You can translate the content of this page by selecting a language in the select box.
CyberSecurity – What are some things that get a bad rap, but are actually quite secure?
Cybersecurity is an important issue for everyone, from individuals to large organizations. There are many things that get a bad rap when it comes to cybersecurity, but that doesn’t mean they’re not secure. For example, PGP (Pretty Good Privacy) is a method of encrypting emails that is considered to be very secure. However, it can be difficult to set up and use. Another example is using very long passwords that are actually a sentence. This may seem like a security risk, but it’s actually more secure than a shorter password because it’s more difficult for hackers to guess. Additionally, changing the default port for certain services like databases can help to prevent hacking. Unplugging the ethernet cable may also seem like a security risk, but it’s actually one of the most effective ways to prevent data breaches. Finally, browser password managers are often considered to be insecure, but they’re actually quite secure if used properly. Cybersecurity is an important issue, and there are many things that can be done to help prevent hacking and data breaches.
There are a lot of CyberSecurity myths out there. People think that X, Y, and Z are the most secure way to do things when in reality, they are the least secure. The biggest myth is that PGP is unbreakable. PGP has been broken many times and is not a reliable form of CyberSecurity. Another myth is that very long passwords are secure. The problem with very long passwords is that they are difficult to remember and often get written down somewhere. If a hacker gets ahold of your password, they can easily access your account. The best way to prevent CyberSecurity breaches is to use MFA, OAuth, and two-step verification whenever possible. These methods make it much more difficult for hackers to gain access to your accounts. While they may not be foolproof, they are the best CyberSecurity measure available.
PGP is a Form of Minimalism
As a protocol, PGP is surprising simple. Here is what happens if you want to use it to securely send a message to someone:
You get from them a PGP identity (public key). How you do that is entirely up to you.
Your PGP program uses that identity to perform a single public key encryption of a message key.
Then the message key is used to encrypt the message which is added to the encrypted message key to make the encrypted message.
Your correspondent does the opposite operations to get the message.
If you want to sign your message then you:
Hash the message.
Do a public key signature operation on the hash and attach the result to the message.
Your correspondent checks the signature from your PGP identity, which they have acquired somehow.
The simple key handling is where the minimalism comes from. It is why PGP can be used in so many non-email contexts.
As a contrast, consider the Signal Protocol for instant messaging. I will not attempt to describe Signal in any detail as I would get parts of it wrong. It would also make for a pointlessly long article. There is a high level description of the Signal protocol here. None of the following comments are intended to be critical, they are intended to give an idea of the level of complexity of the protocol in total:
Signal has at least 2 systems for creating forward secrecy. Each system requires a system to deal with loss of synchronization.
A Signal session requires the storage and maintenance of a lot of state information.
Signal normally uses a server based “prekey” system to deal with the case where a client is offline and thus is unable to negotiate.
Signal achieves partial deniability with a triple Diffie-Hellman key exchange. OpenPGP achieves complete deniability by not signing the message in the first place.
Supporting the Signal protocol in practice requires a separate system to store and protect past messages1). Since this is at odds with forward secrecy such a system will end up with a system to delete old messages.
The Signal Protocol is built on ideas from the Off the Record (OTR) protocol. Interestingly enough, OTR was intended to improve PGP by adding extra functionality. Signal adds functionality on top of the OTR functionality. So Signal could be considered the result of an attempt to improve something by making it more complex.
I believe that reliability and security are best achieved with simple systems. OpenPGP is a standard that describes such a system.
2- Very long passwords that are actually a sentence
It could be bad if you just came up with it and forget it, and people think it’s bad if it only has lowercase and no numbers or punctuation. But a 5-6 word sentence could be quite secure, especially if it’s a bit weird. “Lemons make a delicious snack in my house.”
3- Writing passwords down.
I tell all my old relatives to write their passwords down in a little notebook. As long as there isn’t someone there regularly I don’t trust, it is much better than using same password and if their physical security at their house is compromised, there are bigger concerns than a notebook of banking passwords.
We write down all the passwords to our most secure systems – but then we rip them in half and put them in 2 separate safes.
Did I say passwords? I meant encryption keys.
4- Changing default ports for certain services like dbs
Most of the gangs out there use tools that don’t do a full search, so they go through the default port list
Pass the AWS Certified Machine Learning Specialty Exam with Flying Colors: Master Data Engineering, Exploratory Data Analysis, Modeling, Machine Learning Implementation, Operations, and NLP with 3 Practice Exams. Get the MLS-C01 Practice Exam book Now!
5- MFA in general.
Takes 60 seconds to set up, and an additional 5s each time you use it, but can save you hours if not days of manual recovery efforts with support to regain access to a compromised account. Yet people don’t like the idea.
If you are looking for an all-in-one solution to help you prepare for the AWS Cloud Practitioner Certification Exam, look no further than this AWS Cloud Practitioner CCP CLFC01 book below.
If you are using TOTP for your MFA, you can even put it right in the browser with a plug-in. I use this approach for work. It’s very convenient.
If you use a password manager that supports TOTP and auto type (e.g. KeePassXC) then you don’t even need to mess with it once you have it set up.
6- Oauth for 3rd party apps.
Those “sign into our app with your (Google, Microsoft, etc) account” things. As long as you trust the ID provider and the app, it’s usually secure. More so, considering it prevents password reuse, and you aren’t exposed if any of those 3rd party apps have a breach.
7- Two-step verification.
Yes it’s annoying to need two devices every time you want to log into your most precious accounts, but trust me, I’d rather take the extra 10 seconds to authorize a login than go through the hell of having my account breached.
The argument is that ‘you can’t change your face/finger’ but it is actually more secure than other ‘magic link’ providers.
Let me be clear, there are some providers that are still iffy on security. But there are also some that have device native authentication (you need the device to auth), they don’t store passwords or password hashes, and only has public keys.
One example of this is https://passage.id/ which is about as secure as you can get.
Yes, they had a bunch of issues at the start, but they fixed them. I would much rather work with a company that had security assessments and fixed the problems rather than a company which has never been assessed.
10- Unplugging the ethernet cable.
11- Browser password managers?
Rant moment: reasons cybersecurity fails
People don’t see value of putting effort in cybersecurity because they don’t see any material gains from it. The best thing they can see is nothing bad happening.
No news isn’t good enough of a good news. This is enough to mostly ignore all cybersecurity advice altogether.
This is similar to people not taking care of themselves health-wise, because the best things they can see is not getting sick.
Why do cyber attackers commonly use social engineering attacks?
Hackers commonly use social engineering attacks because they can be very effective. By using social engineering, hackers can take advantage of people’s trusting nature and willingness to help others. They can also exploit the fact that people are often not well-informed about security and privacy issues. For example, a hacker might pose as a customer service representative and ask for someone’s password. Or, they might send an email that looks like it is from a trusted source, such as a bank or government agency, and ask the recipient to click on a link or download an attachment. If the person falls for the deception, the hacker can gain access to their accounts or infect their computer with malware. That is why it is important to be aware of these types of attacks and know how to protect yourself.
Cyber attackers commonly use social engineering attacks for a number of reasons. First, hacking into a person’s or organization’s computer systems is becoming increasingly difficult as security measures become more sophisticated. Second, even if a hacker is able to gain access to a system, they are likely to be discovered and caught before they can do any significant damage. Third, social engineering attacks allow hackers to bypass security measures and obtain sensitive information without being detected. Finally, social media platforms have made it easier for cyber attackers to obtain personal information about their targets and to carry out attacks. As a result, social engineering attacks are an attractive option for many cyber attackers.
Cybersecurity is often thought of as a complex and technical field, but there are actually many simple things that everyone can do to help stay safe online. For example, one way to protect your online communications is to use PGP encryption. This type of encryption is incredibly difficult for even the most skilled hacker to break, but it’s also easy to use. Another way to improve your cybersecurity is to use very long passwords that are actually a sentence. This may seem daunting, but using a phrase as your password makes it much harder for hackers to guess. Additionally, changing the default ports for certain services can help prevent unauthorized access. And finally, unplugging the ethernet cable when you’re not using it is a great way to physically block hackers from accessing your device. By following these simple tips, you can dramatically improve your cybersecurity and protect your privacy.
- AceCryptor: Cybercriminals' Powerful Weapon, Detected in 240K+ Attacksby /u/CYRISMA_Buddy (cybersecurity) on May 30, 2023 at 4:34 am
submitted by /u/CYRISMA_Buddy [link] [comments]
- CRTO v/s CRTPby /u/PBBG12000 (cybersecurity) on May 30, 2023 at 4:00 am
Quick question. I have done CRTP previously and it was moderately hard for me. I want to take up the CRTO exam next and just wanted to know what to expect. What is the difficulty level of the exam compared to CRTP? Is it harder, easier or almost the same? Thanks submitted by /u/PBBG12000 [link] [comments]
- I have the chance to speak to the supervisor of the Security team. What would be good questions to ask?by /u/FortunateOne123 (cybersecurity) on May 30, 2023 at 2:35 am
Hi all! I'm an intern(service desk tech) in the IT department of a midsized healthcare/EMS corporation, and as the title suggests I get the chance to meet with the supervisor of our company's security team. I'm only just starting out in IT so my knowledge level is pretty basic across the board, so I don't want to waste this opportunity to learn about cybersecurity from someone experienced in the field. If anyone has any advice here I would be very grateful! submitted by /u/FortunateOne123 [link] [comments]
- has anyone completed the google cybersecurity certificate?by /u/Rough_Ad_7760 (cybersecurity) on May 30, 2023 at 12:08 am
Hello I'm close to finishing the google cybersecurity certificate and on the website I was told they give exclusive access to job searching website that they also have companies that are committed to hiring people with the certificate. I'm looking to see if anyone has seen this and how good is it. submitted by /u/Rough_Ad_7760 [link] [comments]
- GRC info neededby /u/anon67- (cybersecurity) on May 29, 2023 at 10:38 pm
Please give some insight on the different job responsibilities within the GRC realm. Which job is most difficult? Easiest? What are some tips to jump into the field and to move up the ranks? Thanks. submitted by /u/anon67- [link] [comments]
- eBook bundle.. worth it? (Humble Bundle)by /u/TypeAskee (cybersecurity) on May 29, 2023 at 9:32 pm
submitted by /u/TypeAskee [link] [comments]
- Do you keep expired certs on your CV?by /u/crablemet111 (cybersecurity) on May 29, 2023 at 8:24 pm
My Comptia certs (A+,Network+,Sec+) are about to expire and not sure what to do. Dont really feel like paying for a cert above these that I dont really care about just to renew these but also I am worried that in future interviews they might pick on me for not disclosing they have expired. How do you guys approach this situation? I think if I get confronted about them I will just explain how I think its a ripoff and I dont want to pay for a renewal. submitted by /u/crablemet111 [link] [comments]
- Training Certificate is not the same thing as an Industry Certificationby /u/DeezSaltyNuts69 (cybersecurity) on May 29, 2023 at 8:07 pm
There seems to be some confusion over Certificate and Certification - They are not the same thing and they are not interchangeable This training from Google through coursera - https://www.coursera.org/professional-certificates/google-cybersecurity - is just that online training - you get a training certificate at the end of the training It is not an industry Certification CompTia - Security+ AWS - Cloud Practitioner ISC2 - CISSP SANs - GIAC these are industry certifications - you take the same exam everyone else is taking and if you pass you are awarded the certification - certifications must be maintained and have annual CEUs/CPEs - basically continuing education credits you get through more training, webinars, conferences and Certifications do expire That google course is just online training, no different that you would find on sites like Pluralsight, Udemy, Udacity, Cybrary, etc submitted by /u/DeezSaltyNuts69 [link] [comments]
- [GitHub Action]: Wrappers for sqlmap, bbot and niktoby /u/bilporti (cybersecurity) on May 29, 2023 at 7:13 pm
Howdy! Its not that much of a tool than wrappers of few awesome tools that most of you probably know and use today - sqlmap, bbot and nikto. I'm excited to share with you my latest contributions to the GitHub community: a collection of free GitHub Actions designed to streamline and enhance security practices utilizing DAST and OSINT. There were no GH Actions that I could find, so I made them for my use case, but figured everyone can benefit from those awesome tools. Action - 🗺️ - sqlmap The famous sqmap - perform automated (or semi-automated) penetration testing on your releases: https://github.com/marketplace/actions/thereisnotime-action-sqlmap Action - 🤖 - bbot One of the newer OSINT automation tools on the block, I personally love it so here it is: https://github.com/marketplace/actions/thereisnotime-action-bbot Action - 🎯 - nikto A stable and tested tool that can easily scan a ton of endpoints for security issues: https://github.com/marketplace/actions/thereisnotime-action-nikto WIP: Currently I am working on a nice workaround to generate outputs from the actions and not directly from the tools (but you can still use the tool outputs in your job steps) and after that I will add more examples (the way I use it for regular security compliance reports etc.). Because those amazing tools have a ton of parameters, one of my main goals was to provide an easy option to provide custom arguments instead of wrapping each one and also re-use as much as possible from the official or at least most supported Dockerfiles where available. Feel free to try them out, provide feedback, or even contribute to their development. The actions are under active development but they are working. Your input is valuable in making these actions even more robust and effective. If you find them useful, please leave a ⭐ in GitHub. submitted by /u/bilporti [link] [comments]
- Most CEOS view cybersecurity as more important than economic performanceby /u/justinp205970 (cybersecurity) on May 29, 2023 at 5:49 pm
submitted by /u/justinp205970 [link] [comments]
- Wazuh implementation issueby /u/Kmk00009 (cybersecurity) on May 29, 2023 at 5:39 pm
Did anyone implemented wazuh (server, dashboard and agent) full setup? I am facing issues with agent and server communication, where agent is not able to connect with server. submitted by /u/Kmk00009 [link] [comments]
- Not sure it's true but might be worth to knowby /u/ThePrestigiousRide (cybersecurity) on May 29, 2023 at 5:31 pm
Copied from a Linkedin post A threat actor that goes by the moniker "spyboy" claims to have devised a method to terminate all AVs/EDRs/XDRs. The software has allegedly been tested on most AVs/EDRs/XDRs that exist in the market. This evening, the threat actor made a video of terminating CrowdStrike EDR. Ref: https://lnkd.in/gzDAMRcH The all-in-one version that bypasses most renowned EDRs is currently being sold for $1,500 (early bird perks for the first five buyers)- but will soon be sold for $3,000. Below is the complete list of EDRs that can be allegedly terminated using the program: https://media.licdn.com/dms/image/D5622AQHzhwkOagEK9g/feedshare-shrink_2048_1536/0/1685293180140?e=1687996800&v=beta&t=BkFlsoTi-fHw5zRC3IHQl00XPs9ujxj04gDLM1HNwH0 submitted by /u/ThePrestigiousRide [link] [comments]
- Incident Response Playbooksby /u/RearAdmiral5 (cybersecurity) on May 29, 2023 at 5:28 pm
Does anyone have an incident response playbook they can share? I understand that companies don’t generally share these (for a good reason) and the vendor specific ones are more geared to SIEM implementation…. Can anyone point me in the right direction? submitted by /u/RearAdmiral5 [link] [comments]
- FIM v0.4.7 - Realtime File monitoring toolby /u/okynos (cybersecurity) on May 29, 2023 at 4:56 pm
Hello! FIM v0.4.7 was just released. FIM is an open-source endpoint cybersecurity tool to monitor files of your system. We may ask all of you if you can take a look at our project. If you want to know more about FIM, come at our website. https://achiefs.com/ https://documentation.achiefs.com https://github.com/Achiefs/fim Any feedback or questions will be appreciated. If you like the project give us a star 😀 Thanks! submitted by /u/okynos [link] [comments]
- Clicking a malicious linkby /u/ugonikon (cybersecurity) on May 29, 2023 at 4:05 pm
Hey why is it bad to click a malicious link, like from a spam mail? The worst thing that could happen, is that a malicious file will be downloaded. But what happens after this step? The file lies somewhere within a directory, but an user interaction is required to execute the file (e.g. double-clicking, loading a dll, executing a script etc.) Is it possible, to execute a downloaded file automatically just by clicking a malicious link (not via Script!)? Thanks in advance submitted by /u/ugonikon [link] [comments]
- Private Spies Hired by the FBI and Corporate Firms Infiltrate Discord, Reddit, WhatsAppby /u/Casseiopei (cybersecurity) on May 29, 2023 at 2:54 pm
But is anyone surprised? submitted by /u/Casseiopei [link] [comments]
- Course Recommendations - CTIby /u/thehelmet92 (cybersecurity) on May 29, 2023 at 1:34 pm
Building out internal training programs and looking for any recommendations Cyber Threat Intelligence training, asides SANS? Any recommendations welcome! submitted by /u/thehelmet92 [link] [comments]
- Don't Click That ZIP File! Phishers Weaponizing .ZIP Domains to Trick Victimsby /u/computerchipsanddip (cybersecurity) on May 29, 2023 at 1:05 pm
https://thehackernews.com/2023/05/dont-click-that-zip-file-phishers.html submitted by /u/computerchipsanddip [link] [comments]
- Cybersec news for this weekby /u/MenuParking7693 (cybersecurity) on May 29, 2023 at 11:56 am
Each week I post a summary of the top stories in cybersecurity to help members of this subreddit keep up with the industry. Hopefully this helps! Edition: 29/05/2023 🔓 Cyber Attacks Emby shuts down user media servers hacked in recent attack Media server company Emby remotely shut down an undisclosed number of user-hosted servers following a hack that exploited a known vulnerability and insecure admin configurations. Emby plans a security update soon. US govt contractor ABB confirms ransomware attack, data theft Swiss tech multinational and U.S. government contractor ABB has confirmed that some of its systems were impacted by a ransomware attack, previously described by the company as "an IT security incident." 💀 Threat Actors Lazarus Group Striking Vulnerable Windows IIS Web Servers North Korea's Lazarus Group is exploiting vulnerabilities in unpatched Windows IIS Web servers to launch cyber espionage campaigns, using known exploits like Log4Shell and the 3CX supply chain attack. 'Volt Typhoon' Breaks Fresh Ground for China-Backed Cyber Campaigns A China-backed cyberattack campaign, dubbed "Volt Typhoon," is targeting critical infrastructure organizations in Guam. The actor is believed to be preparing for potentially disruptive attacks in the future, indicating a shift from their traditional focus on cyber espionage. 🛡️ Malware / Threats / Vulnerabilities Hot Pixels attack checks CPU temp, power changes to steal data Researchers have developed a "Hot Pixels" attack that can steal data by monitoring CPU temperature and power changes. The attack retrieves pixel information from the content displayed in the browser and infers navigation history. CosmicEnergy Malware Emerges, Capable of Electric Grid Shutdown Russian code that could tamper with industrial machines and toggle RTUs on and off was floating around VirusTotal for years before being noticed. It raises new questions about the state of OT security. QBot malware abuses Windows WordPad EXE to infect devices QBot malware is abusing a DLL hijacking flaw in Windows 10's WordPad to infect computers, using the legitimate program to evade security software detection. This method primarily affects Windows 10 and later versions. CISA warns govt agencies of recently patched Barracuda zero-day CISA warned government agencies about a recently patched zero-day vulnerability in Barracuda Email Security Gateway appliances, urging them to ensure their networks haven't been breached. Clever ‘File Archiver In The Browser’ phishing trick uses ZIP domains Security researcher mr.d0x has developed a phishing toolkit exploiting the new ZIP top-level domain. This toolkit creates fake in-browser WinRar and Windows File Explorer interfaces on ZIP domains, fooling users into interacting with malicious files. 💹 Trends / Events / Other News PyPI announces mandatory use of 2FA for all software publishers PyPI has decided to enforce two-factor authentication for all project management accounts by the end of 2023. This move is aimed at enhancing platform security and reducing the risk of supply chain attacks. Tesla Whistleblower Leaks 100GB of Data, Revealing Safety Complaints Tesla whistleblowers have leaked 100GB of data including thousands of safety complaints regarding the Autopilot feature and personal information of over 100,000 current and former employees. Tesla hasn't made public statements yet. Netflix's Password-Sharing Ban Offers Security Upsides Netflix's new password-sharing restriction is not just about boosting profits, but also enhancing account security. Experts highlight the potential risks of password-sharing, including unauthorized access and increased phishing susceptibility. I write these summaries as part of weekly newsletter I send out, so any feedback on the length/content/style is also appreciated. submitted by /u/MenuParking7693 [link] [comments]
- Breaches.Cloud: crowd-sourced cloud breaches intelligence databaseby /u/segtekdev (cybersecurity) on May 29, 2023 at 11:35 am
submitted by /u/segtekdev [link] [comments]
- Cyber security analysts / engineers, should they know how to fix what they have found!by /u/xathious (cybersecurity) on May 29, 2023 at 4:15 am
Hey all, Off the back of my last post that got some awesome discussion another controversial topic. Should analysts and engineers know how to fix what they found (or the best practices around the issues they found) is it good enough that they found the problem in the first place ? Discussion only there is absolutely no right or wrong here to many situations and contexts to have a black and white answer. Edit: hey guys just a quick one. Although sometimes the answer seems obvious to you or black and white there are many people out in the world that honestly do believe they need to know and fix everything in every role discussions like this help shed some light. Also sorry for those that caught the “!” Instead of the “?” In the title. submitted by /u/xathious [link] [comments]
- What is a normal day in the life of a penetration tester?by /u/fastercheif (cybersecurity) on May 29, 2023 at 1:52 am
Just wondering because this was one of the jobs I thought was really cool. submitted by /u/fastercheif [link] [comments]
- Mentorship Monday - Post All Career, Education and Job questions here!by /u/AutoModerator (cybersecurity) on May 29, 2023 at 12:00 am
This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away! Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we're working on making this more easily searchable for the future. submitted by /u/AutoModerator [link] [comments]
- PyPI announces mandatory use of 2FA for all software publishersby /u/_DiscoInferno_ (cybersecurity) on May 28, 2023 at 11:47 pm
submitted by /u/_DiscoInferno_ [link] [comments]
- can sha-1 be faked?by /u/Budget_Register662 (cybersecurity) on May 28, 2023 at 5:37 pm
I want to download a program which no longer exists on the official website of the program author. But someone uploaded it somewhere and he claims it's untouched. But that's exactly what someone who has embedded keyloggers in the program would say. I downloaded the program and calculated its SHA-1 using 7-zip. It matches the SHA-1 of the untouched program. Does this mean the program that I downloaded is 100% untouched, or SHA-1 can be faked? submitted by /u/Budget_Register662 [link] [comments]
- Debating on giving up on cyber security and finding a new field to study.by /u/Weary_Education_2704 (cybersecurity) on May 28, 2023 at 3:37 pm
Feels like I wasted a couple years of my life going to college for this only to be met with no results. I've submitted over 125 applications at minimum just since graduation with one interview and it's been over a month since I heard anything. Really don't know what to do at this point, but I sure as hell feel like I threw all of my money down the drain. I was gonna get my sec+ now that I'm done college but it feels completely pointless. I'm honestly just losing hope and drive for this field. Even when the job is marked as "entry level" they usually want years of experience, which by definition isn't entry level. Sorry for the rant but I'm ultimately very frustrated. I have bills to pay and I need a job soon, and it just feels almost impossible to get a job unless you know somebody already, and I'm very much wishing I picked an easier field to get an entry level job in because this diploma feels completely pointless. I'm not alone in this frustration either, other classmates of mine are feeling the same way. My college held job fairs but they didn't do too much besides expand my network a tiny tiny bit. I just feel like now that I'm out of college especially I'm up the creek without a paddle. Absolutely no further help from anyone or any resources I may have used from the school. Edit: thanks for all the great responses. It'll take me some time to read through them all because I was taking a little break from all the stress and applications. But again, thank you all! submitted by /u/Weary_Education_2704 [link] [comments]
Read Photos and PDFs Aloud for me iOS
Read Photos and PDFs Aloud for me android
Read Photos and PDFs Aloud For me Windows 10/11
Read Photos and PDFs Aloud For Amazon
Get 20% off Google Workspace (Google Meet) Business Plan (AMERICAS): M9HNXHX3WC9H7YE (Email us for more)
Get 20% off Google Google Workspace (Google Meet) Standard Plan with the following codes: 96DRHDRA9J7GTN6 (Email us for more))
FREE 10000+ Quiz Trivia and and Brain Teasers for All Topics including Cloud Computing, General Knowledge, History, Television, Music, Art, Science, Movies, Films, US History, Soccer Football, World Cup, Data Science, Machine Learning, Geography, etc....
List of Freely available programming books - What is the single most influential book every Programmers should read
- Bjarne Stroustrup - The C++ Programming Language
- Brian W. Kernighan, Rob Pike - The Practice of Programming
- Donald Knuth - The Art of Computer Programming
- Ellen Ullman - Close to the Machine
- Ellis Horowitz - Fundamentals of Computer Algorithms
- Eric Raymond - The Art of Unix Programming
- Gerald M. Weinberg - The Psychology of Computer Programming
- James Gosling - The Java Programming Language
- Joel Spolsky - The Best Software Writing I
- Keith Curtis - After the Software Wars
- Richard M. Stallman - Free Software, Free Society
- Richard P. Gabriel - Patterns of Software
- Richard P. Gabriel - Innovation Happens Elsewhere
- Code Complete (2nd edition) by Steve McConnell
- The Pragmatic Programmer
- Structure and Interpretation of Computer Programs
- The C Programming Language by Kernighan and Ritchie
- Introduction to Algorithms by Cormen, Leiserson, Rivest & Stein
- Design Patterns by the Gang of Four
- Refactoring: Improving the Design of Existing Code
- The Mythical Man Month
- The Art of Computer Programming by Donald Knuth
- Compilers: Principles, Techniques and Tools by Alfred V. Aho, Ravi Sethi and Jeffrey D. Ullman
- Gödel, Escher, Bach by Douglas Hofstadter
- Clean Code: A Handbook of Agile Software Craftsmanship by Robert C. Martin
- Effective C++
- More Effective C++
- CODE by Charles Petzold
- Programming Pearls by Jon Bentley
- Working Effectively with Legacy Code by Michael C. Feathers
- Peopleware by Demarco and Lister
- Coders at Work by Peter Seibel
- Surely You're Joking, Mr. Feynman!
- Effective Java 2nd edition
- Patterns of Enterprise Application Architecture by Martin Fowler
- The Little Schemer
- The Seasoned Schemer
- Why's (Poignant) Guide to Ruby
- The Inmates Are Running The Asylum: Why High Tech Products Drive Us Crazy and How to Restore the Sanity
- The Art of Unix Programming
- Test-Driven Development: By Example by Kent Beck
- Practices of an Agile Developer
- Don't Make Me Think
- Agile Software Development, Principles, Patterns, and Practices by Robert C. Martin
- Domain Driven Designs by Eric Evans
- The Design of Everyday Things by Donald Norman
- Modern C++ Design by Andrei Alexandrescu
- Best Software Writing I by Joel Spolsky
- The Practice of Programming by Kernighan and Pike
- Pragmatic Thinking and Learning: Refactor Your Wetware by Andy Hunt
- Software Estimation: Demystifying the Black Art by Steve McConnel
- The Passionate Programmer (My Job Went To India) by Chad Fowler
- Hackers: Heroes of the Computer Revolution
- Algorithms + Data Structures = Programs
- Writing Solid Code
- Getting Real by 37 Signals
- Foundations of Programming by Karl Seguin
- Computer Graphics: Principles and Practice in C (2nd Edition)
- Thinking in Java by Bruce Eckel
- The Elements of Computing Systems
- Refactoring to Patterns by Joshua Kerievsky
- Modern Operating Systems by Andrew S. Tanenbaum
- The Annotated Turing
- Things That Make Us Smart by Donald Norman
- The Timeless Way of Building by Christopher Alexander
- The Deadline: A Novel About Project Management by Tom DeMarco
- The C++ Programming Language (3rd edition) by Stroustrup
- Patterns of Enterprise Application Architecture
- Computer Systems - A Programmer's Perspective
- Agile Principles, Patterns, and Practices in C# by Robert C. Martin
- Growing Object-Oriented Software, Guided by Tests
- Framework Design Guidelines by Brad Abrams
- Object Thinking by Dr. David West
- Advanced Programming in the UNIX Environment by W. Richard Stevens
- Hackers and Painters: Big Ideas from the Computer Age
- The Soul of a New Machine by Tracy Kidder
- CLR via C# by Jeffrey Richter
- The Timeless Way of Building by Christopher Alexander
- Design Patterns in C# by Steve Metsker
- Alice in Wonderland by Lewis Carol
- Zen and the Art of Motorcycle Maintenance by Robert M. Pirsig
- About Face - The Essentials of Interaction Design
- Here Comes Everybody: The Power of Organizing Without Organizations by Clay Shirky
- The Tao of Programming
- Computational Beauty of Nature
- Writing Solid Code by Steve Maguire
- Philip and Alex's Guide to Web Publishing
- Object-Oriented Analysis and Design with Applications by Grady Booch
- Effective Java by Joshua Bloch
- Computability by N. J. Cutland
- Masterminds of Programming
- The Tao Te Ching
- The Productive Programmer
- The Art of Deception by Kevin Mitnick
- The Career Programmer: Guerilla Tactics for an Imperfect World by Christopher Duncan
- Paradigms of Artificial Intelligence Programming: Case studies in Common Lisp
- Masters of Doom
- Pragmatic Unit Testing in C# with NUnit by Andy Hunt and Dave Thomas with Matt Hargett
- How To Solve It by George Polya
- The Alchemist by Paulo Coelho
- Smalltalk-80: The Language and its Implementation
- Writing Secure Code (2nd Edition) by Michael Howard
- Introduction to Functional Programming by Philip Wadler and Richard Bird
- No Bugs! by David Thielen
- Rework by Jason Freid and DHH
- JUnit in Action
#BlackOwned #BlackEntrepreneurs #BlackBuniness #AWSCertified #AWSCloudPractitioner #AWSCertification #AWSCLF-C01 #CloudComputing #AWSStudyGuide #AWSTraining #AWSCareer #AWSExamPrep #AWSCommunity #AWSEducation #AWSBasics #AWSCertified #AWSMachineLearning #AWSCertification #AWSSpecialty #MachineLearning #AWSStudyGuide #CloudComputing #DataScience #AWSCertified #AWSSolutionsArchitect #AWSArchitectAssociate #AWSCertification #AWSStudyGuide #CloudComputing #AWSArchitecture #AWSTraining #AWSCareer #AWSExamPrep #AWSCommunity #AWSEducation #AzureFundamentals #AZ900 #MicrosoftAzure #ITCertification #CertificationPrep #StudyMaterials #TechLearning #MicrosoftCertified #AzureCertification #TechBooks