[a / b / c / d / e / f / g / gif / h / hr / k / m / o / p / r / s / t / u / v / vg / vr / w / wg] [i / ic] [r9k / s4s / vip / qa] [cm / hm / lgbt / y] [3 / aco / adv / an / asp / bant / biz / cgl / ck / co / diy / fa / fit / gd / hc / his / int / jp / lit / mlp / mu / n / news / out / po / pol / qst / sci / soc / sp / tg / toy / trv / tv / vp / wsg / wsr / x] [Settings] [Search] [Home]
Board
Settings Home
/g/ - Technology



Thread archived.
You cannot reply anymore.



Cypherpunk Manifesto >>https://www.activism.net/cypherpunk/manifesto.html

◘ Cyberpunk Manifesto >>http://project.cyberpunk.ru/idb/cyberpunk_manifesto.html

∆ Hacker Manifesto >>http://phrack.org/issues/7/3.html

± Guerilla Open Access Manifesto >>https://archive.org/stream/GuerillaOpenAccessManifesto/Goamjuly2008_djvu.txt

▓ Fables, realities, prophecies and mythology of a community:

░ What is cyberpunk >>https://pastebin.com/hHN5cBXB

▀ The importance of a cyberpunk mindset applied to a cybersecurity skillset.: >https://www.youtube.com/watch?v=pcSlowAhvUk [Embed] [Embed] [Embed]

● Cyberpunk directory: >https://pastebin.com/VAWNxkxH

▬ Cyberpunk resources >https://pastebin.com/Dqfa6uXx

▐ Cybersecurity essentials/resources

>https://pastebin.com/SCUbhpjP
>https://pastebin.com/VTXRAPxM

Cntrl + F Basic Knowledges, Basic Training, Arms/Arm >https://pastebin.com/rMw4WbhX

▼ Endware: Heavy armor for anons, by anons >>https://endchan.xyz/os/res/32.html

⦿ Shit just got real: >https://pastebin.com/rqrLK6X0

S archive: https://textfiles.com

Cybersecurity essentials/resources:
Reference books:
>https://mega.nz/#F!YigVhZCZ!RznVxTiA0iN-N6Ps01pEJw
>PASSWORD : ABD52oM8T1fghmY0

ftp://collectivecomputers.org:21212/Books/Cyberpunk/

Last thread, sadly, always remember to post the subject:
>>65872208

OP message:
First time creating this thread, used the same image as the previous OP.
>>
>>65918315

When are you too old to get into InfoSec?
>>
how do I figure out if I'm a brainlet or not?
I want to train up for a cybersec apprenticeship
>>
>>65918315
Good to be backkkkk!

>>65918772
When you are too old to work 18 hour days.
>>
>>65918827
Hard to tell without knowing your background. I'd suggest beginner ctf's to see if your mindset takes you into the right direction
>>
>>65918896

Let me rephrase it:
"When are you too old that some company will actually hire you, when you have a background in programming / databases but not in any InfoSec related field?"
>>
>>65918827
You can succeed in one of two ways.
Sheer brilliance: everything is easy and you just breeze through it all. Very, very few are there
Hard work: An excellent substitute for the above.
>>
>>65919157
I mean I've never programmed anything in my life, I haven't even used a computer in a year in all honesty because I went kaczynski-mode
I'll try those ctfs and see how I fair but if I'm awful at them where else do I start?
is getting into cybersec a pipedream or can anyone do well if they put in enough hours?
how do I practice what I learn?
>>
Bump
>>
>>65919489

I'm not an cyber security guy myself, but I think some basic knowledge about programming in C, Python, Assembly as well as having an idea about networking (something like CCNA) surely helps.
>>
>>65918827
I know I'm a tech brainlet. I want to encrypt and password protect files on Ubuntu but it seems so complicated.
>>
>>65919489
You might want to check the FAQ.
>>
>>65919192
My impression from my time as a programmer is that companies definitely prefer fresh meat: peak performance is expected at 25 and you are too old to continue at 40.

Peak performance means you will be on a slave ship working 70+ hour weeks. At 40 you have to be in a more management style job, or you will be kicked out with some strange explanation which will have no bearing on reality.
>>
BUMP FOR DEFCON
>>
>>65922004
Thanks. Another somewhat quiet day here.

>>65918827
Another thing about working in /sec/: you will have to keep updated, continuously. Zero day is hot, two day is not. So:


=== /sec/ News:
>Containers and license compliance
https://lwn.net/Articles/752982/
>So he looked at the Docker equivalent of "hello, world"; he used Debian as the base and had it run the echo command for the string "Hello LLW2018". In order to make that run, the image contained 81 separate packages, "just to say 'hi'". Beyond that, there is support for SELinux and audit, so the container must be "extremely secure in how it prints 'hello world'".

Extremely secure? You wish. However

>People do "incredibly dumb stuff" in their Dockerfiles, including adding new repositories with higher priorities than the standard distribution repositories, then doing an update. That means the standard packages might be replaced with others from elsewhere. Once again, that is a security nightmare, but it may also mean that there is no source code available and/or that the license information is missing. This is not something he made up, he said, if you look at the Docker repositories, you will see this kind of thing all over; many will just copy their Dockerfiles from elsewhere.

Right. And what does this mean?

>But it gets even worse, Hohndel said. Most people start with a Dockerfile they just find somewhere. If you look at the Dockerfile for Elasticsearch, for example, it installs gosu and uses the Dockerfile for OpenJDK 8, which in turn uses other Dockerfiles. One of those is for Debian "stretch", which also updates all of the packages.

>He has done a search of official Docker images and did not find a single one that follows compliance best practices. All of the Dockerfiles grab other Dockerfiles—on and on.

Anyone care for security?
>No one wants to hear about these problems, Hohndel said; he has tried.
>>
There is a Cyberpunk group on Deviantart:
https://cyberpunks.deviantart.com/gallery/
A bit mixed but some is good.
>>
>>65922122
Oldfag here, chiming in with a shot from the peanut gallery. Docker had the fanboi smell from Day 1. Anytime you have "new and fresh" tech that suddenly has a popularity contest around it, that's a sure sign something's fucked about it. Subjugating your reason and logic to "but everyone else is doing it" is not the hallmark of a person who knows their shit.

>systemd
Aggressive marketing campaign, project scope creep, large project size that makes auditing difficult, and now chunks of "modern" Unix desktops are hard-linked to it, making some projects Linux-only. Yes, it works - but beyond the command interface, do you really know what it's doing?

>docker
A rehash of jails, but it pulls down chunks of unaudited code from the Internet. What could go wrong? And now someone is pointing out that the jails won't save you from a shitty jail design. Another example of putting your brain in the denture glass and just drinking the kool-aid.

what comes next? Windows is already rife with this shit:
>Chrome
Phones home for every-fucking-thing.
>Mozilla
Paid ads are now a standard feature in the start page. No tracking here, move along.
>Windows 10
Phones home for a whole lot of shit.

It's not getting better, but that doesn't mean you need to go full Una in da woods.
>get older non-Intel CPU
AMD isn't perfect but it's cheaper and doesn't have Intel's backdoor bullshit. Old RISC stations are pricey and difficult to maintain, but if you have the knowledge, can be made into semi-airgap systems.
>Non-Windows OS
Suck it up. FreeBSD if you want 3rd party maintenance, or Gentoo if you want to roll your own. Debian drank the kool-aid starting at version 8, and it's just getting worse. Ubuntu is a regrettably necessary joke.
>stock up with as much RAM as possible.
The bullshit about "you only need" will kill you when you start getting serious about doing shit.
>make your firewall bidirectional
catch shit trying to phone home
>>
>>65922122
>Another thing about working in /sec/: you will have to keep updated, continuously. Zero day is hot, two day is not
And this is why it makes sense to write a crawler that scans sources and pulls articles like this. Give it some targets and then aggregate that shit into a private RSS feed, all from the comfort of your own server.
>>
>>65922592
>>make your firewall bidirectional
What, specifically, is a good way to do that? A lot of stuff that spies on you phones home over ordinary HTTPS on TCP 443. Is there any alternative to having to manually sniff traffic and look for IPs you don't like the look of and playing whack-a-mole with them? That sounds dubiously practical.
>>
>>65922592
>Intel's backdoor bullshit

AMD has it too, actually.
>>
>>65923037
I know. A quick search turns up
>https://en.wikipedia.org/wiki/AMD_Platform_Security_Processor
but it hints that CPUs from 2012 on backwards may be acceptable. Not really sure if that is true, but it would be worth a look.

>>65923007
You'll have to do a MITM via web proxy. You would need to:
1. issue your own CA
2. put your private CA cert on your browsing machine
3. use the proxy
4. have the proxy re-write traffic

By the way, this is what commercial products do for businesses - they do what is supposedly a transparent intercept, but in reality they simply MITM the certificate, using the scanning device as a CA, and the CA is installed on everyone's machine. It sounds ass-backwards but if you control the CA, the cert, and certainly the proxy (not a commercial product) then you'll have a fighting chance. You could probably do something like this with OpnSense (which was forked form PfSense).
>>
>>65923007
Another potential option is to Snort that crap and have something home-brewed that would auto-whack-a-mole the connection when it starts seeing bullshit. Probably waaaaay too complicated and/or intensive to actually get it set up, but you get the idea.
>>
>>65923037
Not sure but it looks like the FX series of AMD chips may have been the last "non-manageable" chips.
>>
>>65922592
>Docker had the fanboi smell from Day 1.
Another set of examples are the Javascript libraries. Got a task? Start by loading up a GB of libraries, each relying on others. Indeed, what could possibly go wrong?

Reminds me of that mother of all crypto disasters in Debian. The security hole was large enough to fly an average sized gas giant through effortlessly. It is inconceivable that this was not picked up by at least half a dozen alphabet soup agencies for the duration it festered.

So now dockers have Debian deep down. Yes, that should be fine.
>>
>>65923274
>Another set of examples are the Javascript libraries
Don't get me started. Install uMatrix and then watch as websites **load the latest code version dynamically from some other website on the fly**, all because it's "maintenance free". Which means, as a webmaster, you have no fucking clue what it just loaded. If a Javascript library becomes compromised, great, you just passed the compromise to hundreds, thousands, tens of thousands...who knows.

I can understand "we want the latest and freshest so we are always patched" but semantically downloading and approving the patch is not the same as simply offloading the entire patch direct from the source - notice the missing "approving the patch" when I said "direct from the source". There's no audit, no reading notes from the vendor, no nothing.

And this is what passes for good web design.
>>
>>65923360
Oh yes. Web design. Loading scripts (including Google analytics) plus fonts from Google makes for incredible traffic analysis. Just open a web page and BRAFFFF! about 200 files are downloaded from Google. Plus a smattering from dozens of project web pages. Plus css files. And FB. And Apple.

At least the FAQs are without external dependencies.
>>
>>65924169
I want to see a re-write tool that allows you a one-time download of their bullshit (minus Google's infamous urchin.js crap) such as fonts, so when you go to some webpage, it pulls local cached copy from your server. No tracking, no bullshit, and the page renders.

Fuck, this should be a github project from an anonymous coder. A transparent business-grade web proxy that does TLS intercepts using your own private CA, pulls and updates various library files (after approval and scanning), pulls and updates fonts, etc. When your client connects it connects via proxy, it receives the "approved" scripts, fonts, pictures, and any other elements. It would effectively limit traffic to pure HTML, chunks of CSS, and maybe a few other bits like streams, but the rest? Fuck that noise.
>>
>>65924299
>this should be a github project from an anonymous coder
Very much agreed.

I think the simplest would be to bootstrap this off an existing project such as Smoothwall, which also has a reasonable ecosystem. It also has Snort which I consider also a must.
>>
>>65924299
>Protects you against tracking through "free", centralized, content delivery. It prevents a lot of requests from reaching networks like Google Hosted Libraries, and serves local files to keep sites from breaking. Complements regular content blockers.

>[...] It comes bundled with a fair amount of commonly used files, and serves them locally whenever a site tries to fetch them from a delivery network. This saves bandwidth, and protects your privacy.

>Decentraleyes complements regular content blockers (e.g. uBlock Origin, and Adblock Plus).

https://addons.mozilla.org/pt-BR/firefox/addon/decentraleyes/

>What does it do to protect me when it has no choice but to allow a request?

>Even if a resource is not locally available, Decentraleyes offers improved protection by stripping optional headers from intercepted CDN-requests. This keeps specific data, such as what page you are on, from reaching delivery networks. Whitelisting a domain does not affect this measure.

https://github.com/Synzvato/decentraleyes/wiki/Frequently-Asked-Questions

Done.
>>
>>65924609
Thoughts on OpnSense?
https://opnsense.org/

It's the PfSense fork I was talking about, using FreeBSD bits.
>>
>>65924900
>https://opnsense.org/
That one is new to me, I'll have to take some time to look into that. Heritage seems to be from Monowall.
>>
>>65924950
I think monowall begat pfsense begat opnsense. The big spat in 2017 was that pfsense announced they were gonna require AES-NI, which a lot of people who were running it on old C2D boxes and such didn't like. Supposedly part of the reasoning behind this was that the pfsense folks didn't much like the people who were just home users that would never buy their branded hardware or paid support. I don't know how much truth there is in that, but I know opnsense is specifically supporting anything x86-64, AES-NI or no. I think some of the people who forked thought pfsense was being too slow to release updates too.

Disclaimer: I no longer run pfsense and never did run opnsense, this is just stuff I heard on the internet.
>>
>>65922592
So much truth here.
>>
File: daybreak2.gif (123 KB, 640x480)
123 KB
123 KB GIF
Emergency page 10 bump
>>
Just got it at Steam Sale, Jesus fucking Christ it feels more hectic than Hotline Miami
>>
bump
>>
bump 2
>>
>>65929519
>>65929754
Thanks. I am surprised it is so quiet here today.

LWN has a regular column on security well worth following, so here goes:

=== /sec/ News:
>Security quotes of the week
https://lwn.net/Articles/753373/
>With a $300 Proxmark RFID card reading and writing tool, any expired keycard pulled from the trash of a target hotel, and a set of cryptographic tricks developed over close to 15 years of on-and-off analysis of the codes Vingcard electronically writes to its keycards, they found a method to vastly narrow down a hotel's possible master key code. They can use that handheld Proxmark device to cycle through all the remaining possible codes on any lock at the hotel, identify the correct one in about 20 tries, and then write that master code to a card that gives the hacker free reign to roam any room in the building. The whole process takes about a minute.
>— Andy Greenberg in Wired

It makes you wonder how much is out there, just waiting for some auditing.

>Samsung Smart TV. During the first minute after power-on, the TV talks to Google Play, Double Click, Netflix, FandangoNOW, Spotify, CBS, MSNBC, NFL, Deezer, and Facebook—even though we did not sign in or create accounts with any of them.
>— The Center for Information Technology Policy at Princeton announces its IoT Inspector project

Another case of "What could possibly go wrong?"
>>
>>65930008
Yeah, sadly it is. I think that's because a lot of the people live in the US (I live in Europe).
>>
One of the 4 guys who has any idea what they are talking about returning for duty. I miss anything since I've been gone. I see the thread is still around
>>65919464
Most people I have met who are any good are a mix of the two, but hard work is more important.
>>65919192
If you are following the standard track, you will be booted to management or technical lead by mid 30s. If you are good though, I will hire you no matter what age you are.
>>
https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now
>>
>>65930661
full details are being released tomorrow it seems.
>>
>>65930661
That reads like something that was known by the alphabet soup agencies years ago. Or am I too conspiratorical here? I guess there is a buffer overflow somewhere that causes autorun of whatever is decoded when automatic PGP is enabled.
>>
Worse, it can be used to decrypt past emails:
https://twitter.com/mikko/status/995927790829670400
>>
File: T_BR_LJO_00019a-min[1].jpg (113 KB, 1000x801)
113 KB
113 KB JPG
>>
>>65931579
more br kino
>>
>>65931719
>>
bump
>>
File: 1526077777817.jpg (156 KB, 600x936)
156 KB
156 KB JPG
Bump with Destiny.
>>
bump
>>
>>65930391
Unfortunately the master key disaster had its roots in Europe.
>>
Another glimmer of activity on Usenet News; alt.cyberpunk:
https://groups.google.com/forum/#!topic/alt.cyberpunk/zDINuT52uGU
>>
File: 1524188805955.jpg (764 KB, 1068x662)
764 KB
764 KB JPG
I wish I had relevant stuff for these threads. I'm ever so slowly learning about this topic, but for now I just like the aesthetic.
>>
>>65934217
Finding relevant stuff is not a problem, is all over the news these days.
>>
>>65934217
Post news about infosec or kino.
>>
what would you do with owned wifi networks /cyb/
>>
>>65930965
looks likes its an email client vulnerability.
https://efail.de/
>>
>>65934714
own the rest that net has to offer
>>
>>65934741
hot news: html in emails is a terrible idea
>>
>>65934217
Thank's for the music.
>>
>>
File: 1526113639097.gif (217 KB, 413x469)
217 KB
217 KB GIF
>>65930965
>that was known by the alphabet soup agencies years ago
bug is 17 years old.
>trusting a plugin to handle your PGP encryption
>using it on mozilla / outlook
>not doing your encryption / decryption on a airgapped computer with live distro burnt on a cd
Why are people even caring about privacy when they have no clue about security ?
>>
Ads drive the net. And not in a good way.
=== /sec/ News:
>Would you pay for an ad-free internet?
http://www.bbc.com/news/business-44066077
>The digital advertising industry is in crisis: ad fraud is rife, many online ads are never even seen and ad blocking software is threatening to undermine the internet's fundamental business model.

And that was before Adnausea. And how much money are we talking about?

>The World Federation of Advertisers, whose members spend about $900bn a year, says less than half of display adverts are seen properly. "Visibility", as it's known in the industry, is defined as 50% of the ad's surface area in view for a second, or two seconds if it is a video.

With a budget larger than the BNP of several countries there should never have been any doubt that there would be fraud, massive fraud. And in all forms.
>>
>>65937080
I'm desperately hoping for a massive wave of web bankruptcies as more people neither see ads nor pay for things directly.
>>
Welp


===/sec/News
https://gizmodo.com/email-no-longer-a-secure-method-of-communication-after-1826002682
>>
>>65937080
At the end, decentralized alternatives ought to take off social media as advertising becomes less rampant.

>>65937186
Me too, the "web" is dead with monopolies that fed off ads, maybe this can change something.

One can dream...
>>
>>65937196
>not to use HTML email can mitigate this vulnerability
Ha, glad to be on /cyb/, where we have discussed text based email clients are the right way to do e-mail.
>>
>>65934741
A lot of misinformation is making its rounds.
https://lwn.net/Articles/754370/
>>
>>65937520
Three letter agencies must be making a feast out of the mistakes from people failing on the misinformation.
>>
===/sec/News
Important Warning — Critical vulnerabilities found in two widely-used methods for encrypting emails–PGP and S/MIME–could reveal sensitive content of your encrypted emails in plaintext.

https://thehackernews.com/2018/05/pgp-smime-email-encryption.html
>>
File: 3[1].jpg (106 KB, 1280x534)
106 KB
106 KB JPG
>>
>>65937615
I think so too. The hilarious thing is that now they will try to complete whatever jobs they have remaining before the holes are closed, battling countless cryptominers using the same tools.
>>
.Hack/sign, is it Cyberpunk?
https://www.youtube.com/watch?v=oCWXPM0xx2c
>>
Some classic (old) papers on security:

https://www.acsac.org/2002/papers/classic-multics.pdf
... on Multics

https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf
... on trust
>>
>>65937658
Jesus Christ is there no secure way to communicate online?
>>
>>65937080
>With a budget larger than the BNP of several countries there should never have been any doubt that there would be fraud, massive fraud. And in all forms.
Some handy graphs just turned up. Scary.
>Wealth And Power
https://www.electronicsweekly.com/blogs/mannerisms/paranoia-corner/wealth-and-power-2018-05/
>Some remarkable foils from Reuters show the astonishing wealth of the big US tech companies.

These do indeed rival the BNP of several countries.
>>
>>65938586
You can use encrypted ssh and set up your own mail network over such links.
>>
>>65938586
just goes to show you the importance of forward secrecy. of course its inherently difficult to do that with email since you have to agree on a session key somehow. That and PGP is from the 90s when we didn't know any better so it punted.

>>65938772
Well there's already STARTTLS but it has to be negotiated as an upgrade from an unencrypted link, so it'll save you from passive but not active attackers. (since it starts unencrypted said active attackers can remain undetected - all you'll see is a server that claims not to support TLS) But that's only for transport, the message contents still have to be held on the mail server in the clear.

Of course there's better things we could be using to encrypt message text than PGP, and I think it's arguable that the whole web-of-trust shit that PGP likes was a mistake.
>>
File: Iching_Oracle.png (277 KB, 1024x1024)
277 KB
277 KB PNG
>>65929042
The art in that game is insanely good
>>
File: 1525961686284.jpg (320 KB, 1469x1102)
320 KB
320 KB JPG
Do ISPs/governments often perform DNS man in the middle attacks, and resolve DNS to their servers, rendering HTTPS/TLS meaningless and making all the web traffic visible to them?

Are such attacks feasible?

How much does your ISP really know about you as long as you use HTTPS/TLS?
>>
File: 1525985319124.png (535 KB, 480x640)
535 KB
535 KB PNG
Also, how do governments routinely spy on their citizens using software?
>>
>>65941590
By all means available. Listening in on Intenet traffic is easy. many governments do that routinely.
>>
Already made a thread for this (stupidly), but if someone can crack this salted unix md5 hash:

$1$salineso$skglVRXI/1KFedHbbM4j30

I'll give ya 10 buckaroos
>>
bump
>>
File: bugbait.jpg (29 KB, 305x297)
29 KB
29 KB JPG
Evening /g/uys, I'm currently attending a university and am going to graduate in either one or two years (depending on what I mention below) with an IST degree with a focus in Cyber Security.

Today I went to an interview (the second one) for a program at my school that would pay for my tuition/books/etc., as well as provide a decently sized stipend each year, provided I work for a government agency for two years after I graduate. The program would require me to slow my graduation rate (from one year to two) as well as land me in a pretty shitty job to start with.

Do you think it's worth committing to if I'm accepted? (I'm fairly confident I will be.) Do you guys think it might be worth it to go into debt if I can theoretically get a better paying job after I graduate?

Also, does anyone have tips for someone studying said field, or things you wish you did/learned about when starting out? I'm in my first quarter of taking core classes, and I really like the field, but I feel like I should be more personally active in learning about it.
>>
Would filling out a Nielson radio ratings survey compromise my security or privacy? Do they sell it or anything?
>>
>>65943285
It is normal that the first job after graduation is not a god job. When you are young and free you should take the opportunity to move jobs freely, go to different countries and gain wide ranging experiences, professionally and also personally.
>>
=== /sec/ News
Much has been said about facial recognition. It is however far from perfect:

>Face recognition police tools 'staggeringly inaccurate'
http://www.bbc.com/news/technology-44089161

>2,000 wrongly matched with possible criminals at Champions League
http://www.bbc.com/news/uk-wales-south-west-wales-44007872
>>
You thought FB leaks were now ended? Right?

=== /sec/ News:
>Three million "intimate" user profiles offered to researchers
https://www.theregister.co.uk/2018/05/15/acebook_data_slurping/
>A report from New Scientist finds that the myPersonality app had been collecting and sharing the personal information for as many as three million users who had installed the app on their Facebook profile. The data has been passed to hundreds of researchers.

Will the madness never end??
>>
>>65943853
another example of "if it is technical feasible, it is being done".
>>
>>65944041
I can see the technical part of the equation. I just cannot understand how people can be this willing to pump all their most intimate info over to FB. Are they really sheep?
>>
Was Case in Neuromancer an example of MGTOW?
>>
File: image[28].png (25 KB, 501x639)
25 KB
25 KB PNG
>>65944129
never used facebook, but that's apparently one of those permission dialogues of an app.
if they get one of pic rel and confirm, they're beyond saving.
>>
>>65944324
You probably shouldn't post your profile...
>>
>>65944426
isn't me, was one of the first results
>>
>>65944324
>Access my data any time
>Chrome may access my data when I'm not using the application

If this doesn't raise more than just a few eyebrows we sure have a problem. Just what plans do they have in mind??
>>
=== /cyb/ News:
Downloading new skills, Matrix style, would be handy. Some research downloading and transferring memories:

>'Memory transplant' achieved in snails
http://www.bbc.com/news/science-environment-44111476
>A team successfully transplanted memories by transferring a form of genetic information called RNA from one snail into another.
>The snails were trained to develop a defensive reaction.
>When the RNA was inserted into snails that had not undergone this process, they behaved just as if they had been sensitised.

Hopefully school can be reduced to something one pill in a few years time.
>>
File: da3908n.jpg (1.59 MB, 1920x1080)
1.59 MB
1.59 MB JPG
>>
bump
>>
FAQ writer here.

What chapters do you think we need to flesh out? Most parts are in place, the only chapter I have left is one on Cyberpunk in academia.

Oh, and chapters on Cyberpunk games and Cyberpunk music are also missing. Inputs are welcome.

It is about 130 KB in size, 28 A4 pages. In comparison the Wikipedia article is 13 pages long.
>>
>>65918315
Cyberpunk has nothing to do with cybersecurity.
>>
>>65946483
>Cyberpunk in academia
I hope you are including papers like Why Do Hackers Watch Anime by N. Owen Gunden there.
>chapters on Cyberpunk games and Cyberpunk music
Nobody took note on the tons of recommendations we had here over the years? Maybe I can dump some on a pastebin.
>>
>>65942659
But how can they do it if HTTPS/TLS is enabled?
>>
Ironically, cyberpunk ITT had everything to do with cybersecurity, and not music or entertainment.

And friendly reminder to report, not reply, to the hackerman shitposter.
>>
>>65946595
certificate autorities are not as trustworthy as they seem
>>
>>65946609
>hackerman shitposter
Do you mean /hmg/?
>>
>>65946721
certificate authorities should not have your private keys
all they do is provide signatures to verify authenticity
there's nothing wrong with rolling a self-signed certificate
>>
>>65947307
and nothing stops them from issuing another cert for your domain.

also reminder to check your certs' fingerprint
>>
>>65947307
>there's nothing wrong with rolling a self-signed certificate
it is, when dealing with endusers
>>
>>65947364
You mean intercepting the DNS requests and resolving to their own server, which then provides its own HTTPS certificate? Aka DNS man in the middle?

Is there a way to defend yourself from this?
>>
Any Netflix series /cyb/ recommends? Something involving hackers and stuff preferably.
>>
>>65947449
I just jump in the conversation, but what about either DNSCrypt or even DNSSEC? I think they perform some sort of authentication, not just encryption.
>>
>>65947477
What do ypu think of Cloudflare DNS servers (1.1.1.1)? Do they have DNSSEC enabled?
Are they botnet?
>>
>>65947459
Don't use that shitty botnet video service.
>>
>>65947477
Okay those are two different things. DNSSEC isn't encryption at all, only authentication. Basically the DNS response is sent in the clear, but is digitally signed. A MitM can tamper with it, but not without being detected doing so. Of course this only gets you anything if you're willing to treat something that fails DNSSEC validation as bogus and fail the query, which in practice lots of things aren't. DNSSEC is an official internet standard thing.

DNSCrypt is not, it's a third-party project that doesn't have any official standing in the "official internet standards" world. It does encrypt, not only authenticate, DNS queries. Its implemented by a little proxy thing that handles transforming DNS queries to and from their encrypted form, and then handing them off to existing standard DNS resolution software (BIND, Unbound, etc etc) for handling. It's been erratically developed, the dev team stopped and then came back at one point.

There's also DNS over TLS. This is a standards-track thing, and servers and implementations are popping up that support it. It is what it sounds like, DNS queries run with TLS encryption and authentication. Cloudflare and that Quad9 server support it, as do some various smaller resolvers whose privacy policies you might trust more.
>>
https://in-addr.nl/security-books.php
Actually a list of decent books for infosec.
>>
>>65947449
there's more than one way to mitm, but yeah, that's one of them.
to protect from that, you could check the fingerprint of your cert - but then again, hash collision is a thing.
it's the usual cat&mouse
>>
>>65947506
to rephrase your question: is it a good idea to trust a (US based) company with data about every website you open?

>>65947506
>Do they have DNSSEC enabled?
yes, but it's a placebo
>>
>>65946558
>I hope you are including papers like Why Do Hackers Watch Anime by N. Owen Gunden there.
Downloaded and read. It was brief and to the point but are there any other particular reasons to reference this one?

>Nobody took note on the tons of recommendations we had here over the years? Maybe I can dump some on a pastebin.
Old OP was supposed to do so. The task turned out to be overwhelming. Also there was, at least then, no general agreement on what was cyberpunk music and what was merely electronica.
>>
>>
Pretty sad that the thread is dead.
>>
File: thebirbera.png (135 KB, 256x355)
135 KB
135 KB PNG
>>65950259
Dont be sad anon
>>
>>65950500
>not embracing the void
>>
File: cyber feels.jpg (90 KB, 762x800)
90 KB
90 KB JPG
>>65950984
I know what you mean...
>>
>>65947534
Netflix has good series though, 13 Reasons Why was cool.

>>65947694
OpenNIC with DNSCrypt is a sane option tbqh.
>>
>>65947534
>botnet
Please tell more.
>>
>>65947459
Altered Carbon has great Aesthetic.
>>
>>65951636
... with a whole lot of blood. Everywhere.
>>
>>65947459
Is The Expanse on Netflix?
>>
>>65951612
He is right though, you get profiled by the movies and series you see and Netflix recently implemented a reward system for kids who watch frantically.
>>
>>65934217
neotokyo is an underrated soundtrack. I talked with ed years ago about putting a second physical release together but it sadly never materalized
>>
>>65934217
Haven't cranked up FLA in too long. Needs some Aphex Twin, muslimguaze or Squarepusher in there for the autists...
>>
How to study for buffer overflows on the OSCP? I hear it's a very important part of the exam.
>>
File: pinkwojak.png (274 KB, 480x261)
274 KB
274 KB PNG
I WANT TO BE A GOOD PROGRAMMER

WHY AM I TOO MUCH OF A BRAINLET TO UNDERSTAND ANYTHING INVOLVING MANIPULATING NUMBERS OR MATH, IT'S NOT FUCKING FAIR BROS
>>
>>65936434
What's a good workflow for keeping my private master key offline and on paper? I have a multifunctional printer and scanner and was thinking about using it for printing and restoring the key as a QR code. What paper do I use to make it last lifetimes? Also I don't know if it has a hard drive inside. Maybe only those commercial xerox copiers have drives?
>>
>>65937080
They SHOULD go out of business. Back then, the internet was used by scientists, engineers, doctors. People who actually had something to say and whose websites actually got their fucking point across. Nobody really wanted to "monetize the reader base", they just wanted to inform people of the world. What we need is to go back to that. We need a better class of webmasters, not these money grubbing search engine optimizing CEOs.
>>
>>65954231
we need ad-blocking to be universal so that said money-grubbers can't make a profit.
>>
>>65947459
Black Mirror? I thought some episodes were quite bleak.
>>
>>65943298
>Do they sell it
no anon, they are asking out of idle curiosity, the survey has nothing to do with their core business of selling media consumer data
>>
>>65954249
I agree.
>>
>>65934217
Go read Neuromancer by William Gibson, he invented cyberpunk.
>>
File: 1519249668089.jpg (76 KB, 480x360)
76 KB
76 KB JPG
>>65954290
>Black Mirror?
>>
File: neuromancer.jpg (22 KB, 240x360)
22 KB
22 KB JPG
>>
>>65954734
He did say netflix. Thats the only science fiction series from netflix I know of.
>>
what irc do you all hang out on
>>
File: kong scripture.jpg (35 KB, 600x383)
35 KB
35 KB JPG
>>65922592
>tfw my team needs a senior sysadmin
>have only interviewed one guy who was an indian that smelled like fried shoes and had 13 years experience with most of it being helpdesk
>guy was all about docker and puppet

want a job anon?
>>
>>65954817
#reddit
>>
>>65954967
wow thanks anon this seems super cool
>>
>>65934217

You have a better image of this? My eyesight sucks, can’t read some of these names
>>
>>65955643
Front Line Assembly - Tactical Neural Implant
Access to Arasak - void();
ADMX-71 - Second System
HKE & telepath テレパスー能力者 - Gateway アセンション
Ed Harrison - Neotokyo

Autechre - Confield
Tetsu Inoue - Waterloo Terminal
Xanopticon - liminal space
James Ferraro - NYC. Hell 3:00AM
Deltron 3030 - Deltron 3030

Hong Kong Express - HK
Oneohtrix Point Never - Garden of Delete
Ken Ishii - Jelly Tones
Machine Girl - WLFGRL
Cold Storage - WipeOut

Mega Drive - 198XAD
Fear Factory - Demanufacture
KFC Murder Chicks - Golden Age of Gross Mystery
Atari Teenage Riot - Is This Hyperreal?
SUBROC RECORDINGS - SUBHUMAN
>>
>>65955746

Thank you, really appreciate it
>>
>>65953712
You won't need to study past the PWK materials for the buffer overflow exam machine. It's interesting stuff to go further, but not required for the exam.
>>
>>65934344
Just search for ===, which is there to highlight /cyb/ and /sec/ news.

Earlier new threads were started with a summary of such news from the previous thread, hope we can continue with that, it really shows how /cyb/ the world really is.
>>
Why is VR still not a big thing yet? It seems like the prices are steadily falling but it's not catching on. What's holding it back? Are we just waiting on a killer app?
>>
>>65922592
>Suck it up. FreeBSD if you want 3rd party maintenance, or Gentoo if you want to roll your own. Debian drank the kool-aid starting at version 8, and it's just getting worse.

I've been using Devuan for awhile. They just came out with a 2.0 release.
>>
>>65954967
>>65955012
I lol'd
>>
>>65955643
>My eyesight sucks
Too much h4x0r1ng I guess?
>>
>>65956613
I think there are two things and one is as you say the lack of a killer app. Games do not quite cut it here. Earlier we discussed here making a virtual world based on TRON and implemented with Unreal Engine as a kind of message board/world. That might do the trick and I have lost count on how many billion dollar apps there are out there that are nothing but dressed up talk apps.

The other problem is latency, that there is an awkward lag between turning your head and seeing the actual update. related to this are some long standing concerns that wearing such goggles will be damaging over time. Sony has had several forays into VR glasses but have withdrawn them every time citing vague problems. I suspect there were some more serious issues that they felt should be suppressed. For instance eye focal distance and inter eye parallax angles didn't match up which could be a source of problems.
>>
File: IMG_20160728_165410.jpg (976 KB, 1944x2592)
976 KB
976 KB JPG
>>65922592
>Debian drank the kool-aid starting at version 8, and it's just getting worse.
Is this another
>huur durrr systemd
argument?
Stretch is breddy much the same as jessie. Then again I do minimal and then apt xfce and gnome-core so I probably get a fairly bog standard experience from install.

Hello fellow oldfag. 50's?
>>
File: oculus-go-display.jpg (134 KB, 1600x898)
134 KB
134 KB JPG
>>65956893
>Games do not quite cut it here.
I'm not into gaming as much as I used to be so I'm looking for an alternative reason to pick up a headset. I thought I found it with the new $200 Oculus Go because it seemed like a decent way to lie down and watch videos but then I saw that it only has a 2.5hr battery life and shouldn't be used while plugged in. At that point it became a non-starter for me. Why would you even put out a product like that?
>>
>>65956893
>The other problem is latency, that there is an awkward lag between turning your head and seeing the actual update
that's not the case, at least with a vive.
I had that happen once and felt like puking almost instantly
>>
bump
>>
>>65950500
The thread is dead, once again. I don't know why.
>>
>>65953748
Just practice and be patient. Reprogram your mindset via meditation.
>>
Is using windows 10 cyberpunk? Hiding in the clear sight?
>>
>>65958245
Operating systems are tools just use whatever you can work with.
>>
>>65957528
>I had that happen once and felt like puking almost instantly
Yup, that is simulator sickness, closely related to sea sickness.
>>
File: QC1HaCy.jpg (271 KB, 1700x1000)
271 KB
271 KB JPG
>>
>>65958245
>Is using windows 10 cyberpunk?
It neither is or is not.

>Hiding in the clear sight?
That is more like it. Deleting one's entire visibility is sure to raise red flags.
>>
>>65958230
>Reprogram your mindset via meditation
How??
>>
reminder /g/ defended systemD
and that this site keeps getting taken down (read as: stuck) under mysterious circumstances
>>
>>65956893
you lost me at based on TRON, there just needs to be ONE linked VR MMO internet, room, thing. like ready player 1, without the corporations.
>>
>>65960560
>/g/ defended systemD
>>
File: loudbob.jpg (7 KB, 175x288)
7 KB
7 KB JPG
>>65960598
>retroactively denying thing like it never happened
nigger
>>
File: Systemd_anigif.gif (772 KB, 200x133)
772 KB
772 KB GIF
>>65960618
No.
>>
File: 1522336219091.jpg (42 KB, 480x480)
42 KB
42 KB JPG
Please suggest some /cyb/-related documentaries.
>>
>>65961343
The FAQ mentions a few, have you checked them out? I haven't seen those myself. From the FAQ:

>There is an hour long documentary called Cyberpunk (1090) [imdb] available on video from Mystic Fire Video. It features some interview-style conversation with Gibson, is generally low-budget, and the consensus opinion on the net is that it isn't really worth anyone's time. Gibson is apparently embarrassed by it.

and

>No Maps for These Territories (2000) [imdb] documents William Gibson on a journey. He has also been in several documentaries since.

There are a few more too.
>>
>>65934217
brigador soundtrack would fit in there nicely.
>>
>>65960316
Here's how anon...

Sit in quiet or listen to your computer fans or whatever makes you feel comfortable. Focus on your breathing - count how many ins. After you let the air out of your lungs say "I'm good at maths".

Just believe in yourself and don't give up
>>
>>65961343
The Cyberpunk Educator
The Cyberpunk Educator
The Cyberpunk Educator
>>
File: 1679543467876.jpg (748 KB, 1333x2941)
748 KB
748 KB JPG
this just in
>>
>>65944300
>MGTOW

The FAQ has an old paragraph about
>statements such as "survival through technological superiority" get flamed from here to eternity and back.

These days it seems tech is more about survival. Put this URL into your favourite translator:
https://www.nettavisen.no/nyheter/kvinne-dmt-for-falsk-voldtektanklage/8510925.html

Essentially a guy survived a rape allegation since he had recorded the entire meeting.
>>
Comics: Cyberforce:
https://www.webtoons.com/en/super-hero/cyberforce/list?title_no=531
A bit generic but adequate for a bump with contents.
>>
File: cyberpunk.png (189 KB, 1024x600)
189 KB
189 KB PNG
>>
>>65954645

I just finished it today. Honestly, I've never had such a hard time trying to understand what he was trying to say. Using slang the way he did and reading it 30+ years later was rough.
>>
>>65963853
Much of the slang you read were words he invented, like Cyberspace, cyberdeck, jacking in and more.

Other words were borrowed from other fields such as flatlining, a word he heard (I think) from ambulance staff after a rescue gone bad. I think there are other examples too.

Finally there are words and terms he got from others, like ICE (intruder counter electronics) which he got from Tom Maddox.

All in all it is a nightmare trying to translate his books into another language.
>>
>>65962978
Another comic, this time called Cyberbunk.
https://www.webtoons.com/en/sf/cyberbunk/list?title_no=466
>>
>>65918315

Is there still good money in cyber security or is this now a meme career?

https://blog.eutopian.io/forget-solving-the-cyber-security-skills-shortage/
>>
>>65961939
Not that anon but...

wat
>>
File: Trppy3.gif (486 KB, 440x330)
486 KB
486 KB GIF
Night is here, once again. Let's keep the show going, pretty comfy so far.
>>
https://www.youtube.com/watch?v=Y0otgRmscUk
This beautiful lady here is right about EVERYTHING.

Google has to stop.
>>
Hey guys,
I'm interested and partly working with researching malware, and I'm struggling with debugging malicious files
Anyone have some good practice material for assembler reverse engineering?
>>
>>65966169
https://beginners.re/
https://challenges.re/
if you havent checked them yet
>>
Lets gonna LARP.
>https://youtu.be/7DbslbKsQSk
>>
File: 1515563970536.gif (1.84 MB, 500x500)
1.84 MB
1.84 MB GIF
Crypto is /cyb/
/cyb/ is crypto
>>
>>65951636
And a story that gets pretty shitty by the end.
>>
Emergency bump
>>
What is better:
Follow an Assembly course and learn it that way, or learn it yourself?
>>
>>65971068
also adding that I'm also reading OS concepts and highly recommend reading it if you want to learn more about Operating Systems
>>
>>65969280
not to mention acting/character development is super weak
>>
>>65971068
generally I'd recommend learning yourself if you pick it up fast and you're able to stick to it even if it's a dry topic.
courses usually help you tracking your progress and will get you back to the topic
>>
>>65971403
ok, thanks
>>
stop bumping your shitty thread.
>>
File: hidler.jpg (90 KB, 512x561)
90 KB
90 KB JPG
>>65971741
Bumpity bump bump
>>
File: 1525295600296.jpg (1 MB, 1920x1200)
1 MB
1 MB JPG
Anyone here unironically wants to form a hacker group?
>>
>>65972021
i would do vr and develop exploits with friends and stuff but im not sure about being in a conventional hacktivist type group
>>
>>65972021
>inb4 I'll make the logo

for what purpose ?
>>
>>65972055
learning together, do some mayhem
>>
>>65971068
You can learn it yourself but it is important to get good examples. I did that. getting up to speed is easy. Making it to an advanced level is hard and close to impossible if you don't have good examples to learn from.

Assembly is as much of an art as it is software engineering.
>>
>>65972021
I can see you glowing.
>>
>>65964353
This is a weird image because it's apparently Cyberpunk, but it's used on the cover of Speaker for the Dead, the Ender's Game sequel.
>>
>>65972167
then you're already in the right place.
there are a lot of knowledgeable anons lurking here, you just need to ask the right questions
>>
So what class are you, /cyb/? Im pretty well versed in technology but I don't program, can't hack, and mostly lazy. But, I work out constantly. Think I'll go full Street Samurai.
>>
>>65972297
what the hell does that image have to do with speaker for the dead? it's a book about portuguese plant aliens
>>
>>65972021
Yeah, but in the same way I unironically want to be a vigilante. It's fun to fantasize about, but I know I'll never actually do it.
>>
>>65972822
We have nothing to lose anyway, we may as well try
>>
Any nmap users here? I'm scanning my roommates for practice but it shows that all ports are closed (most probably the firewall is blocking me) Is there any way I can circumvent this?
>>
>>65972021
I do. You can reach me at totallynotafed@fbi.gov
>>
File: 1515811516260.jpg (39 KB, 576x720)
39 KB
39 KB JPG
>>65972021
>>
>>65972021
The amusing thing about bait like this is that it ends up with gov agents arresting each other.
>>
I'm 25 now, getting old day by day, never was a smart guy no real dreams or goals will begin learning how to code, see you in some years
>>
>>65973617
You can't force ports open without already having access to the machine. You have to work with what you find. Try a printer, they always have open ports.
>>
>>65972761
That's what I wondered.
>>
>>65946483
I'd look into things like FM-2030, Nick Land, Cybernetic Culture Research Unit , Nick Srnicek, Donna Haraway just to name a few
>>
>>65947459
Altered Carbon is good, so is Anon. Mute is also very cyberpunk, though I haven't seen it yet.
>>
>>65964972
If you haven't check'd out drugs and wires and it's prequel, you definitely should.
>>
where is the updated version of this?
https://pastebin.com/raw/T8TeepZP
>>
>>65978320
https://gitgud.io/cyb/er/blob/0/sec_ff_aboutconfig

but only plus the shield stuff
>>
>>65918315
>all these manifestos
Anyways, i've decided to write a book of laws for security and privacy because i am a radical libertarian. "The Security Commandments" or something to that effect. We are being monitored, be on your best behavior and say hi to google for me.

23 is an unlucky number.
If it starts with a "G" and ends with an "oogle", run.
If you play with botnet, play like a fox does with a serpent.
Best of luck, don't breath your own farts, and may the future be decentralized and free.
>>
So, do I have to manually update my hosts file everytime the repo gets updated or there is some automation tool/script?
https://github.com/StevenBlack/hosts
>>
>>65957248
it's actually amazing and I get 3+ hours on mine with brightness turned down. You can charge while you use it (I do) but they don't recommend it
>>
i want to know more about linux. have any good source?
>>
>>65980076
Yeah, it's real easy. Just install gentoo.
>>
Posted this in /hackerman/ general too but that is gone now so maybe it's of interest to some folks in here (it was in response to questions hence the unrelated top part in response-format):

-----------

I only wanted the OSCP and that's all I went for.

To be brutally honest (not knowing anything about you) you probably need to know MUCH more then you do now. You have to be VERY good at most things/at least know about most things on more then a superficial level. The mindset of going after certs will hinder this.

Here is something I wrote up for other dudes:

Do these courses:

https://www.cybrary.it/course/comptia-network-plus/

https://www.edx.org/course/introduction-computer-science-harvardx-cs50x

https://www.codecademy.com/learn/python

http://opensecuritytraining.info/IntroX86.html

https://www.cybrary.it/course/ethical-hacking/

https://www.cybrary.it/course/advanced-penetration-testing/


https://www.coursera.org/learn/build-a-computer
Don't skip over that because you know how to 'build' a computer aka put a computer together from parts; it is a course about building a computer from literal scratch aka: starting with logic gates, not a course on how to 'build a sweet gaming rig' or something.


Read these books:

https://www.nostarch.com/pentesting

http://www.amazon.com/The-Shellcoders-Handbook-Discovering-Exploiting/dp/047008023X

https://www.nostarch.com/hacking2.htm

https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470

https://www.amazon.com/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901

https://www.amazon.com/Learning-Binary-Analysis-elfmaster-ONeill/dp/1782167102/

Do these for practice:

http://overthewire.org/wargames/bandit/ (and others on there, that is just the best beginner wargame)

http://www.pwnable.kr/

https://www.codewars.com/

http://www.abatchy.com/2017/02/oscp-like-vulnhub-vms

https://pentesterlab.com/exercises/web_for_pentester (Lots more on there besides that as well)
>>
>>65978771
>or there is some automation tool/script?
Write a script to wget the hosts file. Stick it in a cron job.
>>
>>65981514
>>
>>65978810

>>65980144
not meme answers please.
>>
>>65978751
There is literally nothing wrong with the manifestos, and we need more.

>>65980076
The dude here >>65980144 may not be wrong. If you can get past the installation procedure of gentoo you ¡'ll learn a lot of stuff from the start. Just the setup and installation from source code brings light to the innerworkings of a distro and the programs that make a system. See https://github.com/mayfrost/guides/blob/master/INITIATION.md
>>65980206
Thanks bud.
>>
>>
>>65983942
Nice pic. However the Cyberpunk parts of Asia tends to have a problem with earthquakes so I guess this must be the far future.

One of the tallest buildings in Tokyo is the Tokyo Metropolitan Towers in Shinjuku district. There is an observation lounge with great windows .... and posters insisting it is safe.
>>
>>65982801
>and we need more
We could add Pixiefuel's manifesto if you wish. There is no fire like the wrath of your youth.
>>
>>65980206
Perhaps this can fit in with the /sec/ FAQ we have. A common criticism seen with these lists is that newcomers feel overwhelmed and want some information about order of reading. So, any suggestions about which to start off with?
>>
>>65985395
then it'd be in the OP once again.
said material is already part of various links in the OP
>>
>>65985505
The FAQs are in the FTP site mentioned in OP but it is not explicitly mentioned.

It is true that a lot of this is found in numerous links and pastes but it is a bit disorganised and some pastes link to further pastes. The /cyb/ FAQ has organised many links but none of the files relating to /sec/. The /sec/ FAQ on the other hand needs more on order of reading, it is rather raw in present state.
>>
>>65980206
This is good info Dude, thanks a bunch!
>>
>>65977556
>Nick Land
Careful with that, it's spammed a lot but not for the good reasons.
>>
Bump.
>>
Is this where to discuss vpns? I don’t come to /g/ much since I’m a tech illiterate. Is there a /g/ approved one? I think I’ve got it narrowed down to either torguard or private internet access but I’m not really smart enough to really understand all the differences.
>>
>>65988483
>I’m not really smart enough to really understand all the differences.
You should fix that before you go off picking a VPN service. As in actually go read about the technical details of what a VPN is, what it does, and what it does not do. Lots of people seem to think that a VPN is some kind of magic bullet that protects them from everything. It isn't, it's one tool that does one thing.
>>
>>65988483
here we don't believe in anything but your own.
under certain circumstances a off the shelf vpn may do more harm because it gives you a false sense of security.
>>
>>65988564
I just moved to a new dorm that has a few range bans in place, so honestly the thing I need it most for is just changing my ip. Is there much of a difference in services if that’s going to be my primary use/reason?
>>
>>65980076
>i want to know more about linux. have any good source?
Start by going to the Linux Documentation Project. many of the documents are old but they are often still relevant.

Then visit LWN.net to stay updated both on general news and also /sec/ news.
>>
>>65988483
>private internet access
>ka*ples
just... no
https://www.privateinternetaccess.com/blog/2018/04/why-i-hired-mt-gox-ex-ceo-mark-karpeles-as-cto-of-london-trust-media/

As already mentioned, VPNs gives you a false sense of security. It makes sense if you install your own at home, then connect remotely from your phone. This gives you great control over network traffic and hands the data only to one network operator, instead of multiple. Can also install personal DNS (pihole) and have all your devices benefit from that.
>>
=== /sec/ News:
>Raptor Launching Talos II Lite POWER9 Computer System At A Lower Cost
https://www.phoronix.com/scan.php?page=news_item&px=Raptor-Talos-2-Lite
>For those that have been interested in the Talos II POWER-based system that is fully open-source down to the firmware but have been put off by its cost, Raptor Computer Systems today announced the Talos II Lite that is a slightly cut-down version of the Talos II Workstation.

This should hopefully be a machine free from backdoors. Let us just hope the team has not been met with a secret court order.
>>
>>65989778
I wonder if they'll eventually be selling that as a bare motherboard, too, like they're doing with the original Talos II. It's still rather out of my price range but its encouraging to see further development and costs seemingly coming down. Maybe in a few years you'll be able to get a mobo and CPU for $500, that'd definitely be in the range where lots of people could get their hands on one. (if it happens I guarantee some anon will buy one just to shitpost in the /guts/ thread)
>>
>>65922941
>Give it some targets and then aggregate
I would have expected this to have been done to death already. Most of my /sec/ news is from LWN though it is mainly about open source system,. less so about MS, iOS etc.
>>
While archived already this thread on p-ihole really shows how much there is to block: >>65973531
>>
I got a notification from a website I frequenlty use. It says that they are "part of the Oath family", whatever that is, and that they want to use my data to "enhance my experience"(aka they're becoming a botnet). Is there anything I can do to prevent them from taking my data, or is the only option to stop using that site?
>>
>>65990901
Realistically it means they have been "enhancing your experience" for a while already and suspect they are about to be found out any day now. This is a damage control step, the train already left the station.
>>
>>65991142
damn, so I'm already too late to do anything.
I did some more reading on the subject and this Oath thing is part of Verizon, which, as I understand, has basically the data mining monopoly in the us.
feel free to correct me, I don't know shit and I was hoping to solve that problem.

on a completely unrelated note, I'm considering buying an old second-hand laptop or desktop computer, disconnect it from the internet, and teach myself some cybersec things on it. are there any specific models or brands I should look out for?
>>
>>65991264
>Oath family
A quick look indicates this is a really huge operation, I am surprised I didn't hear about this earlier. But just a few minutes ago what you mentioned also happened to me when I was looking up two web comics.

>models or brands I should look out for?
Chinese owned brands (Lenovo and others) have been implicated in malware being preinstalled.. Avoid, avoid.
>>
>Be an actual dev
>Come to this thread cause bored
>Full of people who can't program wtf?
What the hell are you guys doing here?
>>
>>65987004
I know, not really a fan of him myself, I just have seen other people really like him and figured he be at least good to mention
>>
>>65991383
it's relatively well known that security specialists can't into programming.
/cyb/ is more about scripting than programming
>>
>>65988483
https://thatoneprivacysite.net/
this site really helped me when I was searching for a vpn.
>>
>>65983942
Imagine being on one of those during an earthquake.
>>
You all know Google ran a demo of the Duplex AI. soon this tech will be coupled with a Boston Dynamics chassis, and the skin will be made by China or Japan. The first Replicant will be created, and noons will know its incept date. You know the first test of these Replicants will be to see if they can blend in with society undetected. The government and the military will fund it all. We must start to find ways to detect these machines before its too late. Maybe they have already advanced to the Nexus 7 Replicant models. if so, you might even be a Replicant yourself and not even know it. You'd better find out, before you are found out. I run a safe house for Replicants. you are welcome to stay until you can off world. Balls have zero to me to me to me to me to me

http://www.bfi.org.uk/are-you-a-replicant/
>>
>>65956754
I've been considering adopting that for a while now. How it it?




Delete Post: [File Only] Style:
[Disable Mobile View / Use Desktop Site]

[Enable Mobile View / Use Mobile Site]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.