-
143 votes
-
How Cory Doctorow got scammed (and why AI will make it worse)
60 votes -
Your security program is shit
63 votes -
Russia-backed hackers unleash new USB-based malware on Ukraine’s military
27 votes -
Hackers can steal cryptographic keys by video-recording power LEDs sixty feet away
12 votes -
KeePass 2.54 is out
8 votes -
Apple Maps privacy bug may have allowed apps to collect location data without permission
9 votes -
Former US President Donald Trump says FBI conducting search of Mar-a-Lago estate
32 votes -
Ken Thompson's Unix password
27 votes -
How reliable is IP ownership information?
I have interactive firewalls like OpenSnitch running on most of my desktop OS's. I like to see what is going on with my machines' network connections to learn about networking, infosec, and to...
I have interactive firewalls like OpenSnitch running on most of my desktop OS's. I like to see what is going on with my machines' network connections to learn about networking, infosec, and to have have some peace of mind.
Example workflow:
- Get a firewall notification of a new incoming connection to some process running on my machine
- If no DNS entry exists and only the IP address is provided, then I google the IP
- I find something like https://ipinfo.io/74.125.20.189
- I make a decision as to whether allow/deny based on the ownership info which I found in step 3.
Aside from trusting the particular site presenting the ownership info, how reliable is this information regarding IP ownership?
For example, if an IP came back as "Google" could it really be a GCP instance running a command and control server?
Another example, I know that large corps own big blocks of IPv4, but they must lease these IP's out to whomever, right? I imagine there is some wild-west market for these with little accountability?
Are either of these scenarios realistic? If so, is my entire workflow for "do I trust this IP" pointless?
edit: btw, I used to catch and deny incoming connections from *.ru to the Windows legacy Skype client all the time. I cannot think of any non-evil reason why that should have been happening. That particular series of events is what really validated me doing this. If you can think of a non-evil reason for any incoming connections to skype from *.ru, please let me know.5 votes -
What to expect in your first IT security job
6 votes -
Project Svalbard: The Future of Have I Been Pwned
25 votes -
Metadata Investigation: Inside Hacking Team
4 votes -
Seeking recommendations for infosec podcasts
I have been listening to "Darknet Diaries" and it's a great podcast, but I am looking for more. Maybe more technical. Does anyone have any good recommendations? Thanks! Edit: if you are like me,...
I have been listening to "Darknet Diaries" and it's a great podcast, but I am looking for more. Maybe more technical.
Does anyone have any good recommendations? Thanks!
Edit: if you are like me, and learning about this stuff, here is an interesting and hilarious episode of mini-stories from Darknet Diaries: https://darknetdiaries.com/episode/22/
8 votes -
Matrix.org data breach
26 votes -
Losing Face: Two More Cases of Third-Party Facebook App Data Exposure
8 votes -
Does anyone here work in infosec? If so, which laptops are you allowed to use?
I’ve recently gotten to speak with a few folks who work at an enterprise security company. I asked what their security researchers set as company rules for allowed laptops. My one datapoint so far...
I’ve recently gotten to speak with a few folks who work at an enterprise security company. I asked what their security researchers set as company rules for allowed laptops. My one datapoint so far is “Dell or Apple.” So for example, no Thinkpad X1 Carbon, which is arguably the best work laptop.
I am curious what other large security companies (or any of you security minded folks) set as rules for trusted laptops. Can anyone share their lists and theories as to why I heard Dell and Apple? BIOS is more trustworthy?
10 votes -
The 773 Million Record "Collection #1" Data Breach
24 votes -
Google Releases Security Updates for Chrome (Remote Code Execution?)
5 votes -
Tunneling into a private network through JavaScript
7 votes -
Reddit servers breached; full backup from 2007 (including hashed+salted passwords) obtained by attackers
77 votes -
Exposing the secret Office 365 forensics tool
10 votes