Cybersecurity - Memes
- Severity: Critical
I have both done pentests and received pentest reports. My observation is that the perceived severity often varies between the tester and the customer.
- Cookie banner
Nothing tells me more that you care about my privacy than sharing my data with hundreds or thousands of companies.
- Denial of Service
Interestingly, the firewall got overload by the number of UDP packets and not by the bandwidth of traffic. See UDP Flooding on Wikipedia.
- Responsible Disclosure (other perspective)
Please don't act like the german conservative party:
> The CDU [german conservative party] lodged a criminal complaint against Wittmann after she told the party about a security vulnerability in the CDU-Connect election campaign app. (source)
- No backup, no mercy
Who could have guessed that having tested, well protected and current backups help when dealing with cyber security incidents?
- Your password has expired
This practice is not recommended anymore, yet still found in many enterprises.
- Does your company do phishing simulations?
We found out that 10% of our users entered their password.
- Password length requirement
Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?
- We're probably not the only ones running outdated software
Fun fact: The outdated software runs on outdated hardware, too.
- Security is a process
Quote taken from a 24 year old article by Bruce Schneier that is still relevant in today's world.
- What certs can i do to get into a starter cybersecurity job quickly?
i am interested in getting a job in cybersecurity
- Internet [MoringMark]
cross-posted from: https://lemmy.ca/post/23059450
Full credit to Makmark/MoringMark. You can find him here: Tumblr | Reddit | Instagram | Deviantart | Ko-fi
- Or maybe introduce them to Little Bobby Tables
cross-posted from: https://lemmy.world/post/12516311
> Or maybe introduce them to Little Bobby Tables > > (skeletor is leading by example by adding that unnecessary apostrophe...)
- classic opsec mistake
so, the company was Vastaamo. was because it got bankrupt after the breach, and GDPR violations.
the "hacker"(or rather cracker) was extradited from France to Finland. you can read about how terrible the company's security was here: https://tietosuoja.fi/en/-/administrative-fine-imposed-on-psychotherapy-centre-vastaamo-for-data-protection-violations
or watch mental outlaw's video on the matter, or the Wikipedia article on the breach.
now there are several things that shouldn't have happened (e.g.: don't do these things on your main OS, have root access disabled, etc.), but I'll leave that to you experts.