|
Ask a computer security expert (part 2)
|
 RE: Ask a computer security expert (part 2)
July 17, 2017 at 7:22 am
(This post was last modified: July 17, 2017 at 7:23 am by Ben Davis.)
Do you have any advice for large-scale corporations, where technology can be older and more vulnerable and the capability for change not rapid enough to keep up with the efforts of hackers?
Apart from the obvious " Get newer tech and change faster!"
Sum ergo sum
Describe your biggest bust (largest threat/potential threat foiled).
I don't have an anger problem, I have an idiot problem.
MH, officially this didn't happen (but he ethically exploited a flaw and activated the security cameras in a popular ladies only gym and boy was there some big busts!)
No God, No fear.
Know God, Know fear.  (July 17, 2017 at 12:53 am)Tiberius Wrote: I have a Bachelors degree in Computer Science, minoring in Information Security, and a Masters degree in Information Security, both from one of the most respected InfoSec institutions in the world. I currently work as an ethical hacker (penetration tester) and get paid to try and hack into various corporate software. I used to have lunch with Eugene Spafford. 
 (July 17, 2017 at 6:44 am)pocaracas Wrote: Why cover your webcam at all? No, that would be the smart thing to do. The LED in almost all cases is controlled by software. Besides, if you are distracted you will not notice it, and that's often when you are at your most vulnerable (e.g. naked, getting dressed, etc.) (July 17, 2017 at 7:22 am)Ben Davis Wrote: Do you have any advice for large-scale corporations, where technology can be older and more vulnerable and the capability for change not rapid enough to keep up with the efforts of hackers? There should always be plans to upgrade legacy tech as a long term solution, but if you need something for the short term: Put the vulnerable machines in a separate part of the network / VLAN and firewall them off. If people need access to them, VPN through to them, or make them use a separate physical machine. Operate under the principle of least privilege: if the tech can run as a low-level user, do it. If the machines don't need Internet access, don't give it to them, etc. If the tech is part of a web service setup, install a WAF (web application firewall) in front of them to stop the basic attacks. (July 17, 2017 at 7:43 am)mh.brewer Wrote: Describe your biggest bust (largest threat/potential threat foiled). I don't really "foil" threats. I'm on the discovery / reporting side rather than actually doing the fixing. With that said, I think my "biggest" discovery happened only a couple of months ago, where I found a vulnerability in a (live) website that allowed me to run commands as the server administrator. That's pretty much the Holy Grail of what I do. 
So, how much porn were you able to down load ?
The granting of a pardon is an imputation of guilt, and the acceptance a confession of it.
 (July 17, 2017 at 9:38 am)Tiberius Wrote:(July 17, 2017 at 6:44 am)pocaracas Wrote: Why cover your webcam at all? Really?.... software? [poca googles this] indeed... amazing! Still.... meh... "According to this standard, the LED indicator light is controlled by the host software. The UVC utilities that come with Linux allow you to control this light directly with a command-line tool, being able to turn off the light while the camera is on. To hack this on Windows appears to require a filter driver." "USB has lots of interesting features. It's designed with the idea that a person without root/administrator access may still want to plug in a device and use it. Therefore, there is the idea of "user-mode" drivers, where a non-administrator can nonetheless install drivers to access the USB device." Cool... now if only those hackers could get software to run on my machine... what are the odds? (July 17, 2017 at 9:38 am)Tiberius Wrote: Besides, if you are distracted you will not notice it, and that's often when you are at your most vulnerable (e.g. naked, getting dressed, etc.) Haha... and they're always watching, so they know when to turn the webcam on.... oh wait! 
Were you a geek/nerd in school, or the cool kid on the block or somewhere in the middle?
"For me, it is far better to grasp the Universe as it really is than to persist in delusion, however satisfying and reassuring." - Carl Sagan
What's some of the dumbest hacking things you've seen in the movies?
Eg, matrix? Portscan?
No God, No fear.
Know God, Know fear. |
|
« Next Oldest | Next Newest »
|
| Possibly Related Threads... | |||||
| Thread | Author | Replies | Views | Last Post | |
| Ask a psychiatric/hospital security guard... | Bob Kelso | 34 | 6515 |
September 20, 2015 at 9:27 pm Last Post: Bob Kelso |
|
| Ask a computer security expert. | Tiberius | 25 | 4122 |
May 30, 2015 at 7:07 pm Last Post: pocaracas |
|
