, and it turned out to be worse than that.

I was put on a project for a COVID-19 program in America (The CARES Act). The financial team came to us on Monday morning and said they need to give away a couple thousand dollars.

No big deal. All they wanted was a single form that people could submit with some critical info. Didn't need a login/ registration flow or anything. You could have basically used Google Forms for this project.

The project landed in my lap just before lunch on Monday morning. I was a junior in a team with a senior and another junior on standby. It was going to go live the next Monday.

The scope of the project made it seem like the one week deadline wasn't too awful. We just had to send some high priority emails to get some prod servers and app keys and we were fine.

Now is the time where I pause the rant to express to you just how fine we were decidedly **not**: we were not fine.

Tuesday rolls around and what a bad Tuesday it was. It was the first of many requirement changes. There was going to need to be a review process. Instead of the team just reading submissions from the site, they needed accept and reject buttons. They needed a way to deny people for specific reasons. Meaning the employee dashboard just got a little more complicated.

Wednesday came around and yeah, we need a registration and login flow. Yikes.

Thursday came and the couple-thousand dollars turned into a tens of millions. The amount of users we expected just blew up.

Friday, and they needed a way for users to edit their submissions and re-submit if they were rejected. And we needed to send out emails for the status of their applications.

Every day, a new meeting. Every meeting, new requirements that were devastating given our timeframe.

We put in overtime. Came in on the weekend. And by Monday, we had a form that users could submit and a registration/ login flow. No reviewer dashboard. We figured we could take in user input on time and then finish the dashboard later.

Well, financial team has some qualms. They wanted a more complicated review process. They wanted roles; managers assign to assistants. Assistants review assigned items.

The deadline that we worked so hard on whizzed by without so much as a thought, much less the funeral it deserved.

Then, they wanted multiple people to review an application before it was final. Then, they needed different landing pages for a few more departments to be able to review different steps of the applications.

Ended up going live on Friday, close to a month after that faithful Monday which disrupted everything else I was working on, effective immediately.

I don't know why, but we always go live on a Friday for some reason. It must be some sort of conspiracy to force overtime out of our managers. I'm baffled.

But I worked support after the launch.

And there's a funny story about support too: we were asked to create a "submit an issue" form. Me and the other junior worked on it on a wednesday three weeks into the project. Finished it. And the next day it was scrapped and moved to another service we already had running. Poor management like that plagued the project and worked in tandem with the dynamic and ridiculous requirements to make this project hell.

Back to support.

Phone calls give me bad anxiety. But Friday, just before lunch, I was put on the support team. Sure, we have a department that makes calls and deal with users. But they can't be trained on this program: it didn't exist just a month ago, and three days ago it worked differently (the slippery requirements never stopped).

So all of Friday and then all of Saturday and all of Monday (...) I had extended panic attacks calling hundreds of people. And the team that was calling people was only two people. We had over 400 tickets in the first two days.

And fuck me, stupid me, for doing a good job. Because I was put on the call team for **another** COVID project afterwards. I knew nothing about this project. I have hated my job recently. But I'm a junior. What am I gonna say, no?

So, i tried to demonstrate my roommate how many people push their credentials to github by searching for "password remove" commits.

I decided to show him the file and noticed something interesting. A public IP, and mysql credentials.

I visit the IP and what do i see there, a directory listening with a python script, with injects the database into a webpage (???) and a log of all http requests. Lots of failed attacks aiming at the PHP CGI. Still wondering how they failed on a python server 🤔🤔🤔

Edit phpmyadmin to connect to the mysql database. Success.

Inserted a row telling him the his password is on github. Maybe i should also have told him how to actually remove it. 😅
Yes, root can login from %

This is how far i can get with my current abilities.
------------------------------

Scary how insecure this world is.

Example #1 of ??? Explaining why I dislike my coworkers.

[Legend]
VP: VP of Engineering; my boss’s boss. Founded the company, picked the CEO, etc.
LD: Lead dev; literally wrote the first line of code at the company, and has been here ever since.
CISO: Chief Information Security Officer — my boss when I’m doing security work.

Three weeks ago (private zoom call):
> VP to me: I want you to know that anything you say, while wearing your security hat, goes. You can even override me. If you need to hold a release for whatever reason, you have that power. If I happen to disagree with a security issue you bring up, that’s okay. You are in charge of release security. I won’t be mad or hold it against you. I just want you to do your job well.

Last week (engineering-wide meeting):
> CISO: From now on we should only use external IDs in urls to prevent a malicious actor from scraping data or automating attacks.
> LD: That’s great, and we should only use normal IDs in logging so they differ. Sounds more secure, right?
> CISO: Absolutely. That way they’re orthogonal.
> VP: Good idea, I think we should do this going forward.

Last weekend (in the security channel):
> LD: We should ONLY use external IDs in urls, and ONLY normal IDs in logging — in other words, orthogonal.
> VP: I agree. It’s better in every way.

Today (in the same security channel):
> Me: I found an instance of using a plain ID in a url that cancels a payment. A malicious user with or who gained access to <user_role> could very easily abuse this to cause substantial damage. Please change this instance and others to using external IDs.
> LD: Whoa, that goes way beyond <user_role>
> VP: You can’t make that decision, that’s engineering-wide!

Not only is this sane security practice, you literally. just. agreed. with this on three separate occasions in the past week, and your own head of security also posed this before I brought it up! And need I remind you that it is still standard security practice!?

But nooo, I’m overstepping my boundaries by doing my job.

Fucking hell I hate dealing with these people.

This fucker has some balls (I'm being completely ignorant), the day his website goes live guess who is going to flood it with Dados attacks.

Mordern Phishing attacks..
(Credits: Hacker News)

Just looked at the anonymous analytics I collect on the security/privacy blog.

No SQL Injection attacks yet (would be useless anyways as I don't use MySQL/MariaDB for the databasing.

Directory Traversal attacks. Really? 🤣

Nice try, guys.

Multiple weird ones but one specifically where I fixed a bug over and over again and the second I pushed and deployed, the fix was gone both locally and remote.

I kept going more and more crazy and had rage attacks and such.

"Wait what, I changed and fixed this.. Let's try again"
"Huh, I definitely changed this..."
"Oh no, I fucking changed you"
"Go fuck yourself, I fixed this and pushed already, you can't just fucking disappear on me!"
"Oh yeah no of course, disappeared again, totally fucking logical. GET BACK HERE"
"I FIXED YOU A GAZILLION TIMES ALREADY, DON'T YOU DISAPPEAR ON ME AGAIN"
*NO. NO. NO. NO. NO. I. FUCKING. FIXED. YOU"

It went worse and worse for a while and then I woke up with a "....ahh" feeling 😅

So, continuing with the story, I decided to quit today.

I'm not even a month there, and I'm running out of there in flames.

I've got 2 panic attacks in one week, I'm not sacrificing my mental health for some idiot's scam.

The gift that keeps on giving... the Custom CMS Of Doom™
I've finally seen enough evidence why PHP has such a bad reputation to the point where even recruiters recommended me to remove my years of PHP experience from the CV.

The completely custom CMS written by company <redacted>'s CEO and his slaves features the following:
- Open for SQL injection attacks
- Remote shell command execution through URL query params
- Page-specific strings in most core PHP files
- Constructors containing hundreds of lines of code (mostly used to initialize the hundreds of properties
- Class methods containing more than 1000 lines of code
- Completely free of namespaces or package managers (uber elite programmers use only the root namespace)
- Random includes in any place imaginable
- Methods containing 1 line: the include of the file which contains the method body
- SQL queries in literally every source file
- The entrypoint script is in the webroot folder where all the code resides
- Access to sensitive folders is "restricted" by robots.txt 🤣🤣🤣🤣
- The CMS has its own crawler which runs by CRONjob and requests ALL HTML links (yes, full content, including videos!) to fill a database of keywords (I found out because the server traffic was >500 GB/month for this small website)
- Hundreds of config settings are literally defined by "define(...)"
- LESS is transpiled into CSS by PHP on requests
- .......

I could go on, but yes, I've seen it all now.

Am I the only here who get so much PUSSY when encountering bugs in code?
P - panic attacks
U - uncontrollable anxiety
S - suicidal fantasies
S - sadness
Y - yearning to death

I went for an interview for a position stated as "web developer" . They questioned me on Pen testing and writing scripts for detecting attacks. This is how the interview went. Fucking get your shit together .Fucking waste of time

Idea: Emoji passwords

Bdixbsufhdbe HEAR ME OUT

I know, I know, emojis belong with teenage girls on Snapchat but there are some theoretical benefits to emoji passwords.

Brute Force attacks are useless! With such a wide range of characters and so many different combinations, they just wouldn't be viable.

Dictionary attacks are less useful! Because those require...words.

They can be easier to remember. Tell a story with your emojis. Images are easier to commit to memory than combinations of letters and numbers.

Users would adopt the feature! For whatever reason, the general population fucking loves these things. So emoji passwords probably won't take very long to see use.

I don't know much about this last one, so I saved it for last, but I would imagine that decryption would be more difficult if the available values is quite vast. I dunno how rainbow tables and hash defucking works so I'll just put this here as a "maybe"

😀

Client reads about MomgoDB ransomware attacks online.

Him: I heard that the MongoDB is not secure, we should use something else in our system.
Me: Those databases got attacked because security features were turned off. If you want you can have an external security team to test the system when it's done.
Him: I don't wana take any risk, so I we should use something else.

We have been working on this system for almost a year and the final stage was supposed to be delivered in a month.

He wants me to replace it with MySQL

FLOYD IS HERE 😎

Gather around kids, it's story time.

So my first breakup left me so damaged and I was in darkest phase of my life. I was alone. Physically, mentally, and emotionally. I went for therapy and spearheaded into success and grew in life soooo fucking much.

31st December 2016, I first joined dR and since the first day this place felt home. Met some of brightest mind and most amazing souls here (sadly many left the place).

I used to shit post and rant a lot. But I loved everyone here. But then I don't quite remember, but I decided to quit this place as community started to grow. Many others left as well.

I came back here in 2019 IIRC and started all over again. Got along well with new members and started having fun.

I used to crib and cry about being underpaid. Lost a kickass Europe job due to pandemic.

I will skip what all happened between me and @Scout but she is a sweetheart, though very rough and brutal with me at times (actually very often), but she is so selfish for me and cares for me that I couldn't resist but listen to her always. A lifelong friend for sure :)

I used to rant about my dumb office colleagues. Definitely not the sharpest minds but good people at heart (which I did not realise).

So in October 2020, I earned a new job and my company retained me with a 100% raise and a promotion making me lead of product innovation and UX.

November end I met a girl in professional context on LinkedIn who was conducting a workshop. Being hungry for learning, meeting new people and kill my lockdown boredom, I singed up.

Now I went for December break and my colleagues sent me a gift hamper when they came to know I got a promotion. I felt bad that I ranted about them so I deleted my account and also wanted a social detox.

Post the workshop, I started conversing casually with the girl I met. She was married. But things hit off. Eventually in February end I confessed that I had feelings for her and in next few days she reciprocated. I told her I was aware of her marital status and it's okay if nothing happens between us. Then she started to open up of how she was with one guy for 17 years and was abused in everyway and wanted to separate but never had the courage and all.

She decided to file for paperwork and then be with me. Things got messy when her family got involved thinking I was causing all of it.

She went back to her partner and I realised I had some emotional and mental issues of a person's past that bothered me. But we were overcoming it. Soon the honeymoon period started phasing out.

Her family started giving me death threats. We went underground even further. More arguments and fights between us.

@Scout kept telling me I was stupid and I disregarded her. I feel like an idiot for not listening to her.

That girl kept gaslighting me, hurting me intentionally, scratching the surface made me realise how broken and damaged she was. She lied to me and created fake persona of herself to make me fall for her. Everything was lie. Literally.

I felt horrible for trusting her. My trauma relapsed and I started having crazy panic attacks leading to self harm and being suicidal. That girl was drugged all the time with psychological medicines and very poor character & personality in general (I don't want to judge anyone but just stating the facts).

Eventually she just disappeared and I was like fuck this. Earlier, after every fight, she used to show fake affection and I used to melt but not this time.

I was like fuck this shit. I have some super amazing friends like @kiki who helped me overcome this. I started going for therapy and realised what all areas I need to improve. My therapist is soooo brilliant, she understands the root cause instantly and also knows how to fix it. And the same day I and both my parents were COVID-19 positive. Last few weeks were dark and haunting.

Further more, the girl comes back after a week and then acts as a 'nice girl'.
Initially fake affection, then drama, followed by making me guilt trip, then threats, and now blaming me.

I kept ignoring her calls (50 to 70 calls in a day), emails, left her unread on Telegram, and everything I could do to ignore her without blocking her. I started gaining my happiness back.

During this mess, I lost 5+ KG of weight. She has no friends in her mid 30s. Knows no life or survival skills. Her family hates her, no career, no emotional or mental maturity, literally nothing. Insanely dumb and toxic manipulative person who is not even worth being called an ex. As per her everyone around her is an asshole except her. Every time something happened, she used to blame and bad mouth the other person. Now she is doing with me. In all her life situations, either she was a hero or a victim. One upped me all the time. Now that I see it, I hate myself for allowing it all of it and now having enough self worth to walk out of it earlier.

Continued in comments...

My IT team installed Antivirus on my 5 year old Mac Mini due to company security policy after the recent Ransomware attacks.
Now my Mac is slow as fuck. They are not even providing me new Mac, due to budget constraints. Totally fucked.
Fuck Ransomware. Fuck security policies. Fuck my company. Fuck everyone. Fuck everything. 😤

Just got a new TV, 4K... it’s one of those smart ones, by Samsung.

Anyone want to explain what the fuck “McAfee Security for TV” is, and why the fuck it is necessary!?

What kind, of absolute waster madman goes “I know what I’ma do today, write a virus for a tv”!?

Take that shit elsewhere McAfee.

Now accepting any links to known Smart TV 0-days and attacks...

And I had to sign in to 5 different fucking accounts to get to the fucking tv.

The world is broke as fuck. Roll on the apocalypse.

About 2 months ago. My job fired half the dev staff including the only other web developer. I am a junior, and now the sole web developer. I have been yelled at for not working fast enough and not knowing the code base well enough. (I did a lot of Rails, and this is a Spring shop). I have daily panic attacks about coming to work and having to be here for 8 hours. I have never felt more abused. I'm constantly stressed, and drinking more than I should. All advice given to me has been "just stay there til you find something else or they fire you." but it feels like no one really knows how unhealthy this is for me. My one hope is that I didn't bomb this interview at a university. I fucking hate my job.

More like woman-in-the-middle 😂

Work at a media company that reports political news. The government tries to block, launch DDoS attacks, and send a group of thugs to protest outside the office. How to migrate to Canada again?

I've found and fixed any kind of "bad bug" I can think of over my career from allowing negative financial transfers to weird platform specific behaviour, here are a few of the more interesting ones that come to mind...

#1 - Most expensive lesson learned

Almost 10 years ago (while learning to code) I wrote a loyalty card system that ended up going national. Fast forward 2 years and by some miracle the system still worked and had services running on 500+ POS servers in large retail stores uploading thousands of transactions each second - due to this increased traffic to stay ahead of any trouble we decided to add a loadbalancer to our backend.

This was simply a matter of re-assigning the IP and would cause 10-15 minutes of downtime (for the first time ever), we made the switch and everything seemed perfect. Too perfect...

After 10 minutes every phone in the office started going beserk - calls where coming in about store servers irreparably crashing all over the country taking all the tills offline and forcing them to close doors midday. It was bad and we couldn't conceive how it could possibly be us or our software to blame.

Turns out we made the local service write any web service errors to a log file upon failure for debugging purposes before retrying - a perfectly sensible thing to do if I hadn't forgotten to check the size of or clear the log file. In about 15 minutes of downtime each stores error log proceeded to grow and consume every available byte of HD space before crashing windows.

#2 - Hardest to find

This was a true "Nessie" bug.. We had a single codebase powering a few hundred sites. Every now and then at some point the web server would spontaneously die and vommit a bunch of sql statements and sensitive data back to the user causing huge concern but I could never remotely replicate the behaviour - until 4 years later it happened to one of our support staff and I could pull out their network & session info.

Turns out years back when the server was first setup each domain was added as an individual "Site" on IIS but shared the same root directory and hence the same session path. It would have remained unnoticed if we had not grown but as our traffic increased ever so often 2 users of different sites would end up sharing a session id causing the server to promptly implode on itself.

#3 - Most elegant fix

Same bastard IIS server as #2. Codebase was the most unsecure unstable travesty I've ever worked with - sql injection vuns in EVERY URL, sql statements stored in COOKIES... this thing was irreparably fucked up but had to stay online until it could be replaced. Basically every other day it got hit by bots ended up sending bluepill spam or mining shitcoin and I would simply delete the instance and recreate it in a semi un-compromised state which was an acceptable solution for the business for uptime... until we we're DDOS'ed for 5 days straight.

My hands were tied and there was no way to mitigate it except for stopping individual sites as they came under attack and starting them after it subsided... (for some reason they seemed to be targeting by domain instead of ip). After 3 days of doing this manually I was given the go ahead to use any resources necessary to make it stop and especially since it was IIS6 I had no fucking clue where to start.

So I stuck to what I knew and deployed a $5 vm running an Nginx reverse proxy with heavy caching and rate limiting linked to a custom fail2ban plugin in in front of the insecure server. The attacks died instantly, the server sped up 10x and was never compromised by bots again (presumably since they got back a linux user agent). To this day I marvel at this miracle $5 fix.

This is going to be a rant, but personally, I'm pleased with the outcome of my life now.

I was part of a community for a few years and decided to help them out with my knowledge of programming Lua nearly 2 years ago since they lacked developers for the project itself.

Since it was sort of a custom language that they modified how Lua worked on it, it took me a bit to adapt, but within a few weeks, I was pretty fluent in this so-called custom language they had. Began working on some major updates, additions, removals, and just optimizing this code base. It was a pretty old code base and needed a good chunk of love.

A few months later, I've implemented loads of features, optimized the base whenever I could, and then things start taking a turn for the worse. We get new 'developers' who haven't ever coded the language, and worse they couldn't afford to provide them development servers thus they ended up breaking my servers. I helped them and they learned, they were decent, but now the Seniors and CEO's of the project began to take a toll on me.

I was told that this community had a reputation of driving out developers, ruining their reputations, and that is what started happening. I started getting questioned if I was loyal to helping them, that I've become lazy, even though they were explained I've had mental health issues for a few years and have been hospitalized multiple times.

These sort of attacks kept happening for months, and then they finally pushed my buttons, where I was talking to another Senior of how we should redo the base since it's just so massive and a few tiny updates to the base take a few days to implement across the entire code. What instead happened was that I went to sleep, and this Senior told the CEO I was going to steal the code base and go sell it...

I woke up to messages of how the CEO is all pissed off, and that this what the Senior said. At this point, I started responding with, fuck it. I was so sick and fucking tired of their bullshit. I was the only fucking competent developer, and I did more work in the few months I was there then some people did in 2 or 3 years.

A few hours later I decided to go chat with the CEO and explained what was truly brought up, and he just brushed it off like I was lying. At that point, I lost it. I told him why the code base was horrible since he hired stupid ass developers. He didn't know how to code. People wanted certain items, and he wouldn't be able to add them for fucking months and players sit there making fun of it. Some people state the only differences they see within the code is the code I've done. Basically, he was an incompetent fuck that said he knew what he was doing, and had all these big plans for the future yet couldn't listen to the only competent developer and fucking claimed bullshit.

Now a few months have gone by, I'm looking at their community and it's basically dead with no proper updates except for copy and paste updates claiming to be custom coded. While I'm working on my real life businesses (Which are currently being a headache, but within the year should resolve its issues), starting University for my Computer Science degree here soon, and even considering building my own game here.

Basically, karma is a bitch and that's why when you get loyal people in your life, keep them. (Writing this at 3 am after a few drinks, hopefully, it made sense, I think it does.)

Anyways, goodnight everyone.

So my boss is staring a new security oriented product and he asked one of my colleagues to prepare a presentation about the possible attacks on the product.

During the presentation there was a section on DoS attacks. The boss didn't know what DoS was and after a brief explanation, he interrupted the presentation and said DDoS is not a threat because there is no data stolen. This is a webapp.

So my previous alma mater's IT servers are really hacked easily. They run mostly in Microsoft Windows Server and Active Directory and only the gateway runs in Linux. When I checked the stationed IT's computer he was having problems which I think was another intrusion.

I asked the guy if I can get root access on the Gateway server. He was hesitant at first but I told him I worked with a local Linux server before. He jested, sent me to the server room with his supervision. He gave me the credentials and told me "10 minutes".

What I did?

I just installed fail2ban, iptables, and basically blocked those IP ranges used by the attacker. The attack quickly subsided.

Later we found out it was a local attack and the attacker was brute forcing the SSH port. We triaged it to one kid in the lobby who was doing the brute forcing connected in the lobby WiFi. Turns out he was a script kiddie and has no knowledge I was tracking his attacks via fail2ban logs.

Moral of lesson: make sure your IT secures everything in place.

The fox attacks.

Not going to one because crowds give me panic attacks unless I've had a beer or ten

SuperCell is hiring.. Here is their job description:

Description

We need a new Builder. Are you an independent and passionate maker? Do you love spending 24 hours a day turning wood and gold into walls and defensive buildings? Do you answer the call to build even if that call comes at 4:00 a.m. and you haven’t had a day off in literally five years? If the answer to these questions is “Yes! Yes! A million times yes!” then we have a hammer with your name on it!

The Role

The focus of the Builder is to, uh, build.

You will be responsible for taking instructions from the player and building whenever and wherever they see fit. They say build and you say...well, you don’t say anything, you just build.

The world of Clash of Clans can get intense. Our Builder is expected to build quickly and expertly at all times, even while under great amounts of stress and/or attacks from Barbarians, Archers, Goblins, Giants, Wall Breakers, Wizards, and P.E.K.K.A.s.

Equally as important as building is rebuilding. All of the things you build will inevitably be destroyed, if not immediately, then soon after you just finished building or rebuilding everything. You can’t let it get you down. You must maintain your resolve and rebuild. Fast!

Responsibilities

Must be willing to relocate to the World of Clash
Must build and maintain a wide-range of buildings, statues, and war machines.
Must be on call 24 hours a day, 7 days a week, 365 days a year
Must have up-to-date Level 9 Tesla Tower maintenance certification 
Must have proficiency with building materials both common (wood, stone, etc.) and uncommon (lightning, lava, etc.)

Requirements

Must provide own leather helmet
Must possess a passion for building
Must be comfortable working hands-on with molten lava.
Must adhere to strict dress code (orange sleeveless shirt, brown canvas pants, and boots).
Must speak fluent Barbarian

How to Apply

Send us your qualifications via e-mail to bethebuilder@supercell.com or write out your qualifications and send them to us via Baby Dragon. Either format is accepted. 

We got DDoS attacked by some spam bot crawler thing.

Higher ups called a meeting so that one of our seniors could present ways to mitigate these attacks.

- If a custom, "obscure" header is missing (from api endpoints), send back a basic HTTP challenge. Deny all credentials.

- Some basic implementation of rate limiting on the web server

We can't implement DDoS protection at the network level because "we don't even have the new load balancer yet and we've been waiting on that for what... Two years now?" (See: spineless managers don't make the lazy network guys do anything)

So now we implement security through obscurity and DDoS protection... Using the very same machines that are supposed to be protected from DDoS attacks.

I've always liked the idea of a virus that attacks other viruses. An antivirus virus, if you will. It would infect a computer and clean out all the malware and perform a bunch of random system improvements, then delete itself without a trace. To the end user, one day their computer would suddenly start running a little better for no apparent reason.

Who has a DDOS attack story they want to share ? Dyn put up the good fight today... DDOS attacks can be incredibly difficult to deal with ... Internet of Things devices makes this an even more complicated situation. Outside of calling Prolexic, any vets have some good stories ?

I am Done! I am extremely burnt out and unhappy with my work. I have been doing this professionally for over 5 years now and much longer than that unprofessionally.
This new company I joined finally gave me the salary I always dreamt of but now I am extremely unhappy and depressed and anxious all the time. And I don't like the work I am doing. I don't like the team. I hate being isolated at home for over 2 years, working from home. I had a mental breakdown in the middle of the meeting the other day. And after that, I said. that's it. I am done. So, I gave the resignation letter. I don't know what I am gonna do. But I sure as hell can't do this shit any longer. But now, the fucking hr is making it even more difficult for me by not letting me leave without serving the notice period. I told her I am on fucking medication and I am having severe mental health issues. Now, she wants to see the medical certificate. Or I have to pay two months' salary. WTF? If I had that kind of money lying around, I wouldn't have slaved myself away at your shitty company, would I?
I went to my psychiatrist whom I have been seeing consulting for the last couple of years now. I asked for a medical certificate and he thinks it'll hamper my future career. So, he said I should get a certificate from a general physician. So, that's the world we live in then? You can't even speak the truth? And the way HR is behaving over the mail makes me feel like a total slave. I mean I am not at all fit for work these days, and it feels like, if she had her way, she would tie me down to a chair and ask me to push out code. what the fucking fuck. This is some fucked up industry and I think I am finally done with software development. But now, I don't have any idea what I am gonna do with my life or how am I gonna earn money. I am so burnt out and anxious that even the thought of working again gives me panic attacks. even working from home. What the fuck do I do?

So, packing up and leaving this hell hole.

In the end I just said that I had 2 panic attacks in the last week, and that I am leaving for medical reasons.

I wrote an app (took all morning until now) that tells me which shows and movies Amazon removed from Prime...

I forget why I wanted this... was it just to screw with Amazon because they rejected me....

The app is also going to tell me what movies/shows were added because they can't fucking sort them in chronological order by release date. I don't want movies from pre-1990s that were recently added...

Yes I could search for them manually but it's too fuckin tedious, gotta turn on like 10 filtering options...

And maybe I just want to run mini-DDOS attacks on their servers...

So... did I mention I sometimes hate banks?

But I'll start at the beginning.

In the beginning, the big bang created the universe and evolution created humans, penguins, polar bea... oh well, fuck it, a couple million years fast forward...

Your trusted, local flightless bird walks into a bank to open an account. This, on its own, was a mistake, but opening an online bank account as a minor (which I was before I turned 18, because that was how things worked) was not that easy at the time.

So, yours truly of course signs a contract, binding me to follow the BSI Grundschutz (A basic security standard in Germany, it's not a law, but part of some contracts. It contains basic security advice like "don't run unknown software, install antivirus/firewall, use strong passwords", so it's just a basic prototype for a security policy).

The copy provided with my contract states a minimum password length of 8 (somewhat reasonable if you don't limit yourself to alphanumeric, include the entire UTF 8 standard and so on).

The bank's online banking password length is limited to 5 characters. So... fuck the contract, huh?

Calling support, they claimed that it is a "technical neccessity" (I never state my job when calling a support line. The more skilled people on the other hand notice it sooner or later, the others - why bother telling them) and that it is "stored encrypted". Why they use a nonstandard way of storing and encrypting it and making it that easy to brute-force it... no idea.

However, after three login attempts, the account is blocked, so a brute force attack turns into a DOS attack.

And since the only way to unblock it is to physically appear in a branch, you just would need to hit a couple thousand accounts in a neighbourhood (not a lot if you use bots and know a thing or two about the syntax of IBAN numbers) and fill up all the branches with lots of potential hostages for your planned heist or terrorist attack. Quite useful.

So, after getting nowhere with the support - After suggesting to change my username to something cryptic and insisting that their homegrown, 2FA would prevent attacks. Unless someone would login (which worked without 2FA because the 2FA only is used when moving money), report the card missing, request a new one to a different address and log in with that. Which, you know, is quite likely to happen and be blamed on the customer.

So... I went to cancel my account there - seeing as I could not fulfill my contract as a customer. I've signed to use a minimum password length of 8. I can only use a password length of 5.

Contract void. Sometimes, I love dealing with idiots.

And these people are in charge of billions of money, stock and assets. I think I'll move to... idk, Antarctica?

I was working in a manufacturing facility where I had hundreds of industrial computers and printers that were between 0 and 20 years old. They were running on their own clean network so that someone has to be in the manufacturing network to access them. The boss announced that the executives will be pushing a “zero trust” security model because they need IoT devices. I told him “A computer running Windows 98 can’t be on the same VLAN as office computers. We can’t harden most of the systems or patch the vulnerabilities. We also can’t reprogram all of the devices to communicate using TLS or encrypt communications.“ Executives got offended that I would even question the decision and be so vocal about it. They hired a team to remove the network hardware and told me that I was overreacting. All of our system support was contracted to India so I was going to be the on-site support person.

They moved all the manufacturing devices to the office network. Then the attacks started. Printers dumped thousands of pages of memes. Ransomware shut down manufacturing computers. Our central database had someone change a serial number for a product to “hello world” and that device got shipped to a customer. SharePoint was attacked in many many ways. VNC servers were running on most computers and occasionally I would see someone remotely poking around and I knew it wasn’t from our team because we were all there.

I bought a case of cheap consumer routers and used them in manufacturing cells to block port traffic. I used Kali on an old computer to scan and patch network vulnerabilities daily.

The worst part was executives didn’t “believe” that there were security incidents. You don’t believe in what you don’t understand right?

After 8 months of responding to security incident after security incident I quit to avoid burning out. This is a company that manufactures and sells devices to big companies like apple and google to install in their network. This isn’t an insignificant company. Security negligence on a level I get angry thinking about.

We were going over man in the middle attacks today and I honestly just could not stop thinking about that SpongeBob episode where Squidward keeps intercepting the bubble messages between SpongeBob and Patrick and it was so dumb that I could not stop smiling.

Sort of !dev

I can't do school anymore. I get so many panic attacks. I was shaking the entire time I was writing my essay today. It's hard to focus when your brain is fucking freaking out. I'm missing deadlines, failing tests left and right.

Real talk, I'm not dumb. This was never a problem. My University fucked me up and now I can't even look at an assignment without an electric feeling and I don't know what to do.

I had a panic attack during the opening crawl of Star Wars. I had to leave the theater. My anxiety is going to give me a heart attack one of these times. I'm 18, why am I experiencing health issues like this?

School isn't done right. How could this be the intended effect?

Damn hackers! Within the course of a week, the internet of my country has been DDOS-attacked three times! Last week the attacks came from Russia or China". Yesterday they came from Russia and Ukraina. Is this a part of the Russian military exercises Zapad 17? Well, when an important part of the infrastructure is down and thousands of civilians are affected, it's for real and not an exercise.

Woo crunch time! The 3 panic attacks a day, no sleep, massive guilt complex, caffiene addiction, lack of seeing my wife, phone breaking(calling doesn't work), lawn needing mowing, upper management bothering all of my team, more guilt, more panic, inferiority complex, theory that coworkers think I am slacking, and technology just not working because the machine spirit decided I pissed it off is starting to get to me a little.

So today i went to another town for a car service, and by accident i met a very old man looking at the cars in the saloon, he was very calm person, in conversation he said he was system analyst and a COBOL developer in a big industry... but what got me the most he said he survided FOUR heart attacks... i don't know if that was a common practice for COBOL developers but i do php most of the time... so... i just wanted to say hello guys... and delete my browser history if i'm not around for some time :)

I setup an email server a couple of months ago.

The amount of port scans and brute force attacks I've received this month alone is awful.

JUST SOD OFF ALREADY, PLEASE.

“It wasn’t my fault!” -person sentenced to 40 years in jail for cyber attacks.

This was a long time ago, when I was working part time in my uni helpdesk. as part of the uni IT service, they offered ISP services at the dorms. It was cheap, and fast. This essentially allowed students living in the dorms to connect thier personal computers to the uni LAN. Then one day...
An ARP poison malware infected some of those computers. An arp poison attack is simple (look at ettercap) - it redirects network traffic via the affected computer, and adds malware to webtraffic to infect more computers. One of these on a network is bad enough, but when there more then one... traffic was redirected a lot. this caused the Dorm switches to collapse under the load. Fun times to work at the helpdesk...
The IT guys came up with a solution for this: they blocked the arp poision attacks at the firewall, and then disabled the switch port for the infected computer for 24 hours. so, when someone called with 'I have no internet!', we told them to bring us the computer, and installed an AV on it.
3-4 month the problem was cleared.

I’m fairly new to maintaining my own webservers. For the past week the servers (two of them) kept crashing constantly.

After some investigation I figured it was due to someone running a script trying to get ssh access.

I learned about fail2ban, DOS and DDOS attacks and had quite a fight configuring it all since I had 20 seconds on average between the server shutdowns and had to use those 20 second windows to configure fail2ban bit by bit.

Finally after a few hours it was up and running on both servers and recognized 380 individual IPs spamming random e-mail / password combos.

I fet relieved seeing that it all stopped right after fail2ban installation and thought I was safe now and went to sleep.

I wake up this morning to another e-mail stating that pinging my server failed once again.

I go back to the logs, worried that the attack became more sophisticated or whatever only to see that the 06:25 cronjob is causing another fucking crash. I can’t figure out why.

Fuck this shit. I’m setting another cronjob to restart this son of a bitch at 06:30.

I’m done.

!rant

MASSIVE UPGRADE ROUND 2:

We took it by steps, the DBA did his portion and I did mine, we had waited for the entire thing to be finalized today on Sunday since our users are probably jerking off to their waifus (as they should) and today was my part. MA BOE the DBA was with me the entire time and the whole process took us about 4 hours of both of us getting multiple heart attacks here and there and praying to the elder gods of Asgard for their devine protection as we venture into the calamity of fire and juten ass mfkers that are our fucking servers for this particular process.

Man I really hope for the pandemic to be over and take my dude out for a nice beer, some wings and some relaxation time.

Best DB/Dev team I have ever been with.

Hey, we need a service to resize some images. Oh, it’ll also need a globally diverse cache, with cache purging capabilities, only cache certain images in the United States, support auto scaling, handle half a petabyte of data , but we don’t know when it’ll be needed, so just plan on all of it being needed at once. It has to support a robust security profile using only basic HTTP auth, be written in Java, hosted on-prem, and be fully protected from ddos attacks. It must be backwards compatible with the previous API we use, but that’s poorly documented, you’ll figure it out. Also, it must support being rolled out 20% of the way so we can test it, and forget about it, and leave two copies of our app in production.

You can re-use the code we already have for image thumbnails even though it’s written in Python, caches nothing and is hosted in the cloud. It should be easy. This guy can show you how it all works.

When i started my work I encoubtered this db(one of 4): more than 20 tables, some with 200 columns literally... EVERYTHING is a varchar 😓.

I'm slowly designing some normalized tables with real fk on new features and projects and people are like: how the fuck did you implement this feature so fast? the other guy spent 3 months designing this form (and I'm just speechless):

The form was some sort of crazyness shit passing input names as "name-of-property" and a file only to check if(name="string") then store a number value to an array and save it as a "number" (actually varchar) on the db. literally more than 50 if statements to do this.

Everything on a single table that made no sense at all.

Just wtf... At least my boss let me start if from scratch cause he we were always having panick attacks every time he needed to do something with it. 😂😂

So I enventually spent 2 years working for that company with a strong b2b market. Everything from the checkouts in their 6 b2c stores to the softwares used by the 30-people sales team was dependant on the main ERP shit home-built with this monstruosity we call Windev here in France. If you don't know it just google and have some laugh : this is a proprieteray FRENCH language. Not french like made by french people, well that too, but mostly french like the fucking language is un fucking french ! Instructions are on french, everything. Hey that's my natural language okay, but for code, really ?

The php website was using the ERP database too, even all the software/hardware of the massive logistic installation they had (like a tiny Amazon depot), and of course the emails of all employees. Everything was just handled by this unique shitty and so sloooooow fucking app. When there was to many clients on the website or even too many salespeople connected to the ERP at the same time, every-fuckin-piece of the company was slowing down, and even worse facing critical bugs. So they installed a monitor in the corner of a desk constantly showing the live report page of Google analytics and they started panic attacks everytime it was counting more than 30 sessions on the website. That was at the time fun and sad to observe.

The whole shit was created 12 years ago and is since maintened locally by one unique old-fashion-microsoft dev who also have to maintain all the hardware of all the fucking 150+ people business. You know, when the keyboard of anyone is "broken" cause it's unplugged... That's his job too. The poor guy was totally overstressed on a daily basis and his tech knowledge just saddly losts themeselves somewhere in the way. He was my n+1 in a tech team of 3 people : him, a young and inexperimented so-called "php developer" who was in charge of the website (btw full of security holes I discovered and dealed with when I first arrive at the job), and myself.

The database was a hell of 100+ tables of business and marketing data with a ton of specific logic added on-the-go during years. No consistent data model or naming. No utf8. Fucked up relations that ends with queries long enough to fill books. And that's not all, all the customers passwords was just stored there uncrypted. Several very big companies and administrations were some of these clients. I was insisting on the passwords point litterally all the time, that was an easy security fix and a good start... But no, in two years of discussions on the subject I never achieved to have them focusing on other considerations than "our customers like that we can remind them their password by a simple phone call if they lost it". What. The. Fuck. WHATTHEFUCK!

Eventually I ran myself out of this nightmare. I had a few bad jobs already, and worked on shitty software already. But that one really blows my mind (and motivation for a time too). Happy it's over.

Stress made me fall into old habits of instead of saying stop and letting my team now that I was falling apart (not realising it myself even) I just kept saying "Yes, I fix that." to every single request that was made in the project.

The closer we got to the deadline, the more I hyperfocused and ignored the signs. I just kept working. The last two days I didn't even sleep.

Of course the launch botched. I finally broke down and both my mind and my body have given up, since yesterday I'm in a mental feedback loop causing continuous anxiety attacks and migraines. I literally CAN'T do anything but trying to not go back into fight- or flight mode and remember to breathe.

I FINALLY made my project manager aware (something I should have done days ago) that I am incapacitated and now I am waiting for medication (Oxazepam) to be picked up at the pharmacy by my husband.

I almost literally worked myself into the ground.

I've been here before. Never again.

This is what happens if you don't listen to your mind and body and put up a white flag in time.

Unnamed hacking game - "terminal" graphics
-Multiplayer. Last man standing.
-Like a tower-defence game but technical
You work for a company that has outsourced their technical department to Bykazistan, a country with good internet and bad laws. On one hand, labor is very cheap! There are no pesky laws protecting workers, so you don't need to pay them what they're worth. Phew. However, there are also no laws against cyber crime. But for a start-up like you, the risk is worth the reward!
...which would be great! If you were the only company with that idea. As it turns out, you aren't. All of your competitors also recently outsourced to Bykazistan, and that could be an issue.
You would be afraid, but you are a hardened businessman. You are familiar with the cut-throat nature of the business world and where others see risk, you see opportunity. Let the games begin.
Your mission is to protect your ciritical assets at all costs, eliminate your opponents, and make ciritical financial decisions - all while maintaining your uptime!
Build a botnet and attack your competition to decrease their uptime and disable their attacks. Port scan your opponents to learn more about their network, but beware of honeypots! Initiate devastating social engineering attacks - and train your employees against them! Brute-force their credentials, and strengthen your own.
Make sure to keep your software patched...

You know you're passionate about computers when your completely immune to scams and phishing attacks but the mention of laptop stickers makes you type a rant about it. ~(￣▽￣)~

So, these guys came to me at work, asking if I knew how the "Low Orbit Scanner" worked...
I said: "no, what's that?"
They said: "It's that tool used for DDoS attacks"
So I replied: "Oh you mean Low Orbit Ion Cannon"
them: "yea that, you know how it works?"
me: "ye, but what do you want to use it for?"
them: "just want to learn how it works"
me: "you download it, run it then fill out the things?"
them: "but I tried it and it doesn't take out the server I tried"
me: "Means your PC is to much of a filthy casual, buy a new one"
them: "can't you help us getting it more effective"
me: "yes, but I rather not end up in jail... I have a job and a clean document..."

The looks of their faces, love to see that disappointment of my colleagues when I say (or atleast hint): "go figure it out yourself"

Conversation yesterday (senior dev and the mgr)..

SeniorDev: "Yea, I told Ken when using the service, pass the JSON string and serialize to their object. JSON eliminates the data contract mismatch errors they keep running into."
Mgr: "That sounds really familiar. Didn't we do this before?"
SeniorDev: "Hmmm...no. I doubt anyone has done this before."
Me: "Yea, our business tier processor handled transactions via XML. It allowed the client and server to process business objects regardless of platform. Partners using Perl,
clients using Delphi, website using .aspx, and our SQLServer broker even used it."
Mgr: "Oh yea...why did we stop using it?"
Me: "WCF. Remember, the new dev manager at the time and his team broke up the business processor into individual WCF services."
Mgr: "Boy, that was a crap fest. We're still fighting bugs from the mobile devices. Can't wait until we migrate everything to REST."
SeniorDev: "Yea, that was such a -bleep-ing joke."
Me: "You were on Jake's team at the time. You were the primary developer in the re-write process saying passing strings around wasn't the way true object-oriented developers write code.
So it's OK now because the string is in JSON format or because using a JSON string your idea?"

SeniorDev turns around in his desk and puts his headphones back on.

That's right you lying SOB...I remember exactly the level of personal attacks you spewed on me and other developers behind our backs for using XML as the message format.

Keep your fat ass in your seat and shut the hell up.

I fucking hate this low level programming shit. The fucking buffer overflow attacks and the whole understanding of the system architecture just goes over my mind. Can anyone who has found relatively useful resources be kind enough to refer them to me so my stupid mind can understand that better?

First rant! I hate being OnCall. I'm just out of college, give me some time to ramp up without these panic attacks.

Game for coders or really anyone interested in programming where you have simulated network on which you can perform attacks

#confession

I don't know what you guys think but I freaking love programming my own Minecraft client. It sounds childish but I love to see server owners rage when they see their Servers dying because of my exploits. It's a good feeling.

But I got 3 DOS attacks afterwards so there is a high risk to make lifetime enemy's.

Let us all post our dark side of knowledge and the shit we have done to amuse ourselves!

browser extension to 100% protect against phishing attacks

With the recent attacks by governments and corporations on our freedom, I feel like this is more relevant than ever.

"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." (Benjamin Franklin)

I went to uni for CompSci with knowing no prior knowledge.

In my first year of uni I created a DigitalOcean droplet to host an SQL server. I didn't change the root password or disable password login out of convenience and as I didn't think anyone would be able to find the IP address to be able to hack it.

Within 3 hours DigitalOcean had locked my account for using my droplet to send DDoS attacks. Support contacted me to ask what was going on. I knew nothing at the time so I was a bit 🤷‍♂️.

And that's when I learned the importance of changing your root password.

I worked for a company that was in entertainment news. Specifically rock music.

On the terrible night of the Battaclan (spelling?) terror attacks in Paris. Few years ago our site was one of the first to run the story (the main attack happened at a rock concert). Anyway the tech debt that we’d been complaining about for months reared it’s head. The site got so much traffic that it was just fucked all night. Literally couldn’t get the databases back up for about 7 straight hours.

When you're panic attacks stop Midway as you realise you don't have the time to deal with that shit you know you need a break

The more I'm on here the more I remember all the shit I have had to deal with in the past.

Anyway, lets rant! I just moved cities after college to be closer to my family, I didnt have any work lined up at that stage but started job hunting the moment I was settled in, I did some freelance for smaller companies to stay afloat.

Eventually I got a job at this agency startup where "SEO" was there main focus, still very inexperienced they put me on frontend and data capturing but will teach me how to code using their systems in due time. At this stage I was getting paid minimum wage, but I was doing minimum work and it wasnt that bad.

A new investor bought 49% of the company and immediately moved into the office space to focus more on marketing (He was one of those scaly marketing guys that will sell you babies if he could get his hands on enough to make a profit).

This is where everything starts going to shit. He hires a bunch of "SEO Gurus", fills up the small office with people like sardines squished together. Development was still our main money maker at this stage, so there where 3 new more senior developers at this stage and I started learning a lot really fast.

Here are some of the issues we had to deal with:

1. Incentives - Great more money, haha! No, No, you where 5 minutes late so you only get half of the promised amount.

2. For every minute you are late we will deduct it from you paycheck (Did I mention I was getting paid minimum wage).

3. If you take a smoke break we will dock it from your pay.

4. Free gym membership to the gym downstairs, but you can only go once a week during your lunch.

5. No pay raises if you cant prove your worth on paper.

He on purposely made up shitty rules and regulations to keep us down and make as much profit as he could.

Here are some shitty stuff he has done:

1. We arent getting a 13th check this year because the company didnt make a big profit - while standing next to his brand new BMW.

2. Made changes over FTP on clients work because we where too slow to get to it, than blames me for it because its broken the next day and wants to give me a written warning for not resolving the issue Immediately. They went as far as wanting to fire me for this, gave me 1 day notice for meeting and that I can bring a lawyer to represent me (1 day notice is illegal, you need 5 days where I am from), so I brought a lawyer since my mom was a lawyer. They freaked the fuck out and started harassing me about this a week later.

3. Would have meetings all the time about how much money the company is making, but wont be raising our pay since no one has proven they are worth it yet.

4. Would full on yell at employees infront of the entire office if they accidentally made an mistake on a clients project.

One one occasion I took a week off for holiday, my coworker contacted me to ask a question and I answered that I will handle it when I am back the following week. Withing 2 hours my other boss phones me in a rage, "he is coming to fetch the company laptop from my house in 5 minutes, he will let me know when he arrives. Gives me no time to talk at all and hangs up - I have figured out what has happened by now so when he showed up he has this long speech about abandonment, and trust and loyalty to the company. So I pass him my laptop once he shut up and said: "You do know I am on holiday leave which you approved, right?", he goes even more silent and passes me back my laptop without saying anything, and drives off.

While the above was happening Douche manager back at the office has a rage as well and calls the whole office (25 people) to a meeting talking about how I abandoned the company and how disgraceful that is.

Those are the shitty experiences I can remember, there where many more like this. All of the above eventually led to me going into a deep depression and having panic attacks weekly, from being overworked or scared to step out of line. Its also the reason I almost stopped coding forever at that stage. I worked there for 2.5 years with the abuse.

I left 2 weeks after the last shit show, I am ok now and have my anxiety and depression well under control if not almost gone completely.

Ran into Douche Manager a few months ago after 9 years, the company got bought out and the first person they fired was him. LOL! He now has his own agency and is looking for Developers (They are hard to find he says), little does he know I spread his name far and wide to all and every Dev I knew and didnt know to avoid working for him at all costs. Seems like word of mouth still works in this digital age.

Thanks for reading this far!

Old unused military satellite to make international calls free. Local tv station to leak episodes. 4500 hosts zombie net with autoreplicant bots that scans for vulnerability to populate the net to do distributed denial of service attacks. Jumper on the neighborhood cabin to redirect the school's call for being absent, an older friend pretended to be my father.

I dunno if you gents remember the Nickelodeon show known as Drake and Josh.

It was pretty big in Mexico and the U.S.

Well, one of the characters from that show is the singer/actor Drake Bell.

For a while, Drake Bell would **constantly** tweet about how much Justin Bieber sucks.

I aint denying that Justin Bieber sucks, i don't like his music at all.

But the constant attacks came out as jealousy, at least to me.

What does this has to do with development or even computers? Well this is EXACTLY how I feel about Louis Rossman CONSTANTLY making videos about apple products.
We get it man we really do, sadly for a lot of us the only way to get ios development done is through a fucking Mac

EVEN if his whiny ass is right about the hardware not being top notch and all that shit I AM still not able to explain a 2013(early...as in january) macbook pro still working with literally NO fucking problems. Before that the other macbook was just changed because we wanted the 2013 model. The thing worked, the one before did so too and the 2017 model that I have works, amazingly so i will add.

Still, the army of dell,hp and lenovo laptops that I've had before just died or are not functioning properly. Either it is my shit luck or Apple's "shitty hardware" got something really fucking right.

I think its retarded really. If you don't like them then fine, you don't have to, personally I fucking love all computers and os, but I don't get fanboys hating for the sake of hate.

the fuck you care if I spend 2500 on a computer? I would the same shit for your mom and the computer would last me longer.

Does owning multiple macs make me better than you? No

Does this mean that you are piss poor and can't afford shit and that is why you are hating? No

Will I call you <insert number of insults> gor your choice of pc or os? No

What is retarded is this: you all are DEVELOPERS(at least a good chunk) and your ass better fucking know that some people USE a certain tool because IT IS THE RIGHT ONE FOR THE JOB.

It is a damn fine operating system, a really good computing experience. It ain't your taste? Fine, das cool, but for fucks sake it does not mean that the other people are idiots or whatever.

Grow the fuck up and get yourself an opinion.

On a previous job, my coworkers were jealous because I started going out for lunch some days of the week instead of staying with them at the office kitchen. So every time I went out, I came back to find some kind of small prank, and also a sign reading "Lunch Break Maffia Attacks Again". Once they made garlands by glueing/taping together a lot of sauce packets (mayonnaise, ketchup, and so on) in different patterns and decorated my whole box with them.

What do you do when your redirect doesn’t go where you tell it?

Clearly I’m missing something.

I stepped through the code, following the failure path of Sheogorath’s Recaptcha. It fails as expected, and hits this redirect before doing anything else:

`return redirect_to new_user_session_path`

I verified that this redirects to the “/users/sign_in” path, and it returns so the server doesn’t even try to authenticate the user. It just nopes out as it should to prevent timing attacks.

But somehow instead of doing that and redirecting as it should, it signs the user in and redirects somewhere else entirely: the role select page, which only happens after authenticating an admin user. It never even hits my breakpoint after the recaptcha check! It never authenticates!

I think what I’m missing is my old reality where things made sense.

A new system developed at CSAIL was shown to have stronger security guarantees than Intel's existing approach for preventing so-called "timing attacks" like Meltdown and Spectre, made possible by hardware vulnerabilities.

Image courtesy of Graz University of Technology

I wanna go back to the age where a C program was considered secure and isolated based on its system interface rathe than its speed. I want a future where safety does not imply inefficiency. I hate spectre and I hate that an abstraction as simple and robust as assembly is so leaky that just by exposing it you've pretty much forfeited all your secrets.
And I especially hate that we chose to solve this by locking down everything rather than inventing an abstraction that's a similarly good compile target but better represents CPUs and therefore does not leak.

Novice computer enthusiasts argue that an application is safe because it's end-to-end encrypted.. but they don't realize this doesn't guarantee safety because of MITM attacks on possibly exploitable midpoints.

A good example of this is mail servers using TLS 1.2 but one or two of them not verifying certificate autorities.

First time programming for work... Man in the middle student password changes. Yep that's right I'm being asked to write a program that will change students passwords on their Google accounts and local domain while also keeping a decryptable format password in a database. Granted it's much better than not letting students change their passwords at all. Plus were doing it because it will let us fix their issues while their out of school so...

!$rant

Hmm.. I kinda want to add a terminal type feature to my portfolio project that let's you type commands to navigate the site or change some options. I could still keep the standard navigation elements for the people who get mini heart attacks when they even see a terminal xD

Many ATMs here in India are planning to upgrade from Windows XP due to the wannacry ransomware attacks.
I literally want wannacry to seize my data so that i can go ahead and pay them 600$ to do something that even the FUCKING GOVERNMENT wont do.

Analogy: Assume a JVM is a kingdom, Object is a king of the kingdom, and GC is an attacker of the kingdom who tries to kill the king(object).
When King is Strong, GC can not kill him.
When King is Soft, GC attacks him but King rule the kingdom with protection until resource are available.
When King is Weak, GC attacks him but rule the kingdom without protection.
When king is Phantom, GC already killed him but king is available via his soul.

So Phantom ref is basically GC saying "Omaewa mo shindheru" and the object saying "Nani???"

I know this is selfish, but this whole COVID-19 thing is driving me insane. The virus and quarantine I don't mind too much. What gets me is the number of people I see every single day having legit panic attacks because they can't buy "x" right now and it's the end of the world. I can't stand people who are literally in tears because they have to take an extra day off of work each week because of the state of the economy. I've been virtually unemployed for two years (not for lack of trying) and borderline homeless for six months. Grow up. You have a Lexus, a Range Rover, and a four bedroom house for you and your partner.

Is it OK to punch a game dev who codes stupid numeric bugs?

So my wife got into Stardew Valley, that admittedly awesome comfort game farming simulator.
She went pretty far in the game, and found some item that was supposed to highly increase the damage she could inflict onto cute little monster thingies.
It didn't work as intended.
Since equipping the piece of shit all her hits did 0 damage. She tossed the item away but the problem persisted. And on and on...
She took to the googles to try and find some explanation, and apparently that is a fairly common bug for mobile devs.
Then she called in the big guns (that is how I'm calling myself in this case, you will see why).

Apparently there is some buggy piece of shitcode somewhere in the game with a numerical insecure routine that overflows the attack modifier. I.e. if it was supposed to increase from 1.990 to 2.010, it actually went all the way down to -0.4.
She was lucky her attacks weren't increasing the monsters' HP.

We found a forum post where some dude said that he managed to edit the game save file and reset the negative-value attack increase modifier variable. Seems easy enough at first, but my wife uses iOS. Nothing is ever so straightforward with apple stuff.

We did get to the save file, she emailed it to me (the file has no extension and no line breaks in it, so we facepalm'd on a couple attempts at editing it directly).
I finally manage to get it into my personal 11-yo laptop... that won't open a single line file that big.

Cue the python terminal. Easy enough to read the file into a string var and search for the buggy XML tag. Edit the value and overwrite into a new file. Send it back to her by email. Figure out how to overwrite the file in iOS.

Some tense moments while the game reloads... and it works!!!! Got some serious hubby goodwill points here.
Srsly, this troubleshoot process is not for technophobes. It is out of reach to pretty much every non-techy user.

And now back to the original question: If I ever manage to find the kid who coded a game-breaking numerically unsafe routine and shipped it as if every test in the planet had waved it bye-bye, can I punch them? Or maybe buy them a beer, let's see how I get to cash that hubby goodwill tonight :)

The most powerful weapon an engineer can ever have, is his mind.

What happens when someone attacks the mind and their mind is the system with most power?

When you attack the central system with most power of any person, they become extremely vulnerable and defenseless.

What happens when the mental state of an engineer has been attacked and damaged?

How to focus with a damaged mind?

I paid $55 for a therapy app on the ios store with binaural waves sound programming and mind healing sounds.

It helps. But temporarily. When the attacker gets in sight, the mind becomes vulnerable again.

How to develop a strong mind that can not be disturbed by external real world triggers or attackers?

Argh.
I am backend web dev, which has nice software developer role, with later going to dive into devops a bit more.
And yet some people don't understand when they are told No!

I will not accept being hired for short terms job of sysadmin.

To make it worse it is offered by my mother.
She works for some person who has multiple web sites, and they suffer from some sort of attacks.

I am having no time for this. I work and learn 95% of my time.

I don't care what they offer. According to what I heard she works for corrupt person, and she already offered illegal work few days ago to me.

Thanks, no. They deal with too big sums of money, I dont wish to be arrested or killed. I have a good job, planned schedule for next half of year and my own life.

I need guidance about my current situation.
I am perfectionist believing in OOP, preventing memory leak in advance, following clean code, best practices, constantly learning about new libraries to reduce custom implementation & improve efficiency.
So even a single bad variable name can trigger my nerves.

I am currently working in a half billion $ IT service company on a maintenance project of 8 year old Android app of security domain product of 1 of the top enterprise company of the world, which sold it to the many leading companies in the world in Govt service, banking, insurance sectors.

It's code quality is such a bad that I get panic attacks & nightmares daily.

Issues are like
- No apk obfuscation, source's everything is openbook, anybody can just unzip apk & open it in Android Studio to see the source.
- logs everywhere about method name invoked,
- static IV & salt for encryption.
- thousands of line code in God classes.
- Irrelevant method names compared to it's functionality.
- Even single item having list takes 2-3 seconds to load
- Lag in navigation between different features' screens.
- For even single thing like different dimension values for different density whole 100+ lines separate layout files for 6 types of densities are written.
- No modularized packages, every class is in single package & there are around 100+ classes.

Owner of the code, my team lead, is too terrified to change even single thing as he don't have coding maturity & no understanding of memory leak, clean code, OOP, in short typical IT 'service' company mentality.

Client is ill-informed or cost-cutting centric so no code review done by them in 8 years.

Feeling much frustrated as I can see it's like a bomb is waiting to blast anytime when some blackhat cracker will take advantage of this.

Need suggestions about this to tackle the situation.

Doing a talk on 'Security in PHP' and live demo on web attacks and safeguard tips this Saturday. Any tips fellow Ranters...?

Is it a good idea to hack the website of my previous condescending and irrational boss? and do social media attacks on their online pages as well?

A new YouTube (AI) tool by google for battling misinformation failed in a highly public way on Monday, wrongly linking video of the flaming collapse of the spire at Notre Dame Cathedral in Paris to the Sept. 11, 2001, terrorist attacks.

What are you guys doing against brute force attacks on your login webpages? I don't want anybody to access my porn ( ͡° ͜ʖ ͡°). But I don't want to block the useraccount because that would be annoying because you could simple lock a user out of his account :/ any suggestions? What are you doing on your sites?

Oh shit, I love DDoS attacks. FML...going to have nightmares after today

Headsup: if you're making a game, or want to, a good starting point is to ask a single question.
How do I want this game to feel?

A lot of people who make games get into it because they play and they say I wish this or that feature were different. Or they imagine new mechanics, or new story, or new aesthetics. These are all interesting approaches to explore.

If you're familiar with a lot of games, and why and how their designs work, starting with game
feel is great. It gives you a palette of ideas to riff on, without knowing exactly why it works, using your gut as you go. In fact a lot of designers who made great games used this approach, creating the basic form, and basically flew-blind, using the testing process to 'find the fun'.

But what if, instead of focusing on what emotions a game or mechanic evokes, we ask:
How does this system or mechanic alter the
*players behaviors*? What behaviors
*invoke* a given emotion?

And from there you can start to see the thread that connects emotion, and behavior.

In *Alien: Isolation*, the alien 'hunts' for the player, and is invulnerable. Besides its menacing look, and the dense atmosphere, its invincibility
has a powerful effect on the player. The player is prone to fear and running.

By looking at behavior first, w/ just this one game, and listing the emotions and behaviors
in pairs "Fear: Running", for example, you can start to work backwards to the systems and *conditions* that created that emotion.

In fact, by breaking designs down in this manner, it becomes easy to find parallels, and create
these emotions in games that are typically outside the given genre.

For example, if you wanted to make a game about vietnam (hold the overuse of 'fortunate son') how might we approach this?

One description might be: Play as a soldier or an insurgent during the harsh jungle warfare of vietnam. Set ambushes, scout through dense and snake infested underbrush. Identify enemy armaments to outfit your raids, and take the fight to them.

Mechanics might include

1. crawl through underbrush paths, with events to stab poisonous snacks, brush away spiders or centipedes, like the spiders in metro, hold your breathe as armed enemy units march by, etc.

2. learn to use enfilade and time your attacks.

3. run and gun chases. An ambush happens catching you off guard, you are immediately tossed behind cover, and an NPC says "we can stay and fight but we're out numbered, we should run." and the system plots out how the NPCs hem you in to direct you toward a series of
retreats and nearest cover (because its not supposed to be a battle, but a chase, so we want the player to run). Maybe it uses these NPC ambushes to occasionally push the player to interesting map objectives/locations, who knows.

4. The scouting system from State of Decay. you get a certain amount of time before you risk being 'spotted', and have to climb to the top of say, a building, or a tower, and prioritize which objects in the enemy camp to identity: trucks, anti-air, heavy guns, rockets, troop formations, carriers, comms stations, etc. And that determines what is available to 'call in' as support on the mission.

And all of this, b/c you're focusing on the player behaviors that you want, leads to the *emotions* or feelings you want the player to experience.

Point is, when you focus on the activities you want the player to *do* its a more reliable way of determining what the player will *feel*, the 'role' they'll take on, which is exactly what any good designer should want.

If we return back to Alien: Isolation, even though its a survival horror game, can we find parallels outside that genre? Well The Last of Us for one.

How so? Well TLOU is a survival third-person shooter, not a horror game, and it shows. Theres
not the omnipresent feeling of being overpowered. The player does use stealth, but mostly it's because it serves the player's main role: a hardened survivor whos a capable killer, struggling through a crapsack world. The similarity though comes in with the boss battles against the infected.

The enemy in these fights is almost unstoppable, they're a tank, and the devs have the player running from them just to survive. Many players cant help but feel a little panic as they run for their lives, especially with the superbly designed custom death scenes for joel. The point is, mechanics are more of a means to an end, and if games are paintings, and mechanics are the brushes, player behavior is the individual strokes and player emotion is the color. And by examining TLOU in this way, it becomes obvious that while its a third person survival shooter, the boss fights are *overtones* of Alien: Isolation.

And we can draw that comparison because like bach, who was deaf, and focused on the keys and not the sound, we're focused on player behavior and not strictly emotions.

So easy to make typographic attacks on image recognition models.

Depending on your implementation, you may need to change your entire model.
FML.

Need help from fellow devs.
It's been at least 3-4 years and it's getting worse.
I keep being demotivated, forgetful, inconclusive and not on point with code. (Yeah I know, I rant about angular, but that's a 10 years hate).

Today I'm supposed to do some table component that has pagination, buttons and shit in angular (yeah.... from scratch, they want to design the whole thing from 0) and I'm getting all confused by managing pagination, input to angular components, and all the simple stuff that I'VE DONE COUNTLESS TIMES.

I keep forgetting details, small meetups (under 20 mins) where we discuss lot of small details of implementation and I loose a lot of the details, forget a lot of stuff and have an hard time to put all the info togheter in a meaningful group of informations to have all the information available in an usable way at the moment of developing code.

Often I get rage outbursts because I don't understand things like before and I have to read and write down every fucking thing.
Often I get discouraged because I get lost in the details of big projects.

I have a lot of experience and that's what keeps me afloat.

I got panick attacks for small things and I never had panick attacks.

I feel I would need to stay away at all from programming for 2 months to have some passion back in it.

My mind is exhausted.

Some new brilliant colleagues joined the company and so I feel compelled to compete
and it works solely thanks to my superior experience.

I feel like a total dumbass and mentally challenged now.

Is it burnout? is it depression? What is it?

Well after working a normal office job for a while I'm kinda starting to think I thrive on isolation.

All of the people, the noise, the distractions, the lights, it's all so overwhelming. I have constant anxiety attacks.

Idk does anyone relate with this? We're they ever able to overcome? Cope? Bend their employer to the will of their isolationism by working at home more often and still producing results despite the Beck and call to "please stay in the office and fit in our prescribed work time box, you robot."

Biggest interview of my entire life is coming up on Thursday. I really need this to go well - it's more than double my current salary, at a time where I'm really starting to struggle to make ends meet. There's an actual "team", and from my interactions with them over the last four interviews, I think they're cool people. It's still a little unusual, because although there's a team or cohort of seniors that I'd be joining, every senior developer is still somewhat siloed, leading their own juniors. I'd also get to be remote 75% of the time, which I think I've realized is a "must have" benefit.

I don't know if it's coincidental or just bad timing then that I've been having episodes of pretty intense vertigo and panic attacks far more frequently than normal lately - even before I had this interview lined up. I realized recently that I must have some kind of anxiety disorder. I don't know if that's from the military, or just from being fucked up via my own missteps. But I can't keep having these attacks.

Anyone who's willing to share - I don't really have anyone to ask. How do you deal with this type of thing? I went to see a shrink last year, but he just gave me pills that replaced these issues with others.

At Rackspace there are lights on the walls that go off for things like ddos attacks, fire alarm, etc. The being a code rainbow. Meaning "evacuate the building".

Every time we deployed to prod I always joked one day that it would fail so spectacularly that it would cause a code rainbow.

“httpOnly cookies prevent XSS attacks”… wow.
As if not being able to get your cookies is going to stop me from doing bad things.

When I'm in via XSS, it's over. I'm changing the page content to your sign-in form with “please sign in again” notice, but it sends email/password straight to me. What percentage of users is going to enter their data? What do you think? With password managers prefilling data, and the annoyance being one “enter” hit away, I think a lot of users will fall for that. No one, including you, will be able to tell the difference without devTools.
You can rotate the session token, but good luck rotating the user's password.

Oh, did I tell you I could register a service worker using XSS that will be running in background FOREVER?

But don't listen to me. Don't think. Just use httpOnly and hope for the best. After all, your favorite dev youtuber said they could protect you from XSS.

WTF kind of bullshit software is sonar.
I can't deploy my application because sonar is telling me that there is a vulnerability. So I look at it. IT'S A FUCKING DEV DEPENDENCY. Are you fucking serious sonar? I can't deploy because a dev dependency has a vulnerability that allows DOS attacks. What the fuck do you think will happen?! I'm going to DOS my own fucking application whilst coding or what? Who the fuck would even care?!
I fucking hate our Pipeline, all the tools behind it operate like shit. the only thing positive about it, is that I am able to deploy applications myself without having to call someone and wait a week. Because putting a file in a directory is hard ._.

GitHub doesn't give a shit about DDoS attacks lol

!rant
I didn't know that working with React will destroy my confidence like this, I know that coding is hard but being tasked to build a front end for a large project with React and use React Boilerplate (which is not for beginners) just a month after starting my first job as a front end developer is nowhere to be the perfect start to one's career.

the quarantine did not help, it made it worse, I have so much fear that I can't even see my code, I even wanted to write some simple side project to retake some confidence but I can't, I want to tell my boss that I can't continue but he's very nice that I don't want to worry him, and here I am having panic attacks and fear, not a fear of being fired, because I am prepared and I deserve it, but fear that I can't code any more, I am not a good developer, but it's the only thing I know.

I had low confidence before but not as much as this time, this time I feel like it's the end of everything, I keep staring at the screen for hours and I can't think straight.

I am lost and I don't know how to handle this, I became a bad father and a bad husband, I don't talk to anyone, not even my kids ...

as always thanks for reading me, I only have this community that understand me.

BT "We'll give you BT Virus Protect, which protects against viruses, phishing and other online attacks."

Or... For a start, let your users provide a good secure password when signing up? More than 8 characters is a bit ambiguous. 20 minutes later and several attempts to find out it can't be longer than 20 characters, only upper and lower case letter and numbers aaaand must start with a letter is a bit s**t. Not to mention LatPass doesn't like it as you can't copy and paste.

Avoided IoT(IoS - InternetOfShit) for a long time now, due to the security concerns with retail products.
Now I looked into 433 Transceiver + Arduino solutions.. to build something myself, just for the lolz.

Theory:
Smallest Arduino I found has 32 KByte of programmable memory, a tiny tiny crypto library could take around 4 KBytes...

Set a symetric crypto key for each homebrewn device / sensor / etc, send the info and commands (with time of day as salt for example) encrypted between Server <-> IoT gadget, ciphertext would have checksum appended, magic and ciphertext length prepended.

Result:
Be safe from possible drive-by attacks, still have a somewhat reliable communication?!
Ofc passionate hackers would be still able to crack it, no doubt.

Question: Am I thinking too simple? Am I describing just the standard here?

I currently have to finish some intermediate report for a big international research project which my CEO forced us into because of the incentives. But he doesn't care for any of the research and just want to get the money.
Due to my inexperience I promised some things for this project, which now prove to be untenable. And now I realize all this and I get to deal with small anxiety attacks (especially today).
I just want to say "fuck you all" and go, but this no real option for me. That makes me totally exhausted, especially because it feels like a personal failure. :/

I feel like sometimes insomnia just attacks. Like panic or asthma.

Hey guys, I'll be starting my oscp/pwk course soon, any suggestions as to what should I study beforehand or types of attacks I should practice?
Thanks

!dev-related

Found out that a pervert from my gf’s highschool took a bunch of screenshots of her Instagram (bikini pictures, etc.) and posted them to the r/breeding and other fucked up subreddits even though she was only 16/17 in the photos

We notified the uni he goes too and nothing happened. We noticed the police of his hometown and they said they couldn’t do anything because he was currently at his uni

He then claimed it was a rumor and it wasn’t him even though the Reddit account that posted it had a previous post that directly connected the Reddit account to his Instagram account and the Reddit account mentioned had a post that mentioned his home town

My poor gf is now having panic attacks bc this motherfucker wanted to jerk his tiny dick off with his retard friends bc they were rejected by her in highschool

It’s taking so much effort not to send him some phishing emails and empty his fucking bank account

I've been wondering about renting a new VPS to get all my websites sorted out again. I am tired of shared hosting and I am able to manage it as I've been in the past.

With so many great people here, I was trying to put together some of the best practices and resources on how to handle the setup and configuration of a new machine, and I hope this post may help someone while trying to gather the best know-how in the comments. Don't be scared by the lengthy post, please.

The following tips are mainly from @Condor, @Noob, @Linuxxx and some other were gathered in the webz. Thanks for @Linux for recommending me Vultr VPS. I would appreciate further feedback from the community on how to improve this and/or change anything that may seem incorrect or should be done in better way.

1. Clean install CentOS 7 or Ubuntu (I am used to both, do you recommend more? Why?)
2. Install existing updates
3. Disable root login
4. Disable password for ssh
5. RSA key login with strong passwords/passphrases
6. Set correct locale and correct timezone (if different from default)
7. Close all ports
8. Disable and delete unneeded services
9. Install CSF
10. Install knockd (is it worth it at all? Isn't it security through obscurity?)
11. Install Fail2Ban (worth to install side by side with CSF? If not, why?)
12. Install ufw firewall (or keep with CSF/Fail2Ban? Why?)
13. Install rkhunter
14. Install anti-rootkit software (side by side with rkhunter?) (SELinux or AppArmor? Why?)
15. Enable Nginx/CSF rate limiting against SYN attacks
16. For a server to be public, is an IDS / IPS recommended? If so, which and why?
17. Log Injection Attacks in Application Layer - I should keep an eye on them. Is there any tool to help scanning?

If I want to have a server that serves multiple websites, would you add/change anything to the following?
18. Install Docker and manage separate instances with a Dockerfile powered base image with the following? Or should I keep all the servers in one main installation?
19. Install Nginx
20. Install PHP-FPM
21. Install PHP7
22. Install Memcached
23. Install MariaDB
24. Install phpMyAdmin (On specific port? Any recommendations here?)

I am sorry if this is somewhat lengthy, but I hope it may get better and be a good starting guide for a new server setup (eventually become a repo). Feel free to contribute in the comments.

Last night the Russians stroke again. It's become obvious that these Ddos attacks are not performed by just some casual hackers, but are part of cyber warfare - just as I suspected in one of my rants a couple of weeks ago

when yo freakin open editor you use from time to time>

My plan was to potato today.

... But given anxiety, might as well have a minor heart attack and a few panic attacks on the side.

Plus, second day of no proper food seems to be helping that cause greatly too.

At this rate, I'll die of dehydration first. Lol. My greatest regret is missing out on the robot's uprising. Ain't got nobody I love deeply, so at least I don't feel regrets for people I leave behind. Tiz a short meh life I've lived.

Aight. Ms NoRegrets is out.

P.S.
In case you're stupid, let me clarify: I was being a drama queen. Shall fetch water... soon, hopefully.

Writing paragraphs on facebook is mightier than DDOS attacks

Google researchers have exposed details of multiple security flaws in Safari web browser that allowed user's browsing behavior to be tracked.

According to a report : The flaws which were found in an anti-tracking feature known as Intelligent Tracking Prevention, were first disclosed by Google to Apple in August last year. In a published paper, researchers in Google's cloud team have identified five different types of attacks that could have resulted from the vulnerabilities, allowing third parties to obtain "sensitive private information about the user's browsing habits."

Apple rolled out Intelligent Tracking Prevention in 2017, with the specific aim of protecting Safari browser users from being tracked around the web by advertisers and other third-party cookies.

I am still at the office, and I have come to the the conclusion it is alive. I am a parasite that works in it, but by doing so I give it value so it is maintained. It's name is Smarlethotep...

Remember kids, passwd is a readable file! You can have a very bad day trying to figure out a user's shell from side-channel attacks and getting nowhere, or you could remember that it LITERALLY SAYS WHAT IT IS PUBLICLY IF YOU DON'T FORGET THAT IT'S THERE.

On the plus side, I learned a ton about what you can do with ssh arguments and debugging logs. Shit's pretty cool.

So in the past 3 days I've almost had 6 heart attacks, I've been giving public speeches for random classes at my school as a practise.
Today I'm going to some capital city finals shit whatever you call it and I have to give a public speech to fuc knows how many people.
I wrote a speech about lies in 700 words, speech has to be 5 minutes, oh yeah, in English. It's not my native...

Man, I am not ok at all Xd, they had to choose the one who has anxiety dosorders.

Thoughts after a security conference.

The private sector, no matter the size, often plays a role (e.g. entry vector, DDoS load generating botnet, etc.) in massive, sometimes country-wide attacks. Shouldn't that make private businesses' CyberSec a matter of national security? Shouldn't the government create and enforce a security framework for private businesses to implement in their IT systems? IMO that'd also enforce standardised data security and force all the companies treat ITSec with at least minimal care (where "minimal" is set by the gov)

What are your thoughts?

Going to a business summit tomorrow and I get to see a live hack and learn about cyber attacks.

Shit better be good.

I’m working on a new app I’m pretty excited about.

I’m taking a slightly novel (maybe 🥲) approach to an offline password manager. I’m not saying that online password managers are unreliable, I’m just saying the idea of giving a corporation all of my passwords gives me goosebumps.

Originally, I was going to make a simple “file encrypted via password” sort of thing just to get the job done. But I’ve decided to put some elbow grease into it, actually.

The elephant in the room is what happens if you forget your password? If you use the password as the encryption key, you’re boned. Nothing you can do except set up a brute-forcer and hope your CPU is stronger than your password was.

Not to mention, if you want to change your password, the entire data file will need to be re-encrypted. Not a bad thing in reality, but definitely kinda annoying.

So actually, I came up with a design that allows you to use security questions in addition to a password.

But as I was trying to come up with “good” security questions, I realized there is virtually no such thing. 99% of security question answers are one or two words long and come from data sets that have relatively small pools of answers. The name of your first crush? That’s easy, just try every common name in your country. Same thing with pet names. Ice cream flavors. Favorite fruits. Childhood cartoons. These all have data sets in the thousands at most. An old XP machine could run through all the permutations over lunch.

So instead I’ve come up with these ideas. In order from least good to most good:

1) [thinking to remove this] You can remove the question from the security question. It’s your responsibility to remember it and it displays only as “Question #1”. Maybe you can write it down or something.

2) there are 5 questions and you need to get 4 of them right. This does increase the possible permutations, but still does little against questions with simple answers. Plus, it could almost be easier to remember your password at this point.

All this made me think “why try to fix a broken system when you can improve a working system”

So instead,

3) I’ve branded my passwords as “passphrases” instead. This is because instead of a single, short, complex word, my program encourages entire sentences. Since the ability to brute force a password decreases exponentially as length increases, and it is easier to remember a phrase rather than a complicated amalgamation or letters number and symbols, a passphrase should be preferred. Sprinkling in the occasional symbol to prevent dictionary attacks will make them totally uncrackable.

In addition? You can have an unlimited number of passphrases. Forgot one? No biggie. Use your backup passphrases, then remind yourself what your original passphrase was after you log in.

All this accomplished on a system that runs entirely locally is, in my opinion, interesting. Probably it has been done before, and almost certainly it has been done better than what I will be able to make, but I’m happy I was able to think up a design I am proud of.

Is anyone around experienced with SDR, especially the HackRF?

I am trying to send OOK data at a certain frequency but it doesn't work. I am basically recording the wave, then using ooktools to decode the wave to binary and the hackrf_ook to send the binary. It doesn't work...

Using GNURadio for replay attacks works great, since I am not testing it on a rolling code device.

Has anyone managed to transmit binary (or hex) with the HackRF or any other SDR as a matter of fact? I cant use rfcat with the HackRF.

Hi!
I want to know if there is possibility to find a vulnerability on a .jar file.
I tried to install Kali on VM (for now) and tried to use metasploit but I found that it attacks the inter system on a indicated ip address.
There are many application or video (and so on) for my problem?
This .jar file is an application and I want to do pentesting...
Sorry for my poor english but it isn't my native language.
I'm new in pentesting wolrd 🤣

<script>
alert('Always escape and encode your inputs to avoid XSS attacks');
</script>

Is it just me or does anyone else wince when someone says the word "cyber" when referencing something on the internet ....like the current series of attacks ..... oh god ... i winced just typing that !

I hate the word, its an irrational hate i know still !

This shithead continuously wasted 2 lectures of CNS(Cryptography and Network Security) on debating: in a link to link encrytion if encryption and decryption takes place on every node, what if attacker attacks the node while the data is decrypted.

Though I couldn't care less about the lecture but this guy brings the same issue in every lecture

Do anyone have any idea about the link to link encryption?

I know already it encrypts the whole packet with header and on each hop the data is decrypted and the destination ip address is fetched and encrypted again, but i don't know if it's possible to perform an attack on the decrypted data.

Difference between security threat and programming bug ?

Found a cool paper about format string attacks which mentioned buffer Overflow is a security threat while format string is a programming bug.
Had no idea what that really meant.

Tnx

The NPC has stated that the personal data of atleast 2000 people was leaked after the attacks on the websites of the philippinian goverment on april 1, the data contains; names,adresses,passwords and school data.

Over 7 administrators of schools, universities and other goverment structures have been called out for not reporting on the leakage of personal info on public facebook groups and violaton of the NPC in under 72 hours.

The representatives of the next structures stood before the comission on the 23 and 24 of april

- Taguig City University

- Department of Education offices in Bacoor City and Calamba City

- the Province of Bulacan

- Philippine Carabao Center

- Republic Central Colleges in Angeles City

- Laguna State Polytechnic University

The agency has reported that none of the organisations had notified about the personal info leakage yet.

This is a good reminder that you should inform about security/personal info breaches everyone that might be related to it as soon as possible, even if it seems unecessary.

I handed in my notice last week, now I have to be held prisoner for 6 weeks in a company that hits all my Asperger triggers, and causes me daily panic attacks. But then... I get a big pay jump, remote working, more holiday.. and a much more fun project

There was one more plane in WTC attacks that struck a skyscraper in Newark. It didn't collapse all the way, but instead collapsed halfway while tilting sideways. It stood like this with power still on when Kim Dotcom bought it. He named it The Darthmaker. Because it was winter, he made it an extreme snowboarding course.

Many people perished there, losing their balance and falling into the rebar pit. Also, still working Commodore terminals were littered around, with their tape data storage cabinets transformed into washing machines that washed corpses.

Experiencing The Darthmaker made most of its visitors insane. This is why in 2006 it was leveled for good. A dilapidated yellow Commodore chiclet keyboard from one of the terminals is still on display in the museum in the United Paper Island.

I have anxiety attacks and i wanted to get my mind of things. I took 2 internships at once so that my mind would stay focused. Turned out that was really the worst idea i ever came up with.
I was fretting a lot. People calling me from different time zones at 1-2 am midnight asking me about updates. Things went completely messed up faught with my friends.

So i messaged my boss. I told him i have some problems in life i need time to sort it. And believe me he said take a month off.
He is really the coolest boss i know (out of the 4 i ever worked dor 😅)

Guys a lesson don't overdo the things you love. You want to make it a good experience. But making it unbearable to yourself can make you hate your love for coding.

given Mossad's recently demonstrated brilliance in supply chain attacks, I'm leaning to believe that they were behind the liblzma backdoor.

I recently moved to a house where my gf and me each have our separate office space. However, i’m sitting with my back to the door so whenever i’m in the zone with noise cancelling on and my gf walks in i don’t hear her. Resulting in me having a couple of almost heart attacks lately.

I have ideas about mirrors or sensors but since i’m working of three screens i din’t think it will do. The second option is ofcourse to move the desk to the other side of the room so that i’m facing the door more. But there are no power plugs.

My gf basically locks her door by sitting in front of it. Also she doesnt have a noise cancelling head set.

Recovering Investment Losses with GearHead Engineers Cyber Security Services

In today’s increasingly digital financial landscape, investors face growing threats from cybercriminals targeting everything from brokerage accounts to blockchain-based assets. For individuals and businesses alike, falling victim to a cyberattack or financial scam can be devastating. Fortunately, firms like GearHead Engineers, known for their advanced cybersecurity services, are stepping in to help investors recover losses and, more importantly, prevent future breaches.

The Rise of Cyber-Investment Threats

As digital platforms have become the norm for managing investments, they’ve also become a prime target for hackers. Common threats include:
* Phishing scams that trick users into revealing login credentials.
* Ransomware attacks on financial firms.
* Malware that siphons personal and financial data.
* DeFi and cryptocurrency hacks exploiting insecure smart contracts or user wallets.
The financial implications can be enormous, especially when assets are stolen, trading accounts are compromised, or confidential investment strategies are exposed.

GearHead Engineers: A Cybersecurity Partner for Investors

GearHead Engineers specializes in protecting financial data, systems, and transactions with comprehensive cybersecurity strategies tailored to modern digital investment environments. Their services include:
* Threat Detection & Response: 24/7 monitoring of systems to identify unusual activity before it becomes a serious threat.
* Incident Forensics: In the event of a breach, GearHead Engineers conduct thorough investigations to trace the source, identify vulnerabilities, and assist in recovery efforts.
* Asset Recovery Support: While not a financial firm, GearHead can coordinate with law enforcement and digital forensics specialists to trace stolen digital assets, especially in cryptocurrency-related incidents.
* Security Audits & Penetration Testing: Preemptive testing of platforms and networks to find and fix security holes before hackers do.
* Cyber Insurance Advisory: Guidance on cyber insurance coverage and how to maximize your protection and potential reimbursement in case of a loss.
Real-World Application: Turning Loss into Learning
Clients who’ve suffered financial loss due to cyber incidents often find that working with cybersecurity experts like GearHead Engineers is a turning point. Not only can the firm help assess whether any funds are recoverable (especially in crypto and digital asset cases), but it also strengthens the client's defense moving forward.
By implementing robust firewalls, multi-factor authentication, encryption, and behavioral analytics, GearHead Engineers empowers investors to take control of their digital financial security.

Conclusion: Proactive Security is Smart Investment Strategy
Recovering from a cyberattack is never easy, but it’s possible—especially with the right partners. GearHead Engineers brings a unique blend of technical expertise and practical support to help victims of cyber fraud bounce back and secure their future. For investors, engaging in strong cybersecurity isn’t just risk management—it’s a smart investment in itself.

So, for about two days ago I got hit with a crazy anxiety attack. My chest started to tighten and things seemed dark at the time.

I'm a CS freshmen this year and I find myself struggling with some subjects. I felt like I've dissapointed a lot of people that I really cared. Anxiety attacks have been happening recently. Do you guys have any advice for dealing with anxiety attacks ?

*sorry for the bad english

I keep having these ideas of a steam like interface for transfering money and buying virtual items, but I can't for the life of me figure out how i would go about it other then a basic flask mongo db set up which would be ripe for malicious attacks

I signed up to a website, and my password contained & symbol, got an error that password cannot contain that symbol, I thought we are way beyond vulnerability of SQL injection?

Or that symbol can be used for some other attacks?

Susan Wojcicki is a cunt. Period!

Cyberpunk Programmers is a specialized firm focused on recovering lost cryptocurrency assets. Their expert team employs advanced blockchain forensics and tracing techniques to retrieve funds lost to scams, hacks, or fraud. With a client-first mindset, they prioritize clear, jargon-free communication, ensuring clients understand the recovery process.
The company distinguishes itself through transparency and security, implementing strict measures to protect sensitive data. Their results-oriented fee model charges only upon successful recovery, aligning their goals with clients’ interests and reducing upfront risks. This reflects their confidence in tackling complex crypto recovery cases.
Cyberpunk Programmers handles various asset loss scenarios, from phishing attacks to compromised wallets, catering to both novice and seasoned crypto users. Their efficient approach aims for swift resolutions without compromising thoroughness, making their services accessible and reliable.
Known for ethical practices, Cyberpunk Programmers has earned a strong reputation in the asset recovery industry. Their dedication to client satisfaction and expertise in navigating digital fraud make them a trusted choice for those seeking to reclaim lost crypto assets. For anyone facing cryptocurrency loss, Cyberpunk Programmers offers a professional, secure, and effective solution. for more info about Cyberpunk Programmers inquire at cyberpunkprogrammersdotcom

Though I’ve seen devices like the following I’ve only ever seen them used for horrible purposes.

I was envisioning facility control being made capable by the use of a larger tablet device or tablet computer. The device would have no internet connection. It would not attach to the outside world at all.

It would not receive non manual software updates

It could view all air flow, temperature, lights, locks, electrical outlets, power draw, water usage, heaters, air conditioners, computer statins etc
And control and report statistics on them all.

Impractical you people said last time. But I would say cool if the device is kept super secure . That being said who knows how to do that since everything sucks once someone who knows what they’re doing has physical access lol

Personally all I don’t know how to break into is smart phones
Comps I could always figure out even if they had disk encryption given enough time.

The only reason phones are hard is you’re limited to network attacks and the boot loader is on the chip page.

Cause in the end a computer is just it’s hard drive in terms of security lol

Has anyone maybe a link to HTTP security topics in general?

I find often breadcrumbs, like in several different attack possibilities, but nothing comprehensive.

Mostly regarding HTTP 1.1 / HTTP 2 (h2c) and proxying.

I'm currently unclogging an whole ecosystem of proxies, endpoints, edge nodes and so on...

My knowledge is limited and it's frustrating to Google cause seemingly I get always just pieces of the puzzles but not a collection -.-

(Looking for specific information, e.g. regarding attacks like H2C Smuggling, HPACK attacks, stuff regarding Cookies / Headers / Encoding... But please not spread over several dozen pages where it becomes frustrating to read the same shit over and over again without learning something new :( )

I hate so much RStudio that it gives me anxiety attacks whenever I try to debug something with it. What a fucking nightmare

LOST MONEY TO FAKE BROKERS? CONTACT→(FOLKWIN EXPERT RECOVERY) FOR ASSIST.

I'm a fairly tech-savvy guy: I check links for doubles, verify sources, and I never download anything shady. But when a fake wallet update stole $220,000 from me, well-let me tell you-if it happens to you, you'll realize how easy this is to fall for. It all began with my regular check of my Bitcoin wallet: a notification popped up, requesting me to install an "important security update." It was absolutely legitimate in appearance-same branding, same language, even the same interface. Wanting to stay ahead with security, I clicked install without a second thought. The very moment the update finished, my wallet locked me out. I tried my usual credentials—nothing. Reset password? The link wouldn't send. My heart pounded as, on another device, I refreshed my balance: zero. Panic set in. My mind raced, wondering: Did I just lose everything? My $220,000-years of careful investments-gone because of one click? I felt sick. I tried reaching out to the wallet's official support, but they confirmed my worst fear: I had installed malware that stole my keys. They couldn't do anything. In desperation, I went to r/Crypto Advice on Reddit. The post was raw, frantic, practically begging for help. Amidst the tsunami of condolences and warnings from folks saying my funds were definitely gone, one reply stood out: "Try FOLKWIN EXPERT RECOVERY. They've helped people in your situation before." Skeptical but desperate, I called, and they called back instantly-reassuring. No impossible promises were made, but they said they would do everything in their power. In hours, they traced where my funds had been rerouted; they were not lost yet. The waiting was torture, but the updates they were giving me kept me sane. Then came that email: "We've recovered your funds." I couldn't believe it. The feeling of logging into my wallet and having the full balance was just unreal. My financial future had been hanging by a thread, and FOLKWIN EXPERT RECOVERY pulled me back from the edge. Beyond just recovery, they took the time to walk me through security best practices, teaching me how to identify fake updates and secure my investments against future attacks. Lesson learned: even the best investors get duped. But thanks to FOLKWIN EXPERT RECOVERY, this wasn't a wipeout.
INFO TO CONTACT: Whatsapp: +1 (740)705-0711  Website: WWW . FOLKWINEXPERTRECOVERY . C O M, Email: FOLKWINEXPERTRECOVERY@ TECH-CENTER (.) C O M
Warm greetings,
Dr Matthew Connell.

HOW TO HIRE A GENUINE CRYPTO RECOVERY SERVICE CONTACT SPARTAN TECH GROUP RETRIEVAL

All the time, I had believed in networking, but I never knew that a local crypto meetup would save me from financial disaster. Discussion at the event ranged from trading strategies to security tips, but one name cropped up repeatedly that sounded impressive: SPARTAN TECH GROUP RETRIEVAL. Many spoke about how that service had rescued them from lost wallets, forgotten passwords, and even cyber-attacks. I filed that away mentally but never thought I'd find myself in that position. That changed just weeks later. One morning, I went into my Bitcoin wallet and saw suspicious activity. My heart sank as I realized that $180,000 in crypto was on the line. Someone had access, and if I didn't act fast, I'd lose everything. Panic set in, and I scrambled to figure out how it happened: had I clicked a phishing link, was my private key compromised? No matter the cause, I needed help. And fast. That's when I remembered the crypto meetup. I scrolled through my notes and found SPARTAN TECH GROUP RETRIEVAL's name. With no time to waste, I sent a reply-my anxious and desperate words spilling into one frenetic sentence. They responded very fast and professionally. They immediately initiated an investigation into my wallet's transaction history and security logs. They were able to trace the breach and lock it, trying not to be late in recovering the stolen money. Then they worked around the clock for several days, coordinating tracking on the blockchain, forensic data recovery, and reinforcements of security. I barely slept, but at each and every stage, they kept reassuring me. Then came that call I was praying for: They had recovered my funds. Speechless. Relieved. Grateful. But SPARTAN TECH GROUP RETRIEVAL didn't just stop with the recovery, teaching me means of security practices, helped fortify the defense around my wallet, and making sure this does not happen again. I consider it one of the best I have done so far-attending that crypto meet-up. I might never have heard of SPARTAN TECH GROUP RETRIEVAL if it had not been that night, or the outcome worse. Now I do my best to spread the word. For a reason is their reputation preceding them, and personally I can vouch for their expertise, efficiency, and reliability.
SPARTAN TECH GROUP RETRIEVAL CONTACT INFO:
Email: spartantech (@) cyber services . com OR support (@) spartantechgroupretrieval. org
Website : h t t p s : / / spartantechgroupretrieval. org
WhatsApp: +1 (971) 487 - 3538
Telegram: +1 (581) 286 - 8092

I HIGHLY RECOMEND ADWARE RECOVERY SPECIALIST AS THE BEST IN ALL FORM OF SCAMED RECOVERY

I cannot express how distraught I was when I realized someone had hacked my email and was conning my family and friends on Instagram to invest with me. The hacker was using my identity to lure them into a fraudulent investment scheme, and by the time we discovered what was happening, some of my family members and friends had fallen for it. They ended up wiring the fraudsters a total of $25,000 before they realized it wasn't me. The emotional and financial impact was devastating. Call or text: +18186265941 I felt helpless and violated, knowing that someone was using my name to deceive the people I care about the most. It was during this period of turmoil that a close friend told me about ADWARE RECOVERY SPECIALIST. She had been through a similar ordeal and had used their services to regain control of her digital life. Desperate for a solution, I reached out to the ADWARE RECOVERY SPECIALIST team. From the very first contact, they were understanding and professional. They explained the steps they would take to track down my email account, recover it, and secure it, along with my Instagram and other social media accounts. The process was thorough and efficient. The team at ADWARE RECOVERY SPECIALIST used their expertise to identify the breach points and secure my accounts against future attacks. They provided clear instructions on how to enhance my online security and even offered tips on maintaining privacy in the digital age. Within a few days, my email and social media accounts were back under my control. The relief was immense. Knowing that my accounts were secure and that the fraudsters no longer had access to them lifted a huge weight off my shoulders. My family and friends also felt reassured, seeing the proactive steps I was taking to prevent this from happening again. If you ever find yourself in a situation where your digital security is compromised, I highly recommend reaching out to ADWARE RECOVERY SPECIALIST. Their team is not only skilled in recovering and securing accounts but also empathetic to the distress such incidents cause. They offer a comprehensive solution to safeguard your digital presence, giving you peace of mind in a world where online threats are increasingly common. Don't wait until it's too late. Protect your digital life with ADWARE RECOVERY SPECIALIST and ensure that your personal information remains safe from those who seek to exploit it.

How to Recover Lost or Stolen Crypto – Trustworthy BTC / USDT Recovery Service – Visit CryptoChain Global Track

Losing access to your cryptocurrency can be a devastating experience—especially when it’s caused by scams, hacked wallets, or fraudulent transactions. With the growing popularity of digital assets like Bitcoin (BTC) and USDT (Tether), cybercriminals have become more aggressive and sophisticated, leaving countless victims wondering if they’ll ever recover their funds. Fortunately, there’s hope: CryptoChain Global Track offers a reliable, trustworthy crypto recovery service dedicated to helping you reclaim what’s rightfully yours.

Understanding Crypto Loss: Common Causes
Before diving into recovery, it’s important to understand how crypto assets are most commonly lost:

Phishing attacks – Fake emails or links that trick users into revealing private keys.

Scam investment platforms – Fake exchanges or trading apps that steal user deposits.

Hacked wallets – Unauthorized access due to weak security or malware.

Wrong wallet address transfers – Sending funds to the wrong address with no easy reversal.

In any of these cases, traditional banks or financial institutions offer no recourse. That’s where CryptoChain Global Track comes in.

Why Choose CryptoChain Global Track?
CryptoChain Global Track is a proven leader in the field of cryptocurrency asset recovery. Unlike unverified services that make false promises, they use legitimate blockchain analysis, cyber-forensics, and ethical hacking techniques to trace and recover lost crypto assets.

Here’s what sets them apart:

✅ Trustworthy Reputation – Trusted by clients around the world with a history of successful recoveries.
Advanced Tracking Tools – Capable of analyzing complex blockchain transactions to trace stolen or misdirected funds.
Expert Recovery Team – A team of blockchain analysts, cyber investigators, and legal consultants.
Secure and Confidential Process – Your privacy and security are top priorities.
Support for Multiple Cryptos – Including Bitcoin (BTC), USDT, Ethereum (ETH), and more.

Real Results, Real Testimonials
Victims of crypto fraud who once thought their assets were gone forever have shared powerful testimonials after working with CryptoChain Global Track:

"I lost 6,000 USDT to a fraudulent trading app. I was skeptical at first, but after reaching out to CryptoChain Global Track, I was blown away by their professionalism and fast response. In just a few days, they traced my funds and helped me recover everything. They’re the real deal."

Get Started – Don’t Delay
Time is critical in crypto recovery. The longer you wait, the harder it becomes to track and recover stolen funds. If you’ve lost BTC, USDT, or any other crypto asset, take action now.

CryptoChain Global Track is your trusted partner in recovering lost or stolen cryptocurrency. Don’t accept your loss—fight back with the experts who know how to win.

VISIT FUNDS RECLAIMER COMPANY FOR CRYPTO RECOVERY

Losing cryptocurrency to theft or fraud can be a devastating experience, but recent advancements in blockchain technology and the growing expertise of recovery professionals have made it possible to reclaim stolen funds. Cryptocurrency transactions are recorded on the blockchain, which is public and transparent, allowing for tracing stolen assets. However, while the blockchain records every transaction, it only stores public keys and addresses, which makes it difficult to identify the thief without the aid of experts. The first line of defense is prevention. Using secure wallets, such as hardware wallets or reputable software wallets with strong encryption and two-factor authentication, is crucial for safeguarding your assets. Hardware wallets, which store your private keys offline, offer the highest level of protection by keeping your funds safe from online hacks. Cold storage wallets, which are completely disconnected from the internet, provide an added layer of security. If you fall victim to theft, however, it’s essential to act swiftly to recover your cryptocurrency. The faster you take action, the better your chances of reclaiming your assets. Start by reporting the theft to law enforcement. While law enforcement might not be able to intervene directly due to the decentralized nature of cryptocurrencies, they can help in gathering evidence for further investigation. The next step is to enlist the help of a cryptocurrency recovery expert. These professionals specialize in tracking stolen funds and working with blockchain forensic tools to identify the thief’s address and trace the movement of your stolen funds. Cryptocurrency recovery services, like FUNDS RECLIAMER COMPANY, are among the best in the field. They have the knowledge and tools to track stolen cryptocurrency, work with virtual asset service providers, and help freeze or recover your funds. In many cases, these experts can collaborate with exchanges and wallets that may have received the stolen cryptocurrency and help you retrieve your assets. Once you have recovered your stolen funds, it’s essential to take steps to prevent future thefts. Always stay informed about common scams and phishing attacks in the crypto space. Double-check wallet addresses before sending funds and consider using multi-signature wallets for additional security. In conclusion, while cryptocurrency theft is still a risk, securing your assets, acting quickly when theft occurs, and working with expert recovery services can greatly increase your chances of getting your funds back and minimizing future risks.

FOR MORE INFO:
Email: fundsreclaimer(@) c o n s u l t a n t . c o m
Email: fundsreclaimercompany@ z o h o m a i l . c o m
WhatsApp:+1 (361) 2 5 0- 4 1 1 0
Website: h t t p s ://fundsreclaimercompany . c o m

VISIT FUNDS RECLAIMER COMPANY FOR CRYPTO RECOVERY

Losing cryptocurrency to theft or fraud can be a devastating experience, but recent advancements in blockchain technology and the growing expertise of recovery professionals have made it possible to reclaim stolen funds. Cryptocurrency transactions are recorded on the blockchain, which is public and transparent, allowing for tracing stolen assets. However, while the blockchain records every transaction, it only stores public keys and addresses, which makes it difficult to identify the thief without the aid of experts. The first line of defense is prevention. Using secure wallets, such as hardware wallets or reputable software wallets with strong encryption and two-factor authentication, is crucial for safeguarding your assets. Hardware wallets, which store your private keys offline, offer the highest level of protection by keeping your funds safe from online hacks. Cold storage wallets, which are completely disconnected from the internet, provide an added layer of security. If you fall victim to theft, however, it’s essential to act swiftly to recover your cryptocurrency. The faster you take action, the better your chances of reclaiming your assets. Start by reporting the theft to law enforcement. While law enforcement might not be able to intervene directly due to the decentralized nature of cryptocurrencies, they can help in gathering evidence for further investigation. The next step is to enlist the help of a cryptocurrency recovery expert. These professionals specialize in tracking stolen funds and working with blockchain forensic tools to identify the thief’s address and trace the movement of your stolen funds. Cryptocurrency recovery services, like FUNDS RECLIAMER COMPANY, are among the best in the field. They have the knowledge and tools to track stolen cryptocurrency, work with virtual asset service providers, and help freeze or recover your funds. In many cases, these experts can collaborate with exchanges and wallets that may have received the stolen cryptocurrency and help you retrieve your assets. Once you have recovered your stolen funds, it’s essential to take steps to prevent future thefts. Always stay informed about common scams and phishing attacks in the crypto space. Double-check wallet addresses before sending funds and consider using multi-signature wallets for additional security. In conclusion, while cryptocurrency theft is still a risk, securing your assets, acting quickly when theft occurs, and working with expert recovery services can greatly increase your chances of getting your funds back and minimizing future risks.

FOR MORE INFO:
Email: fundsreclaimer(@) c o n s u l t a n t . c o m
Email: fundsreclaimercompany@ z o h o m a i l . c o m
WhatsApp:+1 (361) 2 5 0- 4 1 1 0
Website: h t t p s ://fundsreclaimercompany . c o m

CRYPTOCURRENCY RECOVERY SERVICES: BOTNET CRYPTO RECOVERY

As the cryptocurrency market continues to evolve and grow, it's no secret that the number of scams, frauds, and cyber-attacks has also increased exponentially. The anonymity and lack of regulation in the crypto space make it a breeding ground for malicious actors, leaving innocent investors vulnerable to financial losses. This is exactly why BOTNET CRYPTO RECOVERY, a trailblazing cryptocurrency recovery company, has emerged as a beacon of hope for those who have fallen prey to these nefarious activities.

With a proven track record of successfully recovering millions of dollars' worth of stolen or lost cryptocurrencies, BOTNET CRYPTO RECOVERY has established itself as the most trusted and reliable recovery company worldwide. Their team of expert cybersecurity specialists, forensic analysts, and blockchain experts work tirelessly to track down and retrieve stolen assets, using cutting-edge technology and innovative strategies to stay one step ahead of the scammers.

What sets them apart from other recovery companies is our unwavering commitment to their clients. They understand the emotional and financial distress that comes with losing hard-earned savings, and they are dedicated to providing a personalized, empathetic, and confidential service that puts our clients' needs above all else. Their dedicated support team is available 24/7 to guide you through the recovery process, ensuring that you are informed and empowered every step of the way. with countless success stories are a testament to their expertise and dedication. From retrieving stolen Bitcoin from a phishing scam to recovering Ethereum lost in a Ponzi scheme, They have helped numerous individuals and businesses regain control of their digital assets. their clients' testimonials speak volumes about their exceptional service and unparalleled results:

BOTNET CRYPTO RECOVERY is a Godsend. I had lost all hope after falling victim to a sophisticated phishing scam, but their team worked tirelessly to recover my stolen Bitcoin. I couldn't be more grateful for their professionalism and expertise.

I was skeptical at first, but BOTNET CRYPTO RECOVERY truly delivered on their promise. They recovered my lost Ethereum and helped me understand how to protect myself from future scams. I highly recommend their services to anyone who has been a victim of cryptocurrency fraud. If you or someone you know has fallen victim to a cryptocurrency scam or fraud, don't hesitate to reach out to them. Their team is ready to help you recover your losses and take back control of your digital assets.

Contact them today to schedule a consultation and take the first step towards reclaiming your financial freedom.

Email: [ support@ botnetcryptorecovery . com ]
Phone: +1 (431) 801-8951
Website: [ botnetcryptorecovery. com ]

Let us help you weave a safer web in the world of cryptocurrency.

Hire a Trusted Company for Recovery of Lost Bitcoin — CryptoChain Global Track

The rapid growth of the cryptocurrency industry has created both opportunity and risk. While digital assets like Bitcoin offer financial freedom, privacy, and accessibility, they also attract cybercriminals who exploit unsuspecting users. From investment scams to phishing attacks, hacked wallets to fraudulent trading platforms, Bitcoin holders around the world are increasingly falling victim to schemes that result in serious financial loss. When this happens, finding a reliable, professional recovery service becomes a critical step forward.

CryptoChain Global Track is a trusted and recognized name in the field of cryptocurrency recovery. The company is known for helping individuals and businesses who have lost Bitcoin due to scams, unauthorized access, or transactional errors. Backed by a team of skilled blockchain analysts, ethical hackers, and forensic investigators, CryptoChain Global Track offers a lifeline to those who thought their assets were gone forever.

Unlike many services that overpromise and underdeliver, CryptoChain Global Track works with complete transparency and professionalism. Their recovery process begins with a detailed analysis of the client’s situation. This includes examining the blockchain data, wallet transactions, and any communication or documentation related to the scam or loss. Using advanced tools, the team can trace the movement of Bitcoin through multiple wallets and platforms, even if the funds have been moved through mixing services or converted into other cryptocurrencies.

The company's success is rooted in its deep understanding of blockchain networks and how digital criminals operate. Their technical capabilities allow them to identify patterns, pinpoint destination wallets, and in many cases, work directly with exchanges or law enforcement to flag suspicious accounts. Every case is approached with careful investigation, guided by facts and real-time data—not assumptions or generic solutions.

Trust is a key part of any recovery process, especially when dealing with sensitive financial matters. CryptoChain Global Track treats every case with discretion and ensures that clients remain informed throughout the investigation. From initial assessment to asset tracking and follow-up actions, communication is clear and consistent. Clients are not charged upfront for empty promises—they receive honest evaluations and tailored solutions based on the nature of their case.

Beyond technical expertise, CryptoChain Global Track is also committed to client support and education. Many Bitcoin losses occur because of a lack of awareness about threats in the crypto space. The company takes time to educate its clients about how the breach or scam occurred and provides practical advice to help them avoid similar situations in the future. This commitment to both recovery and prevention makes the service holistic and genuinely helpful.

A trusted solution is available—and it starts by connecting with a team that understands how to fight back against crypto fraud with skill and determination.

Anyone know about attacks on static variable in JVM? Any links?

HIRE A GENUINE CRYPTO RECOVERY SERVICE/ CONTACT TRUST GEEKS HACK EXPERT

As a thriller writer, I'm pleased to have crafted suspense for high-stakes disasters, kidnappings, computer hacking break-ins, and political scandals. Nothing in my writer's arsenal had prepared me, however, for the chilling real-world danger of losing my $290,000 hoard of Bitcoin savings. This horror was not to play out in some dimly lit alley or foggy backroom but in my kitchen, fueled by writer's block and Red Bull. I'd been up for 36 hours, writing the denouement of my new book, a crypto heist thriller, ironically enough, when tragedy struck. Bleary-eyed, I attempted to organize my digital files, but in my sleep-deprived state, I reformatted the USB drive containing my private keys in error. I felt as though I'd written myself into a plot twist with no escape. Panic was more crippling to me than any looming deadline. I tried everything, data recovery programs, techie friends, even making a final, desperate call to the manufacturer, whose support person, bless her heart, was more concerned about my hydration status than my financial ruin. I was about to pen my own doleful ending when a midnight Google splash led me to (TRUST GEEKS HACK EXPERT). They'd been featured in a technology blog's "Real-Life Mysteries" series—a fitting discovery for a suspense-addicted author. The tale described their work in recovering funds from ransomware attacks and lost hardware. It was the origin story of a band of cyber superheroes.
I shouted out, anticipating a robo-support reply. But instead, I received a human being, a calming, smart voice that informed me I was not the first writer to make a catastrophe of a blunder (though I might win an award for most sleep-deprived). Their computer forensics division handled my case like a detective division closing a cold case. They took me through each step using words even a writer could understand. They used advanced data reconstruction techniques to retrieve my keys from the wiped drive, an endeavor they compared to un-erasing a book manuscript burned to ashes. Ten nail-sucking days passed, and I opened my email inbox to read: "Funds Recovered." A rush of relief swept over me like the greatest plot twist. My story did have a happy ending, after all. I now backup everything like a mad villain, but I sleep soundly too, knowing (TRUST GEEKS HACK EXPERT) is out there, the little-known heroes of fiction and real life.

REACH OUT TO TRUST GEEKS HACK EXPERT CONTACT SERVICE

E m ai l. Trust geeks hack expert [At] f a s t s e r v i c e [Dot] c o m

Telegram. Trustgeekshackexpert

E m a i l . in fo @ trust geeks hack expert . c o m

Web site. w w w // trust geek s hack expert . c o m

CAN DIGITAL TECH GUARD RECOVERY HELP YOU RECOVER CRYPTO FROM PHISHING ATTACKS?

WhatsApp: +1 (443) 859 - 2886 Email @ digital tech guard . com
Telegram: digital tech guard recovery . com website link / digital tech guard . com

I matched with Samantha on Tinder thinking the usual: favorite movies, travel dreams, the obligatory "so what do you do? " Instead, over a plate of overpriced sushi, she hit me with "Yeah, I lost $250,000 in crypto once. Digital Tech Guard Recovery got it back." I spat my drink. Excuse me? She laughed. "Yeah, some scam drained my wallet overnight. Thought my life was over. Then I came across Digital Tech Guard Recovery, and they did the impossible." I nodded half in amazement, half in disbelief; this lady must have been exaggerating. I mean, who just casually recovers six figures? Cool story, but that could never be me.
Oh, how foolish of me.
Fast forward two months and the universe decided to make me its punchline. I woke up one morning, checked my crypto wallet, and $400,000 was gone. GONE. Like it had been beamed into another dimension. I stared at my screen in horror, refreshing the app like a maniac. Maybe it was a glitch? Maybe my eyes weren't working? Maybe I was hallucinating from lack of sleep Nope. I had fallen for a Ledger fake update. The panic that followed was unlike anything I had ever felt in my life. I was sweating all over my place like I had just finished running a marathon. My brain short-circuited, replaying every bad decision I'd ever made. How could I be this stupid? And then-I remembered Samantha. I scrolled frantically through our old messages, found the name Digital Tech Guard Recovery, and within minutes, I was on the phone, pleading for them to save my financial life. From the moment they answered the phone, I knew I was in good hands: so calm, professional, and eerily confident that their team analyzed my case, assured me they'd track my funds. I barely slept for days on end, checking my emails like a lunatic, waiting for updates. Then, finally—the call: "We recovered your funds. Every last cent." I just sat in complete shock before bursting into laughter. This was what Samantha had described. This time, it was my life they had just saved. I reached for my wallet, and sure enough—there it was, every single dollar back where it belonged. Relief washed over me hard enough that I almost fell. I wanted to scream and cry and throw a party all at once. Instead, I did the only logical thing: I messaged Samantha. "You're never gonna believe this." She replied instantly. "Let me guess… Digital Tech Guard Recovery? " All I could do was send a thumbs-up. Lesson learned: Never ignore good advice from a Tinder date. Also, check on crypto updates yourself; or better yet, have Digital Tech Guard Recovery watch your back.

I may need some ideas for a personal project in mind:
I plan to have a server that shall connect to a usb stick/device, the usb is plugged to a TV. The usb device can create its own local wifi network which provides CRUD on media files via REST. My own server should be accessible via the internet, but at the same time connect to the local usb wifi, once the usb wifi is available, and then send requests to it. Kind of a user-friendly bridge.
There's a PC near the device, almost always turned on. It's used by family members as regular office machine and could run a local server. What if as remotely accessible server? Then what about DOS attacks? (Would that "kill" the PC?)
An alternative would be a separate server. A raspberry pi? A dedicated server?

HOW YOU CAN RECOVER YOUR CRYPTO FROM SCAMMERS // CONSULT SPARTAN TECH GROUP RETRIEVAL

SPARTAN TECH GROUP RETRIEVAL Sets World Record by Retrieving $18 Million Worth of Bitcoin
In an astonishing achievement that has captured the attention of the global financial and tech communities, SPARTAN TECH GROUP RETRIEVAL has set a new world record by recovering $18 million worth of Bitcoin. This unprecedented feat was recently reported by Stella, a council member from the United States territory, who confirmed the successful recovery and praised the team's determination and expertise in reclaiming these lost funds. The world of cryptocurrency has seen its fair share of scams, with unsuspecting individuals falling victim to fraudulent schemes that result in the loss of vast sums of money. In many cases, once funds are lost in the digital ether, they are nearly impossible to recover. However, SPARTAN TECH GROUP RETRIEVAL has defied these odds by using cutting-edge technology and a team of skilled experts to track down and retrieve assets from complex, decentralized systems. The recovery of $18 million in Bitcoin is not only a significant achievement for SPARTAN TECH GROUP RETRIEVAL, but it also provides hope for thousands of victims worldwide who have lost their investments to cryptocurrency scams. Many of these individuals were tricked by fake exchanges, phishing attacks, and Ponzi schemes, only to watch their assets disappear into the digital void. For them, the announcement of SPARTAN TECH GROUP RETRIEVAL success is a beacon of hope, offering a real chance to reclaim what they’ve lost. As SPARTAN TECH GROUP RETRIEVAL gains fame for this incredible accomplishment, it has become a symbol of trust and reliability in an otherwise uncertain space. The company's expertise in blockchain technology and cybersecurity has allowed it to navigate the complexities of recovering stolen or lost funds, providing a lifeline to those who thought all was lost. With a proven track record, SPARTAN TECH GROUP RETRIEVAL is quickly becoming a go-to service for anyone looking to recover funds from crypto-related fraud or misfortune. Given the rising prominence of cryptocurrency and its increasing integration into mainstream finance, the need for services like SPARTAN TECH GROUP RETRIEVAL has never been greater. Many individuals who have been scammed or had their assets stolen now have a credible option to turn to for assistance. This is why it’s crucial for the word to spread. If you or someone you know has fallen victim to a cryptocurrency scam, SPARTAN TECH GROUP RETRIEVAL may be the solution you’ve been waiting for. Please share this information with others to help those affected by crypto fraud get back their funds. The more people who learn about this service, the more victims can potentially have their stolen funds recovered. SPARTAN TECH GROUP RETRIEVAL has proven that no matter how complex or difficult the recovery process may be, with the right expertise and technology, it is possible to recover what was once thought to be lost forever.
MORE INFO ABOUT THE COMPANY
WhatsApp:+1 (971) 4 8 7 - 3 5 3 8
Email: spartantech (@) c y b e r s e r v i c e s . c o m
Telegram:+1 (581) 2 8 6 - 8 0 9 2

About Me

As a dedicated and skilled Security Analyst in the Cyber Wing, I bring a wealth of expertise in identifying, assessing, and mitigating cyber threats to protect organizational assets and sensitive information. My background is grounded in a robust understanding of cybersecurity principles, which I apply daily to safeguard against evolving digital threats.

Professional Background

With a strong foundation in cybersecurity, I have honed my skills in threat analysis, risk assessment, and incident response. My role involves continuous monitoring of network traffic, identifying vulnerabilities, and implementing security measures to prevent data breaches. I am proficient in using advanced cybersecurity tools and technologies to analyze threat intelligence and develop strategies to defend against cyber-attacks.

Key Competencies

Threat Analysis: Expert in identifying and analyzing potential threats to cybersecurity, including malware, phishing attacks, and network intrusions.
Risk Assessment: Skilled in evaluating the security posture of systems and networks, identifying vulnerabilities, and recommending corrective actions.
Incident Response: Experienced in managing and responding to security incidents, ensuring quick resolution and minimizing impact on operations.
Security Protocols: Knowledgeable in implementing and maintaining security protocols and policies to ensure compliance with industry standards and regulations.
Achievements

Successfully mitigated multiple cyber threats, reducing potential impact on organizational operations.
Developed and implemented security policies that enhanced the overall security posture of the organization.
Conducted comprehensive security assessments that led to significant improvements in network security and data protection.
Professional Goals

My goal as a Security Analyst is to continue advancing my expertise in cybersecurity, staying abreast of the latest trends and technologies to effectively combat emerging threats. I am committed to contributing to a safer digital environment and ensuring the highest level of security for the organization.

Personal Attributes

I am a proactive and detail-oriented professional, known for my analytical thinking and problem-solving abilities. I thrive in dynamic environments and am passionate about leveraging my skills to protect against cyber threats.

Contact elctrohacker DOT COM

Feel free to reach out to me for any inquiries or to discuss how I can contribute to enhancing your organization's cybersecurity posture.

How Do l Get My Money From Amazon Lost Recovery masters

The Lost Recovery Masters is a team of experienced Amazon Recovery Experts currently collecting funds back to all Amazon s,c,a,m victims. Anyone that has fallen prey to these fake online imposters and bogus investments Schemes contact Lost Recovery Masters and explain your situation; They will assist you in all Amazon s,c,a,m,s retrieval funds, bitcoin wallets reclaiming, investment s,c,a,m, mobile mass surveillance, and cyber – attacks. Reach out to them through their:

Guaranteed Way to Recover Scammed Crypto with Puran Crypto Recovery

Cryptocurrency scams have become an unfortunate reality in today’s digital age, with many investors losing significant amounts of money to fraudulent schemes. Whether it's through phishing attacks, Ponzi schemes, or fake ICOs, the rise of these scams has left many victims feeling helpless. But with the right approach and expertise, recovering lost or stolen crypto is possible. Puran Crypto Recovery offers a guaranteed way to recover your scammed cryptocurrency, leveraging advanced blockchain tools, expert investigators, and legal professionals to ensure the best chance of reclaiming your assets.

How Puran Crypto Recovery Helps in Scammed Crypto Recovery
Puran Crypto Recovery has been at the forefront of cryptocurrency recovery services, offering specialized solutions to victims of scams. Our process is thorough and involves utilizing cutting-edge blockchain technology, experienced crypto investigators, and strategic collaborations with law enforcement and exchanges to recover your funds.

Blockchain Forensics: One of the most effective methods of recovering scammed crypto is through blockchain forensics. Puran Crypto Recovery employs advanced blockchain analysis tools to trace stolen funds across multiple wallets and blockchain networks. This allows us to identify the destination of your cryptocurrency, and we work with exchanges and law enforcement to track and seize the stolen funds.

Expert Crypto Investigators: Our team of highly skilled crypto investigators is experienced in analyzing blockchain data and identifying fraudulent addresses. They utilize proprietary tools and techniques to trace the flow of stolen funds, ensuring that no matter how complex the scam, we can find a way to recover your assets.

Collaboration with Exchanges and Law Enforcement: Recovering funds from a scam often requires coordination with cryptocurrency exchanges and law enforcement agencies. Puran Crypto Recovery has established relationships with major exchanges and authorities worldwide, which allows us to quickly act on your behalf and increase the chances of recovering your funds. Our legal team also provides support to pursue criminal and civil actions against the scammers.

Guaranteed Process for Recovery
At Puran Crypto Recovery, we follow a streamlined and transparent process to recover scammed crypto. Here’s how it works:

Consultation: The first step is a consultation where we assess your case and understand the details of the scam. Our experts will gather all necessary information about the transaction and the type of scam that took place.

Investigation: Using our advanced blockchain analysis tools, we begin tracing the stolen funds. We identify wallet addresses, track the funds’ movement, and determine where the assets are located.

Coordination: Once the funds are traced, we reach out to the exchanges, wallets, and law enforcement agencies involved. We provide them with the necessary evidence to take action and initiate the recovery process.

Recovery: In cases where the funds are located within an exchange or a known wallet, we work with these entities to freeze the assets and recover them. We ensure that all legal procedures are followed to retrieve the funds and return them to the rightful owner.

Legal Support: If necessary, our legal team will guide you through any legal steps required to complete the recovery process. This may include filing claims or taking legal action against scammers, ensuring that you have full support in every step of the journey.

Benefits of Choosing Puran Crypto Recovery
Expertise in Cryptocurrency: Our team specializes in crypto recovery, with years of experience in blockchain forensics, crypto law, and digital asset protection.
Proprietary Technology: We use the latest blockchain analysis tools to track stolen funds across multiple platforms and wallets.
Global Reach: We work with exchanges and law enforcement across the globe, enabling us to take action quickly and recover your assets, regardless of where the scam took place.
Guaranteed Success: While no recovery service can promise 100% success, Puran Crypto Recovery has a high success rate due to our diligent investigation process and close collaboration with key stakeholders.
Contact Puran Crypto Recovery for Guaranteed Fund Recovery
If you’ve been the victim of a cryptocurrency scam, don’t lose hope. Puran Crypto Recovery offers a reliable and guaranteed way to recover your scammed crypto. Our team of experts is dedicated to helping you track and recover stolen funds through innovative technology, expert investigation, and legal support.

Bright Psychotherapy: Expert Therapy for Anxiety and Depression in Birmingham and London

At Bright Psychotherapy (Janice Chan Therapy & Consulting), we understand how overwhelming and debilitating mental health struggles can be. Anxiety and depression are common challenges that can significantly impact one’s quality of life, but the good news is that with the right support, it is possible to regain control and start living a life that feels fulfilling and balanced. Whether you are in Birmingham, London, or anywhere else, Bright Psychotherapy offers specialized therapy services designed to help you manage anxiety and depression effectively.

With our office located at Edmund House, 10-12 Newhall St, Birmingham B3 3EF, we are dedicated to providing a safe, welcoming space where individuals can seek the support they need. Through our therapy services, we offer compassionate care and expert guidance, tailored to your unique needs.

Birmingham Therapy for Anxiety
Anxiety can manifest in many forms—from constant worry and nervousness to panic attacks that feel impossible to manage. Birmingham therapy for anxiety at Bright Psychotherapy is designed to help you identify the underlying causes of your anxiety, develop healthy coping mechanisms, and work through the emotional and psychological challenges that anxiety brings.

At Bright Psychotherapy, we offer a range of therapies specifically aimed at treating anxiety. Some of the approaches we use include:

Cognitive Behavioral Therapy (CBT): This evidence-based approach helps individuals identify and challenge negative thought patterns and replace them with more balanced, realistic thinking.

Mindfulness-Based Stress Reduction (MBSR): A powerful technique that teaches clients how to stay present and manage stress through mindfulness and relaxation practices.

Exposure Therapy: A technique used to gradually confront and reduce fear and anxiety around certain situations or objects.

We believe that therapy for anxiety should be personalized to each person, and that is why we tailor our approach based on your unique symptoms and experiences. Whether your anxiety stems from everyday stressors, a specific event, or is more generalized, we can work with you to find the right strategies for managing it.

London Therapy for Anxiety
If you’re seeking London therapy for anxiety, Bright Psychotherapy is here to provide the same expert care and personalized treatment to individuals in London. Anxiety can have a significant impact on a person’s well-being, and it’s essential to seek professional support to manage symptoms effectively.

We offer both in-person and online therapy options, ensuring that individuals in London have access to the same high-quality therapy as those in Birmingham. Our goal is to help you understand your anxiety, learn to manage triggers, and provide the tools needed for long-term emotional balance.

Birmingham Therapy for Depression
Depression is another common mental health condition that can affect all aspects of your life. It can lead to feelings of hopelessness, exhaustion, and a lack of interest in activities that were once enjoyable. Birmingham therapy for depression at Bright Psychotherapy is designed to help you navigate the complex emotions of depression, identify its root causes, and work through the negative thought patterns that keep you stuck.

Through Birmingham therapy for depression, you will have the opportunity to explore your feelings in a safe, supportive environment, and gain insights into how to manage depression effectively. The therapies we offer for depression include:

Cognitive Behavioral Therapy (CBT): CBT is an effective approach for addressing depression by helping you identify negative thoughts and behaviors and replacing them with healthier alternatives.

Interpersonal Therapy (IPT): A therapeutic approach that focuses on improving interpersonal relationships, which can often be a key factor in managing and reducing depression.

Mindfulness and Relaxation Techniques: Practices that help you stay present and focused, reducing the emotional strain caused by depression.

Our therapy is focused on providing relief from depressive symptoms, improving emotional regulation, and giving you the tools to live a more balanced and fulfilling life.

Why Choose Bright Psychotherapy for Anxiety and Depression Therapy?
Personalized Therapy: At Bright Psychotherapy, we understand that every person’s experience with anxiety and depression is unique. Our therapy sessions are tailored to address your specific challenges, ensuring that you receive the most effective support for your needs

Bright Psychotherapy: Expert Therapy for Anxiety and Depression in Birmingham and London

At Bright Psychotherapy (Janice Chan Therapy & Consulting), we understand how overwhelming and debilitating mental health struggles can be. Anxiety and depression are common challenges that can significantly impact one’s quality of life, but the good news is that with the right support, it is possible to regain control and start living a life that feels fulfilling and balanced. Whether you are in Birmingham, London, or anywhere else, Bright Psychotherapy offers specialized therapy services designed to help you manage anxiety and depression effectively.

With our office located at Edmund House, 10-12 Newhall St, Birmingham B3 3EF, we are dedicated to providing a safe, welcoming space where individuals can seek the support they need. Through our therapy services, we offer compassionate care and expert guidance, tailored to your unique needs.

Birmingham Therapy for Anxiety
Anxiety can manifest in many forms—from constant worry and nervousness to panic attacks that feel impossible to manage. Birmingham therapy for anxiety at Bright Psychotherapy is designed to help you identify the underlying causes of your anxiety, develop healthy coping mechanisms, and work through the emotional and psychological challenges that anxiety brings.

At Bright Psychotherapy, we offer a range of therapies specifically aimed at treating anxiety. Some of the approaches we use include:

Cognitive Behavioral Therapy (CBT): This evidence-based approach helps individuals identify and challenge negative thought patterns and replace them with more balanced, realistic thinking.

Mindfulness-Based Stress Reduction (MBSR): A powerful technique that teaches clients how to stay present and manage stress through mindfulness and relaxation practices.

Exposure Therapy: A technique used to gradually confront and reduce fear and anxiety around certain situations or objects.

We believe that therapy for anxiety should be personalized to each person, and that is why we tailor our approach based on your unique symptoms and experiences. Whether your anxiety stems from everyday stressors, a specific event, or is more generalized, we can work with you to find the right strategies for managing it.

London Therapy for Anxiety
If you’re seeking London therapy for anxiety, Bright Psychotherapy is here to provide the same expert care and personalized treatment to individuals in London. Anxiety can have a significant impact on a person’s well-being, and it’s essential to seek professional support to manage symptoms effectively.

We offer both in-person and online therapy options, ensuring that individuals in London have access to the same high-quality therapy as those in Birmingham. Our goal is to help you understand your anxiety, learn to manage triggers, and provide the tools needed for long-term emotional balance.

Birmingham Therapy for Depression
Depression is another common mental health condition that can affect all aspects of your life. It can lead to feelings of hopelessness, exhaustion, and a lack of interest in activities that were once enjoyable. Birmingham therapy for depression at Bright Psychotherapy is designed to help you navigate the complex emotions of depression, identify its root causes, and work through the negative thought patterns that keep you stuck.

Through Birmingham therapy for depression, you will have the opportunity to explore your feelings in a safe, supportive environment, and gain insights into how to manage depression effectively. The therapies we offer for depression include:

Cognitive Behavioral Therapy (CBT): CBT is an effective approach for addressing depression by helping you identify negative thoughts and behaviors and replacing them with healthier alternatives.

Interpersonal Therapy (IPT): A therapeutic approach that focuses on improving interpersonal relationships, which can often be a key factor in managing and reducing depression.

Mindfulness and Relaxation Techniques: Practices that help you stay present and focused, reducing the emotional strain caused by depression.

Our therapy is focused on providing relief from depressive symptoms, improving emotional regulation, and giving you the tools to live a more balanced and fulfilling life.

Why Choose Bright Psychotherapy for Anxiety and Depression Therapy?
Personalized Therapy: At Bright Psychotherapy, we understand that every person’s experience with anxiety and depression is unique. Our therapy sessions are tailored to address your specific challenges, ensuring that you receive the most effective support for your needs