"Your gut instinct is all your life experiences telling you what's up. Trust that."
"Every conversation is predicated on the idea that we are here to listen first, and speak second."
"Don't be content knowing someone else is wrong. Be able to explain in detail why they're wrong."
"If someone calls you out, listen and ask questions. A lot of time they're just an asshole. Sometimes you're just an idiot."
Valuable life lessons. Introspection, critical thinking, open-mindedness.
We did not have the knowledge to make that theoretical attack material. That classmate is one of the most clever people I have met.
It is hard to assign a value to the ability to think outside the box. Pull together all the things you have ever learned and attempting to draw lines between disparate points.
I learned a lot from them.
A classmate of mine workshopped that IPv6 attack in a basic networking class years ago. An offhand remark that Windows preferred IPv6 when available lead to dropping just dropping an IPv6 router. They realized that would be unstable. We landed on the idea of selective DNS attacks.
This attack/tool is mature and uses knowledge we did not have. Still, interesting how far ahead that friend was. Thinking like an attacker since day one.
The mature attack here: https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/
Every once in a while I will remember that Uber had a black ops security team and was stupid enough to put them on the books.
If you plan on committing crimes on behalf of anyone, or paying someone to commit crimes on your behalf, make sure the first criminal you employ is a money launderer so that your crimes do not show up on your payroll.
Out of curiosity, is anyone working on u2f (I.e. yubikey and similar) integration? I know there's TOTP, mind, but the issue (#562) I found on GitHub has no comments.
Otherwise I might have a project to add to my excessively large project pile...
I might as well post this here. I wrote a medium post about creating online identities and how I manage mine.