I had a really awesome boss who probably overshared about stuff like this but a lot of it also comes with general distrust in the business world. People are out to make a buck and they'll do it anyway they can. Every…
Do you use an external monitor? That's the most important part of the setup, IMO. I said two monitors but what I mean is one for each location - many people I know seem to prefer two but I think it's an antipattern…
Thanks for the tip, I learnt this a long time ago, I've also moved into an industry where dealing with recruiters would probably indicate other issues like lack of ability to research prospective employers, etc. I'm…
Probably likely to do with the toolkit used to build the Windows version and inability or unwillingness to port it to Mac. They really need to start from scratch and build solid, easily testable product because the…
> For the most part, it sits on one of two desks that I use or it sits on my lap on the train. If this is the case, do yourself a favor and go and buy two ergonomic screens, keyboards and mice - one for each location.…
I would recommend against using Office 365 web ui for word/excel etc, I'd also recommend avoiding the MacOS Office build for the same reason: They're both buggy as hell, the type of bugs that will make your document…
So your comment is vaild. Having strict and not-strict validation would be a nice compromise though (:
My personal JSON Pet hate is: ``` x = [ "Foo", "Foo2", ] ``` Is not valid, but the following is: ``` x = [ "Foo", "Foo2" ] ``` Makes dealing with packer configs feel like punching yourself in the face. I still prefer it…
Funny that you namedrop like three security products but fail to evaluate which hypervisor should be used, which is probably the most important part of a secure environment if unauthorized code execution fits in your…
I don't fully understand why everyone gets upset over browser leaks when in private mode - most websites interested in tracking private sessions will just associate private and non-private sessions by IP address. If…
For those interested: https://en.wikipedia.org/wiki/Kaspersky_bans_and_allegations...
From the article 'Key Negotiation of Bluetooth'. Basically, researchers started naming vulnerabilities when they thought they mattered. 'Shellshock' and 'EternalBlue' are both deserving of names, IMO. Then researchers…
Renaming executables to explorer.exe worked with the application whitelisting solution my school implemented. That's how we ended up with 8-player age of empires 2 deathmatches after hours ;)
Seems silly to care so much about your tethered connection when the average home network has a bunch of computers, random IOT kit, a end-of-lifed smart TV, friends mobile devices and the random MAC addresses in your…
Grantparent poster here. Hrm, you're right, I remember purchasing keys 'lighter' than browns, possibly silvers. They're very light, but I'd probably prefer 'too light' over 'too heavy'.
Yeah but 'APTs' are generally shitty low end numbers-game attacks that target HR with terrible macro based malware to breach company perimeters. Unless you're emulating nation state actors, your ideology of a 'red team'…
Size, Content. Pick one. I'm not suggesting it's a good idea, but it's there. I'm sure there's more minimal, and less minimal options available. I don't think there's any security impacts with using alpine Linux…
I've heard some interesting arguments about publicly dropping 0days to make organisations pull their heads in - Places like Microsoft which historically weren't -great- at security 'deserved' it. I'm not saying that…
It's both: "A successful attack depends on conditions beyond the attacker's control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort…
CVSS is an insane rating system made for a simpler time by antiquated practices which doesn't account for many factors either well if at all. Hover your mouse over each button https://www.first.org/cvss/calculator/3.0 .…
Most / all software has a disclosure policy, send your vulns privately and provide/negotiate a public disclosure date. Not doing so is an asshole move. In this case, the solution would be to track down distributions…
Slightly offtopic, but are vulns related to overflows no longer pocced publicly or are there mitigating factors which make exploitation impossible (eg K/ASLR etc)? The specific CVE listings I'm referring to are:…
Alpine Linux is a reasonably small (20mb) Linux distribution, I've seen it run on bare metal but it's more common to see it in Docker environments. Building minimal bootable to be very small is possible, but is…
So it's a less audited application than *SSH that the author is recommending over SSH because it doesn't require user authentication but runs in a daemon with root privs?
As a resident of a western country, I don't fully understand how to implement or test Unicode compatibility on my browser, website, terminal, etc. Is there a test suite of characters I can use to validate etc?
I had a really awesome boss who probably overshared about stuff like this but a lot of it also comes with general distrust in the business world. People are out to make a buck and they'll do it anyway they can. Every…
Do you use an external monitor? That's the most important part of the setup, IMO. I said two monitors but what I mean is one for each location - many people I know seem to prefer two but I think it's an antipattern…
Thanks for the tip, I learnt this a long time ago, I've also moved into an industry where dealing with recruiters would probably indicate other issues like lack of ability to research prospective employers, etc. I'm…
Probably likely to do with the toolkit used to build the Windows version and inability or unwillingness to port it to Mac. They really need to start from scratch and build solid, easily testable product because the…
> For the most part, it sits on one of two desks that I use or it sits on my lap on the train. If this is the case, do yourself a favor and go and buy two ergonomic screens, keyboards and mice - one for each location.…
I would recommend against using Office 365 web ui for word/excel etc, I'd also recommend avoiding the MacOS Office build for the same reason: They're both buggy as hell, the type of bugs that will make your document…
So your comment is vaild. Having strict and not-strict validation would be a nice compromise though (:
My personal JSON Pet hate is: ``` x = [ "Foo", "Foo2", ] ``` Is not valid, but the following is: ``` x = [ "Foo", "Foo2" ] ``` Makes dealing with packer configs feel like punching yourself in the face. I still prefer it…
Funny that you namedrop like three security products but fail to evaluate which hypervisor should be used, which is probably the most important part of a secure environment if unauthorized code execution fits in your…
I don't fully understand why everyone gets upset over browser leaks when in private mode - most websites interested in tracking private sessions will just associate private and non-private sessions by IP address. If…
For those interested: https://en.wikipedia.org/wiki/Kaspersky_bans_and_allegations...
From the article 'Key Negotiation of Bluetooth'. Basically, researchers started naming vulnerabilities when they thought they mattered. 'Shellshock' and 'EternalBlue' are both deserving of names, IMO. Then researchers…
Renaming executables to explorer.exe worked with the application whitelisting solution my school implemented. That's how we ended up with 8-player age of empires 2 deathmatches after hours ;)
Seems silly to care so much about your tethered connection when the average home network has a bunch of computers, random IOT kit, a end-of-lifed smart TV, friends mobile devices and the random MAC addresses in your…
Grantparent poster here. Hrm, you're right, I remember purchasing keys 'lighter' than browns, possibly silvers. They're very light, but I'd probably prefer 'too light' over 'too heavy'.
Yeah but 'APTs' are generally shitty low end numbers-game attacks that target HR with terrible macro based malware to breach company perimeters. Unless you're emulating nation state actors, your ideology of a 'red team'…
Size, Content. Pick one. I'm not suggesting it's a good idea, but it's there. I'm sure there's more minimal, and less minimal options available. I don't think there's any security impacts with using alpine Linux…
I've heard some interesting arguments about publicly dropping 0days to make organisations pull their heads in - Places like Microsoft which historically weren't -great- at security 'deserved' it. I'm not saying that…
It's both: "A successful attack depends on conditions beyond the attacker's control. That is, a successful attack cannot be accomplished at will, but requires the attacker to invest in some measurable amount of effort…
CVSS is an insane rating system made for a simpler time by antiquated practices which doesn't account for many factors either well if at all. Hover your mouse over each button https://www.first.org/cvss/calculator/3.0 .…
Most / all software has a disclosure policy, send your vulns privately and provide/negotiate a public disclosure date. Not doing so is an asshole move. In this case, the solution would be to track down distributions…
Slightly offtopic, but are vulns related to overflows no longer pocced publicly or are there mitigating factors which make exploitation impossible (eg K/ASLR etc)? The specific CVE listings I'm referring to are:…
Alpine Linux is a reasonably small (20mb) Linux distribution, I've seen it run on bare metal but it's more common to see it in Docker environments. Building minimal bootable to be very small is possible, but is…
So it's a less audited application than *SSH that the author is recommending over SSH because it doesn't require user authentication but runs in a daemon with root privs?
As a resident of a western country, I don't fully understand how to implement or test Unicode compatibility on my browser, website, terminal, etc. Is there a test suite of characters I can use to validate etc?