/r/compsec

Photograph via snooOG

News and links concerning computer security.

News and links concerning computer security.

Related subreddits:

/r/compsec

7,021 Subscribers

1

https://nxt1.cloud/cybersecurity/redefining-roles-in-application-security/

In "Redefining Roles in Application Security," Darren House of NXT1 explores the need for a shift in responsibility away from end users in securing commercial technologies. He emphasizes the importance of adopting a long-term perspective, integrating GenAI into the development process, and fostering a culture of shared responsibility among educators, industries, and users. Dive into the full article to discover how we can build a safer future together.

https://nxt1.cloud/cybersecurity/redefining-roles-in-application-security/?utm_medium=blog&utm_source=communities&utm_term=Reddit

0 Comments
2024/05/08
13:13 UTC

0

Howdy fellow hackers, I need your help finding my missing family - any assistance is appreciated!

Dear cyber community,

In these heart-wrenching times, I implore your assistance. Ten days have passed, and my family has vanished. Only silence remains. The sole message: "All is well." I am desperate and lost. Each day without answers is agony. I beseech you to help find them. Perhaps you can reach out to the place where they are? A sound file through the speakers or a video on their TV—any form of contact, anything at all, would mean everything.

Thank you for your support and understanding.

With tears as my only solace,

3 Comments
2024/04/20
17:53 UTC

6

Question about general privacy on internet

I have been reading and watching videos about web browser security. And I was thinking about switching from EDGE to FIREFOX.

Obviously I am not a great expert and I would like to know some things that, in my opinion, are not very clear when using a more private web browser.

If I use firefox, under a windows OS, and with the google search engine... where is the benefit? Even if I don't use edge or chrome, their respective companies will still know what I do because I use their services.

Maybe some of you will think "that's why I use linux, with firefox and no google software". That's fine, but when it comes down to it, family and friends use their applications, and one way or another you have to use it. If you want to send a location, you do it from google maps through whatsapp. Or if you want to send a document we do it with gmail. We even use a cell phone with android, which is also from google, so they can also keep track of our activity.

Yes, I know it sounds paranoid but.... I get the feeling that in the end, in one way or another we are in their game, and it is very difficult not to be (living on the margins of society in the bush and without internet) with what I refer back to the original question ... If in one way or another we are using services of companies that collect our data, how does it benefit me to use firefox (or other software more private than usual) if at the end of the day we are using regularly, in one way or another, the services of those companies that "spy on us / have our profile"?

0 Comments
2023/12/10
00:53 UTC

5

Fail2ban and security audits

We develop a software suite that is often used by various government agencies. And being government, there is a very formal vulnerability accessment done on the software as part of the integration etc....this is often filled with false positives, of course.

One way we can stop alot of it is with modsecurity...but I can take the additional step of using fail2ban on any IP that triggers a modsecurity audit log...this will pretty much stop their scanner dead in its tracks once it does some something overtly malicious.

I feel this may "piss them off"...from a practical security standpoint, it gives the right effect...but I worry this may irritate them.

Should I just let it run against the app and help them create 1000 pages of false positives and esoteric attack scenarios...or use fail2ban to shut it down first 'mistake' it makes?

2 Comments
2023/11/06
23:45 UTC

6

What security checks do you run?

I often run checks like these do you have any good commands or sites to recommend for security checks ect

I use:

https://www.cloudflare.com/ssl/encrypted-sni/

All 4 checks are possible now and should be used, i had to edit the about:config on firefox to get the secure SNI working

https://www.dnsleaktest.com/

To test my dns setup and check for leak

https://ipleak.net/

To check my ip and also check for leaks

https://whoer.net/port-scanner-online

To check for open ports

I run rkhunter, clamAV, lynis, to check for security issues

I just found out about the command sudo rpm --verify -a

That checks all packages for changes I'm still learning how to use it

What other useful tricks should i be aware of?

1 Comment
2023/06/30
03:53 UTC

0

AI services. How to assess and improve security? (I.e. Langchain)

I use Microsoft Swiftkey without the network permission. They've introduced an AI function that would look useful, but I won't combine what is essentially a keylogger with what has to be network exfiltration. Improving the security of such a system seemed difficult at first... Until I found that AI can run locally, even on a phone

Thus, you could have an accessibility service processing the input window, completely separate from the keyboard, neither with any network permission.

That brings me to Langchain. Langchain can make your private docs searchable to AI either locally, or can use an API to an external provider. What's not clear is exactly what is getting through to that provider and how. Langchain doesn't actually pass the data verbatim.

Thoughts and comments?

0 Comments
2023/06/29
23:47 UTC

3

Am i correct to assume that the most recent BIOS update is all i need for security?

My motherboard is x570 and has multiple bios updates related to security since the start of this year, am i correct that the most recent bios update will cover all of those security issues so i do not need the other updates? Thanks

5 Comments
2023/06/22
16:28 UTC

4

Help finding Woreflint malware infection

Our organization recently got hit with Woreflint malware. It didn't get far, only causing accounts to start spitting out spam, and it was caught almost everytime. However, accounts and workstations that we were sure had been cleaned (Password change, deleted the emails, full AV scan of workstation came up clear) have started sending out spam again. We've re-imaged the workstations, but I have e01 forensic images of the drives for further investigation and the workstations were hibernated so I have hiberfil.sys files to see what was in memory. I'm used to doing image investigations for unauthorized use and not for malware that's hiding, so I'm looking for advice on what tools would be best to use to try and find what's causing the spam.

Any suggestions would be greatly appreciated.

0 Comments
2022/06/16
19:38 UTC

0

Which CyberSec career path do I take?

0 Comments
2022/05/31
13:28 UTC

3

Can I use a secure USB as a password manager?

I would like to find a good way to use a USB as a password manager. I'd like to have to plug in the USB in order to access any online accounts that require a user name and password. The USB would have to be secure somehow, more secure and encrypted the better (I've seen ones with buttons where a master password must be entered to access the USB). This way I could carry the USB to whatever computer I want to use in order to access my accounts. I have no idea if this is even possible but would appreciate any advice anyone might have?

8 Comments
2022/03/20
19:39 UTC

0

Could a rogue law enforcement officer be accessing my devices remotely to delete evidence?

My question is: Could a rogue law enforcement officer be accessing my devices remotely to delete evidence? This is a long story, so I'll explain it as briefly as I can here, as everything could be relevant.

This is a weird situation, so bear with me. In 2020 my home was burgled while I was overseas, by at least two persons known to me, and on a second occasion burgled again in the company of a high ranking, off duty police officer. I know exactly who was involved and to an extent the level of involvement each person had. Around 30k of items were stolen, so it's not like a heist but it's a decent amount of things to be missing. Initially, I approached those involved and ask what the hell they were up to and to return the items.

After calling the police department to report the situation, I was initially stonewalled, I was bounced to other departments, told it was a civil matter and various other things. Since I made the initial call, some of the evidence I have, screenshots, call logs, call recordings, video recordings, detailing the involvement of said law enforcement officer and his friends - has been deleted from my google drive. My drive wasn't full, so there was no reason for it to be deleted. It was a blanket delete of items from a two month period of time before the items were stolen, so I'm not just missing some of the footage of what happened, but also important photos from life events.

Recently, there was been some turmoil in the police department and the county police that I was dealing with, and a senior officer has taken up my case, since then, however, I received a weird message from one of the perpetrators inviting me to "see what you (me) can do to prove it now". Since that time my storage and image editing apps on two laptops have disappeared, one laptop that I use solely to print labels, has had it's printing software deleted. I use photoshop and illustrator daily for my work, and both were deleted from my computer in their entirety today. My phone and my wife's phone have had the Ring app deleted, photo, video and storage apps deleted. These are not actions we have undertaken ourselves. I'm up to date with my antivirus software, use 2FA on all possible accounts. My wife doesn't have access to my work laptop, for security reasons and could not have deleted anything from there (which she would have absolutely no reason or desire to do).

It seems farfetched for a city police officer to be able to delete files remotely (I'm not even in the USA right now, they don't have jurisdiction, but also, I am the victim) but I do know they cooperate extensively with federal law enforcement on relevant investigations, so it doesn't seem to far-fetched that this high-ranking police officer might have befriended a fed willing to get him out of a pickle.

It seems ridiculous, but I can understand that a 20+ law enforcement veteran might be willing to pull out all the stops to protect their lifelong career.

So my question is, in terms of computer security, could a rogue police officer be deleting my files remotely, to delete evidence? If so, what can I do to protect myself? I do have several offline backups but I don't want them to get nuked when I need to get them online to hand them over to the investigating officer. Not using a throwaway because I'm assuming they're reading this anyway.

4 Comments
2021/11/07
09:31 UTC

0

Cant delete .ico.guer files?

They both have a globe as the icon, and it says there is no interface reported when I try to delete them?

1 Comment
2021/08/05
17:57 UTC

4

Throwback: old password issues

Came across this old article talking about the use of biometrics and the advancements in that area in terms of passwords and authentication. But with what we have today, what do you feel is the most effective: heart rate, facial or voice recognition... or something else?

1 Comment
2021/07/22
14:55 UTC

Back To Top