Our server costs ~$56 per month to run. Please consider donating or becoming a Patron to help keep the site running. Help us gain new members by following us on Twitter and liking our page on Facebook!
Current time: December 25, 2024, 12:35 pm

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Ask a computer security expert (part 2)
#11
RE: Ask a computer security expert (part 2)
Do you have any advice for large-scale corporations, where technology can be older and more vulnerable and the capability for change not rapid enough to keep up with the efforts of hackers?

Apart from the obvious " Get newer tech and change faster!"
Sum ergo sum
Reply
#12
RE: Ask a computer security expert (part 2)
Describe your biggest bust (largest threat/potential threat foiled).
Being told you're delusional does not necessarily mean you're mental. 
Reply
#13
RE: Ask a computer security expert (part 2)
MH, officially this didn't happen (but he ethically exploited a flaw and activated the security cameras in a popular ladies only gym and boy was there some big busts!)
No God, No fear.
Know God, Know fear.
Reply
#14
RE: Ask a computer security expert (part 2)
(July 17, 2017 at 12:53 am)Tiberius Wrote: I have a Bachelors degree in Computer Science, minoring in Information Security, and a Masters degree in Information Security, both from one of the most respected InfoSec institutions in the world. I currently work as an ethical hacker (penetration tester) and get paid to try and hack into various corporate software.
 

I used to have lunch with Eugene Spafford.  Tongue
Reply
#15
RE: Ask a computer security expert (part 2)
(July 17, 2017 at 6:44 am)pocaracas Wrote: Why cover your webcam at all?
Isn't the LED hardwired to turn on when the camera is powered? You'll know if someone is using it without your permission.

No, that would be the smart thing to do. The LED in almost all cases is controlled by software. Besides, if you are distracted you will not notice it, and that's often when you are at your most vulnerable (e.g. naked, getting dressed, etc.)

(July 17, 2017 at 7:22 am)Ben Davis Wrote: Do you have any advice for large-scale corporations, where technology can be older and more vulnerable and the capability for change not rapid enough to keep up with the efforts of hackers?

Apart from the obvious " Get newer tech and change faster!"

There should always be plans to upgrade legacy tech as a long term solution, but if you need something for the short term:

Put the vulnerable machines in a separate part of the network / VLAN and firewall them off. If people need access to them, VPN through to them, or make them use a separate physical machine. Operate under the principle of least privilege: if the tech can run as a low-level user, do it. If the machines don't need Internet access, don't give it to them, etc. If the tech is part of a web service setup, install a WAF (web application firewall) in front of them to stop the basic attacks.


(July 17, 2017 at 7:43 am)mh.brewer Wrote: Describe your biggest bust (largest threat/potential threat foiled).

I don't really "foil" threats. I'm on the discovery / reporting side rather than actually doing the fixing. With that said, I think my "biggest" discovery happened only a couple of months ago, where I found a vulnerability in a (live) website that allowed me to run commands as the server administrator. That's pretty much the Holy Grail of what I do.
Reply
#16
RE: Ask a computer security expert (part 2)
So, how much porn were you able to down load ?

Tongue
 The granting of a pardon is an imputation of guilt, and the acceptance a confession of it. 




Reply
#17
RE: Ask a computer security expert (part 2)
(July 17, 2017 at 9:38 am)Tiberius Wrote:
(July 17, 2017 at 6:44 am)pocaracas Wrote: Why cover your webcam at all?
Isn't the LED hardwired to turn on when the camera is powered? You'll know if someone is using it without your permission.

No, that would be the smart thing to do. The LED in almost all cases is controlled by software.

Really?.... software?
[poca googles this]
indeed... amazing!


Still.... meh...

"According to this standard, the LED indicator light is controlled by the host software. The UVC utilities that come with Linux allow you to control this light directly with a command-line tool, being able to turn off the light while the camera is on.
To hack this on Windows appears to require a filter driver."
"USB has lots of interesting features. It's designed with the idea that a person without root/administrator access may still want to plug in a device and use it. Therefore, there is the idea of "user-mode" drivers, where a non-administrator can nonetheless install drivers to access the USB device."

Cool... now if only those hackers could get software to run on my machine... what are the odds?

(July 17, 2017 at 9:38 am)Tiberius Wrote: Besides, if you are distracted you will not notice it, and that's often when you are at your most vulnerable (e.g. naked, getting dressed, etc.)

Haha... and they're always watching, so they know when to turn the webcam on.... oh wait!
Reply
#18
RE: Ask a computer security expert (part 2)
Were you a geek/nerd in school, or the cool kid on the block or somewhere in the middle?
"For me, it is far better to grasp the Universe as it really is than to persist in delusion, however satisfying and reassuring." - Carl Sagan
Reply
#19
RE: Ask a computer security expert (part 2)
What's some of the dumbest hacking things you've seen in the movies?

Eg, matrix? Portscan?
No God, No fear.
Know God, Know fear.
Reply
#20
RE: Ask a computer security expert (part 2)
AVG any good?

It's kinda bloaty ...
"The first principle is that you must not fool yourself — and you are the easiest person to fool." - Richard P. Feynman
Reply



Possibly Related Threads...
Thread Author Replies Views Last Post
  Ask a psychiatric/hospital security guard... Bob Kelso 34 7543 September 20, 2015 at 9:27 pm
Last Post: Bob Kelso
  Ask a computer security expert. Tiberius 25 4798 May 30, 2015 at 7:07 pm
Last Post: pocaracas



Users browsing this thread: 1 Guest(s)