Accoring to some reports these changes seem to be reset which I heven't been able to replicate.
Keep your eyes peeled
Caleb Edwards
is firefox even wotth recommending anymore? There's just too many pitfalls for new users
Bentley Nguyen
They fucked up again? Damn, I wonder how much I can stand before I jump ship... What did they do now?
Nicholas Thompson
another user directed me to google "firefox looking glass" long story short; they changed their expirence studies from opt in to opt out and installed an addon which changes page contents. worst of all that addon wasn't meant to show up in the addons page, just do its thing in background
Samuel Baker
Little things like that are an important indicator of the future. Mozilla is crashing and burning, this is only the beginning.
Where do I even go now? I use Firefox (although it's still 54) and Thunderbird. What should I switch to, /cyb/+/sec/?
Jace Butler
^F FAQ - no hits.
So here it is, latest incarnation: ftp://guest:[email protected]:21212/Books/Cyberpunk/Alt_Cyberpunk_FAQ_V5_preview11.htm
Isaiah Collins
>It's not about HR caring or not, refusing to hire someone because someone with the same name has bad results when you search it online doesn't happen. Well, how do you know? It is not as if HR takes the most scientific approach to their work. Rather it is all about risk reduction like it is with a lot of career oriented people out there, they just get others to take the risks and the fall and only join in for the glory.
The other sad thing is that we still have a lot of unemployment. HR will just look for even the slightest excuse to whittle the pile of application down to a size they will go through.
Kayden Anderson
sorry, I forgot again. I've just updated my template so it's in the next one. I
Anthony Baker
>I've just updated my template so it's in the next one. Excellent. Just make sure you check the FTP site for the latest version first. It is being updated once or twice a month now.
John Wilson
I want to learn more about netsec, infosec and cybersec. Where should I start? I have quite a few books which I got from the humble bundles, and there are many books being posted in these threads, but I'm not sure where to start. Is there any good paths to take in terms of the order of learning things?
Ian Russell
>This news reminded me. Someone of yours expected to live the time when a robot will give press conference by its AI? I guess that will happen 5 - 10 years from now. Development is rapid now and also the hardware side is now working to supply the demand for raw CPU power, ref. TPU from Google, Hexagon from Qualcomm and more.
However ...
>reminds me of microsoft's nazi bot. companies will decide how robots should think and behave. i wonder what implications this may have in the future as robots become ingrained and commonplace in society. With the enormous complexities involved we should expect a lot of unexpected actions. We have AIs running the stock market and that has given us the "Flash Crash" phenomenon. It makes you think about how vulnerable our entire society truly is.
Brayden White
Basically robots will be the next big attempt to fuck with our brains. Companies will eventually try to use robots for advertisements, robots will be used to subtle influence politics (and not for the right things, of course), and the masses will swallow it like the stupid cunts they are.
How long until robot drones will patrol through the streets? I don't know what it's going to be like, but we're in for some very unpleasant surprises, guys.
Jack Sullivan
We still haven't gotten a reply here, still curious. Pic somewhat related.
Carson Wright
Not sure about the terminology here, do you mean AI = robots? I have noticed that there is a general drift i society at large to call AI for bots. Then again hacker = crackers with most people.
I can agree that AI/bots will have an enormous impact and we already see excessively targeted ads from Google, FB, Amazon etc. People notice ads appear after they talk about a topic while teh same companies assure loudly that no they do not turn on the mics to listen in. Oh no. Nonono. That would be, like, un-nice. And profitable.
Also jobs will tank, hard. A generation of telephone sanitisers will never find a job. Basic pay is one possibility but it is hard to see what will be left.
It has been said that if Hitler/Lenin/Mao/Pol Pot/etc had access to modern computers they would have succeeded in murdering off all opponents. Bots will provide enough power to cement the incumbents. With patrol bots that inevitably will be armed we will all live in Singapore.
Thomas Roberts
So are the degrees and majors for these fields and areas just memes or what?
Carter Smith
I asked a local infosec company here in northern europe that if I complete the CEH 312-50 certificate and pass their own test can I get some intern tier job from them. They said yes, but they are going to train me more anyway so idk if thats the usual way of doing things or not...
Mason Smith
No. Most infosec firms require certifications or heavy compsci/computer security knowledge in the form of a degree. You don't work for said firms by having IT support experience. It very much is a research based role except for some fringe pentester jobs.
CISSP/OSCP, and a Bachelors in Computing will get you considered for a job.
Get a Masters in Cyber Security, and it will almost guarantee you a job. Neither will start you off as a security consultant.
t. 3 years in. Do fuckall at work except scaremongering clients.
Logan Hughes
>these fields and areas As for the /cyb/ field I am quite happy with a background in Physics.
Joshua Hernandez
Looking at some of the more vocal and famous people in the infosec industry leaves me with the feeling that it's riddled with immature people that aren't really any more skilled than me or you but know how to talk properly and sell themselves.
Is there a sane silent majority?
Ryan Allen
Or is the whole industry filled with people like that sit around and scare clients into buying some meme product?
Adam Williams
CLOUD SECURITY RANSOMWARE PARKING-LOT USB DRIVES DUMB EMPLOYEES XSS VECTOR INDIAN RUSSIAN CHINESE PHISHING UNSANITIZED INPUTS DDOS DDOS DDOS DDOS DDOS DDOS REPLAY ATTACKS FUZZING FUZZING FUZZING MEMORY LEAKS EVERYWHERE BAD PSEUDO-RANDOM SEEDS FOR CRYPTOGRAPHY SOCIAL ENGINEERING ZIGBEE PHYSICAL ATTACK GET OUT AUDIT GET OUR AUDIT GET OUR AUDIT GET OUR AUDIT GET OUT AUDIT GET OUR AUDIT GET OUR AUDIT GET OUR AUDIT GET OUR AUDIT GET OUR AUDIT GET OUR AUDIT GET OUR AUDIT GET OUR AUDIT GET OUR AUDIT
It's been three hours. That'll be $500, please. I have to be a cyber security car salesman elsewhere in 30 minutes.
If you actually want to learn practical things, forget the meme books, go to OWASP.
Nathaniel Peterson
>ITT faggots like pic related
Joshua Ward
Palemoon. Based on an old version of firefox (before the australis bullshit) and kept up to date with basic feature and security patches.
Nicholas Edwards
AAAAAAAAAAAAAAAAAAAAAAAAAAAHHHHHHHHHHHHHHHHHHH
I JUST WANT A COMPANY THAT IS NO BULLSHIT.
James Howard
>dildo hacker oh my lawd
Mason Barnes
>Not 0-day entrepreneur
Infosec is mostly bullshit, user. At best, it's security tech support. Cryptography is the real deal, except that's a niche career which is 100% research, autistic mathematics, and statistics. Oh, and I hope you graduated from MIT.
Nolan Cruz
This faggot really ruins 90% of the show. Wish they would drop his ass.
Colton Cook
There was something oddly dystopian about that pajeet pai video.
Just the smarmy corporate upbeat nature while taking away basic services.
Evan Bennett
hope you fags bought verge months ago when it was being shilled here
Angel Ward
See pic. There are 3 parts - green: the open node you wish to connect to, a nice neighbour with an open WIFI - amber: the hidden relay that ensure no direct contact between you and the open node - red: your secret underground lair that connects to the relay only, not to the open node.
If the perimeter sensors at the relay detects someone investigating it geos into self destruct by - sending a warning message, perhaps with picture - shift the antennas so that it no longer points to you - wipe all data
This will stop nosy neighbours but not nameless agencies, they know these tricks.
Luis Morales
Iridium browser, ungoogled chromium
Dominic Howard
palemoon blacklists addons that don't suit their policy. They're actually below firefox
>How long until robot drones will patrol through the streets? Why take to the streets when it can fly? Pic. related.
David Lee
>time is now, mates Sure. Trouble is, talk is easy, doing is hard. Just look around Sup Forums and all the projects "going": after making the compulsory logo the project rots on Github.
The FAQ in here is one of the very, very few exceptions I have seen. Tellingly the /sec/ FAQ has not even gotten off the ground.
Parker Jenkins
OK, last one from previous thread... >>The MAC address will be a huge lead. >I was thinking of that (not the guy starting the chain) but could that be spoofed? On some systems you can change the MAC address. The point remains though that if you slip up just once on one tiny detail the whole thing comes crashing down. The guy behind Silk Road made a tiny error once a long time ago and that, according to the explanation, is all it took.
>I don't like the idea of trying to hide a pi somewhere in this hypothetical situation anyway. In a lot of countries this is rather futile. The authorities have ample resources, some of which are just hinted at. On the other hand you can use a Pi relay to make a fast link to friends without having to be bandwidth limited by your normal Internet connection. You can use optical links such as RONJA.
Lucas Jackson
how do you get a job doing security stuff? I'm a programmer but always focused on software engineering stuff and a little bit of compilers.
Cameron Young
What monster would make an image like that in such a resolution? And in .jpg no less.
Nolan Peterson
>Looking at some of the more vocal and famous people in the infosec industry leaves me with the feeling that it's riddled with immature people that aren't really any more skilled than me or you but know how to talk properly and sell themselves.
This makes me think of that tpacek guy on hackernews. That dude is like the ultimate ego driven tripfaggot. Imagining what it'd be like working with that type of guy all day is enough to drive anyone back to webcucking.
Aiden Roberts
No idea. I had it on disk. The source is a PDF which is not supported here.
Christopher Perry
Do CTFs, read WAHH, build small security tools that you can show off on GH. Try to get an internship or entry-level gig at a security consultancy; you'll gain experience pretty quickly there. Any decent employers most likely won't value any certs besides the Offensive Security ones, so I wouldn't stress getting your CEH/CIS*/whatever.
Employers are more focused on practical knowledge and experience than your background. Might help to have a related degree for your first job, but after that it's pretty moot. 1-2 years of relevant experience is worth more than a Master's.
He's actually a pretty cool guy. More focused on building businesses than strictly technical security work these days, but hasn't lost any skill in that area.
Hudson Perry
Are you referring to this? That's just to prevent addons with known issues from making the browser unstable. It can easily be turned off, and it hasn't even blocked any of my 16 addons on the default setting anyway.
If you mean something else, please elaborate as I have no idea what you mean.
Thomas Taylor
I think he's talking about the AdNauseum debacle. I don't want to use Palememe for that reason, even if I don't use AdNauseum.
Jacob Smith
>He's actually a pretty cool guy.
interesting. i guess anyone can come off as annoying if they're always correcting idiots online.
Ryder James
who is this semen demon
Austin Ortiz
I sold my bags a few months ago at 82 sats. I cannot believe this pump, it's such a shitcoin.
Brayden Walker
Night is here, hang on in there with a bumpy pic.
Lucas Nelson
Why would anyone use a chromium based browser that isn't iridium? I haven't tried ungoogled chromium yet, I imagine it's basically the same
Jace Morales
Anyone else have trouble accessing OH? Might be orbot or att being nigger, but I just get timeouts.
Dylan Edwards
I am getting OH on now; I have been implementing things inline with the Adamant Coat Rex privacy/anonymity tools/suite I am going to release in 2018.
Due to craziness with an engagement (I may have figured out a way to steal a prominent AV/AMcompanies hashes that its epo uses to verify with a host/network while updating dats) I haven't implemented the SDF change or mirrors.
William Richardson
I am on here gathering resources from last couple threads for OH; I wanted to say that you guys looking to get into sec shouldn't sleep on positions in the Industrial/Energy sector.
Most of my professional life was spent in penetration testing/Red Teaming (as in external/internal engagements where a facilities network infrastructure is/was attacked with very little notice to given to company employees) PCI/more conventionalenterprise environments.
The Industrial/Energy sector will give you highly variable environments to work on with great variation in network topology and contents (host OS, defensive technology, appliances, etc.).
It will also help you learn about testing and working with PLC/SCADA systems and their environments (which preclude the use of ,ost automated tools; even an Nmap stealth scan at -T2 can damage some of these systems).
I took a bit of a paycut to be where I am now, but the challenge and the sense of doing something positive for the world (helping protect the gears and inner workings of human civilization) is worth it; if a bank is exploited, the chance of human misery resulting is much lower that if a nuclear powerplant is exploited.
Its definitely helped my skillsets; many of the facilities are really secure due to oversight of the government (I remotely engage networks around the world), and it has helped my game develop.
Also, for you guys just staring out, many companies are just now getting serious about sec (which is terrifying given context) due to government mandates in places like China and Europe, so it allows you to come in where your skill level/experience isn't a serious impediment and you can grow upward with your team.
If you care about what you do and the possible effects of failure, the pressure can be crushing; however, the pressure and stakes can aid the growth of your skills and your person, which are huge pluses in my eyes (cont'd next comment) .
Nathaniel Wood
What's OH?
Liam Baker
Finally, due to the end of net neutrality, my plans for OH and providing resources to this community have been moved up, so I will be around here a bit more.
The gear for establishing a pentest lab for this community is purchased; I expect construction to start in the next two qweeks, with boxes ready for engagement by the 1st week of January 2018; I will likely need some help/ideas.
I plan to have OH providing SSH shell accounts, a pentest lab and some sort of anonymity infrastructure bySpring 2018.
Stay safe everyone, but not too safe.
Luke Sanchez
Always good to hear from you.
Bentley Morales
Outerheaven. Some user created a honeypot for absolute morons.
David Wood
>>honeypot
We need a bump, so I will bite.
OuterHeaven is a Tor onion service.
Connections from a Tor user to an onion service (aka hidden service) is encrypted end to end.
Thus, a vistors true IP is unavailable to me.
And I do not ask for, or receive any other type of user data (such as. e-mail addresses) at OuterHeaven.
So while I have answered trolling regarding OH being a honeypot before, the entire idea if it being so now is non-sensical.
Also, I stress on the site I am open to any measures of transparency which are sensical and agreed upon by the comunity by majoriy.
Finally, Adamant Jacket Rex provides other anonymity layers, such as purging of server files at regular intervals multiple times per hour; I also have the server in a secured environment where I have access and full field of vision view 24/7, in a physically secure environment (with contingencies in place to make the machine inaccesible should need be).
Jose Flores
I should mention, perhaps some manner of malware could be utilized by me on OH to "honeypot" visitors, but the nature of Tor and Rex (such as departing traffic leaving via multiple , randomized, cascading VPNs tunneled through Tor) difficult.
Perhaps some manner of XSS or ermbedded malware utilizng some manner of side channel connection for establishing a stager/agent connections/serving malware?
Even injecting into traffic would be difficult to really take advantage of; perhaps injecting a malware with that utilizes the visitor's pre-installed Tor and a relay (though the randomized VPN connections could be problematic)...
Its latte, maybe I am missing something that I could do which I would never do.
John Long
Lmfao stop larping retard
Oliver Miller
>larping >live action role playing I want reddit to go and take their shitty incorrect insults elsewhere
Josiah Perez
>The guy behind Silk Road made a tiny error once a long time ago and that, according to the explanation, is all it took.
I think that the hardest part is to not get lazy. If all thing go well it's just too tempting to get comfortable, that's how humans are.
Eventually most ""hackers"" got busted because of stupid mistakes that could have been prevented if they didn't got a big hubris after their first few success stories. Once you drop your guard, you'll get busted. Especially if you're up against agencies that can wait for years until people make mistakes.
>The point remains though that if you slip up just once on one tiny detail the whole thing comes crashing down.
In the end, physical measures are the most important part. Remeber those guy one or two years ago where the agents just grabbed the laptop in an café? The best encryption is worth shit when you have your laptop ulocked in front of you and someone gets a hold of it. Remember some famous group going to jail, because their leader got blackmailed by the gouvernment and told them everything?
The software steps are necessary, but your last line of defense should ALWAYS be a physical layer. If you use a Pi proxy, does it have fingerprints on it? How can you notice if someone finds it? How can you make sure that all data gets corrupted? Very high temperature, acid, mechanical power..
What time are the data flowing? Does this form a patter? If you realize someone is grabbing your WiFi from 11 AM to 2 AM you can already rule out a lot of people.
It's important to got all your layers or your layered defense in place. Ask yourself what an intruder could do after compromizing each layer. And be honest with yourself about your own patterns and vulnerabilities. If you don't know your own weaknesses they can easily be used against you.
Isaiah Scott
I don't know what is larping about what I said.
The configuration is a Tor onion service with the host and gateway virtua;ized on seperate s (like Whonix); IPtables on the physical host restrict any traffic that isn't VPN traffic similar to this:
The 2nd firewall on the Whonix like webserver restricts traffic further via UWF.
There is some other stuff going on per configurations populari/thoroughly discussed by folks on Wilders Security Forum (wilderssecurity.com/) byand outlined by Mirimir (Wilders Security Forum)::
And some scripts/resources I have picked up over time.that work well with Citadel's unique properties; the rest is my being up for a day trying to finish an engagement and the acompanying report by deadline tomorrow.)on 2 hour break, trying to help the bump situation).
Rex will be a set of VMs that someone can import with the configuration of OH )minus Citadel BBS) all ready in place to use.
Nothing incredible or larp worthy really..
Have a good one everyone.
Adrian Moore
couldnt you have some sensors on the laptop that locks everything if its moved?
Jose Turner
That would be too late. And it is an excellent example how excruciatingly tricky it is to get everything right.
The first thing to do is to run direction finding (DF) on the comms link you use. Only then do you run a distraction to secure the relay.
Another update, now preview 12: ftp://guest:[email protected]:21212/Books/Cyberpunk/Alt_Cyberpunk_FAQ_V5_preview12.htm
More on mil tech added, especially EMP bombs. For convenience I have depicted the additions.
Not much left before it is finished.
John Fisher
Use GNU Icecat!
Jayden Long
It's better than iridium, or at least it used to be. I'm find it difficult to use a browser based on chromium 55. If only they could update it...
Connor Russell
So what's on OH? Is it just another skiddie hacker forum or what?
Carter Perez
I've got some coursework to do over the christmas period, pretty much just short single page answers to questions, but part of this has me stumped:
>asked to explain why bad RNG fucks security on devices
Okay, no problem, but was then asked to explain:
>what measures you could take to prevent a flawed component from hiding weaknesess beyond those it's responcible for
Which has me kind of stumped, my only thought was open source software and adopted industry standards, anyone able to suggest anything else I'm overlooking?
Ryder Williams
how do I into infosec? is there a general accepted path (or way to begin)?
Jason Jenkins
Hey Everyone, Where would be the best to find safe torrent links for:
Sony Vegas FlashBack Pro 5
I already have qBittorrent installed, but I haven't torrented in years.
t. An oldfag who who to visit Sup Forums regularly.
Daniel Davis
Are there any private vpn /cyb/ approved?
Brody Brown
They all have their problems. This is what I've been using to choose mine: thatoneprivacysite.net/vpn-section/ NordVPN seems to be 'the most green' at least where it really matters
Isaiah Lee
I've seen that chart before. I thought BlackVPN was the most green. I'll check NordVPN, thanks user
Christian Thompson
They look pretty good too, now I'm having a though time choosing between them, though I think Nord has more server locations
Gavin Ortiz
Blacks pricing looks very weird And Nord seems to be about 3 dollars cheaper per month.
Mullvad seems to have gotten most of those Top in category badges. The only problem seems to be that they are based in sweden
Grayson Clark
So the top contenders I have are: BlackVPN, which is the most expensive but it's not in a 14 Eyes country Mullvad, cheaper but few servers Airvpn, even cheaper and more servers, though it is marked as "shady"
Benjamin Powell
if you have to worry about where a provider is based, any off the shelf vpn isn't for you. traffic correlation is a thing, you know
William Diaz
We too 2 half dead generals and fused them together in something that has been more productive that each part separately.
Also, we are in the dawn of a cyberpunk reality and security is the foremost interest of those that realize that.
Mason Watson
You know, now that I pay attention to the OP. We waste too much space with manifestos and not enough with a starters guide. The second could help reducing the amount of "How do I get into XXX" messages.
Easton Ramirez
yeah, a FAQ would be nice. but I'm not good at writing something that's inviting to read an we've got enough barely comprehensible (for starters) lists of keywords
Bentley Evans
I would really appreciate something like this, though I know it would take a ton of work to put together. This topic is fascinating to me but at the same time overwhelming. I'll just continue to lurk and always keep a tab with this thread open and see if I can pick up bits here and there.
Ryder James
I agree with what you are saying, but don't let the troll bait you. He usually appears at least once in each thread. Most likely he also was the force behind the temporary split we had.
>yeah, a FAQ would be nice. but I'm not good at writing something that's inviting to read The /cyb/ FAQ was bootstrapped off the old Usenet News FAQ. The update took it from about 30 KB to 130 KB in size. and it should be pretty close to complete So why not take the old Usenet News security FAQs and run the same process?
Ian Perry
Why don't you scroll up like ten fucking posts
Connor Thompson
I've read the entire entire thread and it still doesn't answer my question.
William Flores
First time here. Starting a degree in tech/project management, and its coming with a cybersecruity minor.
What is the general population of /cyb/? Scrolling up I saw a homework question, and then a bit before that industry speculation.
Cooper Murphy
college senior planning on a PhD in CS
Levi Gray
I'm doing public administration law stuff, currently on a GDPR project (EU regulation on data protection) so I'm trying to learn more about information security.
Chase Richardson
I asked this in /sqt/ but nobody responded so I'll ask again here. I'm a NEET and I want a career in cybersecurity. What do I do? Where do I learn all the shit I need to know? What qualifications do I need?
Oliver Bennett
See all that pasta at the top? Yes. And you will be well fed as it were when you have digested it all.
Charles Richardson
on the job training is where you really learn skills. School/certs are only there so you can prove that you have the basic knowledge and know enough technical terms required to learn from people.
