AI Dashboard is available on the Web, Apple, Google, and Microsoft, PRO version
CyberSecurity – What are some things that get a bad rap, but are actually quite secure?
Cybersecurity is an important issue for everyone, from individuals to large organizations. There are many things that get a bad rap when it comes to cybersecurity, but that doesn’t mean they’re not secure. For example, PGP (Pretty Good Privacy) is a method of encrypting emails that is considered to be very secure. However, it can be difficult to set up and use. Another example is using very long passwords that are actually a sentence. This may seem like a security risk, but it’s actually more secure than a shorter password because it’s more difficult for hackers to guess. Additionally, changing the default port for certain services like databases can help to prevent hacking. Unplugging the ethernet cable may also seem like a security risk, but it’s actually one of the most effective ways to prevent data breaches. Finally, browser password managers are often considered to be insecure, but they’re actually quite secure if used properly. Cybersecurity is an important issue, and there are many things that can be done to help prevent hacking and data breaches.
There are a lot of CyberSecurity myths out there. People think that X, Y, and Z are the most secure way to do things when in reality, they are the least secure. The biggest myth is that PGP is unbreakable. PGP has been broken many times and is not a reliable form of CyberSecurity. Another myth is that very long passwords are secure. The problem with very long passwords is that they are difficult to remember and often get written down somewhere. If a hacker gets ahold of your password, they can easily access your account. The best way to prevent CyberSecurity breaches is to use MFA, OAuth, and two-step verification whenever possible. These methods make it much more difficult for hackers to gain access to your accounts. While they may not be foolproof, they are the best CyberSecurity measure available.
1- PGP
PGP is a Form of Minimalism
As a protocol, PGP is surprising simple. Here is what happens if you want to use it to securely send a message to someone:
- You get from them a PGP identity (public key). How you do that is entirely up to you.
- Your PGP program uses that identity to perform a single public key encryption of a message key.
- Then the message key is used to encrypt the message which is added to the encrypted message key to make the encrypted message.
- Your correspondent does the opposite operations to get the message.
If you want to sign your message then you:
- Hash the message.
- Do a public key signature operation on the hash and attach the result to the message.
- Your correspondent checks the signature from your PGP identity, which they have acquired somehow.
The simple key handling is where the minimalism comes from. It is why PGP can be used in so many non-email contexts.
As a contrast, consider the Signal Protocol for instant messaging. I will not attempt to describe Signal in any detail as I would get parts of it wrong. It would also make for a pointlessly long article. There is a high level description of the Signal protocol here. None of the following comments are intended to be critical, they are intended to give an idea of the level of complexity of the protocol in total:
Get 20% off Google Google Workspace (Google Meet) Standard Plan with the following codes: 96DRHDRA9J7GTN6
Get 20% off Google Workspace (Google Meet) Business Plan (AMERICAS): M9HNXHX3WC9H7YE (Email us for more codes)
Active Anti-Aging Eye Gel, Reduces Dark Circles, Puffy Eyes, Crow's Feet and Fine Lines & Wrinkles, Packed with Hyaluronic Acid & Age Defying Botanicals
- Signal has at least 2 systems for creating forward secrecy. Each system requires a system to deal with loss of synchronization.
- A Signal session requires the storage and maintenance of a lot of state information.
- Signal normally uses a server based “prekey” system to deal with the case where a client is offline and thus is unable to negotiate.
- Signal achieves partial deniability with a triple Diffie-Hellman key exchange. OpenPGP achieves complete deniability by not signing the message in the first place.
- Supporting the Signal protocol in practice requires a separate system to store and protect past messages1). Since this is at odds with forward secrecy such a system will end up with a system to delete old messages.
The Signal Protocol is built on ideas from the Off the Record (OTR) protocol. Interestingly enough, OTR was intended to improve PGP by adding extra functionality. Signal adds functionality on top of the OTR functionality. So Signal could be considered the result of an attempt to improve something by making it more complex.
I believe that reliability and security are best achieved with simple systems. OpenPGP is a standard that describes such a system.
2- Very long passwords that are actually a sentence
It could be bad if you just came up with it and forget it, and people think it’s bad if it only has lowercase and no numbers or punctuation. But a 5-6 word sentence could be quite secure, especially if it’s a bit weird. “Lemons make a delicious snack in my house.”
3- Writing passwords down.
I tell all my old relatives to write their passwords down in a little notebook. As long as there isn’t someone there regularly I don’t trust, it is much better than using same password and if their physical security at their house is compromised, there are bigger concerns than a notebook of banking passwords.
We write down all the passwords to our most secure systems – but then we rip them in half and put them in 2 separate safes.
Did I say passwords? I meant encryption keys.
4- Changing default ports for certain services like dbs
Most of the gangs out there use tools that don’t do a full search, so they go through the default port list
5- MFA in general.
Takes 60 seconds to set up, and an additional 5s each time you use it, but can save you hours if not days of manual recovery efforts with support to regain access to a compromised account. Yet people don’t like the idea.
If you are using TOTP for your MFA, you can even put it right in the browser with a plug-in. I use this approach for work. It’s very convenient.
If you use a password manager that supports TOTP and auto type (e.g. KeePassXC) then you don’t even need to mess with it once you have it set up.
6- Oauth for 3rd party apps.
Those “sign into our app with your (Google, Microsoft, etc) account” things. As long as you trust the ID provider and the app, it’s usually secure. More so, considering it prevents password reuse, and you aren’t exposed if any of those 3rd party apps have a breach.
7- Two-step verification.
Yes it’s annoying to need two devices every time you want to log into your most precious accounts, but trust me, I’d rather take the extra 10 seconds to authorize a login than go through the hell of having my account breached.
8-Biometric Authentication.
The argument is that ‘you can’t change your face/finger’ but it is actually more secure than other ‘magic link’ providers.
Let me be clear, there are some providers that are still iffy on security. But there are also some that have device native authentication (you need the device to auth), they don’t store passwords or password hashes, and only has public keys.
One example of this is https://passage.id/ which is about as secure as you can get.
9- Zoom.
Yes, they had a bunch of issues at the start, but they fixed them. I would much rather work with a company that had security assessments and fixed the problems rather than a company which has never been assessed.
10- Unplugging the ethernet cable.
11- Browser password managers?
Rant moment: reasons cybersecurity fails
<Rant>
People don’t see value of putting effort in cybersecurity because they don’t see any material gains from it. The best thing they can see is nothing bad happening.
No news isn’t good enough of a good news. This is enough to mostly ignore all cybersecurity advice altogether.
This is similar to people not taking care of themselves health-wise, because the best things they can see is not getting sick.
</Rant>
Why do cyber attackers commonly use social engineering attacks?
Hackers commonly use social engineering attacks because they can be very effective. By using social engineering, hackers can take advantage of people’s trusting nature and willingness to help others. They can also exploit the fact that people are often not well-informed about security and privacy issues. For example, a hacker might pose as a customer service representative and ask for someone’s password. Or, they might send an email that looks like it is from a trusted source, such as a bank or government agency, and ask the recipient to click on a link or download an attachment. If the person falls for the deception, the hacker can gain access to their accounts or infect their computer with malware. That is why it is important to be aware of these types of attacks and know how to protect yourself.
Cyber attackers commonly use social engineering attacks for a number of reasons. First, hacking into a person’s or organization’s computer systems is becoming increasingly difficult as security measures become more sophisticated. Second, even if a hacker is able to gain access to a system, they are likely to be discovered and caught before they can do any significant damage. Third, social engineering attacks allow hackers to bypass security measures and obtain sensitive information without being detected. Finally, social media platforms have made it easier for cyber attackers to obtain personal information about their targets and to carry out attacks. As a result, social engineering attacks are an attractive option for many cyber attackers.
To conclude:
Cybersecurity is often thought of as a complex and technical field, but there are actually many simple things that everyone can do to help stay safe online. For example, one way to protect your online communications is to use PGP encryption. This type of encryption is incredibly difficult for even the most skilled hacker to break, but it’s also easy to use. Another way to improve your cybersecurity is to use very long passwords that are actually a sentence. This may seem daunting, but using a phrase as your password makes it much harder for hackers to guess. Additionally, changing the default ports for certain services can help prevent unauthorized access. And finally, unplugging the ethernet cable when you’re not using it is a great way to physically block hackers from accessing your device. By following these simple tips, you can dramatically improve your cybersecurity and protect your privacy.
source: r/cybersecurity
Source: r/cybersecurity
- Acing your Detection Engineering Interviewby Julie Agnes Sparks (Security on Medium) on April 26, 2024 at 5:22 pm
Let’s dive into all the aspects of a Detection & Response engineering interview.Continue reading on Medium »
- Software Supply Chain Security is a Dependency Management Problemby Dana Crane (Cybersecurity on Medium) on April 26, 2024 at 5:20 pm
Software vendors of all kinds, big and small, are in the habit of not updating their open source software. For example:Continue reading on Medium »
- Identity theftby /u/Vanillashaken (cybersecurity) on April 26, 2024 at 5:08 pm
Can you tell me real stories about identity theft in cyber space? I would be really interested in what’s the purpose of this kind of frauds. I study as a cyber crime investigator and it would be useful to hear how perpetrators steal social media profiles and personal data from regular users and how they are using those informations. (I know that there are methods like hacking, phishing, oversharing but I would like to hear life stories) For Instance: I heard about an influencer whose Facebook profile was copied. The person who copied a profile somehow sent friend requiest to people who was no longer friend to the real profile on Facebook. The perpetrator wrote to different acquaintances that it is the influencer’s new profile and after a long chat they realised that the conversation seems to be created with artificial intelligence. The main question are these: “Was the profile made with artificial intelligence?” “Was the perpetrator using artificial intelligence to chatting and cover his real self?” “Was he using artificial intelligence to find those old friends?” I hope you can spoil me with stories like that if something similar happened to somebody. Thank you in advance! submitted by /u/Vanillashaken [link] [comments]
- Exploring the World of Zero Trust Architectureby Sheth Parth (Cybersecurity on Medium) on April 26, 2024 at 5:00 pm
Introduction:Continue reading on Medium »
- How to Secure Your CPUT Student Email from Cyber Threatsby Scott Andery (Cybersecurity on Medium) on April 26, 2024 at 4:55 pm
In today’s digital age, email security is crucial, especially for students who rely on their email accounts for academic communications…Continue reading on TechWorldTimes »
- Phishing — Oltalama Saldırısıby Sema Sena KÜRÜM (Cybersecurity on Medium) on April 26, 2024 at 4:33 pm
Phishing, sahte e-postalar, siteler ve mesajlar aracılığıyla kişisel bilgilerinizi çalmaya çalışan bir dolandırıcılık taktiğidir. Bu…Continue reading on Medium »
- Malware Analysis — Brbbot.exe İncelemeby Sema Sena KÜRÜM (Cybersecurity on Medium) on April 26, 2024 at 4:28 pm
Merhaba, hazırlamış olduğum belge, brbbot.exe adlı dosyanın statik ve dinamik analizini içermektedir. Analiz kapsamında dosyanın yapısı…Continue reading on Medium »
- TryHackMe | CSRF | WriteUpby Axoloth (Cybersecurity on Medium) on April 26, 2024 at 4:27 pm
Learn how a CSRF vulnerability works and methods to exploit and defend against CSRF vulnerabilities.Continue reading on Medium »
- Audit Failure (Event ID 4625)by /u/Aerovox7 (cybersecurity) on April 26, 2024 at 4:26 pm
Hello, a server being used by the company I work for had ~35k events of event ID 4625. If I am understanding this correctly, it looks like someone was trying to use common passwords for common usernames to brute force a login into the server. The workstation Name and Source Network Address were unique every time. The Account names attempted were not even on the server and I would be the only person who should be logging into it. Since then, I have disconnected the server from the internet and it will not be reconnected until we get our Fortigate back. My main question is, should I check anything else to make sure everything is good before reconnected the server to the internet with the Fortigate and how common is an attack like this? submitted by /u/Aerovox7 [link] [comments]
- Cybersecurity News Review — Week 17by Mladen Kirilov (Cybersecurity on Medium) on April 26, 2024 at 4:25 pm
Welcome to this week’s roundup of some of the most interesting cybersecurity updates. Subscribe for a concise and informed perspective on…Continue reading on Medium »
- Codifyby Forhworking (Cybersecurity on Medium) on April 26, 2024 at 4:25 pm
Continue reading on Medium »
- Navigating Cybersecurity Complexities Amidst the Age of Interconnected Manufacturingby jayesh saini (Cybersecurity on Medium) on April 26, 2024 at 4:24 pm
The era of connected manufacturing, also known as Industry 4.0 or the Industrial Internet of Things (IIoT), comes with many cybersecurity…Continue reading on Medium »
- Network — Ağ Temelleriby Sema Sena KÜRÜM (Cybersecurity on Medium) on April 26, 2024 at 4:23 pm
Ağ temelleri konusunda hazırladığım yazımı sizlerle paylaşmak istedim. Bu makalede, ağların nasıl çalıştığına dair temel bilgilere yer…Continue reading on Medium »
- Enhance Your Lifestyle with MUSICOZY Sleep Headphones Bluetooth 5.2by AttricusTECH (Security on Medium) on April 26, 2024 at 4:16 pm
Introduction:Continue reading on Medium »
- WhatsApp Threatens to Exit India Over Encryption Disputeby Daily India Observers (Security on Medium) on April 26, 2024 at 3:35 pm
WhatsApp has warned the Indian government that it may have to exit the Indian market if it is forced to break its end-to-end message…Continue reading on Medium »
- Ransomware: Uma Ameaça Crescente e Suas Contramedidasby Genisson Matos (Security on Medium) on April 26, 2024 at 3:34 pm
IntroduçãoContinue reading on Medium »
- Safeguarding Against Fraud and Breaches Online — What you need to knowby Errole Gutierrez (Security on Medium) on April 26, 2024 at 3:32 pm
As more people shop online, keeping payment information safe is a big focus for companies. They’re working harder to make sure that when…Continue reading on 888 TE.CH »
- Powering the $1T+ Bitcoin Economy: Babylon’s Bitcoin Staking Revolutionby Editor @ Babylon (Security on Medium) on April 26, 2024 at 3:06 pm
What’s next? Dive in!Continue reading on BabylonChain.io »
- ☼ How to secure, Trust Wallet with 2fa (or) Two-Factor Authentication …by Customer Support (+1) 8O5 3O1 7541 Trust Wallet (Security on Medium) on April 26, 2024 at 2:59 pm
✎ Customer Support (+1) 8O5 3O1 7541 Trust Wallet Contact NumberContinue reading on Medium »
- OSCP Prep: Introducing My Runbooks —RCE on Linuxby Security Guy (Security on Medium) on April 26, 2024 at 2:57 pm
My runbook for enumerating Linux machines in the OSCP once I have RCE! use it for your own CTF/OSCP practiceContinue reading on Medium »
- Common people need a safe lifeby Md Raihan (Security on Medium) on April 26, 2024 at 2:55 pm
If the powerful countries of the world would unite and make a peace agreement for the next 100 years, then the common people would get…Continue reading on Medium »
- Reconic | An Open Source Reconnaissance Toolby /u/Most-Let-5792 (cybersecurity) on April 26, 2024 at 2:47 pm
Hello everyone, I've designed a reconnaissance tool to make bug bounty hunting and penetration testing a bit easier and save time. It's also been a way for me to improve my skills in Python. Reconic currently has the following features: WHOIS Lookup DNS Resolution SSL/TLS Certificate Inspection HTTP Header Analysis Port Scanning Subdomain Discovery Directory Traversal JavaScript File Enumeration With a simple one-liner command, it provides all this information about the target URL in both a visually appealing console output and an HTML output. However, there can be issues due to the technology, hosting service, or security firewall of the target URL. Moreover, the features listed above operate on very basic algorithms. For instance, considering the Subdomain Discovery feature, Sublist3r is much more effective and powerful. I'm aware that each feature has much stronger alternatives in its respective field, and frankly, I've spent days reading and taking notes on the source codes of many of them to improve my coding skills. In short, my aim is to achieve maximum efficiency with a single command during reconnaissance. Additionally, having these outputs readily available is very helpful both when writing reports and taking notes. I need your support to enhance Reconic's performance, resolve technical issues, and further develop it. I would greatly appreciate your support in this regard because I've already learned a lot, and I'm sure this project will continue to be very helpful in my ongoing learning journey. Reconic Github Page --> https://github.com/fkkarakurt/reconic Cheers. submitted by /u/Most-Let-5792 [link] [comments]
- Security/Vulnerability Alert Bookmarks or Subscription Suggestionsby /u/ISSOhhhNO (cybersecurity) on April 26, 2024 at 2:38 pm
Just trying to ping the community on what some of the things they subscribe to for getting updates and notifications on security alerts and vulnerabilities that worth signing up for? Just looking to keep informed and ready. Thanks! submitted by /u/ISSOhhhNO [link] [comments]
- Top Family Security Solutions for Complete Peace of Mind: A Comprehensive Guideby Katkatr (Security on Medium) on April 26, 2024 at 2:18 pm
In the present high speed world, guaranteeing the wellbeing and security of your friends and family and property is central. With the…Continue reading on Medium »
- More than 800 vulnerabilities resolved through CISA ransomware notification pilotby /u/TheRecord_Media (cybersecurity) on April 26, 2024 at 2:11 pm
submitted by /u/TheRecord_Media [link] [comments]
- Any opinions on Barracuda/Skout as an MSSP/MXDR provider?by /u/TheRealGamerCow (cybersecurity) on April 26, 2024 at 2:07 pm
We're looking to replace our MSSP, and recently got pitched Barracuda. They seemed pretty good, but I'm finding very little about their offerings in the security space. They seem green, but maybe I'm missing something. submitted by /u/TheRealGamerCow [link] [comments]
- Top cybersecurity stories for the week of 04-22-24 to 04-26-24by /u/CISO_Series_Producer (cybersecurity) on April 26, 2024 at 2:06 pm
Below are some of the stories we’ve been reporting this week on Cyber Security Headlines. If you’d like to watch and participate in a discussion about them, the CISO Series does a live 20-minute show every Friday at 12:30pm PT/3:30pm ET. Each week we welcome a different cyber practitioner to offer some color to the week's stories. Our guest this week is Christina Shannon, CIO, KIK Consumer Products. To get involved you can watch live and participate in the discussion on YouTube Live https://youtube.com/live/yT2qG8DtzLY or you can subscribe to the Cyber Security Headlines podcast and get it into your feed. Here are the stories we plan to cover, time permitting: GitHub comments abused to push malware via Microsoft repo URLs The Redline stealer story brings to light the issue of the GitHub flaw that was abused by the threat actors behind RedLine. According to BleepingComputer, the use of the Microsoft GitHub repository makes the files appear trustworthy and the flaw itself “could be abused with any public repository on GitHub, allowing threat actors to create very convincing lures.” Their research shows that the malware zip files are uploaded as part of a comment left on a commit or issue in the project. “When leaving a comment, a GitHub user can attach a file. Instead of generating the URL after a comment is posted, GitHub automatically generates the download link which allows threat actors to attach their malware to any repository without them knowing.” (BleepingComputer) The art of penetrating a business without touching the endpoint Experts from Push Security are presenting detailed information in The Hacker News about the practice of “networkless” attack techniques targeting cloud apps and identities. Describing them as the new perimeter, the article describes techniques such as Adversary-in-the-Middle AiTM phishing, Instant Messaging IM phishing, SAMLjacking is where an attacker makes use of SAML SSO (Security Assertion Markup Language), and Oktajacking, in which an attacker can set-up their own Okta tenant to be used in highly convincing phishing attacks. A link to the report is available in the show notes to this episode. (The Hacker News) Cops may soon use AI to generate reports from body cams Taser maker and police contractor, Axon, has announced a new product called “Draft One,” which leverages OpenAI’s GPT-4 large language model to generate police reports from body cam audio. Critics are quick to point out that this use of AI could potentially lead to baseless accusations due to “hallucination” and further institutional ills like racial bias. Further, because police aren’t AI experts, they may not be well positioned to spot issues with AI outputs. Axon asserts that it has adjusted the AI model to ensure it can’t go off the rails. Axon’s CEO, Rick Smith, points out, “If an officer spends half their day reporting, and we can cut that in half, we have an opportunity to potentially free up 25 percent of an officer’s time to be back out policing.” (MSN and Futurism) Russian hackers claim cyberattack on Indiana water plant Over the weekend, the threat actor known as the Cyber Army of Russia posted a video on its Telegram channel showing how they hacked systems of the Tipton Wastewater Treatment Plant. Tipton provides the city of Tipton and surrounding areas with electric power, water, and wastewater collection and treatment. An Indiana official confirmed that the plant suffered a cyberattack on Friday evening. Tipton’s general manager, Jim Ankrum, said, “TMU experienced minimal disruption and remained operational at all times.” Security research firm Mandiant recently reported that the Cyber Army of Russia has ties to the Russian state actor, Sandworm, which was responsible for a separate attack on a water facility in Muleshoe, Texas that caused a tank to overflow. (The Record) New research discovers vulnerability in archived Apache project A vulnerability has been uncovered in an archived Apache project called “Cordova App Harness,” that could lead to software supply chain attacks. Attackers could use techniques such as Typosquatting, RepoJacking, and dependency confusion to insert vulnerable dependencies in open-source software. Ultimately, the issue could lead to execution of arbitrary code on the host machine where the vulnerable application is deployed. Researchers highlight the risk associated with dependencies on archived open-source projects that may not receive regular security updates. They recommend conducting regular code security scans, avoiding use of deprecated projects, following best practices for configuring dependencies, and providing security education to developers. (Legit Security) Threat actors plant fake assassination story The Czech News Agency, CTK, reports that an unidentified threat actor accessed its website to publish a fake story. The story claimed that Slovakia’s Security Information Service prevented an assassination attempt against newly elected Slovak president Peter Pellegrini by Ukrainian nationals. The faked story was published in English and Czech but did not get distribution to CTK’s clients. Researchers at Mandiant previously tied similar spoofed new stories to the Belarusian-affiliated threat group Ghostwriter, but no indication so far of their involvement here. (The Record) Chinese keyboard app flaws exposed Last year, researchers at Citizen Lab found that the popular Sogou Chinese keyboard app failed to use TLS when sending keystroke data to the cloud for typing predictions. This opens the door to potential spying on typed content. In a follow up, the researchers discovered that virtually all Chinese keyboard mobile apps had the same flaw. The researchers found a lack of TLS in apps from Baidu, Tencent, and iFlytek, as well as ones preinstalled on Android devices sold in China. The only device tested without the flaw was one preinstalled on a Huawei device. The researchers say the ease of exploiting this flaw likely means its been exploited at scale in the wild. The researchers contracted the app developers, with the majority fixing the issue before publication, although its unclear if preinstalled Android apps would receive an update. (MIT Technology Review, Citizen Lab) Sandworm targets critical Ukrainian orgs The Ukrainian Computer Emergency Response Team, or CERT-UA, released a report on activity by the Russian affiliated threat group Sandworm, believed to be associated with Russia’s GRU military intelligence unit. The report claims that in March 2024, Sandworm disrupted IT systems at energy, water, and heating suppliers throughout 10 regions in the country. The group accessed these providers through a variety of vectors, including supply chain attacks, technical support, and novel malware. CERT-UA believes Sandworm coordinated the cyberattacks with missile strikes on infrastructure facilities. (Bleeping Computer) submitted by /u/CISO_Series_Producer [link] [comments]
- Is this field even worth it?by /u/incelexcorcist (cybersecurity) on April 26, 2024 at 1:26 pm
Ya’ll I’m so bummed out and I’ve only started my career in cybersecurity. I was able to get some experience but at a huge cost: Working as a contractor for a global aviation company as an IAM Analyst but for only $15 an hour so I had to take a massive pay cut. I’m digging into my savings for this. But ✨EXPERIENCE ✨ They then cross trained me for their GRC team so I’ve conducting risk assessments like crazy on top of doing tickets. Oh, and even creating training documents lmao. Now I found out I’m taking on a direct’s job after she leaves in compliance on top of my own work but for no pay increase. She makes at least $50k!! Still way more than me. Many other contractors are leaving as well and I’ve started applying to jobs as soon as I found out. Unfortunately, I’m also only in my first term at WGU so I don’t have any of the Comptia certs yet. started in March and knocked out 5 classes but at a standstill now since I failed Core 1 of A+. My professor wants me to score an 88% on a Certmaster practice exam before he’ll approve a 2nd attempt despite me doing all the PBQs, quizzes and whatnot which is holding me back too since the practice exam seems harder than the exam itself lmao. Basically, I’m already burning out and I’ve only started. I’m so sick of making only a little above minimum wage and I’m 26! Is cybersecurity as a field even worth it when it’s been a joke so far in this job market?? Will my 6 months of experience in 2 domains count for something at least in this search along with my Google cybersecurity certificate?? 🙃 EDIT: did I mention NO pay increase despite piling responsibilities on me? They will also only be able to offer me full time work until August 31(I’d be cut down to 30 hours a week after) and I can’t afford to keep living off my savings. I will definitely need to find a new position soon. submitted by /u/incelexcorcist [link] [comments]
- Most painful issues in chemical industry?by /u/AdEducational2648 (cybersecurity) on April 26, 2024 at 11:13 am
Hey everyone, I'm wondering what are the most painful things to deal with in the chemical industry when it comes to a secure IT infrastructure? What are the most vulnerable spots in your opinion? Where do you see issues at your company? Especially now regarding upcoming regulatory changes with NIS2 in Europe, I'm wondering where to start my talking points with clients, and how not to be a salesperson but be of ACTUAL VALUE to a companies IT security. submitted by /u/AdEducational2648 [link] [comments]
- Here's my article on Phishing Email Investigation: A Step-by-Step Analysis. Do read and let me know your best strategies to avoid falling for phishing scams?by /u/saip007 (cybersecurity) on April 26, 2024 at 10:54 am
submitted by /u/saip007 [link] [comments]
- Web Application Security Vs android Reverse Engineerby /u/Puzzleheaded-Shop410 (cybersecurity) on April 26, 2024 at 10:50 am
Hello All, So currently I work as Security Analyst in Application Security and has been approached for the role of Reverse Engineer Specialist in Android Domain. Do you guys think it is a good idea to jump in this niche domain. Also how easy is to switch to other domain after working in Android reverse engg domain? Cheers submitted by /u/Puzzleheaded-Shop410 [link] [comments]
- Is information security system major the same as cyber security?by /u/iiiAlex1st (cybersecurity) on April 26, 2024 at 10:34 am
submitted by /u/iiiAlex1st [link] [comments]
- Secure Coding Practices in Java Resourcesby /u/Maxxis8061 (cybersecurity) on April 26, 2024 at 10:27 am
Hey everyone, I have an interview coming up that requires a secure code review specifically in Java for OWASP Top 10 vulnerabilities (Web App Security). I would really appreciate it if anyone knew such resources to help me learn secure coding practices and could share those with me. Thanks in advance! submitted by /u/Maxxis8061 [link] [comments]
- Secondary cysec skill?by /u/PBBG12000 (cybersecurity) on April 26, 2024 at 9:53 am
Hi! I have been in the industry for over 4 years now, working as an offensive security consultant. But lately I've been feeling that this is not enough. My aim really is to work as a solo consultant/contractor. So when I looked for such positions, rarely did I see anything related to pentesting or red teaming. Now, I understand there is a trust factor involved here and no one is stupid enough to give access of their internal networks to random guys off the internet. However, I did see many positions for stuff like audits, implementation of security tools etc. Due to this, I am considering developing a secondary skill set. My question is:- In your opinion, looking at the current scenario, what product/skill in cyber will you recommend for someone like me? Remember, I still want my primary thing to be red team and pentesting, I just want something to rely upon in case opportunities for it becomes scarcer than now. submitted by /u/PBBG12000 [link] [comments]
- MSSP with port mirroring devices?by /u/Professional-Cash897 (cybersecurity) on April 26, 2024 at 8:17 am
We're currently using esentire, and are up for renewal soon. Wanted to look at other options to see what else is out there. Esentire are great as they not only provide agents that sit on endpoints, but they also provide these port mirroring devices that analyse packets at the network layer. We are a global company, and don't have compute power in some offices, so these boxes come in handy as they are essentially plug and play. Are there any other companies out there that you can recommend that also offer a similar solution (must have 24/7 soc)? Rapid7 is an obvious choice, but looking for others. Thanks! submitted by /u/Professional-Cash897 [link] [comments]
- Any ideas on how I can convince my boss to not require users to give us their passwords?by /u/TheRealTengri (cybersecurity) on April 26, 2024 at 6:47 am
I just recently got a new IT job and their internal security is awful. Two ways are that everybody had local admin rights (which I was able to convince them to change) and they are required to give us their password when we need to work on their laptop since the laptops are assigned to each person and we need to login to their account to make configurations on their account. I am trying to tell them we could just use the local administrator account and copy files to their user folder, but they don't listen. Any ideas on how I can convince my boss to not require users to give us their passwords? submitted by /u/TheRealTengri [link] [comments]
- Encryption Keys Rotationby /u/ggbs890 (cybersecurity) on April 26, 2024 at 5:55 am
Hello People... Have a query regarding Key Rotation activity. As per the regulatory requirements, we are required to perform encryption key rotation on an annual basis. So just wanted to know few things about it - 1. How to manage historical data which was encrypted with an old key? 2. How to identify data which was encrypted with new keys post rotation? 3. Is it necessary that we have to decrypt and then re-encrypt all the old data with the new keys? 4. Is there any way one can achieve some kind of automation for this process? More importantly, would like to know what approach you people take if you are also performing key rotation every year. Also, let me know if I am missing out on any important steps/points as part of this process, since this is entirely new thing for me and curious to learn and know more about it. Thanks in advance!!! 🙏🏻 submitted by /u/ggbs890 [link] [comments]
- ArcaneDoor hackers exploit Cisco zero-days to breach govt networksby /u/anynamewillbefine (cybersecurity) on April 26, 2024 at 12:47 am
submitted by /u/anynamewillbefine [link] [comments]
- Advice for imposter syndromeby /u/cakeistasty789 (cybersecurity) on April 26, 2024 at 12:45 am
Hey everyone! Honestly I don’t know if this is the right place to ask something like this, but do any of you have imposter syndrome too? I’m a security analyst for 2 yrs now in NYC. I’ve been applying for new positions as I feel my current job is severely underpaying me around (60k). I get interviews but no matter how far I make it into the interview process, the hiring managers always choose a “more experienced candidate”. I fully understand this, but I just don’t think I will ever be that “more experienced candidate” myself as there will always be more educated and experienced people than myself. I spend all my time with in books and learning and sometimes going for certs. Not to mention this affects my ability to give interviews properly. No matter how much I practice I’m never able to properly convey my experience and expertise properly and end up sounding silly. I have an interview scheduled sometime in the next few days and am heavily considering canceling due to these experiences. Any advice/insight on anything I wrote would be appreciated. Thank you so much for reading all of this! submitted by /u/cakeistasty789 [link] [comments]
- Has anyone made it out of this field?by /u/Longjumping-Pin5976 (cybersecurity) on April 25, 2024 at 7:45 pm
I’ve worked in security for seven years and have had certain elements really worn me down over time. I don’t know what happened, but over the past year the following have really made me feel dissatisfaction with this work: •The feeling of not really creating anything with my labor. •Being a cost center to the business and having budget constantly scrutinized/not getting enough to adequately cover a security program. •Having documented security risk constantly dismissed by leadership or stakeholders. Constantly occuring despite tangibly showing them in multiple ways and communication styles. •Generally being disliked by other parts of the parts of the organization and the typically antisocial nature of technical workers at my org makes the job very lonely. •Constant, reactive firefighting. Nobody cares about what security does unless something negative is happening. I think security is interesting and was able to shrug most of this stuff off early on. But with the market contracting and companies trying to outsource or downsize a cost center, it makes the field less attractive for the long run. Has anyone found skills they picked up in security transferred well to other industries? I was looking at industrial hygiene and safety a while back and it seems like it would be more personally meaningful since there’s a human safety element. Hoping to hear if anyone was able to make moves out of a seemingly niche field. submitted by /u/Longjumping-Pin5976 [link] [comments]
- Are Level 1 & 2 SOC Analyst's becoming irrelevant positions?by /u/sudochief (cybersecurity) on April 25, 2024 at 6:08 pm
TL;DR Based off current market and technology trends it seems Tier I & II Analyst positions are becoming obsolete. Having trouble finding analyst work, even with 1.5yrs analyst exp, 3.5yrs total IT exp. Thinking of honing skills more in the engineering side of the house. What areas of security would y'all recommend to focus on developing skills/education in? I'm curious to know everyone's thought's on this, I certainly have my opinions based off my observations of the current climate of the job market. I am looking for a job and have been looking into analyst II position's, and recently have been looking at analyst 1 positions as well because I haven't had too much luck with the former. I should add that my current gig is a level 1 analyst, I can honestly say that I love the work I do, have been in the role for a year and a half now, and have been working IT for 3 and a half years now. It seems the way the market is trending, and with the direction the technology is heading, companies would rather just hire a few people as a one size fits all engineer/analyst, and maybe hire one or two Tier III analysts to catch anything that slips through the cracks. I guess I'm a little frustrated at this point because even the Tier I position's I don't seem to be qualified for even though I have 1.5yrs experience of Analyst & IR work, 3 total yrs of IT. Aside from that, besides having a degree, I've shown my willigness to continue my education, having obtained Net+, Sec+, and CySA+ all in the past couple years. Wondering if at this point I should just focus on a degree and maybe narrow down on skills related to SOAR and engineering. submitted by /u/sudochief [link] [comments]
- How will the US ban Tiktok on a technical level?by /u/no_shit_dude2 (cybersecurity) on April 25, 2024 at 2:22 pm
What are your thoughts around the technicalities of banning a service such as Tiktok? Will the company be dissolved completely or will there be pressure put on Apple/Google app stores to remove the app, or even a DNS level block? Just using Tiktok as an example here but curious about the technicalities of blocking a website/service. submitted by /u/no_shit_dude2 [link] [comments]
- Being used??by /u/I_said_watch_Clark_ (cybersecurity) on April 25, 2024 at 2:06 pm
Anyone in cyber security think they're being used just to fill a blank hole and mark off a checkbox that your org needs to show they have a ft cybersecurity employee on-hand? submitted by /u/I_said_watch_Clark_ [link] [comments]
- Anyone with ADHD/ADD who's thriving in the field of cybersecurity?by /u/Itchy_Sherbet_9895 (cybersecurity) on April 25, 2024 at 10:52 am
I was wondering if this field is suitable for someone with adhd. submitted by /u/Itchy_Sherbet_9895 [link] [comments]
- My IT Department knows all our passwordsby /u/Freshwater_Salmon556 (cybersecurity) on April 25, 2024 at 8:38 am
Hi, was told to post here, hope that's ok. The company I work for has a small IT team and they ask us all for passwords. If we change them, they ask us again for the updated password. This can't be right, can it? We are ISO 2701 and 9001 acredited which must mean something when it comes to security? I don't want to talk to IT for fear of recriminations, what can I do? Among some of the documents we work with are folks' medical records. submitted by /u/Freshwater_Salmon556 [link] [comments]
- Mentorship Monday - Post All Career, Education and Job questions here!by /u/AutoModerator (cybersecurity) on April 22, 2024 at 12:00 am
This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away! Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we're working on making this more easily searchable for the future. submitted by /u/AutoModerator [link] [comments]
Active Hydrating Toner, Anti-Aging Replenishing Advanced Face Moisturizer, with Vitamins A, C, E & Natural Botanicals to Promote Skin Balance & Collagen Production, 6.7 Fl Oz
Age Defying 0.3% Retinol Serum, Anti-Aging Dark Spot Remover for Face, Fine Lines & Wrinkle Pore Minimizer, with Vitamin E & Natural Botanicals
Firming Moisturizer, Advanced Hydrating Facial Replenishing Cream, with Hyaluronic Acid, Resveratrol & Natural Botanicals to Restore Skin's Strength, Radiance, and Resilience, 1.75 Oz
Skin Stem Cell Serum
Smartphone 101 - Pick a smartphone for me - android or iOS - Apple iPhone or Samsung Galaxy or Huawei or Xaomi or Google Pixel
Can AI Really Predict Lottery Results? We Asked an Expert.
Djamgatech
Read Photos and PDFs Aloud for me iOS
Read Photos and PDFs Aloud for me android
Read Photos and PDFs Aloud For me Windows 10/11
Read Photos and PDFs Aloud For Amazon
Get 20% off Google Workspace (Google Meet) Business Plan (AMERICAS): M9HNXHX3WC9H7YE (Email us for more)
Get 20% off Google Google Workspace (Google Meet) Standard Plan with the following codes: 96DRHDRA9J7GTN6(Email us for more)
FREE 10000+ Quiz Trivia and and Brain Teasers for All Topics including Cloud Computing, General Knowledge, History, Television, Music, Art, Science, Movies, Films, US History, Soccer Football, World Cup, Data Science, Machine Learning, Geography, etc....
List of Freely available programming books - What is the single most influential book every Programmers should read
- Bjarne Stroustrup - The C++ Programming Language
- Brian W. Kernighan, Rob Pike - The Practice of Programming
- Donald Knuth - The Art of Computer Programming
- Ellen Ullman - Close to the Machine
- Ellis Horowitz - Fundamentals of Computer Algorithms
- Eric Raymond - The Art of Unix Programming
- Gerald M. Weinberg - The Psychology of Computer Programming
- James Gosling - The Java Programming Language
- Joel Spolsky - The Best Software Writing I
- Keith Curtis - After the Software Wars
- Richard M. Stallman - Free Software, Free Society
- Richard P. Gabriel - Patterns of Software
- Richard P. Gabriel - Innovation Happens Elsewhere
- Code Complete (2nd edition) by Steve McConnell
- The Pragmatic Programmer
- Structure and Interpretation of Computer Programs
- The C Programming Language by Kernighan and Ritchie
- Introduction to Algorithms by Cormen, Leiserson, Rivest & Stein
- Design Patterns by the Gang of Four
- Refactoring: Improving the Design of Existing Code
- The Mythical Man Month
- The Art of Computer Programming by Donald Knuth
- Compilers: Principles, Techniques and Tools by Alfred V. Aho, Ravi Sethi and Jeffrey D. Ullman
- Gödel, Escher, Bach by Douglas Hofstadter
- Clean Code: A Handbook of Agile Software Craftsmanship by Robert C. Martin
- Effective C++
- More Effective C++
- CODE by Charles Petzold
- Programming Pearls by Jon Bentley
- Working Effectively with Legacy Code by Michael C. Feathers
- Peopleware by Demarco and Lister
- Coders at Work by Peter Seibel
- Surely You're Joking, Mr. Feynman!
- Effective Java 2nd edition
- Patterns of Enterprise Application Architecture by Martin Fowler
- The Little Schemer
- The Seasoned Schemer
- Why's (Poignant) Guide to Ruby
- The Inmates Are Running The Asylum: Why High Tech Products Drive Us Crazy and How to Restore the Sanity
- The Art of Unix Programming
- Test-Driven Development: By Example by Kent Beck
- Practices of an Agile Developer
- Don't Make Me Think
- Agile Software Development, Principles, Patterns, and Practices by Robert C. Martin
- Domain Driven Designs by Eric Evans
- The Design of Everyday Things by Donald Norman
- Modern C++ Design by Andrei Alexandrescu
- Best Software Writing I by Joel Spolsky
- The Practice of Programming by Kernighan and Pike
- Pragmatic Thinking and Learning: Refactor Your Wetware by Andy Hunt
- Software Estimation: Demystifying the Black Art by Steve McConnel
- The Passionate Programmer (My Job Went To India) by Chad Fowler
- Hackers: Heroes of the Computer Revolution
- Algorithms + Data Structures = Programs
- Writing Solid Code
- JavaScript - The Good Parts
- Getting Real by 37 Signals
- Foundations of Programming by Karl Seguin
- Computer Graphics: Principles and Practice in C (2nd Edition)
- Thinking in Java by Bruce Eckel
- The Elements of Computing Systems
- Refactoring to Patterns by Joshua Kerievsky
- Modern Operating Systems by Andrew S. Tanenbaum
- The Annotated Turing
- Things That Make Us Smart by Donald Norman
- The Timeless Way of Building by Christopher Alexander
- The Deadline: A Novel About Project Management by Tom DeMarco
- The C++ Programming Language (3rd edition) by Stroustrup
- Patterns of Enterprise Application Architecture
- Computer Systems - A Programmer's Perspective
- Agile Principles, Patterns, and Practices in C# by Robert C. Martin
- Growing Object-Oriented Software, Guided by Tests
- Framework Design Guidelines by Brad Abrams
- Object Thinking by Dr. David West
- Advanced Programming in the UNIX Environment by W. Richard Stevens
- Hackers and Painters: Big Ideas from the Computer Age
- The Soul of a New Machine by Tracy Kidder
- CLR via C# by Jeffrey Richter
- The Timeless Way of Building by Christopher Alexander
- Design Patterns in C# by Steve Metsker
- Alice in Wonderland by Lewis Carol
- Zen and the Art of Motorcycle Maintenance by Robert M. Pirsig
- About Face - The Essentials of Interaction Design
- Here Comes Everybody: The Power of Organizing Without Organizations by Clay Shirky
- The Tao of Programming
- Computational Beauty of Nature
- Writing Solid Code by Steve Maguire
- Philip and Alex's Guide to Web Publishing
- Object-Oriented Analysis and Design with Applications by Grady Booch
- Effective Java by Joshua Bloch
- Computability by N. J. Cutland
- Masterminds of Programming
- The Tao Te Ching
- The Productive Programmer
- The Art of Deception by Kevin Mitnick
- The Career Programmer: Guerilla Tactics for an Imperfect World by Christopher Duncan
- Paradigms of Artificial Intelligence Programming: Case studies in Common Lisp
- Masters of Doom
- Pragmatic Unit Testing in C# with NUnit by Andy Hunt and Dave Thomas with Matt Hargett
- How To Solve It by George Polya
- The Alchemist by Paulo Coelho
- Smalltalk-80: The Language and its Implementation
- Writing Secure Code (2nd Edition) by Michael Howard
- Introduction to Functional Programming by Philip Wadler and Richard Bird
- No Bugs! by David Thielen
- Rework by Jason Freid and DHH
- JUnit in Action
#BlackOwned #BlackEntrepreneurs #BlackBuniness #AWSCertified #AWSCloudPractitioner #AWSCertification #AWSCLFC02 #CloudComputing #AWSStudyGuide #AWSTraining #AWSCareer #AWSExamPrep #AWSCommunity #AWSEducation #AWSBasics #AWSCertified #AWSMachineLearning #AWSCertification #AWSSpecialty #MachineLearning #AWSStudyGuide #CloudComputing #DataScience #AWSCertified #AWSSolutionsArchitect #AWSArchitectAssociate #AWSCertification #AWSStudyGuide #CloudComputing #AWSArchitecture #AWSTraining #AWSCareer #AWSExamPrep #AWSCommunity #AWSEducation #AzureFundamentals #AZ900 #MicrosoftAzure #ITCertification #CertificationPrep #StudyMaterials #TechLearning #MicrosoftCertified #AzureCertification #TechBooks
Top 1000 Canada Quiz and trivia: CANADA CITIZENSHIP TEST- HISTORY - GEOGRAPHY - GOVERNMENT- CULTURE - PEOPLE - LANGUAGES - TRAVEL - WILDLIFE - HOCKEY - TOURISM - SCENERIES - ARTS - DATA VISUALIZATION
Top 1000 Africa Quiz and trivia: HISTORY - GEOGRAPHY - WILDLIFE - CULTURE - PEOPLE - LANGUAGES - TRAVEL - TOURISM - SCENERIES - ARTS - DATA VISUALIZATION
Exploring the Pros and Cons of Visiting All Provinces and Territories in Canada.
Exploring the Advantages and Disadvantages of Visiting All 50 States in the USA
Health Health, a science-based community to discuss health news and the coronavirus (COVID-19) pandemic
- Irregular bone marrow cells may increase heart disease riskby /u/Passervore on April 26, 2024 at 2:55 pm
submitted by /u/Passervore [link] [comments]
- ‘Real hope’ for cancer cure as personal mRNA vaccine for melanoma trialledby /u/Well_Socialized on April 26, 2024 at 2:53 pm
submitted by /u/Well_Socialized [link] [comments]
- 20% of grocery store milk has traces of bird flu, suggesting wider outbreak | The milk is still considered safe, but disease experts are alarmed by the prevalence.by /u/chrisdh79 on April 26, 2024 at 2:48 pm
submitted by /u/chrisdh79 [link] [comments]
- "Teachers and family dismissed my cry for help—it was almost too late"by /u/newsweek on April 26, 2024 at 12:41 pm
submitted by /u/newsweek [link] [comments]
- A new kind of gene-edited pig kidney was just transplanted into a personby /u/Sariel007 on April 26, 2024 at 12:32 pm
submitted by /u/Sariel007 [link] [comments]
Today I Learned (TIL) You learn something new every day; what did you learn today? Submit interesting and specific facts about something that you just found out here.
- TIL A group of horses were trained to communicate whether they wanted a jacket. All horses in the group successfully communicated that they did want a jacket when it was cold and did not want a jacket when it was hot.by /u/PunnyBanana on April 26, 2024 at 2:20 pm
submitted by /u/PunnyBanana [link] [comments]
- TIL when the artists arrived to record "We Are the World," Stevie Wonder told them that if the song wasn't finished in one take, he and Ray Charles would drive them home.by /u/RequirementSouth4482 on April 26, 2024 at 1:53 pm
submitted by /u/RequirementSouth4482 [link] [comments]
- TIL E.T was a 12-year-old disabled boy in a suitby /u/DiaBoloix on April 26, 2024 at 12:43 pm
submitted by /u/DiaBoloix [link] [comments]
- TIL that a politician gave a food review of kebab while speaking in parliament. Australian Senator Sam Dastyari gave a "10 out of 10" rating to the kebab snack pack sold at King Kebab House, and advised others to also enjoy "a great Australian tradition of meat in a box".by /u/TMWNN on April 26, 2024 at 11:47 am
submitted by /u/TMWNN [link] [comments]
- TIL the infamous "Jump the Shark" episode of Happy Days (Season 5, Episode 3) was created as a way to showcase Henry Winkler's real-life water skiing skills. The episode drew over 30 million viewers.by /u/ColeBelthazorTurner on April 26, 2024 at 11:36 am
submitted by /u/ColeBelthazorTurner [link] [comments]
Reddit Science This community is a place to share and discuss new scientific research. Read about the latest advances in astronomy, biology, medicine, physics, social science, and more. Find and submit new publications and popular science coverage of current research.
- Researchers have developed a nanomaterial that could be used to treat neurodegenerative diseases, such as Alzheimer's or Parkinson's. The new "protein-like polymer" has been shown to alter the interaction between two key brain proteins in cell cultures, releasing an important antioxidant on demand.by /u/alexbeadlesci on April 26, 2024 at 3:34 pm
submitted by /u/alexbeadlesci [link] [comments]
- EV drivers need to transition from the “monitor fuel gauge model” (driver refuels when fuel is running out) which represents how most people refuel a petrol or diesel car, to the “event-triggered model” (driver plugs in as soon as arriving home or work) which is optimum for EV use, finds new study.by /u/mvea on April 26, 2024 at 1:49 pm
submitted by /u/mvea [link] [comments]
- Recent research challenges the common belief that childhood trauma affects the experience of ayahuasca, a plant-based psychedelic. Surprisingly, the study finds no connection between prior childhood trauma and the intensity of challenges faced when under the influence of ayahuasca.by /u/mvea on April 26, 2024 at 1:29 pm
submitted by /u/mvea [link] [comments]
- ‘Uncharted territory’: Dual fusion breakthrough in generating denser and safer plasmaby /u/Cleancoolenergy on April 26, 2024 at 1:12 pm
submitted by /u/Cleancoolenergy [link] [comments]
- Researchers have found a fast, and inexpensive way to create geometric patterns in carbon nanotube films. The resulting films turned out to have superior properties for manufacturing components for 6G communication devices and flexible and transparent electronics — such as wearable health trackers.by /u/Skoltech_ on April 26, 2024 at 11:56 am
submitted by /u/Skoltech_ [link] [comments]
Reddit Sports Sports News and Highlights from the NFL, NBA, NHL, MLB, MLS, and leagues around the world.
- Falcons GM explains shocking selection of Michael Penix Jr. that left Kirk Cousins 'disappointed'by /u/Oldtimer_2 on April 26, 2024 at 1:45 pm
submitted by /u/Oldtimer_2 [link] [comments]
- Joel Embiid scores 50 points to lead 76ers past Knicks 125-114 to cut deficit to 2-1by /u/Oldtimer_2 on April 26, 2024 at 1:13 pm
submitted by /u/Oldtimer_2 [link] [comments]
- 49ers excited to have Aiyuk, Deebo, Pearsall togetherby /u/Oldtimer_2 on April 26, 2024 at 1:12 pm
submitted by /u/Oldtimer_2 [link] [comments]
- Nuggets breeze past Lakers, take 3-0 series leadby /u/Oldtimer_2 on April 26, 2024 at 1:10 pm
submitted by /u/Oldtimer_2 [link] [comments]
- Brazil legend Marta to retire from international footballby /u/PrincessBananas85 on April 26, 2024 at 1:08 pm
submitted by /u/PrincessBananas85 [link] [comments]