Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "cybersecurity"
D: “Did the attackers exfiltrate any data?”
M: “I can’t say for sure, but most likely based on—”
D: “—but did you find any undeniable evidence of it?”
M: “Keep in mind that the absence of evidence isn’t necessarily evidence of absence. There was very limited logging to begin with and the attacker erased artifacts and logs.”
D: “If there’s no evidence, then there was no exfiltration.”
M: “If a business doesn’t have cameras on its front door and then gets robbed, it can’t claim there was no robbery just because they didn’t video-record it.”
D: “That’s a poor analogy. Nothing’s missing here. I couldn’t care less if a robber made a *copy* of my money. That isn’t robbery.”
M: “... If the Titanic really hit an iceberg, then how come no pieces of an iceberg were ever found in the wreckage?”20
Here's a list of unpopular stuff which I agree with:
1) I love Java more than any other programming language.
2) I love sleeping more than working.
3) I'm not a night owl. I thrive the most during daylight.
4) I don't like or need coffee. Tea is fine.
5) Webdev is a huge clusterfuck which I secretly wish that could just die already.
6) Cybersecurity is a meme and actually not that interesting. Same passes for Cloud, Machine Learning and Big Data.
7) Although I'm a huge fan of it Linux is too unstable and non-idiot proof to ever become mainstream on the desktop.
8) Windows is actually a pretty solid OS.
9) The real reason I don't use macos is because I'm a poorfag that can't afford an overpriced laptop.
10) I don't like math and I hate that people push math shit into random interview questions for dev jobs which have nothing to do with math.
You think a junior dev pushing his code onto a production server is bad? Wait till you have that admin who is illegally mining Bitcoin on your production server. 😂
I went for a Cyber Security conference today with one of managers and this was one of the life experiences some of the speakers shared.18
>I can't believe we pay your useless ass to sit around doing nothing all day!
>this is your fault1
I'M STARTING GRAD SCHOOL!!!!! I'm so excited I can't think properly. I started screaming in Latin and German mixed with English because I couldn't remember enough words in any one language to express myself, and I'm still certain I was incoherent.
Doing cybersecurity and forensics because I hate having a social life 😎17
I noticed at our company we have 4 kind of developers:
1. Developer who can do psd>html, write some custom js code, put templates on cms... He usually doesnt care about the code. We call them just frontend developers.
2. Developer who work with frontend frameworks, can create SPA, knows a little backend, can code APIs... - Superstar frontend developer.
3. Developer who knows both frontend and backend and can create websites without anyones help. Full stack developer.
4. Full stack developer who does everything above + does mobile app development, IOT dev, cybersecurity, servers setup and gets paid like the first one. Hello, its me.4
Russia removes windows from all government computers to "show that they're serious about cybersecurity"....3
I signed a petition on Action Network urging Congress to reject the dangerous EARN IT Act and protect our online free speech.
The Eliminating Abusive and Rampant Neglect of Interactive Technologies Act of 2019 — also known as the EARN IT Act — gives Attorney General Willliam Barr the power to demand that tech companies kill important encryption programs. That puts us all at risk of government censorship, cybersecurity breaches, and human rights abuses.
Don’t let Congress chip away at your essential freedoms online. Sign our petition now to tell your lawmakers to reject the dangerous EARN IT Act: https://actionnetwork.org/petitions...
---WiFi Vision: X-Ray Vision using ambient WiFi signals now possible---
“X-Ray Vision” using WiFi signals isn’t new, though previous methods required knowledge of specific WiFi transmitter placements and connection to the network in question. These limitations made WiFi vision an unlikely security breach, until now.
Cybersecurity researchers at the University of California and University of Chicago have succeeded in detecting the presence and movement of human targets using only ambient WiFi signals and a smartphone.
The researchers designed and implemented a 2-step attack: the 1st step uses statistical data mining from standard off-the-shelf smartphone WiFi detection to “sniff” out WiFi transmitter placements. The 2nd step involves placement of a WiFi sniffer to continuously monitor WiFi transmissions.
Three proposed defenses to the WiFi vision attack are Geofencing, WiFi rate limiting, and signal obfuscation.
Geofencing, or reducing the spatial range of WiFi devices, is a great defense against the attack. For its advantages, however, geofencing is impractical and unlikely to be adopted by most, as the simplest geofencing tactic would also heavily degrade WiFi connectivity.
WiFi rate limiting is effective against the 2nd step attack, but not against the 1st step attack. This is a simple defense to implement, but because of the ubiquity of IoT devices, it is unlikely to be widely adopted as it would reduce the usability of such devices.
Signal obfuscation adds noise to WiFi signals, effectively neutralizing the attack. This is the most user-friendly of all proposed defenses, with minimal impact to user WiFi devices. The biggest drawback to this tactic is the increased bandwidth of WiFi consumption, though compared to the downsides of the other mentioned defenses, signal obfuscation remains the most likely to be widely adopted and optimized for this kind of attack.
For more info, please see journal article linked below.
I'm soon graduating from a tech/IT school which recently specialized in cybersecurity.
Today when I changed my password on their website, it displayed the old one in clear text.
God damn it people, THIS is the reason why our school's reputation has been slowly but steadily going down.2
!rant 📚 📑
Cybersecurity books @Humble Bundle
There is a really great Humble Book Bundle at the moment, starting at 1$. The bundle contains several cyber security books ("Practical Reverse Engineering" and "Security Engineering" have a good reputation).8
Im back to anyone that may cared a little, so I was offline for 6 days since my ISP Ultra Hilarious to crash my state records of their paying customers and some other stuff that It took 5ever to get back, anything you guys want to share with me that may happen lately here on DevRant? I personally my classic Amazon bashing news and Perhaps giving away some Steam Keys that one Reviewer user of my site give us out to promote the site along side the devs.
For the Amazon News there is:
Amazon in talks to buy cybersecurity startup Sqrrl and also group of New Jersey Amazon Warehouse workers stood in the cold outside an Amazon Books store in Manhattan on Wednesday to remind shoppers that their online purchases are made possible by warehouse employees who often are underpaid and denied normal workplace benefits. More info at: https://legionfront.me/pages/news
No about Free Steam gamuz:
Gravity Island Key: AACA7-CYFVW-N775L
For more free keys drop by:
- a cybersecurity perspective5
Someone is trying to launch a brute force attack on one of my servers that I set up for an old project. According to the logs, they've tried Jorgee, they've tried directly accessing the MySQL database (with the laziest passwords), and they're now on day 4 of their brute force attack against my SSH server. I'm fairly certain that they won't be getting in (not that there's anything worth getting in the first place), but what's the standard protocol for this? Do I just wait this out, or is there something I can do to break their bot? I have fail2ban enabled, and it is doing its job, but the attacker is changing their IP address with every attack.12
C: “Look, I agree that these are likely leading practices, but we really don’t need all that.”
M: “These aren’t even leading practices, these are the bare minimum practices to help ensure secure login sessions and that account passwords aren’t trivially compromised.”
C: “How do I put this...? You’re trying to secure us against the hacker. That’s a noble goal. But my only concern is the auditor.”
How to get investors wet:
“My latest project utilizes the microservices architecture and is a mobile first, artificially intelligent blockchain making use of quantum computing, serverless architecture and uses coding and algorithms with big data. also devOps, continuous integration, IoT, Cybersecurity and Virtual Reality”
Doesn’t even need to make sense12
Got released from the miltary after 3 years of CyberSecurity/Sysadmin role.
2 weeks layer I got a job as security sysadmin in a large telco company.
Still wish to be dev instead though
Many people / engineers around me talk about trendy stuff like Cybersecurity or AI and show off what great encryption and neuronal networks they 'have built' ( I would rather say 'using').
I kinda get the feeling of 'Everbody talks about it - no one really knows what's goin' on inside (especially those guys who hate math and even algorithms).'
Am I just stupid or does somebody else here feel the same way? I mean people have been doing serious research about this stuff for years. And currently many kids are coming up with it as if it is easy stuff like the bubble sort.6
Did successful XSS in a website.
Later on, found out that the web was built on laravel.
Still trying to figure out the level of negligence required to make a xss vulnerable laravel website10
According to the report of Reuters: The United States Navy banned the social media app TikTok from government-issued mobile devices, saying the popular video app represented a "cybersecurity threat." A bulletin issued by the Navy on a Facebook page saying users of government issued mobile devices who had TikTok and did not remove the app would be blocked from the Navy Marine Corps Intranet.
The Navy would not describe in detail what dangers the app presents, but Pentagon spokesman Lieutenant Colonel Uriah Orland said in a statement the order was part of an effort to "address existing and emerging threats...." The U.S. government has opened a national security review of the app's owner ByteDance.10
Well, there's that. LINK = CCleaner infected, 2.3 million infected. https://google.com/amp/s/... today gets better and better.4
So today I had an initial interview for a tier 1 analyst position (it's a student position). The interview went really good, and I pretty much landed it and my next one is going to be next week. It sounded pretty awesome, but a part of me thinks it's going to be a tech support position more than anything else. Nevertheless, I hope I'll get the job, it seems like a nice gateway to more awesomererer jobs.
So here's my question: can any of you guys tell me more about this type of job? How mundane or interesting is it? I'm probably not going to decline the position, I just want to be ready for what's coming.9
They call it security questions.
I call it social engineering backdoor.
I'm supposed to enter those questions after logging into my account and I'm not able to skip it nor to set a proper two factor method.
Well, fuck you. Did you ever thought about dying by a two factor method? Ever watched a Saw movie? You got the idea.
Reposting this rant for more visibility. I do not like to repost, but this is really important, people's privacy is threatened.
Sad how the easy to make softwares are already flooding the market and making millions so now we actually need to work a lot and innovate on something if we wanna a few bucks.
Also sad how in the 80s you could rob banks with just sql injection and now its almost impossible unless you’ve been devoting you being to cybersecurity for years.
Basically I feel it would have been cooler to be a computer scientist 30 years ago :/1
Freshly failed gloriously my degree in interaction design. Now I stumbled into a new job, doing a fullscale company advertisment campaign on cybersecurity for 6500 employees. Alone. Writing concept, gathering stakeholder, requirements and shit. I'm scared.4
Who needs Mr. Robot or all that hacker shows, if reality is just as crazy:
A fellow uni student shared this deal with everyone in our security course. The first place I thought of re-sharing it was here.
Hopefully my fellow devranters will find this a good deal.5
Fucking job recruiters or whoever the fuck.
If the first line on my resume is under "Objective" and it states, "To obtain a job, internship, or Co-op in the field of Networking, Cybersecurity, or Administration." You can clearly see the world sales and customer service are not in there.
If you take 5 seconds to read that or search for the words customer service or sales YOU WON'T FUCKING FIND ANYTHING.
SO WHY THE FLYING FUCK DO YOU CUMBUCKET FILLED PIECES OF SHIT KEEP OFFERING SALES AND CUSTOMER JOBS TO ME.
I even got a senior sales position before. :|
Yet I can't even get a call back from an internship that's related to what I want to do lol. Smh.1
How did your quest into the dev world look like? That's mine:
First time: Age 12, was in a C++ evening class for like 2 weeks, I undetstood nothing.
Second time: Age 16-18
Fiddled with scripts for steam games and jailbroken my iPhone while fiddling with aystem configs. Nothing major.
Third time: Age 19, learned Python in a Cybersecurity course. Failed miserably because the tutors were shit, thought I hated programming.
Fourth time: Age 21, developed a lot of scripts in my sysadmin job, one of them needed a GUI so I leanred C# and WPF. Enjoyed it so much I eventually enrolled in a Java 10 month course.
I still work as a sysadmin though.3
Any professional pentesters or someone working in cybersecurity as a profession? I need some advice. The company I intern with right now wants me to test their web applications for security (they really don't care so much about security). I just wanted to know is there a standard set of procedures or a checklist that is usually followed? I know automated testing is not all that effective against web applications but what are the steps you usually take?
As of now, I have run tests and am now performing a code review but it's in PHP and I'm not really good with it. I'd like to know what more is done as a standard please.2
My office WiFi is freaking fast upto 25mbps, should I download Torrents using it. Is there a possibility that corporate networks are under more surveillance ?7
I feel i need to be specialized in something coz everyone can code now... like u have machine learning engineers and devops/cybersecurity but im not really into either. What other sub fields are there?4
When your cybersecurity departement gets back your hacked servers but then the whole network is DDoSed!4
whenever i get into something with default credentials, i leave a note or change a name to say something like 'IMPROVE YOUR SECURITY'
today i did it on a printer in the library, one day i'm gonna be in cybersecurity :d1
Cybersecurity firm Sophos announced that it has open-sourced the Sandboxie Windows sandbox-based isolation utility. According to the reports of Bleeping Computer: Sandboxie was developed by Ronen Tzur and released on June 26, 2004, as a simple utility to help run Internet Explorer within a secure and isolated sandbox environment. Later, Tzur upgraded Sandboxie to also support sandboxing any other Windows applications that required a secure virtual sandbox.
Sophos Director of Product Marketing Seth Geftic said "We are thrilled to give the code to the community. The Sandboxie tool has been built on many years highly-skilled developer work and is an example of how to integrate with Windows at a very low level. The Sandboxie user base represents some of the most passionate, forward-thinking, and knowledgeable members of the security community, and we hope this announcement will spawn a fresh wave of ideas and use cases."
You can download Sandboxie and its source code here.
Okay so I'm back at ranting now cause I got a reason in my useless life to rant lmao. I started college recently, I'm majoring in Computer Science so the thing is that, my University provides specialization in cybersecurity and stuff to third year students and our Mr. HOD of applied sciences, who is basically an ass, in charge of conveying all the details to students, puts a complete mailing list of freshmen in the 'To' box rather than using BCC... smh. *Evil laughter*1
I want to switch careers from 3.5 years of IT and cybersecurity to development. I have no CS degree and am 22 years old.
Do you think companies treat someone like me differently compared to some college graduate with no tech experience? Or that the only experience that matters is dev experience?4
Given how much talk there's around security, I think it'd be grand idea to dedicate a weekly rant to cybersecurity. Could spark an interesting discussion, especially in today's heated climate. Thoughts?
E.g. Best way to increase security/privacy?9
Hello devrant, I have a question:
What can you tell me about cybersecurity? is it worthwhile? I mean, could I get a nice job with it? Where should I begin to start learning about it?14
Have you ever wondered why the developer part of the tech world is so rich and full of community? Devrant is one example.
Coming from a background of IT and cybersecurity I've never felt this way before. Why the IT and security world isn't as rich?1
What RSS feeds are you guys subscribed to? My reader is so damn empty all the time. Preferrably CyberSec and Linux related (English or German).
I'm currently subscribed to Heise Security (German), Hacker News, NixCraft and Linux Journal2
Which one comes first? vulnerability or threat? 🤔🤔 I would go with vulnerability how about you guys?5
I'm starting to really regret not meeting more professors in school. I'm trying to found a ctf team at my university and can't get a single professor to agree to advise the club (it's required to use school resources) loads of interested students but I can't find a single staffer. All the computer science professors talk about how important cybersecurity is but they don't want anything to do with it.
I'm so desperate I'm about to reach out to... information systems professors from the college of business2
I'm tempted to join a cybersecurity challenge and give it a shot. The only problem is that the dates for the admission tests are fully overlapping with my exam period at university, and I *need* to pass some exams this time.
Why does it always have to be so complicated?
Reading Geekonomics (silly title for the book) and seriously considering that maybe we should all be licensed/certified since so much software is broken, looking at you Equifax.1
Really really frustrated with constant changes to webapps from business teams lol .. made major code changes to a product 6 times the last 6 months 🙄
Any suggestions on how to transition into a security engineer job (I manage DevOps for the company as well, and I am currently studying cybersecurity engineering too)
I'd like to one day work on security consulting/advising (incident response, opsec, SOC, etc). For those of you here that are currently in or have worked with people in that field: what advice do you have for handling cyber risk situations?2
Hey all, I'm currently getting a job offer for a risk advisory position (my stepping stone into cybersecurity), and I'm extremely excited.
It would be my first tech job, and in the tri-state area (NJ/NY/PA).
Do you have any advice on salary negotiation before I decide whether or not to accept the position? Trying to do my research on glassdoor, but I also want to hear from the pros on this board.
hey guys. I want to explore the field of cybersecurity as it is THE field of my interest. Help me?7