Download the AI & Machine Learning For Dummies PRO App: iOS - Android Our AI and Machine Learning For Dummies PRO App can help you Ace the following AI and Machine Learning certifications:
CyberSecurity – What are some things that get a bad rap, but are actually quite secure?
Cybersecurity is an important issue for everyone, from individuals to large organizations. There are many things that get a bad rap when it comes to cybersecurity, but that doesn’t mean they’re not secure. For example, PGP (Pretty Good Privacy) is a method of encrypting emails that is considered to be very secure. However, it can be difficult to set up and use. Another example is using very long passwords that are actually a sentence. This may seem like a security risk, but it’s actually more secure than a shorter password because it’s more difficult for hackers to guess. Additionally, changing the default port for certain services like databases can help to prevent hacking. Unplugging the ethernet cable may also seem like a security risk, but it’s actually one of the most effective ways to prevent data breaches. Finally, browser password managers are often considered to be insecure, but they’re actually quite secure if used properly. Cybersecurity is an important issue, and there are many things that can be done to help prevent hacking and data breaches.
There are a lot of CyberSecurity myths out there. People think that X, Y, and Z are the most secure way to do things when in reality, they are the least secure. The biggest myth is that PGP is unbreakable. PGP has been broken many times and is not a reliable form of CyberSecurity. Another myth is that very long passwords are secure. The problem with very long passwords is that they are difficult to remember and often get written down somewhere. If a hacker gets ahold of your password, they can easily access your account. The best way to prevent CyberSecurity breaches is to use MFA, OAuth, and two-step verification whenever possible. These methods make it much more difficult for hackers to gain access to your accounts. While they may not be foolproof, they are the best CyberSecurity measure available.
As a protocol, PGP is surprising simple. Here is what happens if you want to use it to securely send a message to someone:
You get from them a PGP identity (public key). How you do that is entirely up to you.
Your PGP program uses that identity to perform a single public key encryption of a message key.
Then the message key is used to encrypt the message which is added to the encrypted message key to make the encrypted message.
Your correspondent does the opposite operations to get the message.
If you want to sign your message then you:
Hash the message.
Do a public key signature operation on the hash and attach the result to the message.
Your correspondent checks the signature from your PGP identity, which they have acquired somehow.
The simple key handling is where the minimalism comes from. It is why PGP can be used in so many non-email contexts.
As a contrast, consider the Signal Protocol for instant messaging. I will not attempt to describe Signal in any detail as I would get parts of it wrong. It would also make for a pointlessly long article. There is a high level description of the Signal protocol here. None of the following comments are intended to be critical, they are intended to give an idea of the level of complexity of the protocol in total:
Signal has at least 2 systems for creating forward secrecy. Each system requires a system to deal with loss of synchronization.
A Signal session requires the storage and maintenance of a lot of state information.
Signal normally uses a server based “prekey” system to deal with the case where a client is offline and thus is unable to negotiate.
Signal achieves partial deniability with a triple Diffie-Hellman key exchange. OpenPGP achieves complete deniability by not signing the message in the first place.
Supporting the Signal protocol in practice requires a separate system to store and protect past messages1). Since this is at odds with forward secrecy such a system will end up with a system to delete old messages.
The Signal Protocol is built on ideas from the Off the Record (OTR) protocol. Interestingly enough, OTR was intended to improve PGP by adding extra functionality. Signal adds functionality on top of the OTR functionality. So Signal could be considered the result of an attempt to improve something by making it more complex.
I believe that reliability and security are best achieved with simple systems. OpenPGP is a standard that describes such a system.
2- Very long passwords that are actually a sentence
It could be bad if you just came up with it and forget it, and people think it’s bad if it only has lowercase and no numbers or punctuation. But a 5-6 word sentence could be quite secure, especially if it’s a bit weird. “Lemons make a delicious snack in my house.”
I tell all my old relatives to write their passwords down in a little notebook. As long as there isn’t someone there regularly I don’t trust, it is much better than using same password and if their physical security at their house is compromised, there are bigger concerns than a notebook of banking passwords.
We write down all the passwords to our most secure systems – but then we rip them in half and put them in 2 separate safes.
Did I say passwords? I meant encryption keys.
4- Changing default ports for certain services like dbs
Most of the gangs out there use tools that don’t do a full search, so they go through the default port list
5- MFA in general.
Takes 60 seconds to set up, and an additional 5s each time you use it, but can save you hours if not days of manual recovery efforts with support to regain access to a compromised account. Yet people don’t like the idea.
If you are using TOTP for your MFA, you can even put it right in the browser with a plug-in. I use this approach for work. It’s very convenient.
If you use a password manager that supports TOTP and auto type (e.g. KeePassXC) then you don’t even need to mess with it once you have it set up.
Those “sign into our app with your (Google, Microsoft, etc) account” things. As long as you trust the ID provider and the app, it’s usually secure. More so, considering it prevents password reuse, and you aren’t exposed if any of those 3rd party apps have a breach.
7- Two-step verification.
Yes it’s annoying to need two devices every time you want to log into your most precious accounts, but trust me, I’d rather take the extra 10 seconds to authorize a login than go through the hell of having my account breached.
The argument is that ‘you can’t change your face/finger’ but it is actually more secure than other ‘magic link’ providers.
Let me be clear, there are some providers that are still iffy on security. But there are also some that have device native authentication (you need the device to auth), they don’t store passwords or password hashes, and only has public keys.
One example of this is https://passage.id/ which is about as secure as you can get.
9- Zoom.
Yes, they had a bunch of issues at the start, but they fixed them. I would much rather work with a company that had security assessments and fixed the problems rather than a company which has never been assessed.
10- Unplugging the ethernet cable.
11- Browser password managers?
Rant moment: reasons cybersecurity fails
<Rant>
People don’t see value of putting effort in cybersecurity because they don’t see any material gains from it. The best thing they can see is nothing bad happening.
No news isn’t good enough of a good news. This is enough to mostly ignore all cybersecurity advice altogether.
This is similar to people not taking care of themselves health-wise, because the best things they can see is not getting sick.
</Rant>
Why do cyber attackers commonly use social engineering attacks?
Hackers commonly use social engineering attacks because they can be very effective. By using social engineering, hackers can take advantage of people’s trusting nature and willingness to help others. They can also exploit the fact that people are often not well-informed about security and privacy issues. For example, a hacker might pose as a customer service representative and ask for someone’s password. Or, they might send an email that looks like it is from a trusted source, such as a bank or government agency, and ask the recipient to click on a link or download an attachment. If the person falls for the deception, the hacker can gain access to their accounts or infect their computer with malware. That is why it is important to be aware of these types of attacks and know how to protect yourself.
Cyber attackers commonly use social engineering attacks for a number of reasons. First, hacking into a person’s or organization’s computer systems is becoming increasingly difficult as security measures become more sophisticated. Second, even if a hacker is able to gain access to a system, they are likely to be discovered and caught before they can do any significant damage. Third, social engineering attacks allow hackers to bypass security measures and obtain sensitive information without being detected. Finally, social media platforms have made it easier for cyber attackers to obtain personal information about their targets and to carry out attacks. As a result, social engineering attacks are an attractive option for many cyber attackers.
To conclude:
Cybersecurity is often thought of as a complex and technical field, but there are actually many simple things that everyone can do to help stay safe online. For example, one way to protect your online communications is to use PGP encryption. This type of encryption is incredibly difficult for even the most skilled hacker to break, but it’s also easy to use. Another way to improve your cybersecurity is to use very long passwords that are actually a sentence. This may seem daunting, but using a phrase as your password makes it much harder for hackers to guess. Additionally, changing the default ports for certain services can help prevent unauthorized access. And finally, unplugging the ethernet cable when you’re not using it is a great way to physically block hackers from accessing your device. By following these simple tips, you can dramatically improve your cybersecurity and protect your privacy.
As the complexity of retail environments continues to rise, the demand for more effective and reliable security solutions has become…Continue reading on Medium »
The soft hum of fluorescent lights buzzed in the silence, punctuated only by the rhythmic tap-tap of Emily Graves’s fingers on her…Continue reading on Medium »
In today’s world of digital security, data privacy is a top concern for everyone — from individuals to businesses. One of the most common…Continue reading on Medium »
Artificial Intelligence (AI):
Refers to systems that can simulate human intelligence, such as speech recognition, decision-making, and…Continue reading on Medium »
The EU must act decisively to cauterise the wound that a far-right, pro-Russia government in Romania could inflict on our collective…Continue reading on Medium »
AntiCrack-DotNet is a .NET Project which Contains some useful techniques to detect debugging and other harmful actions and bypass methods which can be used by crackers to analyze your assembly, with syscall support. any feedback is appreciated. Anti-Debugging NtUserGetForegroundWindow (looks for bad active window names to check if it's a known debugger) Debugger.IsAttached Hide Threads From Debugger IsDebuggerPresent NtSetDebugFilterState Page Guard Breakpoints Detection NtQueryInformationProcess: ProcessDebugFlags, ProcessDebugPort, ProcessDebugObjectHandle NtClose: Invalid Handle, Protected Handle Parent Process Checking (Checks if parent are explorer.exe or cmd.exe) Detection of Hardware Breakpoints FindWindow (looks for bad window names) GetTickCount OutputDebugString Crashing Non-Managed Debuggers with a Debugger Breakpoint OllyDbg Format String Exploit Patching DbgUiRemoteBreakin and DbgBreakPoint (Anti-Debugger Attaching) Anti Virtualization Detecting Any.run Detecting Triage Detecting Qemu. Detecting Parallels. Detecting Sandboxie Detecting Comodo Container Detecting Qihoo360 Sandbox Detecting Cuckoo Sandbox Detecting VirtualBox and VMware Detecting HyperV Detecting Emulation Checking For Blacklisted Usernames Detecting KVM Detecting Wine Checking For Known Bad VM File Locations Checking For Known Bad Process Names Checking For Ports on the system (useful if the VM or the sandbox have no ports connected) Checking for devices created by VMs or Sandboxes Anti Dll Injection Taking Advantage of Binary Image Signature Mitigation Policy to prevent injecting Non-Microsoft Binaries. Checking if any injected libraries are present (simple dlls path whitelist check) Other Detections Detecting Most Anti Anti-Debugging Hooking Methods on Common Anti-Debugging Functions by checking for Bad Instructions on Functions Addresses and it detects user-mode anti anti-debuggers like scyllahide, and it can also detect some sandboxes which uses hooking to monitor application behaviour/activity (like Sandboxie/Sandboxie Plus, Hybrid Analysis, Cuckoo Sandbox, and a lot of other online malware analysis websites/applications). Detecting CLR Functions Hooking (like harmony hooks). submitted by /u/Minegama [link] [comments]
Hi , I'm a junior in the Cyber Security world. I got 2 years experience in Vulnerability Management with a bit of Networking FW (6 month ) in the banking industry (2 differents Job ). I had a big disagreement with my boss at my second job and I quit . Me thinking that the market was still an employee market like during covid . I thought I was a big shoot , I did over 50 interviews and I didnt work for 11 month.Worst Time in my life .. During my 50 interviews , I realise like Vulnerability management isn't a relevant as web security , admin ,network security and I need to work on my skills, knowledge and improve to become more attractive candidate for the future .My current employer give me a new chance and that how I ended here with SAP . Not by choice more by desperation Now I work as a SAP Security Analyst mostly on Object Authorization , creating roles and giving the right access mostly PFCG stuff (Identity management). I have been here for a 1 year now. I'm still have a hard time to understand SAP , it's a big system and I only work in my line and I get lost sometime during meeting that's different story .My employer and the team are great , I'm contempt . However , I feel that I need to take a decision where the longer I stay in SAP the experience acquired in SAP will only be beneficial for company who's uses SAP and it will narrow down my career opportunities for later on. I doing an analysis on number of jobs and salaries. It doesn't seem very attractive versus blue team jobs with the really small data I'm seeing. Which is surprising because SAP security kind have a barrier to entry like it's expensive and you can't learn on your own , if you comparing to pentesting and network that you can learn a couple of VM .Even resource to learn , outside of SAP forum, not disrespect our fellow Indians brothers with thick accent , it's difficult . I want to get good and get paid and I'm not sure that is the case with SAP Security... I Don't see a good ROI . Maybe I'm wrong and I don't see the full picture. I need to change career now or it will hurt me and I cant continue to accept a low pay because my past experience aren't relevant for the current position . Thank You submitted by /u/ResearchSuccessful87 [link] [comments]
I was wondering whether there are any good recent incident reports to read. Whenever I search up ‘DDOS incident reports’, for example, no reports about any incidents pop up. submitted by /u/awsswaawsswa [link] [comments]
I’ve been collecting scenarios for attacks and how to detect them through log analysis. Advanced Log Analysis: Detection for 36 Advanced Scenarios.'These scenarios are not the usual ones, but the detection methods are quite interesting. I’d like to add some additional details and create a checklist with extra insights https://karim-ashraf.gitbook.io/karim_ashraf_space/writeups/advanced-log-analysis submitted by /u/Such-Phase-6406 [link] [comments]
Hi guys, Phishing nowadays is getting more sophisticated, especially with services and tools like EvilProxy and EvilGinx. Many organizations still hold onto the outdated idea that MFA alone is enough for security. I think we can all agree that’s not the case anymore. I’d love to hear from the community about some practical ways to protect against these AITM phishing attacks. Any advice? submitted by /u/Random-Gibberish [link] [comments]
Has anyone forced users to move from traditial mfa to phishing resistant mfa and if so how did you manage that migration process? submitted by /u/Refracted_Unicorn [link] [comments]
Hi Guys; I am curious about the threat intelligence function in large corporations, not security research firms or behemoths Google, Apple etc. How much of your own security research and attribution do you do? How much is using intelligence from vendors such as RF to help review your security controls? Do you use the intelligence to contribute to threat modelling? The above are general ideas but I am keen to hear what others think. FYI - I am in a company where there is a debate on how much attribution we should do vs use intelligence from vendors? submitted by /u/Administrative_Cod45 [link] [comments]
Recently, there has been an increasing number of concerns about the security of referral links in Telegram bots, especially regarding what they can expose and how they work. Let's dive into the potential risks and explain how a standard referral system, when implemented correctly, remains secure. Referral Links & Identifying Users: One of the main concerns is the tracking of users via referral links. When you receive a link from someone, it may appear like a potential risk because it includes an identifier at the end of the URL. But in most cases, this identifier is merely there to ensure that the person who invited you gets credit for the referral. The inviter’s ID is not inherently dangerous, but rather a feature of a referral system. Are These Links Secure?: Links that contain referral information do not grant any special permissions or access to your account. They are simply a part of the referral process. As long as the bot or platform is reputable, and the link is used within the bot environment, there is no risk. External Payment Links: If a payment link is generated by the bot and it redirects to an external page, such as a payment processor (like Shaparak), it’s important to verify the authenticity of the payment provider. These links are typically safe as long as the transaction is carried out through a trusted third-party payment gateway and not executed outside the bot. Conclusion: It's crucial to differentiate between a genuine referral system that is used for tracking purposes and malicious links that might try to steal information. Understanding how these systems work can significantly reduce your concerns. What do you think – should these links be treated as a threat, or is the real risk coming from unknown sources outside the trusted bot environment? submitted by /u/BebinShopBot [link] [comments]
Hi everyone, I run a Discord server with a subscription-based entry. Recently, we discovered that there's a bot in our server that's mirroring messages to another Discord channel. This is a big concern for us, as the server has a large number of members, and manually checking each user is impractical. We're looking for advice on how to: Identify the bot that's mirroring our messages. Prevent this from happening in the future while ensuring a smooth experience for legitimate users. We already use basic moderation bots for roles and permissions, but this issue seems to bypass our current setup. Any tips, tools, or strategies to handle this kind of situation would be greatly appreciated! Thanks in advance for your help! submitted by /u/Aware-Fail5417 [link] [comments]
https://www.alteredsecurity.com/post/certified-red-team-professional-crtp Purchased 30 day CRTP I haven't done AD in awhile, my background is vulnerability management. How many of y'all passed with no experience/knowing anything about AD plus purchased the 30 day. I've started looking at the videos and it's so much information to consume. Thanks submitted by /u/Geeeyjgrgh-Wrap446 [link] [comments]
I’ve been noticing quite a bit more malicious messages that have managed to evade detection at our mail gateway over the past month or so specifically. I know the holiday season is upon us and threat actors are ramping up their efforts. Answers may vary based on vendor, etc, but just curious to see if anyone else notices? I’ve also specifically seen malicious URLs that are masked via Sophos or Proofpoint, or any mail gateway vendor for that matter being sent in messages and these ones are the ones that manage to slip their way through rather easily. submitted by /u/notap1r473 [link] [comments]
If you’ve worked on incident response in cybersecurity, what’s been the most frustrating part of it? For me, it’s tools that don’t play nicely together... it makes me pissed of all the time. What’s the one thing that really drives you crazy? Endless alerts? Slow investigations? Something else? submitted by /u/GDemay [link] [comments]
This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away! Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we're working on making this more easily searchable for the future. submitted by /u/AutoModerator [link] [comments]
Today I Learned (TIL) You learn something new every day; what did you learn today? Submit interesting and specific facts about something that you just found out here.
Reddit Science This community is a place to share and discuss new scientific research. Read about the latest advances in astronomy, biology, medicine, physics, social science, and more. Find and submit new publications and popular science coverage of current research.