There was another #Pittsburgh#apartment and it’s like everyone’s apartment just has an Ethernet cable that runs to some sort of router/switch that somehow provides everyone Ethernet. No idea how that works or if that’s how big apartments do it now, or how safe/secure it is.
Anything like that would be run through a NAT router where the uplink side is considered “Wild West” or whatnot.
It’s getting so hard for me to keep up with this stuff.
I guess it depends on if all the apartments individually are on VLANs.
Adding in a router would add double-NAT but assuming no DMZ or port forwarding, it should isolate it decently. (I would probably only do banking stuff over cellular connection.)
I think a four-unit mom and pop has a much bigger risk of not using VLANs and instead SOHO crap than a couple hundred unit complex.
For anyone that ever wanted to get some threat hunting experience, feel free to join us on March 20th for our monthly workshop, this time we will be tackling the MITRE ATT&CK Tactic of Initial Access! Hope to see you there!
I saw a parking fare payment device today that had its Internet-facing IPV4 address (maybe for the cellar modem?) displayed on the front panel. It was at the bottom of the screen along with some other stuff.
Is that a security problem? I probably wouldn’t have designed it to show that IP address. But maybe depending on how security is set up that might not be all that useful to an attacker? (Not an IT security export here.)
Hey, Mastodon! Indiana's attorney general has created an anti-teacher snitch portal for people to report school teachers for being too woke. It allows you to upload files and everything!
There appears to be no safeguard against entering any text you want in any of the boxes, and no location/residence checking.
@Itchy@Sean@ergative this suggests to me the security could be wonky too. There's tweaks that even modest programmers such as myself can implement to prevent common attacks like SQL injection in forms, but if their #itsecurity game is exceptionally weak (these anecdotal reports I'm seeing do not inspire confidence lol) a simple attack like that could be easy do a lot of damage. Like wipe out the cache or the database.. How fun! 😸
If you are someone working in #IT or #itsecurity I highly recommend the books by British #SF author #CharlesStross especially his Laundry Files series of novels. Why? Well, he's one of us! No other author I've read actually knows his way around a CLI, has administered computers himself and still cares about #Linux & other geeky IT stuff like Charlie. Ok, the other exception being #nealstephenson who used to be an engineer and famously had one of his protagonists use the #emacs editor in #Cryptonomicon. He's here on Mastodon @cstross and one of the nicest "famous" people to follow since he actually replies to and engages his followers while others just push their latest work and ignore your comments or questions.
❤️ Happy Valentine's Day from your Nitrokey team! We even have a present for you! ❤️
📣 Nitrokey is giving you the privacy screen protetor and the protective case for your NitroPhone 3a in our Valentine's Bundle! Let us give you a present and start your safe smartphone use without any worries. 😍
Oopsie... Shane Jones, software engineering manager at Microsoft, has discovered vulnerabilities in #OpenAI’s#DALL-E 3 in early December, allowing users to bypass safety regulations. he sent his concerns in a letter addressed to US #Senators and Washington State Attorney General Bob #Ferguson.
Jones reported the #vulnerability to #Microsoft and was instructed to pass the issue directly to OpenAI, which he did. #privacy#malware#dataprotection#itsecurity
The BlackBerry research team reports on a financially motivated threat actor that is targeting banks and cryptocurrency trading entities. The malware seen in these attacks is the #AllaKore RAT (remote access trojan) that contains a suite of capabilities and the targets were organizations that had a large revenue.
Through the analysis, the team was able to identify some PowerShell scripts, the user-agent used by the malware, and the ability to capture input text and screen captures. You can find more technical analysis in this report that I haven't mentioned! Enjoy and Happy Hunting!
My colleage David Walter will show that and how 5 M users in a school cloud on state level are possible, in #OpenSource, fully compliant with European law, without spyware and US entities having access.
Try that with PHP...
Seeking feedback and ideas to fill in the blanks in this IT #security Skill Tree! Colour in the boxes and level up your skills. Open source, draft copy available on the Github. https://github.com/sjpiper145/MakerSkillTree
IT security question. I’ve always thought that using hotel WiFi was “Unsafe at Any Speed”.
Even if you have a VPN, there’s some sort of open portal you need to access to get online, and my understanding is a lot of the WiFi is not encrypted at all and depends on sites and apps using SSL/TLS. And there are ways to do “HTTPS inspection” to crack into the data.
Or someone using rogue DNS to reroute and steal login credentials.
Ending the mini-series that covers the Cisco Talos Intelligence Group's Year In Review report, we will be diving into the MITRE ATT&CK Technique T1068, Exploitation for Privilege Escalation. This technique falls under the Tactic of Privilege Escalation (TA0004) and has no sub-techniques. This technique can be seen when adversaries "exploit software vulnerabilities in an attempt to elevate privileges" (https://attack.mitre.org/techniques/T1068/) and has been used by groups like #ScatteredSpider and seen in the #Stuxnet malware.
IN another example, the #REvil ransomware-as-a-service group used this technique when they targeted the Microsoft Windows Malware Protection Engine and abused it by side-loading a DLL that executed the ransomware. Of course, I can't leave you empty handed, so here is the Community Hunt Package that you can use to hunt for that activity!
Aktuell sichere ich meine Daten einfach per Restic.
Nachteil:
Auf den Geräten liegen die Zugangsdaten zum Backup.
Wie könnte ich sowas so bauen, dass die Geräte gesichert werden, aber nichts löschen können?
Und es muss verschlüsselt sein. Ich vertraue zwar meinem Speicher-Anbieter und mir selbst Zuhause meine Daten nicht mutwillig zu zerstören, aber wer weiß ob es mal verloren geht.