|
Volmarias posted:And is precisely why large companies actually take this seriously, at least from what I've seen. So far. It will be interesting to see when we have an established precedence for GDPR infractions. So far in Denmark, the fines haven't come near the maximum. I'm betting a lot of companies will pay lip service and get a sizeable fine reduction for it.
|
# ? Aug 20, 2021 19:31 |
|
|
# ? Jun 11, 2024 10:47 |
|
BonHair posted:So far. It will be interesting to see when we have an established precedence for GDPR infractions. So far in Denmark, the fines haven't come near the maximum. I'm betting a lot of companies will pay lip service and get a sizeable fine reduction for it.
|
# ? Aug 20, 2021 19:48 |
|
DrDork posted:Every three-letter government agency uses small armies of contractors, yeah. For applied crypto there might be some specialty shops, but your big names like Deloitte, Leidos, etc., aren't bad places to poke around at, either, if that's the route you want to go. None of them are going to really be "counter-culture," though. DARPA is always doing weird stuff, and from what I've heard has a less "you need to come to the office in a suit" sort of culture, so maybe worth a look. Resurrecting this thread after I thought of some other ideas-- I'd be interested in working in the privacy/security/cryptography space for something like the Signal foundation. What's a good way to find similar projects with that kind of focus?
|
# ? Aug 21, 2021 02:25 |
|
past fad: phishing new and cool: i'll give you bitcoin to run this malware as admin on your work pc
|
# ? Aug 21, 2021 20:26 |
|
Biowarfare posted:past fad: phishing I'm working for an MSP/VAR/consulting company at the moment and have seen what appears to be scams from someone posing as Intel offering gift cards/free PCs for installing their Intel integration into our RMM stack which may be tempting enough for folks to just do and not think too much about it? Frankly I'm surprised there's not more folks doing similar approaches with a legitimateish looking software company web site and a "we'll send you $100 Amazon gift card for trialing our software" pitch and just relying on lazy IT folks to run it as a local admin.
|
# ? Aug 21, 2021 20:42 |
|
Maneki Neko posted:I'm working for an MSP/VAR/consulting company at the moment and have seen what appears to be scams from someone posing as Intel offering gift cards/free PCs for installing their Intel integration into our RMM stack which may be tempting enough for folks to just do and not think too much about it? I have a few extensions on the chrome store and I get daily emails offering 4-5 digits to add their SDK Their "SDK" is actually malware that turns end users into a http proxy used for attacks and fraud
|
# ? Aug 21, 2021 20:49 |
|
https://twitter.com/JacquiHeinrich/status/1429173367643516936
|
# ? Aug 21, 2021 22:03 |
|
loving RIP this doesn't surpise me at all. those nerds can't even comply with 800-171
|
# ? Aug 22, 2021 02:21 |
|
Balsa posted:loving RIP this doesn't surpise me at all. those nerds can't even comply with 800-171 it's too haaaarrrrddddddddd *opens Thunderbird for pop/imap*
|
# ? Aug 22, 2021 09:32 |
|
Thought you all might like this one. https://twitter.com/j0nh4t/status/1429049506021138437
|
# ? Aug 22, 2021 19:30 |
|
Zil posted:Thought you all might like this one. Its so perfect that I almost want to cry.
|
# ? Aug 22, 2021 20:06 |
|
And it isn't even a new concept, getting a command prompt on a "locked down" system and probably also elevated command prompts have been possible with method very similar to this since the 90s. You would think they would get smarter, but Microsoft.
|
# ? Aug 22, 2021 21:00 |
|
i mean razer software is so bad that multiple anticheats already block their drivers from loading and stop the rgb crap because it results in kernel level execution
|
# ? Aug 22, 2021 21:07 |
|
the omg cable automates this now lmso
|
# ? Aug 22, 2021 21:20 |
|
iCloud Private Relay seems like another overdue nail in the coffin of doing SSL inspection on network edge devices. Which is good. https://developer.apple.com/videos/play/wwdc2021/10096/ It's going to be interesting to see what sort of crap all the SMB UTM vendors come up with now to shift their subscriptions.
|
# ? Aug 25, 2021 22:02 |
|
Thanks Ants posted:iCloud Private Relay seems like another overdue nail in the coffin of doing SSL inspection on network edge devices. Which is good. You can just block private relay access.
|
# ? Aug 25, 2021 22:23 |
|
Every organization that's even remotely risk averse will just blackhole those two domain names on day one regardless of actual impact. I've been playing this out in my head. The OS provides all the hooks and APIs you'd need to still audit and inspect your corporate user traffic, but it would require a work effort to investigate/source/update your toolstack to send this telemetry and actually make use of it in your SIEM, and it's much easier to just kill two DNS names. The vendors will probably start to adapt to these APIs so it's not like you're losing all introspection ability, you're just shifting it to on-device than on-network I guess. There's probably risks inherent in that in that you're relying on software to provide the information rather than the actual devices servicing the network flow but I can't really speak to those risks competently. Suspect all the major vendors will offer something like this eventually so getting ahead of it seems smarter but who knows. some kinda jackal fucked around with this message at 14:48 on Aug 26, 2021 |
# ? Aug 26, 2021 13:41 |
|
Martytoof posted:Every organization that's even remotely risk averse will just blackhole those two domain names on day one regardless of actual impact. It's definitely a trend in enterprise software generally (AWS Private Link, Salesforce Express Connect), so seeing something analogous on privacy-focused commercial offerings isn't really a surprise.
|
# ? Aug 26, 2021 15:33 |
|
lol https://www.theregister.com/2021/08/25/github_copilot_study/
|
# ? Aug 26, 2021 19:27 |
And license-wise, CoPilot will get you into dangerous waters 100% of the time, because Microsoft has figured they can relicense code not written by them into GPL, as the dataset consists of code published on GitHub, which includes a lot of MIT, BSD and ISC licensed code.
|
|
# ? Aug 26, 2021 19:32 |
|
Martytoof posted:Every organization that's even remotely risk averse will just blackhole those two domain names on day one regardless of actual impact. Yeah I'm sure there will be measures taken to turn it off, but I like the idea it comes with a big scary warning. I've already had people ask how to fix their home Wi-Fi when later versions of iOS detect if you're still using TKIP, so my hope is that Apple telling everybody that the network they are connecting to can see everything that they are doing, regardless of how true that is, starts to shift things a bit. It sort of already has started with the mass move to WFH - what's the point in protecting your 'network perimeter' when the only thing inside that perimeter are some printers and an internet connected coffee machine?
|
# ? Aug 26, 2021 20:28 |
|
Thanks Ants posted:what's the point in protecting your 'network perimeter' when the only thing inside that perimeter are some printers and an internet connected coffee machine? I'm not all that secure, to be fair
|
# ? Aug 26, 2021 23:12 |
|
I suppose it could be considered good samaritanship to prevent your coffee machine from being added to a DDoS botnet.
|
# ? Aug 26, 2021 23:22 |
|
Cup Runneth Over posted:I suppose it could be considered good samaritanship to prevent your coffee machine from being added to a DDoS botnet. Hey, if hackers get in and set your coffee machine to triple-brew mode, that can be a real wake-up call.
|
# ? Aug 26, 2021 23:36 |
|
My coffee machine makes the best coffee when denying service to others.
|
# ? Aug 27, 2021 00:22 |
|
BlankSystemDaemon posted:And license-wise, CoPilot will get you into dangerous waters 100% of the time, because Microsoft has figured they can relicense code not written by them into GPL, as the dataset consists of code published on GitHub, which includes a lot of MIT, BSD and ISC licensed code. Waiting for the inevitable "IT WASNT ME, IT WAS THE ROBOT WHO STOLE THAT CODE" case.
|
# ? Aug 28, 2021 00:23 |
|
Hey goons. So, about 6 months ago, I posted in here that I was considering a Cybersecurity security bootcamp. Well, I did it! I’ve done well in the class and will be graduating next month and intend to challenge the Security+ exam in the fall. I’m starting to look for jobs now and I wanted to ask the thread if anyone has any advice for getting that first entry-level position. I’m not coming from an IT role, and the closest I have to any relevant experience was being a Navy intelligence analyst a couple decades ago. Are recruiters and headhunters a thing? Please help, I don’t want to go back to being a bartender at Covidavillebees!
|
# ? Aug 28, 2021 18:42 |
|
navyjack posted:the closest I have to any relevant experience was being a Navy intelligence analyst a couple decades ago. Do you still have your clearance? If so congrats, you're on your way to six figgie heaven if you don't mind working in and around the military industrial complex. Just turn on linkedin and let the headhunters and recruiters come to you. If not, good luck breaking into cybersec without IT experience and/or a degree in a relevant major from an accredited university. Apply to as many places as possible to as many positions as possible, luckily you're in a boom period of hiring computer touchers, so you'll probably land on your feet in Cybersecurity adjacent if not Cybersec.
|
# ? Aug 28, 2021 18:49 |
|
navyjack posted:Hey goons. So, about 6 months ago, I posted in here that I was considering a Cybersecurity security bootcamp. Well, I did it! I’ve done well in the class and will be graduating next month and intend to challenge the Security+ exam in the fall. Sorry I know you’re looking for advice on getting into an entry level position but I kind of want to explore this because I’m genuinely curious about your situation. I’m going to ask a really basic question that you might already have covered previously in the thread: What about infosec do you like? What do you see yourself doing in an entry level position? What do you WANT to be doing long term? I don’t know what a cybersecurity bootcamp really covers so I can’t speak to the breadth of your knowledge but as someone who was actively hiring for security positions about two years ago I found that a lot of candidates who were trying to get in the door didn’t really know what they wanted or what their expectations for a career progression in infosec was beyond the immediate “I have a job looking at and responding to alerts” (which IMO is not a good long-term career —gets old VERY fast). If you’re looking to get into a SOC as an analyst, which I think is the easiest way to get into an entry level “security” position, I think that’s a valid starting place but you should aim to develop your skillset so you can escape that as soon as possible. It’s been a while since I worked in an MSSP or had any dealing with a SOC other than consuming its services, but in my experience SOCs are always hiring and the qualifications are that you have some basic analytical thinking and a pulse. Sometimes just the pulse is sufficient. Outside of recruiters I’d probably try to hunt anyone in your linkedin circle who is a SOC Manager or SOC Director and be upfront — I’m trying to get a foot in the door, am eager to advance my career in infosec and would love an opportunity to bla bla bla. But again, unless for some reason you really LOVE SOC work (I actually worked with a few 5+yr SOC veterans but they had very low aspirations and basically just showed up for a paycheck) you should be planning your next step up. The next step will involve education. I can personally speak for other pillars of Infosec such as architecture and governance. One of the single biggest thing you can do for yourself in this space is to keep up to date on design patterns etc. Cloud environments are hot money right now and every major provider has a security and architecture education track. AWS Well Architected Framework. Azure Solution Architect. Etc. Ironically, in an infosec thread, the one I’m least qualified to talk about is pentesting so I guess I’ll leave that to others. A lot of these depend on a certain level of IT and networking knowledge possibly above and beyond what you learned at school, but it should give you a great start on education. So I dunno, education education education, and that linkedin thing I said earlier. Sorry that was very stream of consciousness and I’m pretty sure I didn’t answer any of your questions.
|
# ? Aug 28, 2021 19:31 |
|
Good luck, infosec has a long and stoic history about gatekeeping and will have leader who will often lock you out of positions because your work history isn't 100% infosec. I would spend lot of time in figuring out what makes a good infosec resume and specifically get a service to give you help on yours.
|
# ? Aug 28, 2021 19:43 |
|
easiest way into infosec is to decide you want to do that while already knowing how to program i don't know how applicable that is to you though.
|
# ? Aug 28, 2021 20:09 |
|
My advice would be to first just get started in IT somewhere. Either as a developer or in an infrastructure role somewhere. Do that for a year or two and just get some experience in IT. Maybe you're the exception to the rule, but in my experience most people straight out of school/bootcamps/whatever with an InfoSec degree are just so green overall that they cant bring a lot to the table.
|
# ? Aug 28, 2021 21:00 |
|
I started in a 24x7 monitoring job in a NOC, moved to 2nd level support for a telco self service website, then to scripting and maintaining website monitoring, then a long stretch as application owner and IT's face toward the business line, to now doing Identity and Access Management operations. That means I sit with the cybersec guys, and could probably do a pivot to that area in a couple of years. And it's only taken me a decade and a half!
|
# ? Aug 28, 2021 21:47 |
|
KozmoNaut posted:I started in a 24x7 monitoring job in a NOC, moved to 2nd level support for a telco self service website, then to scripting and maintaining website monitoring, then a long stretch as application owner and IT's face toward the business line, to now doing Identity and Access Management operations. you don’t need to wait a couple of years
|
# ? Aug 28, 2021 22:04 |
|
navyjack posted:Hey goons. So, about 6 months ago, I posted in here that I was considering a Cybersecurity security bootcamp. Well, I did it! I’ve done well in the class and will be graduating next month and intend to challenge the Security+ exam in the fall. Best advice I can give you is to social network like a mofo. Like most job openings, if you don't have solid experience than you need to leverage other methods. The most important being know somebody. So chat up people from your bootcamp, instructors, MeetUps, etc... Try to get your foot in the door that way.
|
# ? Aug 28, 2021 22:04 |
|
KozmoNaut posted:I started in a 24x7 monitoring job in a NOC, moved to 2nd level support for a telco self service website, then to scripting and maintaining website monitoring, then a long stretch as application owner and IT's face toward the business line, to now doing Identity and Access Management operations. Yeah go get that InfoSec money now. You sound ready. In my case/local market I had to jump through the hoop of getting my CISSP, which is an incredibly dumb hoop, but thats what started getting me InfoSec offers.
|
# ? Aug 28, 2021 22:36 |
|
navyjack posted:Are recruiters and headhunters a thing? Recruiters and headhunters are very much a thing for InfoSec, but maybe not so much for an entry-level InfoSec job. How open are you to moving? While more and more jobs are getting flexible on location requirements, a ton of them still aren't, so if you are willing to relocate to a tech center city you're much more likely to find someone willing to take you on than if you're insistent on living in the middle of a fly-over state or whatnot. Having a Sec+ cert is a good start, but if you don't have a techy background to speak of, you are likely to have better luck if you can also show up with some basic scripting/programming experience (Python is highly recommended). Another option is to chat up the security folks from a company you'd like to work for and see what their hiring practices look for. I work for a hyperscaler and a large chunk of our "entry level" security folks are people from Support who decided they don't want to answer customer questions for the rest of their lives and went out and got a cert or two and/or otherwise got smart on security topics and skills. Something like that might not be a bad option--Support likely has a lower barrier for entry initially, and would help get you more of that "tech background" you mention you lack.
|
# ? Aug 28, 2021 23:37 |
|
Just keep your head on a swivel and a good sense of humor as an entry level infosec guy, it can be disorienting and frustrating. Welcome to the field, either way.
|
# ? Aug 29, 2021 00:51 |
|
So how about Microsoft making Azure CosmosDB instance keys available to third parties via misconfigured Jupyter Notebook containers?quote:A series of misconfigurations in the notebook feature opened up a new attack vector we were able to exploit. In short, the notebook container allowed for a privilege escalation into other customer notebooks [...] As a result, an attacker could gain access to customers’ Cosmos DB primary keys and other highly sensitive secrets such as the notebook blob storage access token. Really bad few weeks for Microsoft here. Sheep fucked around with this message at 04:24 on Aug 29, 2021 |
# ? Aug 29, 2021 04:18 |
|
|
# ? Jun 11, 2024 10:47 |
|
Thanks for all the responses and candor, it’s appreciated. Just to hit on some things that got asked or put out: Sadly, I don’t have a clearance any longer. They do expire. If someone wants to sponsor me to reup it, I guess I’ll talk about it, but I don’t know if working for the MIC is for me anymore. Cross that bridge when I come to it. As far as what I’m wanting to do career-wise, I’m not sure. Everything is really fascinating and kinda new. I figured with my background, SOC analyst would be where I would start. I’ve got technical writing/reporting experience so I kinda thought auditing and compliance might be in my future. I’m in Denver so there doesn’t seem to be a lack of tech jobs around. I’m willing to move pretty much anywhere. I don’t have anything keeping me here other than liking the place. I’m working on my coding skills but they are currently rudimentary at best. CommieGIR posted:Just keep your head on a swivel and a good sense of humor as an entry level infosec guy, it can be disorienting and frustrating. Welcome to the field, either way. The head on a swivel and the sense of humor I can do! Thanks for the welcome. I really think if I can get my foot in the door, I’ll be ok. I’m a hard worker, and (I think) I’m the guy people like to work with and have me working for. Years as a barman really helped to tighten up and polish the ol’ soft skills. Wish me luck, I guess!
|
# ? Aug 29, 2021 07:52 |