Posts: 2281
Threads: 16
Joined: January 17, 2010
Reputation:
69
RE: Ask a computer security expert (part 2)
July 17, 2017 at 7:22 am
(This post was last modified: July 17, 2017 at 7:23 am by Ben Davis.)
Do you have any advice for large-scale corporations, where technology can be older and more vulnerable and the capability for change not rapid enough to keep up with the efforts of hackers?
Apart from the obvious " Get newer tech and change faster!"
Sum ergo sum
Posts: 28432
Threads: 525
Joined: June 16, 2015
Reputation:
90
RE: Ask a computer security expert (part 2)
July 17, 2017 at 7:43 am
Describe your biggest bust (largest threat/potential threat foiled).
Being told you're delusional does not necessarily mean you're mental.
Posts: 20476
Threads: 447
Joined: June 16, 2014
Reputation:
111
RE: Ask a computer security expert (part 2)
July 17, 2017 at 7:59 am
MH, officially this didn't happen (but he ethically exploited a flaw and activated the security cameras in a popular ladies only gym and boy was there some big busts!)
No God, No fear.
Know God, Know fear.
Posts: 19881
Threads: 324
Joined: July 31, 2016
Reputation:
34
RE: Ask a computer security expert (part 2)
July 17, 2017 at 8:15 am
(July 17, 2017 at 12:53 am)Tiberius Wrote: I have a Bachelors degree in Computer Science, minoring in Information Security, and a Masters degree in Information Security, both from one of the most respected InfoSec institutions in the world. I currently work as an ethical hacker (penetration tester) and get paid to try and hack into various corporate software.
I used to have lunch with Eugene Spafford.
Posts: 14932
Threads: 684
Joined: August 25, 2008
Reputation:
143
RE: Ask a computer security expert (part 2)
July 17, 2017 at 9:38 am
(July 17, 2017 at 6:44 am)pocaracas Wrote: Why cover your webcam at all?
Isn't the LED hardwired to turn on when the camera is powered? You'll know if someone is using it without your permission.
No, that would be the smart thing to do. The LED in almost all cases is controlled by software. Besides, if you are distracted you will not notice it, and that's often when you are at your most vulnerable (e.g. naked, getting dressed, etc.)
(July 17, 2017 at 7:22 am)Ben Davis Wrote: Do you have any advice for large-scale corporations, where technology can be older and more vulnerable and the capability for change not rapid enough to keep up with the efforts of hackers?
Apart from the obvious " Get newer tech and change faster!"
There should always be plans to upgrade legacy tech as a long term solution, but if you need something for the short term:
Put the vulnerable machines in a separate part of the network / VLAN and firewall them off. If people need access to them, VPN through to them, or make them use a separate physical machine. Operate under the principle of least privilege: if the tech can run as a low-level user, do it. If the machines don't need Internet access, don't give it to them, etc. If the tech is part of a web service setup, install a WAF (web application firewall) in front of them to stop the basic attacks.
(July 17, 2017 at 7:43 am)mh.brewer Wrote: Describe your biggest bust (largest threat/potential threat foiled).
I don't really "foil" threats. I'm on the discovery / reporting side rather than actually doing the fixing. With that said, I think my "biggest" discovery happened only a couple of months ago, where I found a vulnerability in a (live) website that allowed me to run commands as the server administrator. That's pretty much the Holy Grail of what I do.
Posts: 30129
Threads: 304
Joined: April 18, 2014
Reputation:
92
RE: Ask a computer security expert (part 2)
July 17, 2017 at 3:50 pm
So, how much porn were you able to down load ?
The granting of a pardon is an imputation of guilt, and the acceptance a confession of it.
Posts: 19645
Threads: 177
Joined: July 31, 2012
Reputation:
92
RE: Ask a computer security expert (part 2)
July 17, 2017 at 6:25 pm
(July 17, 2017 at 9:38 am)Tiberius Wrote: (July 17, 2017 at 6:44 am)pocaracas Wrote: Why cover your webcam at all?
Isn't the LED hardwired to turn on when the camera is powered? You'll know if someone is using it without your permission.
No, that would be the smart thing to do. The LED in almost all cases is controlled by software.
Really?.... software?
[poca googles this]
indeed... amazing!
Still.... meh...
"According to this standard, the LED indicator light is controlled by the host software. The UVC utilities that come with Linux allow you to control this light directly with a command-line tool, being able to turn off the light while the camera is on.
To hack this on Windows appears to require a filter driver."
"USB has lots of interesting features. It's designed with the idea that a person without root/administrator access may still want to plug in a device and use it. Therefore, there is the idea of "user-mode" drivers, where a non-administrator can nonetheless install drivers to access the USB device."
Cool... now if only those hackers could get software to run on my machine... what are the odds?
(July 17, 2017 at 9:38 am)Tiberius Wrote: Besides, if you are distracted you will not notice it, and that's often when you are at your most vulnerable (e.g. naked, getting dressed, etc.)
Haha... and they're always watching, so they know when to turn the webcam on.... oh wait!
Posts: 10470
Threads: 165
Joined: May 29, 2013
Reputation:
53
RE: Ask a computer security expert (part 2)
July 17, 2017 at 6:30 pm
Were you a geek/nerd in school, or the cool kid on the block or somewhere in the middle?
"For me, it is far better to grasp the Universe as it really is than to persist in delusion, however satisfying and reassuring." - Carl Sagan
Posts: 20476
Threads: 447
Joined: June 16, 2014
Reputation:
111
RE: Ask a computer security expert (part 2)
July 17, 2017 at 6:58 pm
What's some of the dumbest hacking things you've seen in the movies?
Eg, matrix? Portscan?
No God, No fear.
Know God, Know fear.
Posts: 2692
Threads: 11
Joined: May 13, 2013
Reputation:
17
RE: Ask a computer security expert (part 2)
July 17, 2017 at 7:00 pm
AVG any good?
It's kinda bloaty ...
"The first principle is that you must not fool yourself — and you are the easiest person to fool." - Richard P. Feynman
|