cybersecurity
-
Mentorship Monday - Discussions for career and learning!
Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!
- english.elpais.com Alejandro Cáceres, the hacker who took down North Korea’s internet from his home: ‘My attack was a response to their attempt to spy on me’
Better known as P4x or _hyp3ri0n, this cybersecurity expert was recruited by the US government after his exploit. Disillusioned, he has decided to reveal his identity and continue the fight on his own
(...) the internet went down across the country. A wave of cyberattacks left all systems on hold for more than seven days. First, the main national websites failed, from the official news site to the booking page of the national airline. Then, the Asian state’s connections with the rest of the world were interrupted. Emails could not be sent or received; there was no connection to cloud services. The blockade was complete.
-
What are You Working on Wednesday
Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.
-
Mentorship Monday - Discussions for career and learning!
Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!
-
Off-Topic Friday
Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)
-
What are You Working on Wednesday (Thursday Edition)
Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.
-
SimpleX Chat Group about Privacy & Security
If you want to join the group, please send me a PM with the reason you want to and your favourite animal.
-
Mentorship Monday - Discussions for career and learning!
Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!
- www.propublica.org Whistleblower Says Microsoft Dismissed Warnings About a Security Flaw That Russians Later Used to Hack U.S. Government
Former employee says software giant dismissed his warnings about a critical flaw because it feared losing government business. Russian hackers later used the weakness to breach the National Nuclear Security Administration, among others.
-
Off-Topic Friday
Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)
-
What are You Working on Wednesday
Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.
-
Google Search Result Link Hover (Edge/Chrome)
Hey all!
While investigating some malvertising campaigns today, I noticed that one of the sponsored google search results, upon hovering, appeared to be changing/resolving through rather than simply showing what link was being used by the result.
Any ideas as to how this hover url result works and if you can disable resolving/force top-level results upon hovering over anchor elements?
Malvertising is hot hot hot!
-
Mentorship Monday - Discussions for career and learning!
Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!
-
Off-Topic Friday
Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)
-
What are You Working on Wednesday
Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.
-
Mentorship Monday - Discussions for career and learning!
Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!
-
Off-Topic Friday
Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)
-
Mentorship Monday (Late Tuesday Edition) - Discussions for career and learning!
Posting later than usual due to the holiday and some quirks I've encountered with infosec.pub.
Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!
-
The /c/cybersecurity community on Infosec.pub has new icon and banner artwork courtesy of @bolo ! It already makes the space look nicer if you ask me 🎨 😄
The /c/cybersecurity community on Infosec.pub has new icon and banner artwork courtesy of @bolo ! It already makes the space look nicer if you ask me 🎨 😄
Go check it out and if you haven't already, join the community and start sharing and interacting! https://infosec.pub/c/cybersecurity
-
Off-Topic Friday
Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)
-
What are You Working on Wednesday
Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.
-
Mentorship Monday - Discussions for career and learning!
Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!
-
Off-Topic Friday
Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)
-
What are You Working on Wednesday
Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.
-
Mentorship Monday - Discussions for career and learning!
Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!
-
Off-Topic Friday (experimental)
Experimenting with a new regular thread. Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please).
Have a great weekend!
-
Request: Guidance from Staff+ Security Engineers
A request for any security engineers who are Lead/Staff/L6 level or above (e.g. Senior Staff, Principal, Sr. Principal, Architect, etc...). What advice would you give to senior engineers (and below) on things they should learn or prioritize for "leveling up" technically?
I understand a lot of what goes into promotions is not necessarily technical, i.e. politics, visibility, being on high-impact projects, etc... but strictly on the more technical plane, what skills, tools, trainings, frameworks, etc... would you recommend?
Thanks!!
-
What are You Working on Wednesday
Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.
-
3D-Printed USB Dead Man Switch (Prototype Demo)
www.buskill.in 3D-Printable BusKill Prototype Demo - BusKillDemo of our DIY USB Dead Man Switch (prototype) with a 3D-Printable Case triggering a lockscreen when the kill-cord's connection is severed.
Today we're ecstatic to publish our first demo showing a homemade BusKill Cable (in the prototype 3D-printed case) triggering a lockscreen.
| [!3D-Printed USB Dead Man Switch (Prototype Demo)](https://www.buskill.in/3d-print-2024-05/) | |:--:| | Watch the 3D-Printed USB Dead Man Switch (Prototype Demo) for more info youtube.com/v/vFTQatw94VU |
In our last update, I showed a video demo where I successfully triggered a lockscreen using a BusKill prototype without the 3D-printed body for the case and N35 disc magnets. I realized that the N35 disc magnets were not strong enough. In this update, I show a demo with the prototype built inside a 3D-printed case and with (stronger) N42 and N52 cube magnets.
What is BusKill?
BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.
| [!What is BusKill? (Explainer Video)](https://www.buskill.in/#demo) | |:--:| | Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4 |
If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.
Why?
While we do what we can to allow at-risk folks to purchase BusKill cables anonymously, there is always the risk of interdiction.
We don't consider hologram stickers or tamper-evident tape/crisps/glitter to be sufficient solutions to supply-chain security. Rather, the solution to these attacks is to build open-source, easily inspectable hardware whose integrity can be validated without damaging the device and without sophisticated technology.
Actually, the best way to confirm the integrity of your hardware is to build it yourself. Fortunately, BusKill doesn't have any circuit boards, microcontrollers, or silicon; it's trivial to print your own BusKill cable -- which is essentially a USB extension cable with a magnetic breakaway in the middle
Mitigating interdiction via 3D printing is one of many reasons that Melanie Allen has been diligently working on prototyping a 3D-printable BusKill cable this year. In this article, we hope to showcase her progress and provide you with some OpenSCAD and
.stl
files you can use to build your own version of the prototype, if you want to help us test and improve the design.Print BusKill
[!Photo of the 3D-Printed BusKill Prototype](https://www.buskill.in/3d-print-2024-05/)
If you'd like to reproduce our experiment and print your own BusKill cable prototype, you can download the stl files and read our instructions here:
Iterate with us!
If you have access to a 3D Printer, you have basic EE experience, or you'd like to help us test our 3D printable BusKill prototype, please let us know. The whole is greater than the sum of its parts, and we're eager to finish-off this 3D printable BusKill prototype to help make this security-critical tool accessible to more people world-wide!
-
TunnelVision - How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak (CVE-2024-3661)
www.leviathansecurity.com CVE-2024-3661: TunnelVision - How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak — Leviathan Security Group - Penetration Testing, Security Assessment, Risk AdvisoryWe discovered a fundamental design problem in VPNs and we're calling it TunnelVision. This problem lets someone see what you're doing online, even if you think you're safely using a VPN.
-
Microsoft is a national security threat, says ex-White House cyber policy director
www.theregister.com Why Microsoft is a national security threatWith little competition at the goverment level, Windows giant has no incentive to make its systems safer
-
Mentorship Monday - Discussions for career and learning!
Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!
-
How well can an employer be certain of a remote employee's geographical location?
FWIW, this isn't to do with me personally at all, I'm not looking to do anything dodgy here, but this came up as a theoretical question about remote work and geographical security, and I realised I didn't know enough about this (as an infosec noob)
Presuming:
- an employer provides the employee with their laptop
- with security software installed that enables snooping and wiping etc and,
- said employer does not want their employee to work remotely from within some undesirable geographical locations
How hard would it be for the employee to fool their employer and work from an undesirable location?
I personally figured that it's rather plausible. Use a personal VPN configured on a personal router and then manually switch off wifi, bluetooth and automatic time zone detection. I'd presume latency analysis could be used to some extent?? But also figure two VPNs, where the second one is that provided by/for the employer, would disrupt that enough depending on the geographies involved?
What else could be done on the laptop itself? Surreptitiously turn on wiki and scan? Can there be secret GPSs? Genuinely curious!
-
Is it possible to use zero knowledge proofs to verify journalism sources?
After reading this thread I had the question on whether it is possible to verify you have certain information without revealing who you are to others.
-
What are You Working on Wednesday
Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.
-
Has ethernet become illegitimate? A librarian flipped out after spotting me using ethernet
I plugged into ethernet (as wifi w/captive portal does not work for me). I think clearnet worked but I have no interest in that. Egress Tor traffic was blocked and so was VPN. I’m not interested in editing all my scripts and configs to use clearnet, so the library’s internet is useless to me (unless I bother to try a tor bridge).
I was packing my laptop and a librarian spotted me unplugging my ethernet cable and approached me with big wide open eyes and pannicked angry voice (as if to be addressing a child that did something naughty), and said “you can’t do that!”
I have a lot of reasons for favoring ethernet, like not carrying a mobile phone that can facilitate the SMS verify that the library’s captive portal imposes, not to mention I’m not eager to share my mobile number willy nilly. The reason I actually gave her was that that I run a free software based system and the wifi drivers or firmware are proprietary so my wifi card doesn’t work¹. She was also worried that I was stealing an ethernet cable and I had to explain that I carry an ethernet cable with me, which she struggled to believe for a moment. When I said it didn’t work, she was like “good, I’m not surprised”, or something like that.
¹ In reality, I have whatever proprietary garbage my wifi NIC needs, but have a principled objection to a service financed by public money forcing people to install and execute proprietary non-free software on their own hardware. But there’s little hope for getting through to a librarian in the situation at hand, whereby I might as well have been caught disassembling their PCs.
-
Mentorship Monday - Discussions for career and learning!
Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!
-
What are You Working on Wednesday
Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.
-
Firewall Schemes at Different Layers
This is a network defense design scheme question.
In a scenario where your organization is designing multi-layered firewall deployment and management, how granular do you create rules at each of these three layers?
Example site is a main/HQ site that also houses your data center (basic 3 tier model).
-
Site has your main internet gateway and VPN termination point. As am example, it's a Cisco or other ZBF. It has four zones: (1) Internet, (2) VPNs from other sites/clients, (3) your corporate LAN including data center, (4) Guest/untrusted/Iot.
-
Between your gateway and the rest of your corporate network/datacenter, you have transparent proxy firewall/IPS/monitor. It's bridging traffic between gateway and data center.
-
Within data center, hosts have software host based firewalls, all centrally managed by management product.
Questions:
-
How granular do you make ZBF policies at gateway? Limit it to broad zones, subnets, etc? Get granular by source/destination? Further granular by source/destination/port?
-
How granular do you make rules for transparent proxies between segments? Src/dst? Src/dst/port?
-
How granular do you make rules for host based firewalls? Src/dst? Src/dst/port? Src/dst/port/application/executable?
-
How have organizations you've worked for implemented these strategies?
-
Were they manageable vs effective?
-
Did the organization detect/prevent lateral movement if any unauthorized access happened?
-
What would you change about your organization's firewall related designs?
-