|
Mr. Crow posted:
This... KeePassXC on Mac, KeepAss on windows, KepAssium on iPhone E: Beaten, encrypted style... I will say that I keep a copy on OneDrive which syncs pretty well, buuuuut I try to only edit the file and upload on one computer namlosh fucked around with this message at 17:15 on Feb 17, 2021 |
#
?
Feb 17, 2021 17:08
|
|
|
|
| # ? Apr 19, 2024 08:12 |
|
|
CommieGIR posted:Don't kink shame.  And it's a total complete coincidence that both CommieGIR and I post in the digital packrats thread.
|
|
#
?
Feb 17, 2021 17:51
|
|
|
Mr. Crow posted:
You can selfhost Bitwarden too, pretty easy to throw on a Raspberry Pi or something.
|
|
#
?
Feb 17, 2021 18:19
|
|
|
Just buy 1password and it all magically "just works" with no messing about required. I say this as someone who is very reluctant to pay for software and with a high tolerance for janitoring stuff
|
|
#
?
Feb 17, 2021 18:26
|
|
|
I've used all of them extensively and now it's Bitwarden for life. Like to pay for your pw manager? 5$/yr if you want to - but you don't have to. Afraid of their cloud security? Host your own server. Afraid of the app's security? It's open source, compile it yourself. If you are a masochist. Otherwise rely on others' eyes to confirm it's cool and good and not stealing / pwning your gibson. User friendly like 1password? Yup. Available on all platforms? Yup. Hand's down the best. F4rt5 fucked around with this message at 19:25 on Feb 17, 2021 |
|
#
?
Feb 17, 2021 19:20
|
|
|
Turns out we're all different and have different threat models, worries, and needs. 
|
|
#
?
Feb 17, 2021 19:23
|
|
|
CommieGIR posted:Don't kink shame. your threat model is not my threat model, but your threat model is OK
|
|
#
?
Feb 17, 2021 19:31
|
|
Cat Army 
|
I’m a big fan of 1password but bitwarden is definitely a good choice too.
|
|
#
?
Feb 17, 2021 20:01
|
|
|
The Iron Rose posted:your threat model is not my threat model, but your threat model is OK I’m a huge fan of this saying
|
|
#
?
Feb 17, 2021 20:01
|
|
|
The Iron Rose posted:your threat model is not my threat model, but your threat model is OK I feel seen.
|
|
#
?
Feb 17, 2021 20:05
|
|
|
KeepassXC doesn't support plugins, so that's a dealbreaker for me. OG Keepass, Keepass2Android, and Google Drive provide literally all I need. No way to do shared accounts, but I have no accounts that should be accessed by anyone other than me anyway.
|
|
#
?
Feb 18, 2021 02:06
|
|
|
BlankSystemDaemon posted:Turns out we're all different and have different threat models, worries, and needs. What’s your threat model?
|
|
#
?
Feb 18, 2021 03:04
|
|
|
The Iron Rose posted:your threat model is not my threat model, but your threat model is OK Just lol if you don’t make your own hardware back door free phone from silicon and copper that you mined in your backyard
|
|
#
?
Feb 18, 2021 03:04
|
|
|
SpaceSDoorGunner posted:Just lol if you don’t make your own hardware back door free phone from silicon and copper that you mined in your backyard But how do you securely source your rare earths, hmm?
|
|
#
?
Feb 18, 2021 04:51
|
|
|
Catalytic converters stolen from junk yards
|
|
#
?
Feb 18, 2021 05:19
|
|
|
Ynglaur posted:But how do you securely source your rare earths, hmm? Get a really big backyard.
|
|
#
?
Feb 18, 2021 05:45
|
|
|
Space Gopher posted:If you don't like storing your passwords on cloud services I've got some real bad news about Dropbox Oh my god what have I done.
|
|
#
?
Feb 18, 2021 08:48
|
|
|
Subjunctive posted:What’s your threat model?
|
|
#
?
Feb 18, 2021 11:31
|
|
|
SpaceSDoorGunner posted:Get a really big backyard. Just dig sideways
|
|
#
?
Feb 18, 2021 19:34
|
|
|
Ever since I was a kid I've fantasized about hacking into systems and I recently learned about Hack The Box. I found the exercise to get the invite code fun and it's exciting to be poking around the lab boxes. However it seems to pay much less than my current software dev role, despite seemingly being more difficult. Is it a career really only for passionate people?
|
|
#
?
Feb 19, 2021 09:37
|
|
Mantle posted:Ever since I was a kid I've fantasized about hacking into systems and I recently learned about Hack The Box. I found the exercise to get the invite code fun and it's exciting to be poking around the lab boxes. Depends on what country you live in. Also depends on the job role. Technically you could use offensive skills in a defensive "blue team" role that could net you a security engineer role that is comparable with dev salaries and seems to have a higher ceiling, this is the route I'm going down currently
|
|
|
#
?
Feb 19, 2021 11:11
|
|
|
Mantle posted:Is it a career really only for passionate people? I personally don't think you can succeed or be of any quality in security unless you are passionate about it. So, in my opinion, yes.
|
|
#
?
Feb 19, 2021 11:22
|
|
|
CLAM DOWN posted:I personally don't think you can succeed or be of any quality in security unless you are passionate about it. So, in my opinion, yes. Personally I disagree. You can be good at your job and not passionate about it. I have a few people on my SOC team that have just had decades of experience from enterprise networking or server management they can lean on in addition to their security skills and be excellent. Those same people are more than happy to just punch in and out at the end of the day without caring deeply about the field. What you do need to be passionate about is being good at your job regardless of what it is.
|
|
#
?
Feb 19, 2021 14:40
|
|
|
Yeah what you need is a lack of don't-give-a-poo poo-itis.
|
|
#
?
Feb 19, 2021 14:51
|
|
|
What you need is people and political skills because all the fancy security engineering in the world won’t help you if you can’t break through bureaucratic inertia to institute change.
|
|
#
?
Feb 19, 2021 15:07
|
|
|
When you fall out of love with infosec you pivot to governance and audit. This is the way.
|
|
#
?
Feb 19, 2021 15:14
|
|
|
CLAM DOWN posted:I personally don't think you can succeed or be of any quality in security unless you are passionate about it. So, in my opinion, yes. In Security, like in most things, it's 10% of the people who are really passionate and pushing the envelope, and 90% of people who don't wake up every morning overjoyed at the thought of going to work to do <whatever>. But it's the 90% that are doing most of the actual work to implement the vision of the 10%. Well, assuming you're at a company large enough to actually have a team, rather than just have one or two guys as "the security (and probably several other things) people"--if you're the only guy, then yeah, you hopefully care a whole lot because no one else will. evil_bunnY posted:Yeah what you need is a lack of don't-give-a-poo poo-itis. Yeah, more this. If you like it enough to be interested enough that your eyes don't glaze over and you mentally check out when dealing with it, you could still be a legitimate asset to a team. In terms of "is it something that only passionate people do because there's no money in it," no--there's certainly money to be made. Often it's in terms of working for a pen-testing firm or other entity / team doing security assessments, though. Whether that pays more than your current role depends on a lot of things, not the least of which will be the reality that you've probably got a bunch of years of experience and proficiency as a SDE (and are paid accordingly), whereas moving over to a pen-testing role or similar you'd be starting back towards the bottom of the ladder (and paid accordingly). People who are doing it as bug-bounty dudes, independent security researchers, or similar are usually more on the passionate side, though.
|
|
#
?
Feb 19, 2021 15:19
|
|
|
If you're emotionally invested in your company's security posture, you're on a one-way track to alcoholism and benzos. Care enough to find motivation to do good work. Have enough "don't care" to not overload your brain with anxiety and stress.
|
|
#
?
Feb 19, 2021 15:53
|
|
|
BaseballPCHiker posted:Personally I disagree. You can be good at your job and not passionate about it. I have a few people on my SOC team that have just had decades of experience from enterprise networking or server management they can lean on in addition to their security skills and be excellent. Those same people are more than happy to just punch in and out at the end of the day without caring deeply about the field. This. There is nothing wrong with doing the world's work and doing it well, even if one's passions lie elsewhere.
|
|
#
?
Feb 19, 2021 17:34
|
|
|
Diva Cupcake posted:If you're emotionally invested in your company's security posture, you're on a one-way track to alcoholism and benzos. I'd argue being emotionally invested IS the one way track to alcoholism. If you work in Infosec, you'd better have a strong sense of humor and tough skin to having your advice ignored. Can't count the number of times I've provided warning after warning only for my advice to be ignored and then the bad thing happens. This is why you document everything and ensure your manager/company contact signs off on risks they refuse to address. CommieGIR fucked around with this message at 17:41 on Feb 19, 2021 |
|
#
?
Feb 19, 2021 17:38
|
|
|
CommieGIR posted:I'd argue being emotionally invested IS the one way track to alcoholism. If you work in Infosec, you'd better have a strong sense of humor and tough skin to having your advice ignored. This sounds like I should move to infosec. Even my coworkers ignore my(security oriented) advice. No one wants to take the extra steps to secure customer pii
|
|
#
?
Feb 19, 2021 17:44
|
|
|
CyberPingu posted:Depends on what country you live in. Also depends on the job role. Technically you could use offensive skills in a defensive "blue team" role that could net you a security engineer role that is comparable with dev salaries and seems to have a higher ceiling, this is the route I'm going down currently This seems interesting. At what point does dabbling in red team skills become valuable in a blue team role? Is doing it for fun valuable or is it more something you have to be serious about?
|
|
#
?
Feb 19, 2021 17:45
|
|
|
RFC2324 posted:This sounds like I should move to infosec. Even my coworkers ignore my(security oriented) advice. If you point out a security issue, document it and escalate. If the manager signs off on it: Congrats, they own the risk. You are half way to being an effective Security Engineer.
|
|
#
?
Feb 19, 2021 18:08
|
|
|
CommieGIR posted:If you point out a security issue, document it and escalate. If the manager signs off on it: Congrats, they own the risk. You are half way to being an effective Security Engineer. For me its usually bringing things I see up to customers, because its not part of my company's security beyond certain paid for baselines(like pointing out to a customer that they had a bunch of stuff that was technically pii on an open share, but was not data most would want protected, like resumes), or having coworkers tell me their terrible techniques for trivializing the password policy. Nothing that would actually have action taken in my current role
|
|
#
?
Feb 19, 2021 18:22
|
|
Mantle posted:This seems interesting. At what point does dabbling in red team skills become valuable in a blue team role? Is doing it for fun valuable or is it more something you have to be serious about? If you enjoy doing then do it for fun, that's how I started. You could always do bug bounty stuff on the side. For the first question. It always helps knowing how the red team are trying to get in, what tools and methods they have at their disposal.
|
|
|
#
?
Feb 19, 2021 18:37
|
|
|
Mantle posted:This seems interesting. At what point does dabbling in red team skills become valuable in a blue team role? Is doing it for fun valuable or is it more something you have to be serious about? At the point where the topics / systems you're dabbling in on the red side overlap with the topics / systems you're trying to defend on the blue side. Like if your blue-side job is just to push butan to manage users or something else terribly mundane, it might never matter. But if your role lets you have actual input on things, being able to understand how a malicious user can attack or exploit your system is always useful knowledge. If you're doing something for "fun" you shouldn't be worrying about if it's "valuable"--it's fun! You're not gonna end up as a Srs Business security researcher just doodling around for fun, but learning things that could be useful in a current/future job is never bad.
|
|
#
?
Feb 19, 2021 18:52
|
|
|
eh, i used to be really into infosec stuff. then i had a kid and also it went from a hobby to my job. i'm good at it, but i spend my down time playing with my son or the puppy or whatever. i'm good at my job, but i also clock out at the end of the day. the whole "you have to be passionate" thing is total bullshit. you only have to be passionate in fields that make you eat poo poo, like academia. we're computer touchers- we get paid exorbitant amounts of money to do things that are basically physically non-damaging (compared to labor at least). here it's fine to just be good. you can still come up with novel attacks, defenses, and architectures without putting in 60 hour weeks or whatever other definition of "passion" you want to use.
|
|
#
?
Feb 20, 2021 05:05
|
|
|
I was gonna say I know medical doctors that are just in it for the cash and prestige. I know a lot more about medicine that I do infosec so far but if people are willing to go into a profession that basically means you’re studying an average of 4-6 hours a day while also working and going to classes and school almost full time for 4 more years and then do the residency hell just in the hope of a big paycheck or their parents loving them I can’t imagine engineering is that different. Obviously the vast majority love it but not all.
|
|
#
?
Feb 20, 2021 06:26
|
|
|
Being "passionate" about something does not equate whatsoever to not having work/life balance, working 60+ hours/week, being "emotionally invested" in a company, etc. Some of you are taking making huge extrapolations and leaps here and clearly have wild definitions of "passionate".
|
|
#
?
Feb 20, 2021 09:54
|
|
|
|
| # ? Apr 19, 2024 08:12 |
|
|
My life philosophy is to work to live, not live to work. That basically means doing fair work for fair pay. That my hobbies sometimes overlap is just a value-add for my employer, but if my hobbies change it doesn't mean I'm going to work more unless I'm also paid a commensurate amount. BlankSystemDaemon fucked around with this message at 13:01 on Feb 20, 2021 |
|
#
?
Feb 20, 2021 12:59
|
|