/cyb/ + /sec/

What do employers look for?

Tiger + Tripwire + Chkrootkit (or rkhunter) , or Samhain instead of that?

Is there anything wrong with storing passwords in a plaintext file if you're using full disk encryption?

If someone else has physical access or pwns your user account, you're fucked anyway (they can install keylogger, backdoor, grab your browser cookies, etc)

pajeets

You are not counting the autocomplete function of some password managers (keepassx) which may bypass a keylogger.

Layers of the onion.

I really want lain to be my little sister.

If a malicious actor can install a keylogger, they can grab your keepass password and your keepass database file. The autocomplete provides no protection.

They can also read keepass's memory directly if your account has sudo.

*could

All that is very likely, but not certain. This all security thing is about reducing risk, but there may be always a way.

"""Little Sister"""

Sauce?

kys nonce
kys turbo nonce

I don't want to fuck lain. I just want to play with her hair thing.

i want to steal her bear suit. looks comfy af

Been digging and if I understand well grsecurity has kernel lock down and user to process control, while AppArmor is path oriented. The two complement very well.

I say grsecurity + PAM + AppArmor is a good strategy.

bump

I've been using a grsec kernel for a few month on my personnal server, and I had a lot of issues with languages compatibility.
For example, python and nodejs wouldn't work.
After lurking online, I found a way to fix most of theses issues with paxtcl, but it's not perfect, and you need to manually reconfigure the languages managers after every update.
Plus some software (like certbot) still doesn't work.

it was lainchan tier and it was on fourchan

Still easier than selinux

selinux is worth the time to learn

More than the combination of grsecurity with apparmor? Because I have my doubts

aparmor is a simple version of selinux

Yes I know, and grsecurity does many things, enough for me

New updated version of security tips in order of difficulty, now up to level 37. Added a deterrent section and a physical access section. Also split the first part.

pastebin.com/a2D6a8du

r8 h8 m8s

35 should be full disk encyption with key on a separte usb that you keep on you

RBAC

enjoy grsecurity while it lasts, testing patches may go private.
Anyway easiest way to use grsecurity is Gentoo Hardened because every package that need patches or paxctl settings has it automatically.

It is if you can do mls setups otherwise it's a waste of time.

you can it is easy when you did a minimal install

what is inet?

also wtf is up with the captchas lately? I'm having to do about 5 "select the X" ones

hiro why

grsecurity.net/passing_the_baton.php
rest in pieces

This is my life too. Except I'm also considering architecture.

I just bought some weed off the deepweb and plan to get stoned and program an encrypted CLI messaging service

am I /cyb/ or /sec/?

>giving your address and money out to strangers on the internet, let alone DEEP WEB
Well, only time will tell.

sellers got a good trust level and a high reputation, you're right though anything could go wrong

Is a password with 16 characters (Some uppercase, some lowercase, and symbols/numbers) good enough?

>Original owner taken out by DEA
>Knock on the door any minute

howsecureismypassword.net/

Type in a different-but-similar password to see how secure it really is

>for a tenners worth of weed

I know i shouldnt have, but i actually tried an actual password of mine (it has numbers instead of symbols) and its apparently harder to crack than a password with symbols. It would take a computer about

9 QUADRILLION YEARS
to crack your password

i imagine with quantum computing we'll see more advanced ways to break passwords

posting one more time for those interested, a /cyb/ discord server -> discord.gg/HXy6kRH

not really focused on /sec/ much, more diy stuff and general media chat

yeah obviously not /sec/ cause discord is shit

I like the idea, but why should I trust discord?

>cyberpunk
>discord
>not IRC
fuck off

This

No seriously, how safe is discord?

not at all, they can MITM everything and do log everything

reddit.com/r/discordapp/comments/43z4yh/open_source_protocol_encryption_privacy/

discordapp.com/privacy

depends on how much info you want to give to them, as far as convo goes it's nothing too serious (i.e. getting into ethically questionable shit) ... mostly just a lax area to talk about the fiction and making things.

I prefer using irc most of the time, but I understand people not wanting to join bc of security/privacy concerns.

why did you choose discord over IRC?

>Our Services currently do not respond to “Do Not Track” (DNT) signals

Well, discord do looks nice, but as always the I like simplicity of IRC more. I dream of an extended IRC protocol with video or voice streaming capabilities.

Long story, but this chat spawned from a different community server from Sup Forums.

A lot of people had a shared interest so this one split off and trying to make it it's own thing. Figured I'd post here, take the shit from a few people, and maybe get a couple interested along the way.

I won't be joining, if there's ever an IRC hit up this thread senpai

discord is pure cancer, read this: r4p3.net/threads/what-is-discord.861/
these niggas know whats up

...

...

Hi bud. Nice updated version.

But about point 37. What does hiding my powerlevel mean? (english is not my native language)

Is an old joke

You should randomly generate a password with as long of a length is allowed and with as many symbols as is allowed.

:)

how's the intro to IRC guide coming along? think last thread someone said he was making one
not suspicious at all

Yeah, give me time I barely sleep yesterday updating the other list :)

>Many are huge whitehat/pentester resources. Be warned, they may turn you into an idiot.

uh whats does this mean?

Whitehats are usually people who just know how to use tools but don't even know how those tools work.

And that is why hacking yourself is a good idea

ah ok. is it still a good resource to get a basic understanding?

Yes of course. Otherwise they wouldn't be there.

thanks. You have no idea how hard it is to get a straight answer on this board

nothing to worry about until it goes
OVER 9,000!

> Palantir

They have some edgelords working there but fuck you're going to be a pariah if you take that plunge. Most people aware of mass surveillance tend to disapprove of its use and Palantir, one of the chief enablers of mass surveillance, is looked down upon for damn good reason.

>MFW Whenever i see lain a big wave of sadness washes over me

ahhh i cant take it

Should I use the VPN inside or outside of the virtual machine?

I just noticed that plays a bunch of /cyb/ games.

/cyb/ is nothing but role players

Is that from matrix?

If you know how, outside.
This way even if insides of your virtual machine are fucked, it won't leak your IP.

how do I get a job in networking in security with a Bachelors degree in IT and 1 internship at an IT department for 4 months for a big citys county IT department. is it doable? do I need to lie on my resume? Do I try to get a level 1 help desk job instead?

networking or security*

Are there any good guides/books/documentation for learning and implementing SELinux?

i've spent so much time at university doing statistics, big data, machine learning etc etc etc etc honestly the stuff hurts your brain and is a lot less comfy than dealing with machines. but it's like a waste if i don't at least apply places where they do big data analytics. and i don't want to work at a shoe company or something, creating an algorithm to recommend people shoes. i want a cool job, good/evil aside

get a cert but remember: there's no qualification requirement to apply anywhere. applying never hurts

Then why not work for almost any other company in existence that works with "big data"? There's no shortage of them.

tvtropes.org/pmwiki/pmwiki.php/Main/EvilIsCool

compliance and mediocrity

It's a scene from The Core.

Yeahhhh not here. This is not evil as in anarchy. This is evil as in authoritarian.

darth vader wasn't an anarchist and i think he was pretty cool. he was definitely intended to be cool at least. evil stopped being associated with anarchy rather than authority a long time ago. ie a good knight kills a dragon and becomes a good king, nowadays that story would be considered a snoozer

Nope, being a cunt is still being a cunt and you deserve the hate

bit rude 2bh, you're gonna regret it when i'm watching you poo

Honest question:is systemd harmful for security? If yes, can you explain why? I ask this because many people seem to hate on systemd beacuse they are concerned on security.