Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "cyber"
"cloud" -> someones computer
"big data" -> lots of somewhat irrelevant data
"ai" -> if if if if if if if if if if if if if else
"algorithm" -> something that works but you don't know why
"secure" -> https://
"cyber security" -> kali linux + black hoodie
"innovation" -> adding something completely irrelevant such as making a poop emoji talk
"blockchain" -> we make lots of backups
"privacy" -> we store your data, we just don't tell you about it37
Our designer (and frontender) just saved my ass big time. Had to do a tiny project involving design and frontend so I gave it a try and it looked like crap, deadline in a week. The designer made the most beautiful thing in like two days.
Kudos to all designers for doing what they're good at and ensuring that we, backenders (and cyber security people for that matter), can do our thing without having to worry about knowing how to design stuff and create interfaces because we might hate doing that and sometimes just really suck at it.
Kudos designer guys/girls!8
Running from my job to my bus stop while having my phone in my hands trying to fend off a cyber attack while my hands are nearly freezing and its raining like hell.
Sometimes my job is just fucking awesome.16
I have this one friend who thinks he is a tech guru just because he plays video games a lot and started to study cs for one year. Now he got a job as sysadmin and it is funny to hear him brag about the job in front of non-tech people because he sounds like a CSI Cyber episode, just throwing tech words at the people and I know that he talks bullshit.
But I have to admit, he knows how to sell himself. Probably that's how he got the job in the first place because it cannot be his experience.
Yesterday he called me, to help him edit something on a linux server. I told him "To edit the file type 'vi FILENAME' and then you can edit. I have to go now, I have a meeting." :]23
So my Cyber Security lecturer was talking about scam emails and how potential hackers can spoof their identity in order to gain information or get some malware on your PC.
Since this was all really obvious, I decided to email him with a crude scam email myself for the lols.
To his credit he saw the funny side.5
A while ago (few months) I was on the train back home when I ran into an old classmate. I know that he's a designer/frontend/wordpress guy and I know that he'll bring anyone down in order to feel good. I also know that he knows jack shit about security/backend.
The convo went like this:
Me: gotta say though, wordpress and its security...
Him: yeah ikr it's bad. (me thinking 'dude you hardly know what the word cyber security means)
Me: yeah, I work at a hosting company now, most sites that get hacked are the wordpress ones.
Him: yeah man, same at my company. I made a security thing for wordpress though so we can't get hacked anymore.
Me; *he doesn't know any backend NOR security..... Let's ask him difficult stuff*
Oh! What language did you use?
Him: yeah it works great, we don't get hacked sites anymore now!
Me: ah yeah but what language did you use?
Him: oh it's not about what language you use, it's about whether it works or not! My system works great!
Me: *yeah.....right.* oh yeah but I'd like to know so I can learn something. What techniques did you use?
Him: well obviously firewalls and shit. It's not about what techniques/technology you use, it's about whether it works or not!
That's the moment I was done with it and steered the convo another way.
You don't know shit about backend or security, cocksucker.16
After it was revealed that the Equifax hack was even bigger yet again, the US government said something that really made me say/think something in the trend of "WHAT the actual FUCK?!"
"This data is in the hands of cyber criminals anyways".
You run the biggest mass surveillance program in the world, sucking up more than a million terabytes every hour, then at least could you PRETEND to care/take interest when the personal data of about all your citizens appears on the Internet?!
So a fucking friend of mine makes me meet this fella who is a big shot according to his LinkedIn and please note has too much experience with Web Apps and Python
Me being naive actually trusted that and I meet him.
Fella: So what do you do?
Me: I am into Cyber Security nothing much I just do bug hunting for now
Fella: You know python will help you right?
Fella: You see you have to be a python programmer for anything you want to do in CS
Me: Me yeah I kinda know python actually I am more into Ruby from start so ( Around this time I kinda sensed that he is a fake tech guy he is a corporate asshole)
Fella: show me any of your work
Me: (So to show him one of the thing I was working on I open GitHub desktop app) Me explaining blah blah blah
*Fella is in shock*
So at this point I was thinking probably he is impressed and that's why the shock right?
No a big fucking no
Apparently he never heard about GitHub or git and got blown away by the interface.
And the friend who made me meet that guy is not my fucking friend anymore that prick can die for ruining my day18
Another incident which made a Security Researcher cry 😭😭😭
[ NOTE : Check my profile for older incident ]
I was invited by a fellow friend to a newly built Cyber Security firm , I didn't asked for any work issues as it was my friend who asked me to go there . Let's call it X for now . It was a good day , overcast weather , cloudy sky , everything was nice before I entered the company . And the conversation is as follows :
Fella - Hey! Nice to see you with us .
Me - Thanks! Where to? *Asking for my work area*
Fella - Right behind me .
Me - Good thing :)
Fella - So , the set-up is good to go I suppose .
Me - Yeah :)
*I'm in my cabin and what I can see is a Windows VM inside Ubuntu 12.4*
*Fast forward to 1 hour and now I'm at the cafeteria with the Fella*
Fella - Hey! Sup? How was the day?
Me - Fine *in a bit confused voice*
Fella - What happened mate , you good with the work?
Me - Yeah but why you've got Windows inside Ubuntu , I mean what's the use of Ubuntu when I have to work on Windows?
Fella - Do you know Linux is safe from Malwares?
Me - Yeah
Fella - That's why we are using Windows on VM inside Linux .
Me - For what?
Fella - To keep Windows safe from Malwares as in our company , we can't afford any data loss!
Me - 😵 *A big face palm which went through my head and hit another guy , made me a bit unconscious*
I ran for my life as soon as possible , in future I'm never gonna work for anyone before asking their preferences .9
I'm a programmer and an aspiring cyber security specialist. Yesterday, after I gave a presentation about smart bulb hacking, I heard through a coworker that a cyber security company is interested in talking to me. Yay!11
You think a junior dev pushing his code onto a production server is bad? Wait till you have that admin who is illegally mining Bitcoin on your production server. 😂
I went for a Cyber Security conference today with one of managers and this was one of the life experiences some of the speakers shared.18
I'm a week into my new job right now. What do I love the most about it?
Learning things all day long and getting paid for it!
I'm learning about hosting things, DNS, cyber security, configurations, Linux (although my current skill set with Linux has been enough for now) and so on!
Hell, easy day today (not that many tickets) so decided to start learning Ansible! Next to that I've gotta learn vim (it just autocorrected that to cum.... O.o), work with hosting panels, mail stuffs (dns, debugging etc etc) and so fucking on.
The boss hasn't been at location yet which will happen tomorrow but he seemed like a very chill guy.
I love this!23
Got a call from a recruiter today. (Keep in mind that using WhatsApp is about a requirement over here.)
R: so can I app you (I hate that word to the fucking point) with further details?
Me: *oh fuck this is gonna get me fucked again* uhm I don't use it so yah...
R: ohhh okay, security reasons?
Me: *slight relief* yes indeed, sir
R: oh fair enough, you can always just text and call me!
*very relieved feeling*
It's for either a cyber security or linux job by the way.29
Currently at a cyber security event.
The most ironic thing is that the WiFi here is not secured...20
So I've been looking for a Linux sysadmin job for a while now. I get a lot of rejections daily and I don't mind that because they can give me feedback as for what I am doing wrong. But do you know what really FUCKING grinds my FUCKING gears?
BEING REJECTED BASED ON LEVEL OF EDUCATION/NOT HAVING CERTIFICATIONS FOR CERTAIN STUFF. Yes, I get that you can't blindly hire anyone and that you have to filter people out but at least LOOK AT THEIR FUCKING SKILLSET.
I did MBO level (the highest sub level though) as study which is considered to be the lowest education level in my country. lowest education level meaning that it's mostly focused on learning through doing things rather than just learning theory.
Why the actual FUCK is that, for some fucking reason, supposed to be a 'lower level' than HBO or Uni? (low to high in my country: MBO, HBO, Uni). Just because I learn better by doing shit instead of solely focusing on the theory and not doing much else does NOT FUCKING MEAN THAT I AM DUMBER OR LESS EDUCATED ON A SUBJECT.
So in the last couple of months, I've literally had rejections with reasons like
- 'Sorry but we require HBO level as people with this level can analyze stuff better in general which is required for this job.'. - Well then go fuck yourself. Just because I have a lower level of education doesn't FUCKING mean that I can't analyze shit at a 'lower level' than people who've done HBO.
- 'You don't seem to have a certificate for linux server management so it's a no go, sorry!' - Kindly go FUCK yourself. Give me a couple of barebones Debian servers and let me install a whole setup including load balancers, proxies if fucking neccesary, firewalls, web servers, FUCKING Samba servers, YOU FUCKING NAME IT. YES, I CAN DO THAT BUT SOLELY BECAUSE I DON'T HAVE THAT FUCKING CERTIFICATE APPEARANTLY MEANS THAT I AM TOO INCOMPETENT TO DO THAT?! Yes. I get that you have to filter shit but GUESS WHAT. IT'S RIGHT THERE IN MY FUCKING RESUME.
- 'Sorry but due to this role being related to cyber security, we can't hire anyone lower than HBO.' - OH SO YOUR LEVEL OF EDUCATION DEFINES HOW GOOD YOU ARE/CAN BE AT CYBER SECURITY RELATED STUFF? ARE YOU MOTHERFUCKING RETARDED? I HAVE BEEN DOING SHIT RELATED TO CYBER SECURITY SINCE I WAS 14-15 FUCKiNG YEARS OLD. I AM FAMILIAR WITH LOADS OF TOOLS/HACKING TECHNIQUES/PENTESTING/DEFENSIVE/OFFENSIVE SECURITY AND SO ON AND YOU ARE TELLING ME THAT I NEED A HIGHER LEVEL OF FUCKING EDUCATION?!?!? GO FUCKING FUCK YOURSELF.
And I can go on like this for a while. I wish some companies I come across would actually look at skills instead of (only) study levels and certifications. Those other companies can go FUCK THEMSELVES.40
Context: I work in a cyber security company which develop cyber security solutions.
I started testing the API of the dashboard we have. Within 15 minutes, after poking around with burp suite, found SQL injection in post data that leads to the whole DB dumping in sqlmap.
Told the boss and the API developer. Boss said, "it's ok to have bugs/holes in trial box". But this is on a machine that is gonna be sent to client for trial in a few days. I even compiled a report and how to fix it, which is like 2 lines of "if else" statement by the way. Told the API developer how to fix, he didn't care. 'I work on functionality first'. Doesn't look like he gonna fix.
A damn cyber security company, developing cyber security solution, do the "don't" in web security 101, which is dumping POST data directly into the SQL query, which requires only 5 minutes to fix. 🤦♂️🤦♂️🤦♂️14
(The PM is pretty technical)
Me: Could you create this subdomain?
PM: Sure, just a sec.
Me: Ohh and could you add a letsencrypt cert? (one click thingy)
PM: Why would you need that on this kinda site...
Me: Well in general for security...
(referring to my internship manager/guider as Bob)
Bob: Hey... we have a new subdomain!
Bob: Wait why is there no letsencrypt certificate installed...?!?
Me: Well, the PM didn't find that neccesary...
Bob: (Oo) of course it is... are we going for security by default or what?
Me: Yup agreed.
Bob: *creates cert and sets everything up in under a minute*
It wasn't a high profile site (tiny side project) but why not add SSL when you can for free?8
Worst legacy experience...
Called in by a client who had had a pen test on their website and it showed up many, many security holes. I was tasked with coming in and implementing the required fixes.
Site turned out to be Classic ASP built on an MS Access database. Due to the nature of the client, everything had to be done on their premises (kind of ironic but there you go). So I'm on-site trying to get access to code and server. My contact was *never* at her desk to approve anything. IT staff "worked" 11am to 3pm on a long day. The code itself was shite beyond belief.
The site was full of forms with no input validation, origin validation and no SQL injection checks. Sensitive data stored in plain text in cookies. Technical errors displayed on certain pages revealing site structure and even DB table names. Server configured to allow directory listing in file stores so that the public could see/access whatever they liked without any permission or authentication checks. I swear this was written by the child of some staff member. No company would have had the balls to charge for this.
Took me about 8 weeks to make and deploy the changes to client's satisfaction. Could have done it in 2 with some support from the actual people I was suppose to be helping!! But it was their money (well, my money as they were government funded!).1
>I can't believe we pay your useless ass to sit around doing nothing all day!
>this is your fault1
Following a conversation with a fellow devRanter this came to my mind ago, happened a year or two ago I think.
Was searching for an online note taking app which also provided open source end to end encryption.
After searching for a while I found something that looked alright (do not remember the URL/site too badly). They used pretty good open source JS crypto libraries so it seemed very good!
Then I noticed that the site itself did NOT ran SSL (putting the https:// in front of the site name resulted in site not found or something similar).
Went to the Q/A section because that's really weird.
Saw the answer to that question:
"Since the notes are end to end encrypted client side anyways, we don't see the point in adding SSL. It's secure enough this way".
I emailed them right away explaing that any party inbetween their server(s) and the browser could do anything with the request (includingt the cryptographic JS code) so they should start going onto SSL very very fast.
Too badly I never received a reply.
People, if you ever work with client side crypto, ALWAYS use SSL. Also with valid certs!
The NSA for example has this thing known as the 'Quantum Insert' attack which they can deploy worldwide which basically is an attack where they detect requests being made to servers and reply quickly with their own version of that code which is very probably backdoored.
This attack cannot be performed if you use SSL! (of course only if they don't have your private keys but lets assume that for now)
Luckily Fox-IT (formerly Dutch cyber security company) wrote a Snort (Intrustion Detection System) module for detecting this attack.
Anyways, Always use SSL if you do anything at all with crypto/sensitive data! Actually, always use it but at the very LEAST really do it when you process the mentioned above!31
Someone asked for an RSS feed for the security/privacy blog, I thought?
Well, hereby! There are three feeds:
https://much-security.nl/main.xml - a feed which is updated with both blog posts and external links relating to privacy/security I find interesting/useful.
https://much-security.nl/own.xml - a feed only containing the blogs posts themselves. For people who are only interested in that part.
https://much-security.nl/external.x... - a feed only containing external links. For people who'd like to stay updated on recent cyber security/privacy thingies.
Tracking: every time a feed is visited, a redis value for that feed get's incremented. No time, ip addresses, user agent or whatsoever is saved. Just one variable getting increased once.
New domain name will also be revealed soon (probs tomorrow, going to bed soon as I've just been sick) :D.
Oh and just a warning, the main/external feed are the only ones populated with exactly one item right now :P30
Me: So what you are doing in the IT field?
Him: I am hacking bank websites.
Me: OK, that's cool. It is good in free time. What is your actual job?
Him: I am seriously hacking the bank Web site!
Me: Trust me, if you seriously doing that you will never ever mentioned it...
Him: No, I am doing it legally... The bank hiring me to try to hack the website...
Me: OK, you mean that you are cyber security tester?
Him: That is almost the same...
Me: So you are tester?
Him: I am hacking bank's websites...
I got arrested multiple times under acts of cyber crimes...
Yeah, so what if I did? Why is it a problem that I take down CP sites? "Because it's partaking in cyber warfare." Well then the police and the Federal government should execute their job keeping such out of the web space. Now, whenever I find a job, I have to inform due to the judge's final document. And not just that now when I am required to talk to a police officer who has seen my record all they can reckon is to escalate it.
What fantastic horse crap! You get arrested for tracking down child molesters and taking them off the web exclusively...
Some say I'm a social justice warrior, only I don't think that I am. I reckon I am merely an over eccentric programmer who desires to see the real criminals get sent to jail.30
hate it when Linux users talk like they own the cyber world.. linux is bla bla windows is shit shit..
I am not a linux fan, nor a Windows fan. just I use what is the best for the requirements22
A: There is not even a single forum for cyber security. Let's build one.
Me: Are you sure that there is not even a single forum?
A: Yes, I'm a cyber security expert. I have 5 years of experience in this field.
Me: **walks out quitely**1
Probably the most rage inducing data loss story...
When it comes to my cellphone I'm a data hoarder, I store each relevant meme, conversation, video, contact, nudes, etc. Had to replace my phone? Easy, change the SD.
I did this for about 4 years, had over 11GB of almost everything and anything in a 36GB SD, one afternoon my buddies and I went to a small tech convention and on our way to my car we got mugged by 5 armed men.
They took my brand new phone along with my wallet and all my cash, luckily I had GPS tracking enabled and we were able to pinpoint the exact location of my phone within 30min.
So far so good...
We called the cops and went with them, we found the car with illegal plates and weapons inside (knives, a bat, gun) so I tell the robbers were in there inside a closed cyber cafe and showed him the point on the map confirming this.
Cop: oh we can't do that we don't have an order...
Me: are you kidding me, here's the GPS, there's the car, there's the weapons, doesnt that count as at least probable cause or some shit?
Cop: we don't have that in this country, you can file a report and after 3 business days we can come here to inquire.
Me: (fucking lost it) do you fucking think they'll be here in 3 days?! I'll give you 500 bucks if you go bust their ass now.
Cop: (thinks about it) but what if they are armed? [4 patrols, 8 cops, 4 rifles and at least 6 guns plus vests] Maybe if you had contacts within the bureau we could have an order now...
I lost a lot that day, including respect to this fucked up system.
t(ಠ益ಠt) FUCK THE POLICE go eat a dick.10
The only time they ever come out of their pathetic walled internet is to attack your servers.
Fuck that country.10
Paranoid Developers - It's a long one
Backstory: I was a freelance web developer when I managed to land a place on a cyber security program with who I consider to be the world leaders in the field (details deliberately withheld; who's paranoid now?). Other than the basic security practices of web dev, my experience with Cyber was limited to the OU introduction course, so I was wholly unprepared for the level of, occasionally hysterical, paranoia that my fellow cohort seemed to perpetually live in. The following is a collection of stories from several of these people, because if I only wrote about one they would accuse me of providing too much data allowing an attacker to aggregate and steal their identity. They do use devrant so if you're reading this, know that I love you and that something is wrong with you.
That time when...
He wrote a social media network with end-to-end encryption before it was cool.
He wrote custom 64kb encryption for his academic HDD.
He removed the 3 HDD from his desktop and stored them in a safe, whenever he left the house.
He set up a pfsense virtualbox with a firewall policy to block the port the student monitoring software used (effectively rendering it useless and definitely in breach of the IT policy).
He used only hashes of passwords as passwords (which isn't actually good).
He kept a drill on the desk ready to destroy his HDD at a moments notice.
He started developing a device to drill through his HDD when he pushed a button. May or may not have finished it.
He set up a new email account for each individual online service.
He hosted a website from his own home server so he didn't have to host the files elsewhere (which is just awful for home network security).
He unplugged the home router and began scanning his devices and manually searching through the process list when his music stopped playing on the laptop several times (turns out he had a wobbly spacebar and the shaking washing machine provided enough jittering for a button press).
He brought his own privacy screen to work (remember, this is a security place, with like background checks and all sorts).
He gave his C programming coursework (a simple messaging program) 2048 bit encryption, which was not required.
He wrote a custom encryption for his other C programming coursework as well as writing out the enigma encryption because there was no library, again not required.
He bought a burner phone to visit the capital city.
He bought a burner phone whenever he left his hometown come to think of it.
He bought a smartphone online, wiped it and installed new firmware (it was Chinese; I'm not saying anything about the Chinese, you're the one thinking it).
He bought a smartphone and installed Kali Linux NetHunter so he could test WiFi networks he connected to before using them on his personal device.
(You might be noticing it's all he's. Maybe it is, maybe it isn't).
He ate a sim card.
He brought a balaclava to pentesting training (it was pretty meme).
He printed out his source code as a manual read-only method.
He made a rule on his academic email to block incoming mail from the academic body (to be fair this is a good spam policy).
He withdraws money from a different cashpoint everytime to avoid patterns in his behaviour (the irony).
He reported someone for hacking the centre's network when they built their own website for practice using XAMMP.
I'm going to stop there. I could tell you so many more stories about these guys, some about them being paranoid and some about the stupid antics Cyber Security and Information Assurance students get up to. Well done for making it this far. Hope you enjoyed it.26
Got called up today by my org's cyber security team.
Reason: Installed a font called "Hack" (https://github.com/source-foundry/...)
Anyone here who also got super bored while on a porn site and ended up pentesting that porn site..?14
few years back there was a corruption scandal in my country, serbia. one of the ministries paid around 25,000 euros for a website to a company that was founded few weeks before the open call. for comparrison sake average pay at the time was around 300 euros. the website it self didn t have any special features, just publishing contenet. wordpress would do the job. on a press confference, trying to defend the cost, spokesperson of the ministry said that the website was made in "cms programming language".
it community lost it! mems started immediatelly, "i am learning cms language so i could charge 25.000 per project". and then one guy got intrigued, found the login page, and typed:
and got in!!!!
i kid you not!
he posted featured news on the homepage, saying hey guys your credentials probably shouldn t be admin/12345. twitter was on fire, everyone started loging in and posting shit.
and the crasiest part is that this guy was arrested and charged for cyber-crime!4
former boss wrote three cyber-defense books. had his "collections" team sending plaintext passwords to high-side clients over unsecured email4
I think I ranted about this before but fuck it.
The love/hate relation I have with security in programming is funny. I am working as a cyber security engineer currently but I do loads of programming as well. Security is the most important factor for me while programming and I'd rather ship an application with less features than with more possibly vulnerable features.
But, sometimes I find it rather annoying when I want to write a new application (a web application where 90 percent of the application is the REST API), writing security checks takes up most of the time.
I'm working on a new (quick/fun) application right now and I've been at this for.... 3 hours I think and the first very simple functionality has finally been built, which took like 10 minutes. The rest of the 3 hours has been securing the application! And yes, I'm using a framework (my own) which has already loads of security features built-in but I need more and more specific security with this API.
Well, let's continue with securing this fucker!10
So... remember my first rants about my network at my last ship?
Well... I had to visit them for an unrelated matter and found out that they are to pass general inspection the next week. Among the inspectors is a member of the cyber defence team. I took a quick look at the network, finding the things I'd expect:
- No updates passed to the server or installed since I left
- No antivirus updates since I left
- All certificates were expired
- Most services were shut down or unused
- All security policies were shut down
- Passwords (without expiration now) were written on post-it and stuck on screens
- ... and more!
I told the XO (the same idiot that complained about them CONSTANTLY) and he just shrugged me off and told me to """fix""" it. In one fucking afternoon.
I. SHIT. YOU. NOT.
The new admin there is a low ranking person who hasn't the faintest idea of how this works, and isn't willing to learn, either. They just dumped the duty on him, and he seems not to care. The cyber security inspector is going to have a field day. Or get grey hairs.
I told the XO that I needed at least a week to get them into working order (I have to re-set up my virtual Windows 2012 R2 server, download 2 years' worth of updates, repair 2 years of neglect etc.). The answer was what I expected:
"You know computers, you can do your magic and get it done in an afternoon."
Thank god I got transferred and don't have to answer to that idiot any more. Now, popcorn time, as I watch the fireworks.
Yes, I am a vengeful guy. I have told them, twice now, of what would happen. They didn't listen. At least now, with an official report on their heads, they just might.5
I'm soon graduating from a tech/IT school which recently specialized in cybersecurity.
Today when I changed my password on their website, it displayed the old one in clear text.
God damn it people, THIS is the reason why our school's reputation has been slowly but steadily going down.1
Some years ago I was in cyber security in the military being shown some new tech for our use. Was challenged to try and get past it after being explained it's basics. Took me one long line in Linux about 10 seconds.
Anomaly detection firewall with machine learning seemed like a good idea.
Setting it to aggressive response and then change the package header to the firewall's own address however made it kill itself.
We didn't deploy that firewall that I know of.5
Haha! Sorry but this new cyber attack that's hit the NHS and other company's around the globe, just makes me laugh 😂
These company's just will not spend money on IT, keeping everything update and backed up! 💾
Some of these machines will still running on Windows Vista or XP 😱10
This isn’t gonna be a random because I do eventually get to a Tech and YouTube related topic.
YouTube is actually killing itself with all of the dumbass rules they’re implementing. Trying to child proof or limit educational content is genuinely a shit policy. The reason so many gaming channels are switching to twitch because it doesn’t try to censor you.
But now I don’t know if you’ve heard but YouTube updated their guidelines and they’re no longer allowing content that teaches people about Hacking essentially (and I hate putting it like that but I can’t remember the exact words they used Hacking just summarizes it) which is fucking ridiculous like what the fuck else, are they gonna stop allowing lock picking videos?
YouTube has always been an amazing FREE resource for people learning Programming, Cyber Security, IT related fields, and even shit like lock picking, cooking, car stuff, and all that stuff. Even sometimes when the tutorials aren’t as detailed or helpful to me they might be exactly what someone else needed. And Cyber Security can be a difficult topic to learn for free. It’s not impossible far from it, but YouTube being there was always great. And to think that a lot of those could be taken down and all of the Security based channels could either lose all revenue or just be terminated is terrifying for everyone but more so them.
A lot of people and schools rely on YouTube for education and to learn from. It’s not like YouTube is the only resource and I understand they don’t want to be liable for teaching people that use these skills for malicious purposes but script kiddies and malicious people can easily get the same knowledge. Or pay someone to give them what they want. But that’s unfair to the people that don’t use the information maliciously.
It’s the same for the channels of different topics can’t even swear and it’s ridiculous there’s so many better options than just banning it. Like FUCK kids nowadays hear swearing from their older siblings, parents, friends, and TV it’s inevitable whether someone swears or not and YouTube is not our parents, they aren’t CBS, so stop child proofing the fucking site and let us learn. Fuck.
TLDR YouTube is banning educational hacking videos and are being retarded with rules in general23
Who's at fault for the recent Wanna Cry virus: The companies affected or Microsoft/NSA?
Personally, I think it's the companies affected. This is what happens when you try and be cheap when it comes to cyber security.8
!rant 📚 📑
Cybersecurity books @Humble Bundle
There is a really great Humble Book Bundle at the moment, starting at 1$. The bundle contains several cyber security books ("Practical Reverse Engineering" and "Security Engineering" have a good reputation).8
I have got my cyber security exam tomorrow morning and i just got a call from a client to make some urgent changes to his site.
To add to it, i already wasted around half an hour becoz GoDaddy Plex somehow decided to block my own IP in the firewall.
And now I am on devRant.
Crap. I am fucked!4
Umm yes, this cyber you're talking about sounds interesting, where do i get a cyber? How much does a cyber cost? Can a cyber feed my family?
As for programming: (will do a cyber one later)
Don't *ALWAYS* only study/learn programming solely for learning it as this can be demotivating at times, find a cool project to do and learn while developing that!
This is how I learned programming in a fun way :)5
So this just happened. Some background before I begin: We're understaffed, my desk is in the back of the building, and there's no one really at the front to greet people. No security either...
Guy walks in wearing a flannel jacket (no shirt under it), pajama pants, and sandals. He looks like hell. Explains he was just released from a hospital and his apartment is locked. I let him use my phone to call his sister.
When I talk to his sister, she barely wants to speak with him. Tells me his apartment is locked for a reason and he's not allowed back. I'm just like: "So... what would you have us do for him?" At this point if his sister won't help, I was going to ask him to leave. Oh, and that hospital was a drug rehab.
So it ends with him waiting for a ride, but he ends up napping on the couch in the front of our office. CEO/Owner and his business partner walk right past and say nothing. They go into a meeting. I'm trying to figure out if I ask him to leave, wait outside for his ride... I'm a developer, this isn't my job.
A good 45-60 minutes later, after the guy walked outside and then came back in and laid back down on the couch, he leaves with his ride. Shortly after the owner walks out of his meeting, so I ask him what to do in this situation - more hoping he'd realize the need for more security.
If this story isn't crazy enough, the business partner pipes up - absolutely serious - and says he didn't say anything because he thought the guy was a developer.
So I've learned that we've got extremely low hygiene standards for developers here, with a relaxed dress code and are allowed nap times on the front couch.
Thankfully our CYBER security is better than our PHYSICAL security. :|1
What a relief!
I got my final certificate for finishing 9th grade, and the council has determined that (drums please)
IM GOING TO CYBER / COMPUTER SCIENCE NEXT YEAR!!!!!!!!!!4
Our local cyber security team has asked all to remove docker from their laptops, reason they can't track them
Most of our stack is aws fargate with nodejs and java springboot
Developers = wtf ?!!2
Anyone who's interested in cyber security, go follow Binni Shah (@binitamshah) on Twitter. The amount of tutorials and guides she retweets is crazy and very informative.
Also if you're not on Twitter you're missing out on a lot of content to learn from ✌️21
Unnamed hacking game - "terminal" graphics
-Multiplayer. Last man standing.
-Like a tower-defence game but technical
You work for a company that has outsourced their technical department to Bykazistan, a country with good internet and bad laws. On one hand, labor is very cheap! There are no pesky laws protecting workers, so you don't need to pay them what they're worth. Phew. However, there are also no laws against cyber crime. But for a start-up like you, the risk is worth the reward!
...which would be great! If you were the only company with that idea. As it turns out, you aren't. All of your competitors also recently outsourced to Bykazistan, and that could be an issue.
You would be afraid, but you are a hardened businessman. You are familiar with the cut-throat nature of the business world and where others see risk, you see opportunity. Let the games begin.
Your mission is to protect your ciritical assets at all costs, eliminate your opponents, and make ciritical financial decisions - all while maintaining your uptime!
Build a botnet and attack your competition to decrease their uptime and disable their attacks. Port scan your opponents to learn more about their network, but beware of honeypots! Initiate devastating social engineering attacks - and train your employees against them! Brute-force their credentials, and strengthen your own.
Make sure to keep your software patched...6
Well, here is another Intel CPU flaw.
I'm starting to think that all these were done on purpose...
I am tired of my idiot ‘friends’ asking me if I can hack Facebook Instagram etc. because some other idiot made them mad. Like fuck no. 1 it’s unethical as hell 2 it’s illegal I don’t want to go to jail. 3 I’m learning cyber security NOT hack stuff because someone hurt your useless feelings.
Ohhh and they always get pissed off when I explain everything wrong with their idiotic request10
Many people / engineers around me talk about trendy stuff like Cybersecurity or AI and show off what great encryption and neuronal networks they 'have built' ( I would rather say 'using').
I kinda get the feeling of 'Everbody talks about it - no one really knows what's goin' on inside (especially those guys who hate math and even algorithms).'
Am I just stupid or does somebody else here feel the same way? I mean people have been doing serious research about this stuff for years. And currently many kids are coming up with it as if it is easy stuff like the bubble sort.6
Ah, that feeling when you open random cyber space options in Firefox so you can watch children being forced, classical frontend development with devtools. Happens almost every Tuesday4
I'm a geek. I love programming alot and I post programming memes and educational posts daily in my Instagram stories. There were many people in my profile who don't even know what programming is and when they see someone coding or sharing something related to coding, they call him/her hacker. That's what I used to be called in my Instagram account. I don't even know how to use Kali Linux, neither do I have any backend experience or experience in making exploits nor I shared any post related to hacking. Though I do post about cyber security things but the people are so dumb that everyday I get a new message in which the person asks me 'Bro can you teach me how to hack?', 'Bro let's hack a bank and we'll divide the funds' or 'Can you please hack my GF's account' and shits like that 😂 I'm like 'WTF is this!? What do you think I'm man!?' 😂😂 They all are really way too silly.
Please ++ this if ever happened with you 😂3
THE CODE USED IN MY MANDATORY ONLINE TRAINING ABOUT CYBER SECURITY AND STUFF LIKE THIS:
Oh boi it would be a real shame if someone proxied your precious function :)2
What are you all planning on getting on Black Friday/Cyber Monday? I've pinched pennies all year and saved up just enough to only be able to afford 35% or so of the cost of being beaten in a local dark alley. That's not even what I wanted, but still.16
OKAY BUT WHY THE FUCK DO PEOPLE HAVE TO ACT LIKE THEY'RE SOME KIND OF GOD WHEN THEY CAN'T EVEN PASS AN INTRO CLASS. Some background: I go to an early college in high school program which offers computer science where you take two college classes a semester starting you junior year in high school. AND THIS GIRL TALKS ABOUT THIS PROGRAM LIKE IT'S AWFUL AND SHE HATES IT AND HOW THE PROFESSORS DON'T TEACH AND SHE FAILED AN INTRO TO PROGRAMMING CLASS WHICH TEACHES JAVA BUT THEN SHE ACTS LIKE SHE'S WAY ABOVE THE OTHER KIDS IN MY CLASS BECAUSE SHE'S RETAKING IT. SHE'S ALSO A STUDENT ASSISTANT IN MY CYBER SECURITY CLASS BUT DOESN'T KNOW WHAT THE localhost IP IS. I UNDERSTAND THAT I DON'T KNOW EVERYTHING BUT AT LEAST I DON'T ACT LIKE I DO. IT'S SO INFURIATING!!!!!!
Rant considering the latest Cyber attack and the news around it.
(A recap: a lot of Windows computers were infected with ransomware (due to security hole on Windows), which demanded 300$ in bitcoins to unlock data. After 3 days the price would double, and after 7 days the data was to be deleted)
1) In our country, one of the biggest companies was attacked (car factory). The production stopped and they got for around 1 000 000€ damage in less than 24h (1300 people without work). The news said that they were attacked because they are such a big company and were charged more, as the hackers "knew who they were dealing with" - another reason being the fact that the text was in croatian (which is our neighbor country), but noone realized that it is just a simple google translate of english text - which is obviously not true. The hackers neither know nor care who is hacked, and will charge everyone the same. They only care about the payment.
2) In UK whole (or large part) of medical infrastructure went down. The main thing everyone was saying was: "Nobody's data is stolen". Which, again, is obvious. But noone said anything about data being deleted after a week, which includes pretty much whole electronic medical record of everyone and is pretty serious.
And by the way, the base of the ransomware is code which was stolen from NSA.
All that millions and millions of dollars of damage could be avoided by simply paying the small fee.
The only thing that is good is that (hopefully) the people will learn the importance of backups. And opening weird emails.
P.S. I fucking hate all that 'hacky thingys' they have all over the news.5
Movie about Stuxnet Cyber weapon is out
The advanced malware used by CIA and MOSSAD to sabotage Iran's nuclear program
"Zero days" by Alex Gibney
Gk watch it guys..7
I find it hilarious the total misconception of hacking that the general public has. I tell people I know cyber security (Not as much as a lot of people around here) but it is a hobby of mine and I find it very useful/interesting.
But I can't stop but laugh when someone is like, can you get all the text messages my bf receives?
Can you hack this for me can you back that?
C'mon even if I knew how to do that without being caught you think I would even admit that to you. Do hackers just walk around with an index card pasted to their forehead of their skill? It's not even slightly reasonable to think this lol even for someone who doesn't know about the field
Please stop putting critical infrastructure to the internet. Security on the internet is a joke, and we won't be laughing the time when someone dies from a cyber attack on another pipeline/dam/weapons factory.13
Comment a 1 if you’re a web dev.
Comment a 2 if you’re a game dev.
Comment a 3 if you’re a data scientist.
Comment a 4 if you’re in cyber security.
Comment a 5 if you’re in IT.
Comment a 6 if you don’t fit any of the above categories and you code only in PHP and refuse to learn any other language because you think PHP is the future.51
Had my first interview for a cyber security gig.
1st round, preliminary questions about ethics in a security related topic, etc.
I wrote a report about that topic, but for some reason brain fogged the answer.
At the end of the interview, I also blurted out that I found the interviewer's presentation at a past conference and really liked it.
Pretty sure they now think I'm a creep.
That being said, it's been a few years since I've interviewed, so it feels great to get the dust off, even if I bombed it
Practice makes perfect, right?!2
Just heard this on the news...
"The cyber security on my smart phone compared to the cyber security in medical equipment..."
Wtf did I just hear??? I mean, I get it...using terms the general public understands... But how about educating people instead. 😤1
Long long time ago when recharge coupons we a thing, I used to try out more codes in the series and waste my time. After failing a lot over this, I started trying out different USSD codes to see what other stuff is out there. This got me to stumble upon facebook and twitter on USSD. I'm not sure now but, twitter was probably *515# from my carrier.
Facebook. I remember chatting for quite a long period using this. Very slow and limited yet, fun. The USSD message expires within ~60secs. so you have to type the chat message before that or you lose everything you typed. The phone was no smartphone that would allow me to copy the text from the USSD input. On top of that panic, was a character limit to these messages. I remember hitting send while being midway through a message just so I don't lose what I typed, on a T-9 keyboard. Still miss those!
The person on the other side would receive a half message due to this, and would start replying without any patience, to which I panicked as now there's a new thing to respond to, and a half message which I'm waiting to complete.
Later over the weekend when I was allowed to visit the cyber cafe for an hour or two with 15-30 INR, reading the chat threads, being able to use the five sticker packs:) and thus continuing on a computer was fun. But, as the time at the cafe expires, I had to immediately shut off my session or I'd be charged more. Thus, I was left in the middle of a conversation again, and had to continue over USSD.
Using social media without any internet like this was quite fun in a weird way. If I get a new message, I'd get a USSD alert, and then an sms if I didn't reply in some 10-15mins!
This had all the features like like and comment. Friend requests too. For the posts in a "timeline" which was new and fancy in those days, all you see is the caption of a post which also gets truncated quite a bit as USSD also has to show it's options like:
3. Next Post
4. Main Menu
This was around '13 or '14 I guess. After which I later got my first computer- a laptop. Anyways, the tactile feel of pressing the buttons on a T-9 keypad is nostalgic to me. 😅 And if you were a pro at texting, u must hv used shrtcts lyk dis too w/ emojis lyk :-) <3
I'm a student at a cyber education program. They taught us Python sockets two weeks ago. The next day, I went home and learned multithreading.
Then, I realized the potential.
I know a guy1 who knows a guy2 who runs a business and could really use an app I could totally make. And it's a great idea and it's gonna be awesome and I'm finally gonna do something useful with my life.
All I gotta do is learn UI. Easy peasy.
I spent the next week or so experimenting with my code, coming up with ideas for the app in my head and of course, telling all my friends about it. Bad habit, I know.
Guy1 was about to meet Guy2, so I asked Guy1 to tell Guy2 about my idea. He agreed. I reminded him again later that day, and then again in a text message.
The next day, I asked him if he remembered.
I asked him to text Guy2 instead. He came back to me with Guy2's reply: "Why won't he send me a message himself?".
So I contacted Guy2. After a while, he replied. We had a short, awkward conversation. Then he asked why he should prefer a new app over the existing replacement.
He activated my trap card. With a long chqin of messages, I unloaded everything I was gathering in my mind for the last week. I explained how he could use the app, what features it could have and how it would solve his problem and improve his product. I finished it off with the good old "Yeah, I was bored😅" to make the whole thing look a bit more casual.
Now, all that's left to do is wait.
Out of all the possible outcomes to this situation, this was both the worst the least expected one.
I'm not familliar with the English word for "Two blue checkmarks, no reply". But I'm certain there is no word in any language to describe what I'm feeling about this right now.
By that point, Guy1 has already made it clear that he's not interested in being my messanger anymore. He also told me to let the thing die, just in case I didn't get the hint. I don't blame him though.
It's been almost a week since then. Still no reply from Guy2. I haven't quite been able to get over it. Telling all my friends about it didn't really help.
Looking back, I think Guy2 has never realised he has that problem with his product.
But still, the least he could do is tell me why he dosen't like it...
"Why won't he send me a message himself?" Yeah, why really? HMMM :thinking:
You know what? If I ever somehow get the guts to leave my home country, I'm sending a big "fuck you" to this guy.10
Some things should be prohibited! Such as trying to look smart luring geeks with PHP code. That does not do what you wanted to do in the first place. Idiots!4
What's a good book to read about hacking and/or cyber security? Doesn't have to necessarily a how-to guide, rather, just something to read on the subject.5
So I was sitting at my usual coffee shop with my friend, and he is always telling jokes about me being a penetration tester and saying stuff like "so, you think you are an Hacker?".
He said that over and over again, so I told him "yes, do you wanna see something?", I pulled out my phone, did a network discovery to find something to show him, I did not find anything interesting to show him, so I went to the browser and put the router ip to log into it, I did not knew the password or username so I just went to Google and searched for defaults, tested 3 combinations and got access to the router.
Then I just told him "this is why what I do is important because if I wanted I could do really bad things with this", then he got mad at me for this...3
-Machine Learning (especially Reinforcement Learning & GANs)
Of course I want to finish the projects I'm currently working on and maybe start a YouTube channel about my projects.
Yes I know, it's quite a lot to do, but I don't know if I will ever have the chance to do all that things in my free time again.
Never been a fan of podcasts before, but I'm fixing to take a stab at listening to some.
What's a good tech/programming podcast? (Bonus points if it's about Cyber security)
I take a moment for myself and assess the situation from a bird's view.
Then, I objectively look at the current situation and my response/reaction to this and try to change my thinking process/acting to a more rational one.
But, also, my general way of thinking in the cyber security world plus how I'm hardwired to think in a 'paranoid' kind of way makes my current job so fucking perfect for me that i often think about that and the fact that there aren't many people around who have this.1
devRant should add a new feature to create polls
e.g. 1: What OS do you prefer?
e.g. 2: Which programming language do you prefer for web dev, mobile dev, etc.
I bet after a while a cyber war would commence. And that would be devRant's fault because it gave developers a reason to hate each other.
So devRant please disregard my request for the new feature.
Narrator: And then he laughed sardonically.4
Anybody else feel like their Internet traffic constanty being monitored after downloading pen testing tools?
Have our identities been added to lists of potential cyber criminals :/
(For ethical purposes - involving your own site's security!!)2
whenever i tell my dad about a technology that is going way beyond our imagination and tell him about the consequences of it and how we should worry about that
then he watches some random tv show about internet security/cyber security and various algorithms (very abstract) which are currently changing the world and how we should care about our data and what the consequences of X technology is...
he be like: "oh is that true? that's interesting, how does that work?"
i'm like😑 dad, i already told you about that😩
ever had similar experience?1
Because I am very interested in cyber security and plan on doing my masters in it security I always try to stay up to date with the latest news and tools. However sometimes its a good idea to ask similar-minded people on how they approach these things, - and maybe I can learn a couple of things. So maybe people like @linuxxx have some advice :D Let's discuss :D
1) What's your goto OS? I currently use Antergos x64 and a Win10 Dualboot. Most likely you guys will recommend Linux, but if so what ditro, and why? I know that people like Snowden use QubesOS. What makes it much better then other distro? Would you use it for everyday tasks or is it overkill? What about Kali or Parrot-OS?
2) Your go-to privacy/security tools? Personally, I am always conencted to a VPN with openvpn (Killswitch on). In my browser (Firefox) I use UBlock and HttpsEverywhere. Used NoScript for a while but had more trouble then actual use with it (blocked too much). Search engine is DDG. All of my data is stored in VeraCrypt containers, so even if the system is compromised nobody is able to access any private data. Passwords are stored in KeePass. What other tools would you recommend?
3) What websites are you browsing for competent news reports in the it security scene? What websites can you recommend to find academic writeups/white papers about certain topics?
4) Google. Yeah a hate-love relationship, but its hard to completely avoid it. I do actually have a Google-Home device (dont kill me), which I use for calender entries, timers, alarms, reminders, and weather updates as well as IOT stuff such as turning my LED lights on and off. I wouldn"t mind switching to an open source solution which is equally good, however so far I couldnt find anything that would a good option. Suggestions?
5) What actions do you take to secure your phone and prevent things such as being tracked/spyed? Personally so far I havent really done much except for installing AdAway on my rooted device aswell as the same Firefox plugins I use on my desktop PC.
6) Are there ways to create mirror images of my entire linux system? Every now and then stuff breaks, that is tedious to fix and reinstalling the system takes a couple of hours. I remember from Windows that software such as Acronis or Paragon can create a full image of your system that you can backup and restore at any point to get a stable, healthy system back (without the need to install everything by hand).
7) Would you encrypt the boot partition of your system, even tho all data is already stored in encrypted containers?
8) Any other advice you can give :P ?12
Pentesting for undisclosed company. Let's call them X as to not get us into trouble.
We are students and are doing our first pentest at an actual company instead of assignments at school. So we're very anxious. But today was a good day.
We found some servers with open ports so we checked a few of them out. I had a set of them with a bunch of open ports like ftp and... 8080. Time to check this out.
"please install flash player"... Security risk 1 found!
System seemed to be some monitoring system. Trying to log in using admin admin... Fucking works. Group loses it cause the company was being all high and mighty about being secure af. Other shit is pretty tight though.
Able to see logs, change password, add new superuser, do some searches for USERS_LOGGEDIN_TODAY! I shit you not, the system even had SUGGESTIONS for usernames to search for. One of which had something to do with sftp and auth keys. Unfortunatly every search gave a SQL syntax error. Used sniffing tools to maybe intercept message so we could do some queries of our own but nothing. Query is probably not issued from the local machine.
Tried to decompile the flash file but no luck. Only for some weird lines and a few function names I presume. But decompressing it and opening it in a text editor allowed me to see and search text. No GET or POST found. No SQL queries or name checks or anything we could think of.
That's all I could do for today. So we'll have to think of stuff for next week. We've already planned xss so maybe we can do that on this server as well.
We also found some older network printers with open telnet. Servers with a specific SQL variant with a potential exploit to execute terminal commands and some ftp and smb servers we need to check out next week.
Hella excited about this!
If you guys have any suggestions let us know. We are utter noobs when it comes to this.6
Massive cyber attack hits Europe. Hopefully everyone is patched and secure. Critical infrastructure, banks... impacted.1
Well, I got invited to a job interview for the role of Cyber Defense Developer, in a HUGE multinational it company, I'm starting to get the imposter syndrome creeping up.
Any tips about job interviews?
I'm just a student on my second year2
Honestly, school is useless for me as of right now. I know I should be well rounded and stuff, but do I honestly need to know the symptoms of cervix cancer while going into a tech career? My eyes have been set on tech for my whole life, ever since I left the womb, and I know that if I do switch careers, it'll be from comp sci to cyber security not from IT to med school...
I feel like I could really be devoting my time towards something better than writing a 5 page essay on a healthy food choice.
Every night I think to myself, "You know what, I'm going to lock myself in a room and write bash scripts all day" but then I wake up in the morning, and remember I have to take a quiz on reproductive systems, learn about the procedure of organ donations for driver's ed, write 2 paragraph definitions of vocab words, and read a book about communism.
The most useful thing I learned last year, was how to efficiently navigate the java API, and that's something you don't even learn, you just encounter it. Schools need to start having more specific specialties and stop enforcing knowledge of pointless topics.
I'm not saying to remove all core classes and stuff, I'm saying why waste space in our brains with something we won't use ever again? I get it, some people don't know what career they're looking for yet so you can't make them choose, but it honestly sucks some serious ass that I can't learn what I want to at school, and as a matter of fact, I can't even learn at home, because they're filling my schedule with pointless work because they feel that they have to fill our time somehow.
Point of this long ass rant is: Why lock yourself in a room and learn about something if it isn't something you want to learn about? The space in our brain is finite enough, why can't it be filled with things we're interested in rather than things that will only be used to get good grades in the future then overwritten with useful knowledge. Same thing with time. We have a very finite amount of time in a day, and now that I think of it, a lifetime. Why spend it on something that doesn't, and never will, make your life enjoyable?7
What is the probability of alien rootkit signal that would be intercepted by satellite and then executed on modern computers to create AGI that can use cloud computing and digital currency to take over our world ?
From my perspective pretty high 🤣🤣🤣
Let’s convince some government people and create intergalactic cyber attack defense institution, that would keep earth safe from alien invasion, with high money grants so we can prevent those threats.
Maybe Ernest Cline Armada is already a thing.
What you think ?2
About two weeks ago I had a cyber security competition. I spent a week or so working on a bash script so I didn't have two spend hours and hours on end doing tedious tasks to get points.
So here comes competition day and I have about 12 or so scripts that I predicted to get 60 or so of the 100 points. I open the competition image, grab my scripts, and run my call script (script that calls all the other scripts). Maybe 15 minutes later, the script is done...
ZERO FUCKING POINTS. I double checked all the files that the scripts configured and all of them worked. But NONE the vulnerabilities that my script fixed were vulnerabilities that the scoring report counted. Instead of me taking 20 to 30 minutes on the image it took my and 1:07... doesn't sound like much but the highly competitive people finished in around 1 hour and the people who just didn't give a shit about Linux took 3 hours...
Luckily... I was put onto the highly competitive team after that and it all worked out... I'll hopefully add more to this script before next competition.
Just got a request to print the new Tesla truck.
I think it wasn't that hard for the Designer to implement the low pol. Design for the 3d print :')5
Can you help me to come up with a company name?
I want to provide dev services (mainly mobile apps) but I also want to have couple projects of my own, so I can't go with a name which indicates only mobile apps. This is the keyword list that I have at the moment:
and these are my current ideas:
But none of them seem good enough :/
What do you think about appbaltic.com or devbaltic.com ? Does this name makes sense for you native speakers?
Baltic because it will be an eastern european company located next to Baltic sea. We will provide dev services and have couple projects of our own.15
I have been a professional Dev for about a year for a cyber security startup. Unfortunately, startup died do to finance mismanagement. My lead Dev said that he wanted to start a co-op contract business and since we all work great together than we should stick around. So we tried to obtain contracts and it is going much slower than imagine. I am going on my second month of no work or contract work. I'm working on my own site to do some freelance work on the side for myself offering ever, marketing and ERP software services. That is the goal for side hustle. However, for the main hustle well I'm stressed now of being home and we'll meetings not turning into money. I actually want to call it quits and do my own thing and look for normal gig. It just feels rough as he has been my mentor and offered me my first software gig. I don't feel like I own anyone anything I'm regards money or time. However, I do feel bad of I take off it will hurt them from being able to handle larger contract if they do get one.
Note: I'm pulling from my savings
My first job was writing a cloud based malware analysis system from scratch for UTSA's Institute for Cyber Security.
My direct supervisor was a womanizing, lazy, prick with a PHD. I wonder where he is now.3
Ordered a slightly watered down version of my planned PC. Let's wait for Cyber Monday for buyer's remorse!
Either way, paid half price of the planned rig for 80% of the same performance.
See attached specs. Already have a hard drive and PSU, and for now will be reusing my GTS 250.8
So.... My mom became a victim of cyber bullying. And i just feel sad for her. She is an old but smart lady in her 50s and not very used to modern tech and cyber crime.
We follow a (now dead) philosopher (say 'X') as religion, some random stranger came in their local fb group and started shit posting about X like " he is not a god , he is a thief, follow me , bla bla bla" stuff like that..
I don't give 1 qbit to that shitposter or that fight. I am just concerned that my mom (and many others) got so disturbed that she left the work and came home.
Internet is great , free and all, but as long as everyone is allowed to speak everything without caring for a consequence, simpleminded people will keep on getting hurt, evil shitposters will keep on getting fame and people with an unsure mind will keep on making wrong decisions
I can give you numerous examples where a person got the power and fame just because he keep on getting famous for his negetive posts, religious or otherwise. This has to stop, but am not sure how.16
*Has more advanced knowledge on computers and cyber security...
Mother still cant trust with repairing phone, asking which phone to buy, and naggs about the amount of time i spend on my laptop saying i'd break it.
When in an application security talk put on by our cyber security department and one team (not mine) is being chastised for only doing client side validation, another dev asks so at what point can we trust the user? A few people nod and indicate they want an answer, and the speaker, said never, you never trust the user.
I can't believe people can graduate and get a job and keep a development job, especially in a highly government regulated company like where I work2
I'm a computer engineering student.
I'm very much interested in Systems and networking.
That's why I was thinking of persuing cyber-security as a career option.
But I'm not quite sure if that is a good choice.
Also I don't know how to proceed in order to achieve excellence in cyber-security.
It would be a great help if you guys could help me.
Has anyone used python within cyber security?
I really want to get into cyber security. I'm curious what programming languages are used within that industry.4
How did you learn cyber security, especially pentesting ?
I know that making VM lab and/or doing CTFs and reading writeups can help a lot, but is there any more "formal" way to get into things like pentesting etc. ?
(Without having to pay for OSCP, Sans and all this)5
I chose Network/Cyber Security because it was my internship experience and they were willing to pay me good money to stay on... No but seriously I am much better at understanding how complex systems work than coding them. This job, as stressful as it is, is a different kind of stressful that the deadline-fraught jobs of software developers worldwide.
And i can do it fully remote.2
So I went for a "special" interview to a company whose slogan is "experience certainty" (fresher, was hoping to get a role in cyber security/Linux sysadmin). Got shown what the "real" hiring process of an indian consultancy company is...
We were called because we cleared a rank of the coding competition which the company holds on a yearly basis, so its understood that we know how to code.
3 rounds; technical, managerial and HR...
Technical is where I knew that I was signing up for complete bullshit. The interviewer asks me to write and algo to generate a "number pyramid". Finished it in 7 minutes, 6-ish lines of (pseudo) code (which resembled python). As I explained the logic to the guy, he kept giving me this bewildered look, so I asked him what happened. He asks me about the simplest part of the logic, and proceeds to ask even dumber questions...
Ultimately I managed to get through his thick skull and answer some other nontechnical questions. He then asks if I have anything to ask him...
I ask him about what he does.
Him - " I am currently working on a project wherein the client is a big American bank as the technical lead "
Me (interest is cybersec) - "oh, then you must be knowing about the data protection and other security mechanisms (encryption, SSL, etc.)"
Him (bewildered look on face) - "no, I mostly handle the connectivity between the portal and data and the interface."
Me (disappointed) - "so, mostly DB, stuff?"
Him (smug and proud) - "yeup"
Gave him a link to my Github repo. Left the cabin. Proceeded to managerial interview (the stereotypical PM asshats)
Never did I think I'd be happy to not get a job offer...1
So this is what a cyber criminal looks like.
"Norwegians are a favourite for cyber criminals"
"And we are easier to fool than Swedes and Danes, if we're to believe the thieves. The only ones more exposed than us are oil rich Saudis" 🤷♂️
We program with a scripting language that can literally be all things to all people because its Frankenstein's Cyber Monster after a career as a stripper in Oregon and was made up of the shittest parts left at the graveyard. We won't transcend ourselves calling for "Web Components without Frameworks" and "Transcendence dot JS" seriously eat shit and die.
The larping in this industry is stupider than the product of a Kentucky cousin fuck. Sure the well branded catch phrase making everyone goo goo for the easiest path possible in front end development (the JAM stack come on fuckery doo-dahs you see through it too right?) tries my patience too but not nearly as much as everyone climbing all over each other looking for something to make them feel as if they actually stand for something as they push out all of the residents in West Oakland because 'its close'.
Adults that make six figures, live about as well as any human ever has and still there is need to induce in one's self the strive and chaos that literally could be yours if you just started wandering SF at night, but of course that would be scary and its easier to be able to put down the scary at night while you slowly work your way through the Netflix and Hulu catalogue BECAUSE ITS NOT REAL FUCKING STRUGGLING ITS JUST WHINING
Do us all a fucking favor, stop acting like the parents that you leave work early every other Thursday to bitch about to some sniveling asshole with a master's psych who is probably working on his PHd in totally fucking useless. Please stop pretending you have any idea what actual struggle is. You couldn't handle the bitter taste of your own failings or the more bitter and scarier than all the shit kitties combined taste of the failings of the people you trust, don't lie to yourself.
Just leave the weird dude in a suit alone in the corner while he listens to music that sounds like it coming out of a fissure that opened in the street so could Satan come up and snatch your mother in law after she goes under for another facelift. There might be a reason that the cacophony of Hell's fury is conducive to that coworker's workflow that if he told you about it definitely would need some time off that the team can't afford because you and everyone else in the office NEVER STOPS COMPLAINING LONG ENOUGH TO DO A FUCKING THING
Instead write some components without frameworks and reinvent that fucking wheel for yourself asshat or stuff your face with some more free snacks in the break room BUT DON'T LINGER AROUND LONG ENOUGH TO SWALLOW THE SHIT YOU MIGHT START RANTING ABOUT HOW TERRIBLE IT IS FOR YOU BECAUSE YOUR NEIGHBOR LOOKED AT YOU JUDGMENTALLY.
My Linux install may break a lot, but at least I can disable the motherboard beep.4
I need to stop buying things...
I just bought a Keurig and some coffee because it was on sale for Cyber Monday...
And well I've been buying other discretionary things like crazy for the last few months... including lots of cakes and chocolates...
Which prolly adds up to over $500 in 3 months...
Damn should've gotten a new credit card... All that spending would've gotten me $150 back...
Hey everyone. I am a freshman in college studying Cyber Security. I have been practicing various programming languages such as httml, css, java script and SQL. Does anyone have any recommendations for resources to study? My end goal is to be blue teaming for my schools Cyber Defense team in the fall.5
Third (or fourth) AI winter coming in despite global warming. Cold war level shit cyber warfare.
C/C++ not dead, Java zombie still in the businesses.
Still no usable IDE (on Linux)5
Typical insurance company BS approach.
Listening to xmas music, Spotify ad kicks in about 'just being "hacked"':
Buy our cyber security insurance product to quickly recover and retain liquidity in case of a cyber security beach.
Not a single word about preventing the incidents in the first place...
Lucky to work in a place that doesn't skimp on IT.5
1. I recorded something with my dad until 12 AM isarel daylight time
2. that you so much for congratulating me for the Cyber classes. I love all of you.
3. Thank you also for 400 upvotes. Going strong.
Have an Image of the recording machines in the studio.4
Happened way back when I was still in high school and facebook was relatively new. We used to own a cyber cafe.
The Guy: (Talking to other customers) I'll have you know that I'm a graduate in Computer Science! *Proceeds to boast about self and other bullshittery*
Others: *In awe*
Me: *Veeeery Skeptical*
A few days later...
The Guy: (Talks to me) Hey, there seems to be a problem with your internet. I can't log in on facebook.
Me: Could you try to do what you are doing again?
The Guy: See, doesn't work.
Me: Have you registered your account on facebook?
The Guy: Huh? What are you talking about? I have my Yahoo! mail.
Me: ..You need to register your email on facebook in order to log in.
The Guy: What?? I don't get it. I am registered and have a Yahoo! mail!
Me: *Brain Sigh*
(I proceed to help him register his email on facebook)
The Guy: Oh, you had to register on facebook! Now I get it! I thought that if you created an email you can immediately use that to log in to facebook.
Me: *Internal facepalm x1000*
(This guy is a Computer Science graduate? Oh PLEASE. )
So first time here seems awesome I'm an aspiring cyber security expert I know very basic c++ and I'm looking for people to talk to about what I should be doing8
So I just got the cyber security pack on humblebundle... $15 for a year of PIA, a year of spider oak one cloud backups and a year of Dashlane are the notable ones (I’ll give away the antivirus ones for free since I don’t have windows).
But that wasn’t the awesomest part...
I installed Dashlane and after transferring all my stuff over from LastPass, I went to delete my LastPass
Dashlane autofilled the username...
It’s like so subtly aggressive in an unintentional way. Honestly this password manager Battle Royale is totally worth the $15 regardless.13
Question - my field is information security (or cyber security if you want to think of me as a time lord), but I wanted to know;
Front end and back Devs, how much time do you spend on security issues and/or implementing security measures?10
Just had a so called "cyber security" seminar in college today.
The guy who claimed to be a trainer or somewhat network security guy or something behaved enigmatically with utter consistency. He obviously claimed to know facebook hax0ring though.
They were basically there to advertise their complete crap: csksrc.org
(Ethical Hax0ring Course) (also claimed their site to be 99.9% secured - GREAT!)
After obtaining a ISO*** standard cert or after taking multiple sessions on "advanced ethical hacking" if you go about telling peeps in colleges that: "The single way to hax0r a facebook account is CSRF!" "Will hack your facebook account by MITM through malicious WiFi Ap." Then, NO neither I want your shitty cert nor do I want to be in your team and create the next level of "advanced ethical hax0ring - CEH course". Reason why I get cringed when peeps start about their certs and the ISO*** value it contains. What ISO value does your brain cells contain though?
*Message from aunt*
Aunt: Hey sweety I can't find this movie anywhere on the internet plz use ur cyber superpowers and help me thx
Aunt: *Link to the movie's trailer on Youtube*
Youtube comment: *Link to the movie*
*Copies and pastes to aunt*
Aunt: omg thxxx <3
*Goes back to sleep*
Because why even try when you can ask your nephew to do it for you?3
So I went to a car repair center and asked if they could fix my bike. They said they could but they won't. This is outrageous, obviously a bike is less complicated than a car and they can actually fix it, they just won't because it's "not their job". Unbelievable!
//This didn't really happen of course
//people don't think this is acceptable, but if I won't fix their laptop they are surprised and act the same way. I study ICT (embedded software engineering and cyber security, but they don't understand that so ICT it is) so I HAVE to fix their laptop....
//Non-techies should really learn that just because we can do something, we don't have to do what they ask of us11
I'm a bit frustrated. I'm 23 and I finished a Bachelor's Degree in Computer Engineering last 2015. Working on a career path in cyber security. Is it normal to just understand and test the concepts and not fully memorize everything? It really bothers me that I feel I don't know anything despite developing small tools, testing other people's work, reading about related topics and playing with Kali.5
Because of the current debate I'm starting to get more into all the cyber security and privacy stuff.
So now I am searching for a password manager.
Do you have any recommendations for me?
Or maybe some additional tools I really need to use?
(Got PGP for mail, signal as my new messenger, a vpn and tor for now)4
Last night the Russians stroke again. It's become obvious that these Ddos attacks are not performed by just some casual hackers, but are part of cyber warfare - just as I suspected in one of my rants a couple of weeks ago6
Media always misinterprets anything related to computer and information technology. Recently found an Indian News channel which aired news about recent cyber attack and stated virus named "Ransomware" (not WannaCry) has affected computers all over the world. They aired wrong information without hesitation despite India being world's rapidly growing IT hub.6
Why do most people think that a person can only be great at one thing.
I've just started working as a developer and when I tell people I am also learning cyber security they are like what's the point of it. And how I should focus on one thing and blah blah.
Man, nobody questions Elon Musk when he is learning new things everyday. But then why can't we do the same and man we don’t need to be judged. A little support would be so much better.6
So I'm taking a web development course at college and our project is to create a website, each member of the team has to develop their own pages separately and I, being the team leader, need to always put everything together at the end manually, which takes me a lot of time changing hyperlinks and folders.. do you guys think GitHub would help me to do this easily if each member would update their pages by themselves? I never used git so I need to know if it would help me in this case2
Discord server under development for software engineering, cyber security, networking, and IT talk in general. Looking to meet new people and talk :). @ me if you're interested in testing it.4
I think the thing that sucks about high school (or school in general, really) is that they don't really have many opportunities for the people that like to program or do anything with computers.
The only few of eight classes I find actually interesting is Intro to Programming, NJROTC, and Plant Science. (Because not only the subjects, but the teachers (and Sergeant) actually make it fun, interesting and easy to understand, while the rest don't feel like they're doing a good job.)4
I'd love to get into a career within the cyber security industry.
Anyone got advice?
I've played around with Kali/Parrot and setup a proxmox box to perform pen testing and have a fair number of PDF ebooks and audio books on networks, security and pen testing12
Is it just me or does anyone else wince when someone says the word "cyber" when referencing something on the internet ....like the current series of attacks ..... oh god ... i winced just typing that !
I hate the word, its an irrational hate i know still !1
Cyber threats are the top concern of C levels. In actuality companies unintentionally expose way too much data. It's ridiculous what some make public.
Looking at colleges on summer break between learning python and some projects can't decide between computer science and cyber security as a major 😰 why can't I choose2
When a person asks what do I do I tell them that I'm a cyber wizard.
It explains it well doesn't it ?
God damn muggles...
My first computer exposure was on a mainframe (CDC Cyber 180). My university in Kerala, India had a collaboration with the Indian defence organisation DRDO. The operating system was something called NOS/VE, though as I remember it could run some Unix version virtually. I had Fortran 77 programs to be developed as part of the course. (finite element methods). As I remember, the machine had built in routines for the same. Screen was a green on dark terminal conected to the thing. No windowing or graphics.
Today kids have more powerful machines at home (or in their pockets). The famous computing power law be praised.
Going to a business summit tomorrow and I get to see a live hack and learn about cyber attacks.
Shit better be good.2
anyone here with a cyber security cert? i kinda want to go that route of cyber securty. so im curious if its worth it.12
I joined in 2011 when there were 3% architects/technologists. Even those were PMP certified.
Now we have 80% archs/techs/coders/devops/cyber, with aws/azure/java/db/cyber certs and no PMP.
Even now managers go off-site for a week to some exotic location and come back to present the architecture.1
Somehow my audible (Amazon audible app on smartphone) account was accessed and payments were made for it's membership without my knowledge. I have already emailed a complaint to audible. What more precautions can I take (for my Android device or Windows laptop) to ensure that such cyber thefts don't occur in future?5
Where I learn networks and cyber security, we started working with Scapy. I have a problem with pycharm, it cannot resolve half of Scapy's functions. Do any of you know how you fix it (the program runs but pycharm still doesn't like it)3
I am learning cyber security, the weird thing is, 90% of the times i find theory in lectures...so less practical content is present, even then web sites like tryhackme provide work machines which are next to use less if you dont pay for a subscription...FML!4
So hypothetically I have a friend who wants to get a job in cyber security but has no formal education or means to afford one, at the moment. He knows enough about computers to navigate and execute most common tasks, and certainly has the drive, common sense, and brains to succeed but can't afford to in this almost cutthroat field...
How would he begin to teach himself?
He has a laptop, Kali Linux, The BTFM and RTFM books, The Hacker's Playbook 3; and the internet.
Make his day with your two cents.1
Some competitions are so unorganized.
So me and my team went for this national level technical paper presentation competition. Our topic was a cyber security topic and they put us under Mechanical branch even though I had informed them about this discrepancy two weeks back. Apparently the girl whom I complained to wasnt on the organising committee although she was the one who was promoting this competition in the first place. Sheer irresponsibility!!3
Today I got my login credentials for our Task Delivery Tool (called WMS TI)...
It is by far the most ugliest and user unfriendly program on the planet!! It looks like you made an macro for Excel 2000. It's bloated with features only 0.1% of the company needs them! (Biggest telecommunication provider Germany's) and it's lame! Even worse: we still use Windows 7 32bit.... Why the fuck is a company which develops smart home, self driving cars and cyber defense systems such an oldie!1
Things will keep going like they are now, only faster, until some Malthusian Event (natural or cyber) drops everything to a few compiled languages, a web stack, a handful of frameworks, and a couple of kernel types.
Some 10 years ago when I was studying my associated degree at college, the academic program director came to our classroom and gave us a sheet to put down our emails to update our info.
So, as told everyone passed down the sheet and when he started reading it, he asked right away in public to my friend(his name is angel and academic program director will be APD):
APD: angel, is your email really as written? email@example.com (that roughly translates to firstname.lastname@example.org)
Angel: *blushes* yes...
My friend by that time just started cyber-dating a girl called danna, so he was very corny about it... even created a new email account with that looong address
PS: just remembered this history because some new user called @thisnameAndthisname1
Hey guys, I want to do a cyber security career. For me it's the most interesting field in CS. How can I get started? Is it worth to do some online courses where you get certifications (asking this because they are kind of pricey). I'm a QA Tester with 1 year of work experience, don't know if I should just apply to jobs or acquire skills/certificates first. Thanks for all the incoming answers. :D5
I'd like to one day work on security consulting/advising (incident response, opsec, SOC, etc). For those of you here that are currently in or have worked with people in that field: what advice do you have for handling cyber risk situations?2
Have you experienced a situation where you get into the new job and everyone expects you to know everything your predecessor knew. Fact is he aquired that knowledge during 5+ years working there.
What did you do?
How have you managed the stress?6
Happy Friday. Facebook just disclosed hackers have exploited multiple vulnerabilities to get access to potentially 50 million users. I guess... no weekend for the blue team? https://mobile.twitter.com/dnvolz/...
Does anyone here have any experience in the Collegeint Cyber Defense Competition (CCDC) or similar red team / blue team competitions? I am trying out for my schools team in the fall and am looking for any advice or resources anyone may have.
So far I am leaning towards Phantom as far as what service I would be best equiped to admin but would also love to hear everyones experience with other services if they would like to share.
I'm looking for a project idea in cyber-security...
I'm good with x86 assembly, c, c++, python and shell scripting.
I'm very well versed with Linux operating systems and basic networking stuff.
I'm willing to learn new concepts11
Once again the department head fucks up my degree plan!
I'm getting my associates degree in Cyber Security. So we have to take networking courses and what not. So my institution recently became a Cisco certified teaching establishment or something along the lines of that.
The department head said that everyone who was enrolled in classes before the upcoming fall semester would have to take the new Cisco networking classes and not switch to the new degree plan. (We would take 3 Cisco classes instead of the new degree plan which is 5 or 6) so we planned and register for those classes.
Now he comes back and says we don't have to take those new classes. So it just fucks up the whole shit.
Switching to the new degree plan would add like 3 semesters to my total semester count and I'm supposed to graduate. August 2018
Fuck this new shit. Even tho I need Cisco.
I plan on taking The Cisco classes after I graduate with my associates degree while I'm going to a university for a dual degree in Software Engineering and Cyber Security
Dear Fellow Programmers,
I want to become Cyber Security Specialist and currently learning Java (beginner ). Please, tell me is it a good language for this type of activity and what else should I learn.2