Club PA 2.0 has arrived! If you'd like to access some extra PA content and help support the forums, check it out at patreon.com/ClubPA
The image size limit has been raised to 1mb! Anything larger than that should be linked to. This is a HARD limit, please do not abuse it.
Our new Indie Games subforum is now open for business in G&T. Go and check it out, you might land a code for a free game. If you're developing an indie game and want to post about it, follow these directions. If you don't, he'll break your legs! Hahaha! Seriously though.
Our rules have been updated and given their own forum. Go and look at them! They are nice, and there may be new ones that you didn't know about! Hooray for rules! Hooray for The System! Hooray for Conforming!

[Computer Security Thread] DejaBlue worms? Sounds so familiar, it makes me WannaCry.

1616263646567»

Posts

  • MugsleyMugsley Registered User regular
    To be clear, I have a Mech Eng degree and I'm looking into stuff like this because I have an affinity for technology and I'm debating on whether I'd like it as a change of pace (or just to pad my knowledge base). I work in a particular portion of the Fed that enjoys disassembling things, and cybersecurity is increasingly becoming its own department/focus in our organization.

    I'm also looking into stuff like a Public Administration degree because I think it would help a lot if I decide to move into a management track (similar with cyber, since that will be an aspect of pretty much any work I do going forward).

    Getting a MS in "more Engineering" doesn't interest me and I don't see it as a value-add because I'm not performing research or focusing heavily on a particular process (e.g. welding).

  • DarkewolfeDarkewolfe Registered User regular
    Most of the fed jobs in "cyber security" are policy jobs. They're about running down a checklist on something you don't entirely understand and marking compliance or not. Classic auditing.

    I juxtapose this against actual IT tradespeople who either do or don't do their jobs securely.

    What is this I don't even.
  • TetraNitroCubaneTetraNitroCubane Registered User regular
    So my bank, for all I begrudge them, has a pretty keen feature associated with their credit cards. There's a section of their website that allow you to generate temporary credit card numbers that are linked to your primary credit card account. These numbers are only valid for a use at single vendor, after which they no longer function. They also can set limits set on their spending, and expiration dates that you can establish. It is a feature that I use extensively for every online purchase I make, because if someone breaches that vendor, then the card number on record for me is useless.

    Turns out that part of my bank's website uses Flash.

    With Flash set to be completely retired, my bank's solution to this problem is simple: They're killing that service.

    Does anyone know of anything similar that can be used to generate temporary credit card numbers? I've heard of Privacy dot com, but I have NO interest in using that service, as they require you to provide credentials to your bank's website, and they link to your debit card, rather than credit card.

    VuIBhrs.png
    ThawmusBucketman
  • doomybeardoomybear Hi People Registered User regular
    I haven't done it myself (yet), but I have heard of people using reloadable cards for that kind of thing.

    what a happy day it is
  • CantidoCantido Registered User regular
    edited September 6
    Funny enough my work is making me take SANS Sec401, and I'm learning why I was able to shelve McAfee in favor of Windows Security Essentials. Microsoft is not fucking around with security updates. And the reason its free for household use is the Bullshit Money they make off the enterprise versions.

    I'm going to learn Active Directory, as well as Powershell.

    (Cryptography made my head spin.)

    Cantido on
    3DS Friendcode 5413-1311-3767
    LD50DrovekFremMugsleyBucketman
  • LD50LD50 Registered User regular
    Yeah, the so-called 'security essentials' is the av now.

    Thawmus
  • RadiationRadiation Registered User regular
    Mugsley wrote: »
    I am lowkey looking into cybersecurity programs. I heard on a podcast earlier this morning that Tulsa U and Idaho State have some of the better programs. I'm interested in online programs (and there's a reasonable chance I can get work to pay for tuition and some materials) so I'm not sure which universities offer that.

    I'm a decently-skilled user, but I'd like a program that starts with some basics and goes from there (so maybe some CompSci courses involved as well?).

    Thoughts?

    I know I'm a bit late to the party.
    @Mugsley might be worth looking at WGU which has certs that are the finals sort of? Super online friendly, and I've found it pretty great so far.

    PSN: jfrofl
    Bucketman
  • TetraNitroCubaneTetraNitroCubane Registered User regular
    edited September 14
    Welp. WELP.
    Hackers are actively exploiting a critical weakness found in most mobile phones to surreptitiously track the location of users and possibly carry out other nefarious actions, researchers warned on Thursday.

    The so-called Simjacker exploits work across a wide range of mobile devices, regardless of the hardware or software they rely on, researchers with telecom security firm AdaptiveMobile Security said in a post. The attacks work by exploiting an interface intended to be used solely by cell carriers so they can communicate directly with the SIM cards inside subscribers’ phones. The carriers can use the interface to provide specialized services such as using the data stored on the SIM to provide account balances.

    Simjacker abuses the interface by sending commands that track the location and obtain the IMEI identification code of phones. They might also cause phones to make calls, send text messages, or perform a range of other commands.

    Dan Guido, a mobile security expert and the CEO of security firm Trail of Bits, told Ars the threat looked “pretty fucking bad.” He added: “This attack is platform-agnostic, affects nearly every phone, and there is little anyone except your cell carrier can do about it.

    Looks like just about everyone is at risk, and no one's going to get any relief from this until their mobile carrier fixes things on their end. And most mobile carriers are insisting they're not impacted, despite the fact that such a claim is dubious.

    Notably the location tracking has me much less worried than the theft of the IMEI code. That is much more significant and able to do nefarious things.

    TetraNitroCubane on
    VuIBhrs.png
    BlackDragon480bowenBucketman
Sign In or Register to comment.