CyberSecurity – What are some things that get a bad rap, but are actually quite secure?

Proxy vs VPN

You can translate the content of this page by selecting a language in the select box.

Ace the AWS Cloud Practitioner Certification CCP CLF-C02 Exam: Prepare and Ace the AWS Cloud Practitioner Certification CCP CLF-C02

CyberSecurity - What are some things that get a bad rap, but are actually quite secure?

CyberSecurity – What are some things that get a bad rap, but are actually quite secure?

Cybersecurity is an important issue for everyone, from individuals to large organizations. There are many things that get a bad rap when it comes to cybersecurity, but that doesn’t mean they’re not secure. For example, PGP (Pretty Good Privacy) is a method of encrypting emails that is considered to be very secure. However, it can be difficult to set up and use. Another example is using very long passwords that are actually a sentence. This may seem like a security risk, but it’s actually more secure than a shorter password because it’s more difficult for hackers to guess. Additionally, changing the default port for certain services like databases can help to prevent hacking. Unplugging the ethernet cable may also seem like a security risk, but it’s actually one of the most effective ways to prevent data breaches. Finally, browser password managers are often considered to be insecure, but they’re actually quite secure if used properly. Cybersecurity is an important issue, and there are many things that can be done to help prevent hacking and data breaches.

There are a lot of CyberSecurity myths out there. People think that X, Y, and Z are the most secure way to do things when in reality, they are the least secure. The biggest myth is that PGP is unbreakable. PGP has been broken many times and is not a reliable form of CyberSecurity. Another myth is that very long passwords are secure. The problem with very long passwords is that they are difficult to remember and often get written down somewhere. If a hacker gets ahold of your password, they can easily access your account. The best way to prevent CyberSecurity breaches is to use MFA, OAuth, and two-step verification whenever possible. These methods make it much more difficult for hackers to gain access to your accounts. While they may not be foolproof, they are the best CyberSecurity measure available.

1- PGP

PGP is a Form of Minimalism

As a protocol, PGP is surprising simple. Here is what happens if you want to use it to securely send a message to someone:


AI Unraveled: Demystifying Frequently Asked Questions on Artificial Intelligence
  1. You get from them a PGP identity (public key). How you do that is entirely up to you.
  2. Your PGP program uses that identity to perform a single public key encryption of a message key.
  3. Then the message key is used to encrypt the message which is added to the encrypted message key to make the encrypted message.
  4. Your correspondent does the opposite operations to get the message.

If you want to sign your message then you:

  1. Hash the message.
  2. Do a public key signature operation on the hash and attach the result to the message.
  3. Your correspondent checks the signature from your PGP identity, which they have acquired somehow.

The simple key handling is where the minimalism comes from. It is why PGP can be used in so many non-email contexts.


Ace the AWS Solutions Architect Associates SAA-C03 Certification Exam : Quizzes, Flashcards, Practice Exams, Cheat Sheets, I passed SAA Testimonials, Tips and Tricks to ace the SAA-C03 exam

As a contrast, consider the Signal Protocol for instant messaging. I will not attempt to describe Signal in any detail as I would get parts of it wrong. It would also make for a pointlessly long article. There is a high level description of the Signal protocol here. None of the following comments are intended to be critical, they are intended to give an idea of the level of complexity of the protocol in total:

  • Signal has at least 2 systems for creating forward secrecy. Each system requires a system to deal with loss of synchronization.
  • A Signal session requires the storage and maintenance of a lot of state information.
  • Signal normally uses a server based “prekey” system to deal with the case where a client is offline and thus is unable to negotiate.
  • Signal achieves partial deniability with a triple Diffie-Hellman key exchange. OpenPGP achieves complete deniability by not signing the message in the first place.
  • Supporting the Signal protocol in practice requires a separate system to store and protect past messages1). Since this is at odds with forward secrecy such a system will end up with a system to delete old messages.

The Signal Protocol is built on ideas from the Off the Record (OTR) protocol. Interestingly enough, OTR was intended to improve PGP by adding extra functionality. Signal adds functionality on top of the OTR functionality. So Signal could be considered the result of an attempt to improve something by making it more complex.

I believe that reliability and security are best achieved with simple systems. OpenPGP is a standard that describes such a system.

2- Very long passwords that are actually a sentence

It could be bad if you just came up with it and forget it, and people think it’s bad if it only has lowercase and no numbers or punctuation. But a 5-6 word sentence could be quite secure, especially if it’s a bit weird. “Lemons make a delicious snack in my house.”

3- Writing passwords down.

I tell all my old relatives to write their passwords down in a little notebook. As long as there isn’t someone there regularly I don’t trust, it is much better than using same password and if their physical security at their house is compromised, there are bigger concerns than a notebook of banking passwords.

We write down all the passwords to our most secure systems – but then we rip them in half and put them in 2 separate safes.

Did I say passwords? I meant encryption keys.

If you are looking for an all-in-one solution to help you prepare for the AWS Cloud Practitioner Certification Exam, look no further than this AWS Cloud Practitioner CCP CLFC01 book

4- Changing default ports for certain services like dbs

Most of the gangs out there use tools that don’t do a full search, so they go through the default port list

5- MFA in general.

Takes 60 seconds to set up, and an additional 5s each time you use it, but can save you hours if not days of manual recovery efforts with support to regain access to a compromised account. Yet people don’t like the idea.

If you are using TOTP for your MFA, you can even put it right in the browser with a plug-in. I use this approach for work. It’s very convenient.

If you use a password manager that supports TOTP and auto type (e.g. KeePassXC) then you don’t even need to mess with it once you have it set up.

6- Oauth for 3rd party apps.

Those “sign into our app with your (Google, Microsoft, etc) account” things. As long as you trust the ID provider and the app, it’s usually secure. More so, considering it prevents password reuse, and you aren’t exposed if any of those 3rd party apps have a breach.

7- Two-step verification.

Yes it’s annoying to need two devices every time you want to log into your most precious accounts, but trust me, I’d rather take the extra 10 seconds to authorize a login than go through the hell of having my account breached.

8-Biometric Authentication.

The argument is that ‘you can’t change your face/finger’ but it is actually more secure than other ‘magic link’ providers.

Let me be clear, there are some providers that are still iffy on security. But there are also some that have device native authentication (you need the device to auth), they don’t store passwords or password hashes, and only has public keys.

One example of this is https://passage.id/ which is about as secure as you can get.

9- Zoom.

Yes, they had a bunch of issues at the start, but they fixed them. I would much rather work with a company that had security assessments and fixed the problems rather than a company which has never been assessed.

10- Unplugging the ethernet cable.

11- Browser password managers?

Rant moment: reasons cybersecurity fails

<Rant>

Djamgatech: Build the skills that’ll drive your career into six figures: Get Djamgatech.

People don’t see value of putting effort in cybersecurity because they don’t see any material gains from it. The best thing they can see is nothing bad happening.

No news isn’t good enough of a good news. This is enough to mostly ignore all cybersecurity advice altogether.

This is similar to people not taking care of themselves health-wise, because the best things they can see is not getting sick.

</Rant>

Why do cyber attackers commonly use social engineering attacks?

Hackers commonly use social engineering attacks because they can be very effective. By using social engineering, hackers can take advantage of people’s trusting nature and willingness to help others. They can also exploit the fact that people are often not well-informed about security and privacy issues. For example, a hacker might pose as a customer service representative and ask for someone’s password. Or, they might send an email that looks like it is from a trusted source, such as a bank or government agency, and ask the recipient to click on a link or download an attachment. If the person falls for the deception, the hacker can gain access to their accounts or infect their computer with malware. That is why it is important to be aware of these types of attacks and know how to protect yourself.

Cyber attackers commonly use social engineering attacks for a number of reasons. First, hacking into a person’s or organization’s computer systems is becoming increasingly difficult as security measures become more sophisticated. Second, even if a hacker is able to gain access to a system, they are likely to be discovered and caught before they can do any significant damage. Third, social engineering attacks allow hackers to bypass security measures and obtain sensitive information without being detected. Finally, social media platforms have made it easier for cyber attackers to obtain personal information about their targets and to carry out attacks. As a result, social engineering attacks are an attractive option for many cyber attackers.

To conclude:

Cybersecurity is often thought of as a complex and technical field, but there are actually many simple things that everyone can do to help stay safe online. For example, one way to protect your online communications is to use PGP encryption. This type of encryption is incredibly difficult for even the most skilled hacker to break, but it’s also easy to use. Another way to improve your cybersecurity is to use very long passwords that are actually a sentence. This may seem daunting, but using a phrase as your password makes it much harder for hackers to guess. Additionally, changing the default ports for certain services can help prevent unauthorized access. And finally, unplugging the ethernet cable when you’re not using it is a great way to physically block hackers from accessing your device. By following these simple tips, you can dramatically improve your cybersecurity and protect your privacy.

source: r/cybersecurity

Source: r/cybersecurity

  • Cyber Security Topics in my CCNA Journey — Part 1
    by Andrew Goulette (Cybersecurity on Medium) on October 1, 2023 at 5:31 pm

    Greetings! If you haven’t read the into to this series, I suggest you do so here:Continue reading on Medium »

  • Cybersecurity Weekly Issue 19
    by This Week In I/O (Cybersecurity on Medium) on October 1, 2023 at 5:19 pm

    The 19th issue of Cybersecurity Weekly, which curates the latest cybersecurity industry news.Continue reading on Cybersecurity Weekly »

  • Cybersecurity Weekly Issue 19
    by This Week In I/O (Security on Medium) on October 1, 2023 at 5:19 pm

    The 19th issue of Cybersecurity Weekly, which curates the latest cybersecurity industry news.Continue reading on Cybersecurity Weekly »

  • Understanding and Mitigating Broken Authentication in Web Applications
    by Abu Talha (Cybersecurity on Medium) on October 1, 2023 at 5:11 pm

    Web applications play a pivotal role in today’s digital landscape. They store and manage vast amounts of sensitive user data, ranging from…Continue reading on Medium »

  • The Essential Programming Languages for Cyber Security.
    by Kabir Kabir Tandama (Cybersecurity on Medium) on October 1, 2023 at 5:10 pm

    Continue reading on Medium »

  • Ensuring Online Safety: A Spooky Guide for Global Security Awareness Month
    by Stephanie Chavez Alvarez (Cybersecurity on Medium) on October 1, 2023 at 4:55 pm

    IntroductionContinue reading on Medium »

  • Ensuring Online Safety: A Spooky Guide for Global Security Awareness Month
    by Stephanie Chavez Alvarez (Security on Medium) on October 1, 2023 at 4:55 pm

    IntroductionContinue reading on Medium »

  • Chat GPT
    by Dylanlynn (Security on Medium) on October 1, 2023 at 4:40 pm

    Continue reading on Medium »

  • Trusted-AI: A Beginner’s AI-Security Guide
    by Ahmad Alismail (Cybersecurity on Medium) on October 1, 2023 at 4:32 pm

    AI systems are used increasingly in various applications, including autonomous vehicles, medical diagnostics, and biometric authentication…Continue reading on Medium »

  • How to Configure FFmpeg as an Introduction Detection System on Your Ubuntu Desktop?
    by Kabir Kabir Tandama (Cybersecurity on Medium) on October 1, 2023 at 4:29 pm

    Find Who Tried Login To Your Laptop In Your Absence Continue reading on Medium »

  • Security Architecture Series Episode 3
    by Kannammal G (Cybersecurity on Medium) on October 1, 2023 at 4:23 pm

    Digital Certificate -X.509 standardContinue reading on Cloudnloud Tech Community »

  • DDOS attack on Royal family’s website
    by GeekCorner (Security on Medium) on October 1, 2023 at 4:22 pm

    A Royal source has confirmed that a cyber attack, the denial of service attack (DDoS) has targated the royal website. A DDoS is when an…Continue reading on Medium »

  • The Reality of Cyber Threats: Recent Cyber Attacks & Data Breaches
    by Chetan Bansal (Cybersecurity on Medium) on October 1, 2023 at 4:14 pm

    IntroductionContinue reading on Medium »

  • How to Protect Your Data From Ransomware Attacks In 2023
    by Hope Edet (Cybersecurity on Medium) on October 1, 2023 at 4:03 pm

    What Is Ransomware?Continue reading on Medium »

  • NFTs
    by Futurewicks (Security on Medium) on October 1, 2023 at 3:47 pm

    Continue reading on Medium »

  • In
    by Futurewicks (Security on Medium) on October 1, 2023 at 3:45 pm

    Continue reading on Medium »

  • ChatGPT: The Ultimate Tool for Penetration Testers — SecurityCipher
    by Piyush Kumawat (securitycipher) (Security on Medium) on October 1, 2023 at 3:43 pm

    As a penetration tester or bug bounty hunter, you know the importance of having the right tools at your disposal. ChatGPT is a powerful AI…Continue reading on Medium »

  • Pays
    by Bravehart (Security on Medium) on October 1, 2023 at 3:39 pm

    Continue reading on Medium »

  • Metaverse
    by Gshaw (Security on Medium) on October 1, 2023 at 3:33 pm

    Continue reading on Medium »

  • Blockchain
    by Gshaw (Security on Medium) on October 1, 2023 at 3:32 pm

    Continue reading on Medium »

  • Analysis methods
    by /u/Final_Value3643 (cybersecurity) on October 1, 2023 at 9:12 am

    So I’m getting into threat intelligence and focusing on strategic and operational intelligence. What analysis method would you recommend? Thinking about hTMM or quantitative TMM but I have no clue. I’ve tried to look in cysa + but it’s kinda basic with no deeper explanation on the analysis methodology except for stride. submitted by /u/Final_Value3643 [link] [comments]

  • All Sony systems including PlayStations have been hacked, new ransomware gang claims and threatens to sell stolen data
    by /u/oilcupsap (cybersecurity) on October 1, 2023 at 9:07 am

    submitted by /u/oilcupsap [link] [comments]

  • Reporting technique
    by /u/sw4gyJ0hnson (cybersecurity) on October 1, 2023 at 5:09 am

    Hello, At my Job we're Monitoring different Data 3 web applications. So every month we're getting Security Reports from those applications but i want to Set those Data in context to the 2 previous months to Show the trending course in several charts. I dont want to manually Paste in those Data every month but thought about automating the process since the applications have working APIs. First of all - is there a Default way or Tool in the Security sector that offers this functionality? What Tools are you using ? Otherwise which Software should i use to get the Data from the APIs and can Automate charts and calculations ? Many thanks submitted by /u/sw4gyJ0hnson [link] [comments]

  • TikTok interview
    by /u/Status_Friendship_23 (cybersecurity) on October 1, 2023 at 3:50 am

    Hello everyone, I have a cybersecurity internship interview at TikTok scheduled for this week, and I'm quite unsure about the process. If anyone has any insights or previous experience with TikTok interviews, I would greatly appreciate it. Thank you in advance! submitted by /u/Status_Friendship_23 [link] [comments]

  • So, someone tried baiting people into downloading malware on r/cybersecurity (it didn't work) - a brief writeup
    by /u/tweedge (cybersecurity) on October 1, 2023 at 3:26 am

    submitted by /u/tweedge [link] [comments]

  • Level 1-4 Job Salaries
    by /u/variedlength (cybersecurity) on October 1, 2023 at 3:15 am

    I see these levels referred to a lot in cybersecurity jobs listings but they typically don’t list the salary ranges that come with them. They are consistent with experience/education required to fit within those levels but when doing some research on the salaries of those levels, there are inconsistencies. This is understandable because they’re different companies but I am wondering: what should these salaries look like? I ask because l’ll have a bachelors and 6 years experience which would place me in Level 2. Getting my master’s would put me in Level 3 and I’m wondering how much money I am leaving on the table without the masters degree, or if these salary ranges have overlap. Thanks. submitted by /u/variedlength [link] [comments]

  • Libwebp zero day - cve-2023-4863
    by /u/Constant-Luck-3588 (cybersecurity) on October 1, 2023 at 2:58 am

    Will aws inspector pick up on the new libwebp zero day ? Thanks. submitted by /u/Constant-Luck-3588 [link] [comments]

  • Cloudflare DDoS protections ironically bypassed using Cloudflare
    by /u/wewewawa (cybersecurity) on October 1, 2023 at 2:52 am

    submitted by /u/wewewawa [link] [comments]

  • Chinese Hackers Are Hiding in Routers in the US and Japan
    by /u/wewewawa (cybersecurity) on October 1, 2023 at 2:48 am

    submitted by /u/wewewawa [link] [comments]

  • Creating a threat package on SCATTERED SPIDER, need any advice
    by /u/TomTravelingThings (cybersecurity) on October 1, 2023 at 2:27 am

    I have an upcoming interview for a CyberSecurity Customer Success role and need to do the following: “ As a part of our interview process, we require candidates to deliver a simulated threat briefing. This simulation will mimic briefings that our team is required to deliver to customers as a part of their normal duties. · Topic: An overview of SCATTERED SPIDER’s targeting profile and TTPs” It needs to be between 4-7 slides and I have all the materials from sources, script, context, and etc. Agenda: Who is SCATTERED SPIDER? SCATTERED SPIDER targeting Overview Most Recent Event and Impact Recommendations and Mitigation Key Takeaways and Q&A From what you guys can see in my agenda, do you believe I cover a good overview of what they are requesting me? If not, any recommendations and tips? submitted by /u/TomTravelingThings [link] [comments]

  • CySA+ earned now what?
    by /u/Ok-Prune3223 (cybersecurity) on October 1, 2023 at 1:22 am

    After about 2 months of studying I managed to earn my CySA...now what? Not really a question about career paths thats obv for me I want to go into pen testing the main reason I got the CySA is because it covers the most 8570 requirements and I want to use it to get an entry level cyber job. But the question I have is what should I do now to get closer to my goal of pen testing/ethical hacking should I go for Pen+, CEH, or go balls to the wall and go for OSCP? submitted by /u/Ok-Prune3223 [link] [comments]

  • When to get SOC 2 and ISO 27001 Ready
    by /u/Ok-Pen-8450 (cybersecurity) on September 30, 2023 at 11:49 pm

    Hi all, New to SOC 2 and ISO 27001. I am trying to understand where and when SOC 2 and ISO 27001 fits in to building a SaaS product. Does SOC 2 and ISO 27001 framework need to get built in on the front end/back end (software coding development) for a SaaS product or can front and backend coding be completed and then can prep for SOC 2 and ISO 27001? Or does SOC 2 and ISO 27001 just get integrated with policies, procedure's and AWS security's enhancements after software development coding? ​ Does the Software Developer have to do anything to prep for SOC 2 and ISO 27001? or can SOC 2 and ISO 27001 implementation be done post software development coding? submitted by /u/Ok-Pen-8450 [link] [comments]

  • MacOs vs Cloud Red Teaming vs Exploit and Malware Development
    by /u/d4rk_hunt3r (cybersecurity) on September 30, 2023 at 11:00 pm

    I am having a hard time to choose a specialization in offensive security field. . I am already confident with the traditional pentest with few years of exp and some practical cert like eCPPT, eWPT and OSCP. . But as of now, I want to specialize in a specific subfield in offensive security world that is not so very common. I am thinking of this because I want to take a path where theres fewer competitions especially in hiring and I also want to contribute to subfields that there are very few free community resources as of now. . Here are what I am thinking but please feel free to add more and correct some: - MacOs PenTest - Cloud PenTest - Exploit and Malware Devlopment/Research - Hardware Hacking (Cars? Embedded?) - Aerospace (Satellite Hacking?) - And maybe you have more ideas? . Can you help me choose a subfield to focus on? Thank u so much! submitted by /u/d4rk_hunt3r [link] [comments]

  • API inventory?
    by /u/tristankalos (cybersecurity) on September 30, 2023 at 10:37 pm

    Do you have an API inventory in your company for security purposes? If yes, what are you using? Backstage.io? An excel file? ​ What approach do you recommend? submitted by /u/tristankalos [link] [comments]

  • Should being able to disable UPnP be a standard feature? And honestly, should UPnP even exist?
    by /u/3mbly (cybersecurity) on September 30, 2023 at 8:49 pm

    Everything that I know and have learned about UPnP makes it seem like a lazy and short sited feature that can only cause insecurity. From a security perspective, it seems like there is literally no good reason for UPnP to even exist, and I should at the very least have the option to turn it off. Am I wrong in believing that? submitted by /u/3mbly [link] [comments]

  • How do you automate things in IR?
    by /u/Chalupaboi23 (cybersecurity) on September 30, 2023 at 6:45 pm

    Hi all, I work in IR, been doing it for the last 5.5 years. Was curious and wanted to hear how you automated things within your current environment. What was the reasoning behind it, did you see improvements in incident resolution, efficiency, etc. Any input is appreciated. Thanks! submitted by /u/Chalupaboi23 [link] [comments]

  • Confused by Contradictory Vulnerability Data - Seeking Your Expert Insight
    by /u/Park-Helen (cybersecurity) on September 30, 2023 at 2:35 pm

    Hello everyone. I hope you are doing well. I am preparing a presentation on vulnerabilities and have been researching the topic extensively. However, I've found a lot of inconsistencies across different websites and books - each source seems to define and categorize vulnerabilities differently. This has left me feeling quite confused about what information is accurate. Do any of you have recommendations for authoritative books, articles, or other reliable sources I could reference to learn more about vulnerabilities? I would greatly appreciate any suggestions you can offer. Please let me know if you know of some comprehensive yet understandable resources that could help clarify this topic for my presentation. submitted by /u/Park-Helen [link] [comments]

  • Are there worldwide remote positions?
    by /u/existo25 (cybersecurity) on September 30, 2023 at 1:58 pm

    Dear cybersecurity hiring managers of reddit, are there worldwide remote positions? I am wondering if i should widen my soc analyst job search. In Europe i can rarely find any position that allow real remote working. I can also say the same about American postings, if a position is remote, they will most likely want you to work from a given state of the US. submitted by /u/existo25 [link] [comments]

  • New Information Security Manager; Tips for First 90 Days
    by /u/Atlanta_Alchemist (cybersecurity) on September 30, 2023 at 12:29 pm

    Hey guys! I recently got hired as an Information Security Manager for a state department of transportation district. I have 6 years of experience in the field and some on and off experience leading security efforts in organizations. Even still, I have some concerns about how to approach the first 90 days. Can any fellow managers give some tips and advice on how to navigate this important time period? What questions should I ask to gain deep understanding of processes and practices? Additionally, can any junior or mid-level analysts/engineers give some insight into what they wish their new manager did in the first 90 days? Please and thank you! EDIT: I was told that I need to be a little more specific. In this role, I will be in charge of security operations, which include managing security controls and software, managing security of the data center, refreshing tools and technologies, vulnerability and patch management, policies and procedures, and other security requirements. There are a few more specifics but I don’t want to give out too many details. The systems being secured are Intelligent Transportation Systems, so dynamic message signs, traffic cameras, dispatch solutions for roadside assistance services, and traffic management systems. submitted by /u/Atlanta_Alchemist [link] [comments]

  • Continuing with penetration testing or smart contract auditing?
    by /u/MuhafiZ48 (cybersecurity) on September 30, 2023 at 10:55 am

    I've 3 years of experience in penetration testing, specialising in web, mobile, API and game pentesting. I've also worked on smart contract auditing and blockchain based apps pentesting in my last experience. However, after 1.5 years, I was laid off. I've been resting for a while, and I'll until November. The idea of shifting my career to a smart contract auditor role has always occupied my mind, and I've been improving my skills as I decided to shift. I'm learning JS, improving my blockchain and Solidity knowledge, and security vulnerabilities. However, I'm not sure if it's worth that much time and effort. Because, I'm sacrificing my pentesting skills when focusing solely on blockchain security, and getting a job is not guaranteed. I may participate in contests, but I can do bug bounty as well. But running both is truly overwhelming, and I do not want to lose my focus and dedication. What are your opinions for this case, and your recommendations for me? submitted by /u/MuhafiZ48 [link] [comments]

  • ISW: Russia's FSB supports law expanding digital surveillance
    by /u/KI_official (cybersecurity) on September 30, 2023 at 7:33 am

    submitted by /u/KI_official [link] [comments]

  • Balancing Productivity and Security with Admin Privileges
    by /u/Sweet_Peanut_5611 (cybersecurity) on September 30, 2023 at 6:15 am

    What's your thoughts on a CISO's decision to give all users admin privileges on their workstations? But other hand having security controls in place like EDR, DLP, Device management, MFA, conditional access, etc... submitted by /u/Sweet_Peanut_5611 [link] [comments]

  • Russian zero-day seller offers $20M for hacking Android and iPhones
    by /u/wewewawa (cybersecurity) on September 30, 2023 at 3:06 am

    submitted by /u/wewewawa [link] [comments]

  • Company hand waves security issues, and allows probing attacks.
    by /u/jorel43 (cybersecurity) on September 30, 2023 at 2:47 am

    I am in a pretty messed up situation, I started a new position two weeks ago and the new company doesn't have a web application firewall for their applications, they are relying on b2c for protection as the application redirects. In the logging I can see tons of probing attacks, it doesn't look like any of them are particularly successful but sooner or later I'm sure they're going to find something. the infrastructure is housed in AWS, the attacks are coming from AWS too. This company just hand waves all kinds of security issues, they have no vulnerability management tools or ingestion systems, and it doesn't look like they want to have them. Lol is it time in three four months to look for something else? Thanks submitted by /u/jorel43 [link] [comments]

  • What's been your biggest stomach drop mistake in your tech career?
    by /u/Who_Da_Fuck (cybersecurity) on September 29, 2023 at 1:00 pm

    Inspired by the Azure MFA post. When I was an implementation consultant and still new to SQL, I was writing a statement to delete records per client request, our ISE allowed you to test code by highlighting and it would only run what was highlighted, of course I ran the select and the not the where, and deleted millions of records in production, during busy season. Luckily we were running Oracle 11g at the time and had just gotten flashback functionality. After that we stuck to test enviroments. submitted by /u/Who_Da_Fuck [link] [comments]

  • Mentorship Monday - Post All Career, Education and Job questions here!
    by /u/AutoModerator (cybersecurity) on September 25, 2023 at 12:00 am

    This is the weekly thread for career and education questions and advice. There are no stupid questions; so, what do you want to know about certs/degrees, job requirements, and any other general cybersecurity career questions? Ask away! Interested in what other people are asking, or think your question has been asked before? Have a look through prior weeks of content - though we're working on making this more easily searchable for the future. submitted by /u/AutoModerator [link] [comments]

error: Content is protected !!