From the "dare to ask dept": how do you handle it when a customer *demands* an insecure solution? We're talking plain-text, EOL software with proven vulnerabilities, unsupported runtime (like, PHP 5.3) and all of that combined to form one platform. Is it okay to say no?
Any other compliance publications/guidelines of interest and relevance specifically for #Australia around data security at rest/in motion similar to UK's GPG13/PMO, NIST or US' HIPAA? I have #OAIC's Privacy Act and Australian Signals Directorate - Information Security Manual to start with. Currently doing research on compliance requirements in Australia around data security.
Issue with purchasing my exam voucher for this cert: I have to choose a country location but I won't be here when I'm ready to take it.
So, it looks like I'll be taking the exam in France, instead of my home country.
It's kind of demoralizing to see all of the twitterfamous #infosec people talking about how they got into the field, it seems like it's all "taught myself C at 5; hacked the gibson at 8".
Meanwhile my family wasn't wealthy enough for me to have a computer and I was too geographically to get a lot of the cultural experiences that others have.
I'm extremely lucky and privileged that I am where I am, I just can't help but compare my journey to others. :(
I'm researching the topic in light of a "leak" of the Luxembourgish parliament (documents not meant for the public were public if you knew the url, as all documents were sequentially numbered, somebody stumbled onto it by using an automated downloader and later told the press about it)
-is there a big difference between people stumbling onto vulnerabilities vs. "ethical hackers"/security reseachers searching for them?
-should both groups being treated equally?
Writing an article on data loss prevention systems and strategies.
Hey #InfoSec, I am starting to look for a new phone and am considering #Copperhead:
Any thoughts? Is it worth its salt?
Interesting series of blog posts:
"Unusual Journeys into Infosec"
@superruserr I didn't use any specific resources to study, I just looked up topics ad hoc, starting with their course PDF and then moving onto Google/StackOverflow/etc.
I didn't look at any other certs/courses, but AFAIK there's nothing really comparable out there.
I paid out of pocket and now that I've passed my employer will reimburse it.
Working full time with few other commitments. I spent maybe 4 hours/night on it then took ~2 months off between lab time and the exam (not smart!)
@superruserr I'm in an infosec role already, but more on the development side of things. I had some familiarity with almost all of the topics in the course, at least conceptually. I was already very comfortable with buffer overflows, so that part was no problem.
The closest thing to a CTF I had done beforehand was Microcorruption a few years ago, and I did the Kioptrix series of vulnhub VMs right before starting the course.
Behind the scenes of a Windows speed dating event.
Has anyone taken the Comptia PenTest+ Beta exam yet?
So, in the fediverse, we clearly see the furries, the trans community, the infosec/hackers, the witches, and the writers.
Something that I realized last summer, that was very missing before this platform... all the classical goth types from to 80's-90's....
Almost all of my tribe had gone extinct it had seemed.
I have rediscovered many of the surviving coterie here in the fediverse. For that,I am truly thankful.
I see you quiet, grim-faced friends.
I recognize you.
Happy you're here.
If you're in need of the most affordable/least administrative overhead configuration management system... let me know.
how do you all store malware sourcecode you want to study? simply in virtual machines with no shared disk with the host?
Curiosity's a driving force.
Followup! Recently wrote: Understanding the exchange between SFTP Client and SFTP Server https://www.sftpplus.com/articles/2018/sftpplus-exchange-sftp-server-client.html