|
They called it OS X for 11 years.
|
# ¿ Apr 18, 2020 03:54 |
|
|
# ¿ Apr 24, 2024 12:19 |
|
Ever since I was a kid I've fantasized about hacking into systems and I recently learned about Hack The Box. I found the exercise to get the invite code fun and it's exciting to be poking around the lab boxes. However it seems to pay much less than my current software dev role, despite seemingly being more difficult. Is it a career really only for passionate people?
|
# ¿ Feb 19, 2021 09:37 |
|
CyberPingu posted:Depends on what country you live in. Also depends on the job role. Technically you could use offensive skills in a defensive "blue team" role that could net you a security engineer role that is comparable with dev salaries and seems to have a higher ceiling, this is the route I'm going down currently This seems interesting. At what point does dabbling in red team skills become valuable in a blue team role? Is doing it for fun valuable or is it more something you have to be serious about?
|
# ¿ Feb 19, 2021 17:45 |
|
Ynglaur posted:And if you're on the Microsoft ecosystem, OneDrive is good. This is kind of what led me to paying for Google Drive. Integration with Android Photos plus extra storage for my Google docs is a big synergy add. I like Dropbox for integration with my PC filesystems though. It's kind of like min/maxing credit cards if you get a card with 2% cash back on gas & groceries and another card with 1.75% cash back on everything, it might be still worth it to just use the 1.75% card for gas & groceries because you don't have to deal with the cognitive load of managing minimum redemption limits, carrying two cards around, etc.
|
# ¿ May 28, 2021 18:13 |
|
Even easier, I use a catchall instead of manually creating aliases. If one of the "alias" gets poisoned, it's easy to create a rule to handle it. However, the biggest benefit to using this "alias" thing is to identify vendors that leak or sell my PII.
|
# ¿ Jul 16, 2021 17:53 |
|
What are some interesting software developer career directions I could take if I wanted to spend my time practicing applied cryptography?
|
# ¿ Jul 22, 2021 05:37 |
|
DrDork posted:How do you feel about government work? I'm not philosophically opposed to the idea of working for government, but I prefer more of a counterculture environment. Could I get that in some sort of government contracting role?
|
# ¿ Jul 22, 2021 19:07 |
|
DrDork posted:Every three-letter government agency uses small armies of contractors, yeah. For applied crypto there might be some specialty shops, but your big names like Deloitte, Leidos, etc., aren't bad places to poke around at, either, if that's the route you want to go. None of them are going to really be "counter-culture," though. DARPA is always doing weird stuff, and from what I've heard has a less "you need to come to the office in a suit" sort of culture, so maybe worth a look. Resurrecting this thread after I thought of some other ideas-- I'd be interested in working in the privacy/security/cryptography space for something like the Signal foundation. What's a good way to find similar projects with that kind of focus?
|
# ¿ Aug 21, 2021 02:25 |
|
BrianRx posted:As someone who completed a web development boot camp in the year 2020 (it was marketed as software development), be sure to check with people who do the actual hiring like the poster above. I also did a career transition with a boot camp late 2019 and ended up with multiple offers in fields unrelated to my former industry. One piece of research that I think was very helpful in reducing the risk was that I chose my particular boot camp partially based on how many alumni I could find on LinkedIn actually working in the field. If you do this and reach out to recent grads that will give you some good knowledge as well as make some connections in the industry.
|
# ¿ Oct 7, 2021 19:19 |
|
Buff Hardback posted:If you're paranoid, use a Yubikey and don't stress further about it. I'm trying to de-smartphone and TOTP authentication is one of my blockers. From what I understand, wouldn't all of my service providers that are currently using TOTP need to support my Yubikey? i.e. Yubikey is fine for access to systems I control, but I still need to rely on 3rd party decisions on MFA for access to 3rd party services. Is this understanding correct?
|
# ¿ Nov 3, 2021 20:45 |
|
cage-free egghead posted:You could try something like GrapheneOS if you want to get away from using apps from big companies. Only works with Pixels phones which is kind of ironic but has an incredibly talented dev behind it. Getting untracked is one aspect of my motivation, but the biggest driver is more trying to break the cycle of addiction to doomscrolling. My wife keeps telling me to stop "Trumping myself" which is what she calls me reading the Trump megathread for lols.
|
# ¿ Nov 3, 2021 23:45 |
|
Ynglaur posted:Is it possible to setup multiple hardware devices for Google's impending mandatory 2FA? I need to maintain access to my kids' accounts, but won't always have their phones on me. If they're using TOTP then you could theoretically provide a shared seed to multiple devices/applications, if you can get the seed.
|
# ¿ Nov 4, 2021 00:15 |
|
Sickening posted:Lol, this QNAP thing is huge. Anyone I know with a qnap got owned. My poor synology just sits here, unowned. Is there a bigger issue with security in general with QNAP vs Synology? Or is this a one-off where in the long run they both are equally vulnerable systems?
|
# ¿ Jan 28, 2022 01:47 |
|
KozmoNaut posted:Only if the attacker knows the pattern. Good thing patterns never get exposed in password leaks all the time
|
# ¿ Mar 14, 2022 00:53 |
|
F4rt5 posted:And the password is… hideous An easy win is to change the password to hideous1!
|
# ¿ Sep 10, 2022 23:09 |
|
FungiCap posted:I could share more stories, but they're all just slice of life type stories, none of them particularly riveting. I guess this user didn't hear about how Uber got popped in the same way
|
# ¿ Nov 10, 2022 17:43 |
|
horse_ebookmarklet posted:I dont mind at all, happy to talk about it. Ham radio. There is a popular & affordable radio called the Icom IC7300. I've never seen this posted in the ham radio thread?
|
# ¿ Jan 4, 2023 20:55 |
|
Rescue Toaster posted:I don't think it's that crazy to want to have at least one domain and thus email address that I actually own and could move where I want. ? You can have a domain and continue to have your email hosted by Google. And you can change your email host at any time. They can never lock you from changing hosts.
|
# ¿ Jan 12, 2023 06:18 |
|
Famethrowa posted:great timing, thanks for sharing. we're having big conversations right now about LLM products. Serious question here, why is LLM06:2023 - Overreliance on LLM-generated Content classified as a vulnerability? Shouldn't a user's use of the output be outside of the responsibility of the application if the output is produced according to the rules of the system?
|
# ¿ May 28, 2023 02:05 |
|
GrunkleStalin posted:What’s y’all’s favorite phishing incidents over the past 2 - 3 years? There was one recently where the attacker spammed the target with 2fa requests until the target got fatigued and caved in. I thought that one was pretty funny. E: I remember now it was Uber! https://forums.somethingawful.com/showthread.php?threadid=4008273&pagenumber=118&perpage=40&userid=0#post526306381 Mantle fucked around with this message at 22:11 on Sep 25, 2023 |
# ¿ Sep 25, 2023 22:03 |
|
My dream is to work in an applied cryptography role involving privacy by design. I'm currently working as a backend developer for a series B saas company. Is there a path to where I want to go via InfoSec? Anyone know anyone that I might be able to talk to about my career plans? In the meantime I'm also self studying cryptography on Coursera. I feel like I have a pretty good theoretical grasp on crypto already but little opportunity for applied experience.
|
# ¿ Oct 20, 2023 02:21 |
|
some kinda jackal posted:Can you help me understand what your goals are with applied cryptography? I’d say that as an enterprise security architect in the financial sector, applying crypto as a security control is certainly part of my job, but it’s just one of a countless number of concepts at my disposal when it comes to designing proper controls for a given risk I've always liked the idea of secrets, both hiding them and finding them. This isn't really cryptography per se, but I have a lot of fun with sites like hack the box and tryhackme poking around and getting into places that I'm not supposed to be. What I have in mind when I say applied cryptography is being able to understand cryptographic primitives and use them to build privacy enhancing applications. I'd love to work for a company like Proton, Signal Messenger or Mozilla. It's important to me that I feel like the mission of the company I'm working for is advancing a social good. some kinda jackal posted:Have I applied cryptography to privacy by design? Yeah, but I’m going to go with my gut and say that telling a DBA to flip on some table encryption and making sure that everything is end-to-end encrypted in a transaction flow is probably not the spirit of what you want. I’ve definitely done more, like sitting with teams to ensure they’re building appropriate encryption and cryptpgraphic concepts into every data flow or application component where appropriate, but that doesn’t happen very often. You're right, when I say privacy by design I'm more thinking about design at the product level to apply principles of data minimalization or separation, where privacy is embedded into the design of the product and is part of the value proposition. some kinda jackal posted:So thought exercise — absent anything I said here, or any advice you might be looking for. Let’s say you got a dream job. What exactly are you working on as it relates to applying crypto knowledge? Don’t worry about how realistic or feasible the answer is, I’m just looking for a sense of where your passion lies. In my vision, I would be responsible for understanding a privacy enhancing product my company wanted to build, and figuring out which cryptographic primitives to use to build the product in a way that preserved user privacy while still meeting the business requirements. I'd also be responsible for keeping abreast of new innovations in cryptographic primitives and maybe create implementations of them, but I wouldn't be responsible for inventing them. I'd like to be at a company known for privacy products and for pushing the overton window towards public expectation of privacy in product design.
|
# ¿ Oct 20, 2023 04:40 |
|
I'm not really interested in going back to full time school, which is why I'm not looking to invent new algorithms and ciphers. I want to be a user of these tools, not an inventor of them. I have been getting privacy certifications like my CIPP and CIPT but I'm finding it hard to find an entry level role in privacy engineering coming from a generic developer background.
|
# ¿ Oct 20, 2023 06:30 |
|
|
# ¿ Apr 24, 2024 12:19 |
|
Jiro posted:Mustache Ride clued me into an Android app called Shelter in order to silo off work related stuff on my phone, really really helpful for non Apple people like myself. Is this really only necessary for organizations that don't have it setup so that their instances are accessed using the native work profile feature in Android?
|
# ¿ Dec 7, 2023 18:22 |