CyberSecurity – What are some things that get a bad rap, but are actually quite secure?

You can translate the content of this page by selecting a language in the select box.

CyberSecurity - What are some things that get a bad rap, but are actually quite secure?

CyberSecurity – What are some things that get a bad rap, but are actually quite secure?

Cybersecurity is an important issue for everyone, from individuals to large organizations. There are many things that get a bad rap when it comes to cybersecurity, but that doesn’t mean they’re not secure. For example, PGP (Pretty Good Privacy) is a method of encrypting emails that is considered to be very secure. However, it can be difficult to set up and use. Another example is using very long passwords that are actually a sentence. This may seem like a security risk, but it’s actually more secure than a shorter password because it’s more difficult for hackers to guess. Additionally, changing the default port for certain services like databases can help to prevent hacking. Unplugging the ethernet cable may also seem like a security risk, but it’s actually one of the most effective ways to prevent data breaches. Finally, browser password managers are often considered to be insecure, but they’re actually quite secure if used properly. Cybersecurity is an important issue, and there are many things that can be done to help prevent hacking and data breaches.

There are a lot of CyberSecurity myths out there. People think that X, Y, and Z are the most secure way to do things when in reality, they are the least secure. The biggest myth is that PGP is unbreakable. PGP has been broken many times and is not a reliable form of CyberSecurity. Another myth is that very long passwords are secure. The problem with very long passwords is that they are difficult to remember and often get written down somewhere. If a hacker gets ahold of your password, they can easily access your account. The best way to prevent CyberSecurity breaches is to use MFA, OAuth, and two-step verification whenever possible. These methods make it much more difficult for hackers to gain access to your accounts. While they may not be foolproof, they are the best CyberSecurity measure available.

1- PGP

PGP is a Form of Minimalism

As a protocol, PGP is surprising simple. Here is what happens if you want to use it to securely send a message to someone:

  1. You get from them a PGP identity (public key). How you do that is entirely up to you.
  2. Your PGP program uses that identity to perform a single public key encryption of a message key.
  3. Then the message key is used to encrypt the message which is added to the encrypted message key to make the encrypted message.
  4. Your correspondent does the opposite operations to get the message.

If you want to sign your message then you:

Football/Soccer World Cup 2022 Guide and Past World Cups History and Quiz illustrated

  1. Hash the message.
  2. Do a public key signature operation on the hash and attach the result to the message.
  3. Your correspondent checks the signature from your PGP identity, which they have acquired somehow.

The simple key handling is where the minimalism comes from. It is why PGP can be used in so many non-email contexts.

As a contrast, consider the Signal Protocol for instant messaging. I will not attempt to describe Signal in any detail as I would get parts of it wrong. It would also make for a pointlessly long article. There is a high level description of the Signal protocol here. None of the following comments are intended to be critical, they are intended to give an idea of the level of complexity of the protocol in total:

  • Signal has at least 2 systems for creating forward secrecy. Each system requires a system to deal with loss of synchronization.
  • A Signal session requires the storage and maintenance of a lot of state information.
  • Signal normally uses a server based “prekey” system to deal with the case where a client is offline and thus is unable to negotiate.
  • Signal achieves partial deniability with a triple Diffie-Hellman key exchange. OpenPGP achieves complete deniability by not signing the message in the first place.
  • Supporting the Signal protocol in practice requires a separate system to store and protect past messages1). Since this is at odds with forward secrecy such a system will end up with a system to delete old messages.

The Signal Protocol is built on ideas from the Off the Record (OTR) protocol. Interestingly enough, OTR was intended to improve PGP by adding extra functionality. Signal adds functionality on top of the OTR functionality. So Signal could be considered the result of an attempt to improve something by making it more complex.

I believe that reliability and security are best achieved with simple systems. OpenPGP is a standard that describes such a system.

2- Very long passwords that are actually a sentence

It could be bad if you just came up with it and forget it, and people think it’s bad if it only has lowercase and no numbers or punctuation. But a 5-6 word sentence could be quite secure, especially if it’s a bit weird. “Lemons make a delicious snack in my house.”

3- Writing passwords down.

I tell all my old relatives to write their passwords down in a little notebook. As long as there isn’t someone there regularly I don’t trust, it is much better than using same password and if their physical security at their house is compromised, there are bigger concerns than a notebook of banking passwords.

We write down all the passwords to our most secure systems – but then we rip them in half and put them in 2 separate safes.

Did I say passwords? I meant encryption keys.

4- Changing default ports for certain services like dbs

Most of the gangs out there use tools that don’t do a full search, so they go through the default port list

5- MFA in general.

Takes 60 seconds to set up, and an additional 5s each time you use it, but can save you hours if not days of manual recovery efforts with support to regain access to a compromised account. Yet people don’t like the idea.

If you are using TOTP for your MFA, you can even put it right in the browser with a plug-in. I use this approach for work. It’s very convenient.

If you use a password manager that supports TOTP and auto type (e.g. KeePassXC) then you don’t even need to mess with it once you have it set up.

Invest in your future today by enrolling in this Azure Fundamentals - Microsoft Azure Certification and Training ebook below. This Azure Fundamentals Exam Prep Book will prepare you for the Azure Fundamentals AZ900 Certification Exam.

Microsoft Azure AZ900 Certification and Training

6- Oauth for 3rd party apps.

Those “sign into our app with your (Google, Microsoft, etc) account” things. As long as you trust the ID provider and the app, it’s usually secure. More so, considering it prevents password reuse, and you aren’t exposed if any of those 3rd party apps have a breach.

7- Two-step verification.

Yes it’s annoying to need two devices every time you want to log into your most precious accounts, but trust me, I’d rather take the extra 10 seconds to authorize a login than go through the hell of having my account breached.

8-Biometric Authentication.

The argument is that ‘you can’t change your face/finger’ but it is actually more secure than other ‘magic link’ providers.

Football/Soccer World Cup 2022 Guide and Past World Cups History and Quiz illustrated

Let me be clear, there are some providers that are still iffy on security. But there are also some that have device native authentication (you need the device to auth), they don’t store passwords or password hashes, and only has public keys.

One example of this is https://passage.id/ which is about as secure as you can get.

9- Zoom.

Yes, they had a bunch of issues at the start, but they fixed them. I would much rather work with a company that had security assessments and fixed the problems rather than a company which has never been assessed.

10- Unplugging the ethernet cable.

11- Browser password managers?

Rant moment: reasons cybersecurity fails

<Rant>

People don’t see value of putting effort in cybersecurity because they don’t see any material gains from it. The best thing they can see is nothing bad happening.

No news isn’t good enough of a good news. This is enough to mostly ignore all cybersecurity advice altogether.


This is similar to people not taking care of themselves health-wise, because the best things they can see is not getting sick.

With average increases in salary of over 25% for certified individuals, you’re going to be in a much better position to secure your dream job or promotion if you earn your AWS Certified Solutions Architect Associate or AWS Cloud Practitioner certification. Get the books below to for real practice exams:

AWS Certified Solutions Architect Associate SAA-C03 Practice Exams

</Rant>

Why do cyber attackers commonly use social engineering attacks?

Hackers commonly use social engineering attacks because they can be very effective. By using social engineering, hackers can take advantage of people’s trusting nature and willingness to help others. They can also exploit the fact that people are often not well-informed about security and privacy issues. For example, a hacker might pose as a customer service representative and ask for someone’s password. Or, they might send an email that looks like it is from a trusted source, such as a bank or government agency, and ask the recipient to click on a link or download an attachment. If the person falls for the deception, the hacker can gain access to their accounts or infect their computer with malware. That is why it is important to be aware of these types of attacks and know how to protect yourself.

Cyber attackers commonly use social engineering attacks for a number of reasons. First, hacking into a person’s or organization’s computer systems is becoming increasingly difficult as security measures become more sophisticated. Second, even if a hacker is able to gain access to a system, they are likely to be discovered and caught before they can do any significant damage. Third, social engineering attacks allow hackers to bypass security measures and obtain sensitive information without being detected. Finally, social media platforms have made it easier for cyber attackers to obtain personal information about their targets and to carry out attacks. As a result, social engineering attacks are an attractive option for many cyber attackers.

To conclude:

Cybersecurity is often thought of as a complex and technical field, but there are actually many simple things that everyone can do to help stay safe online. For example, one way to protect your online communications is to use PGP encryption. This type of encryption is incredibly difficult for even the most skilled hacker to break, but it’s also easy to use. Another way to improve your cybersecurity is to use very long passwords that are actually a sentence. This may seem daunting, but using a phrase as your password makes it much harder for hackers to guess. Additionally, changing the default ports for certain services can help prevent unauthorized access. And finally, unplugging the ethernet cable when you’re not using it is a great way to physically block hackers from accessing your device. By following these simple tips, you can dramatically improve your cybersecurity and protect your privacy.

source: r/cybersecurity


We know you like your hobbies and especially coding, We do too, but you should find time to build the skills that’ll drive your career into Six Figures. Cloud skills and certifications can be just the thing you need to make the move into cloud or to level up and advance your career. 85% of hiring managers say cloud certifications make a candidate more attractive. Start your cloud journey with these excellent books below:

Source: r/cybersecurity

  • So you think you know DMARC? Prove it (and learn)
    by /u/freddieleeman (cybersecurity) on November 28, 2022 at 2:14 pm

    submitted by /u/freddieleeman [link] [comments]

  • Emotet Strikes Again - LNK File Leads to Domain Wide Ransomware - The DFIR Report
    by /u/TheDFIRReport (cybersecurity) on November 28, 2022 at 1:27 pm

    submitted by /u/TheDFIRReport [link] [comments]

  • The mental health impact of ransomware attacks: 81% report sleeping problems, 15% seek psychological help within first year after attack
    by /u/rmw132 (cybersecurity) on November 28, 2022 at 12:40 pm

    submitted by /u/rmw132 [link] [comments]

  • Belgian (Antwerp, Zwijndrecht) Police Under Fire After Major Ransomware (Ragnar Locker) Leak; data dating back to 2006 include crime reports, fine notices, and photographs of child abuse
    by /u/Skipper3943 (cybersecurity) on November 28, 2022 at 11:24 am

    submitted by /u/Skipper3943 [link] [comments]

  • Security Analysis of Radar System
    by /u/skrubitos (cybersecurity) on November 28, 2022 at 11:05 am

    Hello, what program can i use to make radar analysis on vessel? Its for my masters. thanks submitted by /u/skrubitos [link] [comments]

  • Ratio of bot farms of different countries?
    by /u/arktozc (cybersecurity) on November 28, 2022 at 10:53 am

    Hi, out of curiosity, is there some study or way to estimate rough ratio of bot farms of major countries (meanded they they are getting orders from government/army, sercet service) like Russia, China, USA, France, etc.? submitted by /u/arktozc [link] [comments]

  • Any InfoSec company in Lower Saxony?
    by /u/FBIAgent469 (cybersecurity) on November 28, 2022 at 10:33 am

    So basically I am searching for a place to make an internship at. I have found and written some but I can't seem to find many companies submitted by /u/FBIAgent469 [link] [comments]

  • MFA support to 3rd party Apps
    by /u/johnnoah06 (cybersecurity) on November 28, 2022 at 9:07 am

    we have started using CISCO's Duo MFA (Multi Factor Authentication) solution to secure our organization's users identity. but some of the 3rd party Apps can't support to use MFA. what would be ideal security solution to fit in this case? submitted by /u/johnnoah06 [link] [comments]

  • Why would you locate bot farm in enemy territory?
    by /u/arktozc (cybersecurity) on November 28, 2022 at 8:26 am

    Hi, I have recently read through some SSU (Ukraine secret service) articles about shuting down decent amount of Russian bot farms during last year and one thing keeps me wondering. What would/could be the motivation create bot farms on enemy territory? Is there some technical lmitation or benefit or is there some financial reason or just why? Like why dont you make those farms on your territory or in some country in Africa that nobody cares about, etc.? PS: Not sure what tag to choose, so if Russ/UK is more apropriate, then just send me a msg and I will edit it submitted by /u/arktozc [link] [comments]

  • How is triggering DNS lookups on a foreign system a security risk?
    by /u/mangyCarl3 (cybersecurity) on November 28, 2022 at 8:06 am

    In Text4shell (CVE-2022-42889) there are 3 potential security vulnerabilities which are triggered by String substitution marked by specific prefixes, which could lead to problems. One of them is "script" which can lead to code injection, self explainatory. The other two are "dns" and "url" which according to the CVE "could result in (...) contact with remote servers". I can't quite understand why pure contact with remote servers is a security concern. How is it exploitable to make dns lookups for the hostname of an ip address via a foreign system? Why should that be a problem? To map out internal structure if its a bigger network? submitted by /u/mangyCarl3 [link] [comments]

  • 5.4 million Twitter users' stolen data leaked online — more shared privately
    by /u/CyberMasterV (cybersecurity) on November 28, 2022 at 7:54 am

    submitted by /u/CyberMasterV [link] [comments]

  • Passed my Sec+ a couple hours ago! YESS!!
    by /u/Organic-Exercise-946 (cybersecurity) on November 28, 2022 at 6:39 am

    Passed my Sec+ a couple hours ago! YES!! After 1 month of studying or so. Used Udemy, Practice exams (On Udemy), All in One Text book. Any questions feel free to ask! I also get to finally build my first PC as a reward for passing the exam! Also I've been seeing alot of people saying once you get Sec+ and you have a DOD Security Clearance the rest is easy peasy getting into Cyber Security. Not really sure how that's easy, anyone with that kind of experience care to elaborate ? I recently landed a Help Desk Remote Job for an ISP with just a Net+ Cert and having good troubleshooting skills over the phone. Not really sure where to go on from there. As I seen some cyber security job postings and most need a CS or something related with 3-5 years of experience in the field. I'll also add that I'll be starting a cloud computing degree at WGU and plan on finishing as fast as possible, maybe 2 years or even less. I also plan on taking my CySa+ in December and afterwards finishing it off with CCNA. Thoughts anyone ? submitted by /u/Organic-Exercise-946 [link] [comments]

  • Cybersecurity case interview insights
    by /u/CrazyAutopilot (cybersecurity) on November 28, 2022 at 5:58 am

    Hello all! I'm in the final rounds of a Cybersecurity manager position at a consulting firm. I'm told it'll be a 6 person, half hour each, case/ case study interview. Following which I'll have to send in a write up with my summary for the case. I can see why, they're wanting to examine how you approach a problem and break it down. I've been through quite a variety of interview types for Cybersecurity roles but never come across a case or case study interview. I tried to find some Cybersecurity case interview examples online but couldn't really find anything. Almost all examples online for case interviews were all business/profitability related. Has anyone on here who has gone through Cybersecurity case interviews for consulting firms? Would you be willing to share insights with examples of what that looked like? What can i do to prep? I'm very confident about my abilities but having never done a case interview has me quite nervous. Anything you can share would be helpful. I'm also open to engaging in a chat if it makes it easier to share. submitted by /u/CrazyAutopilot [link] [comments]

  • How harmful can it be to have access to the WordPress panel of a page?
    by /u/CourageNo6010 (cybersecurity) on November 28, 2022 at 3:27 am

    how can i solve this error? I want nobody to have access to the WordPress login on the page submitted by /u/CourageNo6010 [link] [comments]

  • How necessary is CompTia Security+ for experienced engineers?
    by /u/sold_myfortune (cybersecurity) on November 28, 2022 at 2:59 am

    I have multiple years of professional work experience as a senior infosec engineer at one of the world's largest defense companies. I also have multiple years at a senior engineering level for infosec at one of the world's largest banks. This is my current job. The HR departments of both companies will officially confirm this for anyone that asks. I am not attempting to break into cybersecurity, that happened a long time ago. When I decided to credentialize I never bothered to get the Sec+ but got several more advanced GIAC certifications instead. I'm wondering if the Sec+ is so ubiquitous now that it's expected that all professional infosec practitioners should have it? Might it be detrimental in some way to not have this entry level certification? submitted by /u/sold_myfortune [link] [comments]

  • Hak5 devices
    by /u/jamesmiller9048 (cybersecurity) on November 28, 2022 at 2:57 am

    I've seen many Hak5 gadgets demos on YouTube and stuffs like rubber ducky bash bunny O.MG Cable and so on In most of these the screen is on and we can see the activities like URL visited, an apk is downloaded and installed. Another thing that I noticed is that the random passwords are entered by the device but if there are 5 attempts and it fails then wait for next 30 secs it's put on hold from entering anything. Just imagine if there are 1 million attempts, like user would have to wait Every 30 seconds after 5 attempts. I thought nothing will be displayed on the screen and the job will be done within like 30 seconds or less. If this is the case then the user will be suspicious right Then what's the use. Please correct me if I'm wrong. submitted by /u/jamesmiller9048 [link] [comments]

  • HackNotice spam emails, any legitimacy based on experience?
    by /u/LastingTransient (cybersecurity) on November 28, 2022 at 2:46 am

    As we all know there are many spammers and campaigns out there trying to scare companies into replying and paying for bogus info, but recently we have been getting some emails from HackNotice based out of Austin, TX, with emails stating things like “trying to reach out to find the best way to share all of the indexed records, which may include employee PII, we have seen for your domain in HackNotice.” I’m aware probably just purely scare tactics and spam, but curious if anyone has experience with HackNotice and their legitimacy? Or just more of the same spam junk? submitted by /u/LastingTransient [link] [comments]

  • CyberSecurity Discord group chats?
    by /u/Comfortable-View-713 (cybersecurity) on November 28, 2022 at 12:42 am

    submitted by /u/Comfortable-View-713 [link] [comments]

  • Mentorship Monday - Post All Career, Education and Job questions here!
    by /u/AutoModerator (cybersecurity) on November 28, 2022 at 12:00 am

    This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away! Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we're working on making this more easily searchable for the future. submitted by /u/AutoModerator [link] [comments]

  • PEN-100 and Tryhackme
    by /u/Feeling_Beautiful_85 (cybersecurity) on November 27, 2022 at 7:17 pm

    Hi everyone, i would like to start studying the PEN-100 from Offensive Security, and buying the anual package that includes every xxx-100 subject. I'm studying right now from tryhackme and i would like to know if tryhackme it's enough to get into Offensive Security and then escalate to OSCP step by step. How hard is PEN-100? Do i need a really good base to start studying there? Thank you so much! Edit: Maybe i can directly go to PEN-200? I think PEN-100 is like an introduction. submitted by /u/Feeling_Beautiful_85 [link] [comments]

  • Anyone here NOT burnt out and like their cyber security job?
    by /u/BeyondTheGreenHill (cybersecurity) on November 27, 2022 at 6:33 pm

    There has been a run of burn out posts lately where everyone that hates their job piles in to echo the OP. Nothing wrong with this, I stayed too long in a sys admin, soul crushing position that almost killed me. I get it. I’m a sys eng now with 15 years experience and thinking of transitioning into a remote cyber job. Would love to hear from anyone that isn’t getting bludgeoned to death every day. Thanks submitted by /u/BeyondTheGreenHill [link] [comments]

  • How the hell do you get a job?
    by /u/Taffyoka (cybersecurity) on November 27, 2022 at 3:29 pm

    I’m scared and worried about job hunting that I keep looking at applications for jobs in Computer Security and I freeze. I’ve studied for it but the requirements are all different. This field is huge but I wasn’t ready for any interview nor required experience. I’ve self studied for threat hunting and threat analysis, but I feel not ready for a job at SOC. I don’t have any networks and always been by myself which is something I regret. I’ve had past experiences of finishing studying and never landing a interview for years. I’m aware that is normal and that someone applied for 1000 jobs only get 2 but Damn!. (Might delete this cause it’s just anxiety and taking things off my chest) submitted by /u/Taffyoka [link] [comments]

  • Data from 5.4M Twitter users obtained from multiple threat actors and combined with data from other breaches
    by /u/Skipper3943 (cybersecurity) on November 27, 2022 at 11:28 am

    submitted by /u/Skipper3943 [link] [comments]

  • Attackers bypass Coinbase and MetaMask 2FA via Phishing emails, Fake Support Chat, and Teamviewer
    by /u/Skipper3943 (cybersecurity) on November 27, 2022 at 8:37 am

    submitted by /u/Skipper3943 [link] [comments]

  • How BlackBerry moved from iconic cellphones to cybersecurity
    by /u/Puzzleheaded_Basil13 (cybersecurity) on November 27, 2022 at 6:35 am

    submitted by /u/Puzzleheaded_Basil13 [link] [comments]

  • Russian Hackers Now Offering Stealer as a Service; 34 new Russian-speaking groups have compromised 890,000 individuals and stolen 50M passwords
    by /u/Skipper3943 (cybersecurity) on November 26, 2022 at 11:04 pm

    submitted by /u/Skipper3943 [link] [comments]

Football/Soccer World Cup 2022 Guide and Past World Cups History and Quiz illustrated

Djamgatech



Read Photos and PDFs Aloud for me iOS
Read Photos and PDFs Aloud for me android
Read Photos and PDFs Aloud For me Windows 10/11
Read Photos and PDFs Aloud For Amazon

My favorite tool for creating blog content about tiny topics is the Jasper AI blog writer.

Get 20% off Google Workspace (Google Meet)  Business Plan (AMERICAS): M9HNXHX3WC9H7YE (Email us for more)

Get 20% off Google Google Workspace (Google Meet) Standard Plan with  the following codes:  96DRHDRA9J7GTN6 (Email us for more))



FREE 10000+ Quiz Trivia and and Brain Teasers for All Topics including Cloud Computing, General Knowledge, History, Television, Music, Art, Science, Movies, Films, US History, Soccer Football, World Cup, Data Science, Machine Learning, Geography, etc....

taimienphi.vn

List of Freely available programming books - What is the single most influential book every Programmers should read

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

error: Content is protected !!