Some people should not be allowed anywhere near networked computers. Just... - opsec - kbin.social

datenwolf, 21 days ago

Some people should not be allowed anywhere near networked computers. Just participated in some EU research project kick-off meeting…

> We have a 250TB storage system for our data with "RAID-6 backup".

> You can reach it under hʇʇp://foobar‍.‍fnord‍.‍fail (it's a HTTP 301 redirect to some IP in a university's address range; no TLS; plaintext HTTP).

Ã̵͔̏̐͗̍a̸͍̅̑̔̚a̶͔̲͛̔̄͘r̸̠̙̻͚̾̑͂r̴̭̞̫̜̍̇g̵̘͚͙̫̊̿͠g̸̢͍̣̗͊̒̏̓̕ǵ̶͍̠͔̲̟̔̎͌̓h̶͔͈̜̦̋ḩ̴̱͆͠ḣ̴͉h̶̞̺̟͂̈́̀ ← my headspace

#itsec #opsec

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

Image

Image alternative text

datenwolf, 21 days ago

I mentally crossed that threshold where I think, that every publicly funded project by law should be enforced to have at least one hire with 𝕒𝕝𝕝 𝕥𝕙𝕖 𝕔𝕖𝕣𝕥𝕚𝕗𝕚𝕔𝕒𝕥𝕚𝕠𝕟𝕤¹ on the payroll with the sole role of managing the IT stuff.

¹: I don't care that having the certs doesn't mean, they're actually competent. I'd be perfectly contempt with some checklist checking button pusher who at least memorized by rote some "best practices" and does a 40% job. That'd still be better, than current affairs.

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

ArneBab, 21 days ago

@datenwolf wouldn’t it suffice (or be better) to require Universities to have enough permanent IT staff who will support projects?

And to require them to sign-off the IT plans of any project?

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

Federation

Status:

Instances:

/m/opsec

Thread

datenwolf

@datenwolf@chaos.social

Added: 21 days ago
Online: -
Boosts: 0

Magazine

opsec

@opsec@kbin.social

What is OPSEC?

/m/opsec is dedicated to Operations Security (OPSEC), a strategic methodology geared towards minimizing vulnerabilities and reducing risk.

Initially stemming from military practices, OPSEC's scope has widened substantially, now playing a crucial role in a broad spectrum of areas such as law enforcement, digital security, residential safety, travel precautions, and beyond.

Remember, OPSEC is far from a simple checklist or a matter of using a VPN and maintaining discretion.

It encompasses various elements of security: INFOSEC (information security), APPSEC (application security), NETSEC (network security), COMSEC, TRANSEC, SIGSEC, EMSEC (communication, transmission, signals, and emission security), PHYSEC, PERSEC (physical and personal security), and even (CO)INTEL (counterintelligence).

Our objective in this community is to instill the OPSEC mindset: an objective view towards security that can be applied to any mission or plan.

The OPSEC Process

Identify the information you need to protect
Analyze the threats
Analyze your vulnerabilities
Assess the risk
Apply countermeasures

Understand your own risk/threat model: Who is your adversary? What needs protecting?

The OPSEC Two-Step: Know what to protect and know how to protect it.

Rules

Magazine Rules

Don't post without reading the rules thread or your post will be removed, and you may be banned.
Don't give advice without knowing the user's threat model first. If you proceed to give advice when the OP has not explained their threat model, you will be banned.
Don't offer single tool solutions (e.g. VPN, bitcoin, Signal) when the threat model isn't clear
Don't give bad, ridiculous, or misleading advice (e.g. "you can't get arrested if you use Tor")
Don't ask for help or help others in illicit and unlawful activities (e.g. "I want to buy drugs on the internet").
Don't post without mentioning your threat model, unless it's a post about how to threat model.

Created: 11 months ago
Owner: operator
Subscribers: 34
Online: -

Moderators

operator

Active people

Related posts

Well this is terrifying. As usual big thanks to @josephcox for this important journalism....

Show more

4 months ago to journalism

📚 Just completed the 'Basics of Personal Threat Modeling' course by @privacyguides 🛡️...

Show more

20 days ago to Cybersecurity

Proton have a _ service:...

Show more

23 days ago to security

#ExpressVPN User #Data Exposed Due to Bug...

Show more

3 months ago to privacy

Support Us