HackerTrans
TopNewTrendsCommentsPastAskShowJobs

ideksec

no profile record

Submissions

[untitled]

3 points·by ideksec·ano passado·0 comments

UNC5537 Targets Snowflake Customer Instances for Data Theft

cloud.google.com
4 points·by ideksec·há 2 anos·0 comments

Hardest Geezer: British man Russ Cook completes run across Africa

bbc.co.uk
2 points·by ideksec·há 2 anos·0 comments

Hackers threaten to publish cache of NHS data

bbc.co.uk
1 points·by ideksec·há 2 anos·0 comments

Confluence Status Page

confluence.status.atlassian.com
1 points·by ideksec·há 2 anos·0 comments

Whoop is adding a ChatGPT-powered ‘coach’

theverge.com
1 points·by ideksec·há 3 anos·0 comments

The Terrifying Rise of Debanking

spiked-online.com
4 points·by ideksec·há 3 anos·2 comments

Ripple notches win in SEC case over XRP cryptocurrency

reuters.com
154 points·by ideksec·há 3 anos·88 comments

Secureworks to lay off 9% of workforce

sec.gov
2 points·by ideksec·há 3 anos·0 comments

ProxyNotShell– the story of the claimed zero days in Microsoft Exchange

doublepulsar.com
2 points·by ideksec·há 4 anos·0 comments

[untitled]

1 points·by ideksec·há 4 anos·0 comments

A Boss Ordered All Workers Back to the Office a Year Ago. He Has No Regrets

wsj.com
3 points·by ideksec·há 4 anos·3 comments

The pandemic is no longer an excuse for poor customer service

instituteofcustomerservice.com
1 points·by ideksec·há 4 anos·0 comments

iPhone autocorrect driving you crazy lately? You're not alone

smh.com.au
2 points·by ideksec·há 4 anos·2 comments

Woman caught virus twice within record 20 days

bbc.co.uk
2 points·by ideksec·há 4 anos·0 comments

[untitled]

1 points·by ideksec·há 4 anos·0 comments

Russia moves to declare Meta an 'extremist' organization

businessinsider.com
12 points·by ideksec·há 4 anos·0 comments

Google to Acquire Mandiant

mandiant.com
353 points·by ideksec·há 4 anos·113 comments

Namecheap is banning Russians, asks them to switch registrars

bleepingcomputer.com
6 points·by ideksec·há 4 anos·2 comments

Fed Up with Google, Conspiracy Theorists Turn to DuckDuckGo

nytimes.com
36 points·by ideksec·há 4 anos·8 comments

comments

ideksec
·há 3 anos·discuss
This article makes so many unfounded assumptions in order to make a point.

> Presumably they are going to immediately make themselves admin, or wire all your bitcoin to their account.

Attackers running scams like a sophisticated BEC will lay dormant for long stretches of time to gather information before acting. Sure, they can export the emails and set up auto-forward rules to maintain visibility when the session expires, but they've now made a lot more noise to detect on. I've seen threat actors view mailboxes once a day for months before they launch this scam.

> Also, it would be better to protect against this by securing the logs or using hard drive encryption.

Of course it would, but often it's not. It's that simple. It's crazy to think the person responsible for writing a secure app is also the one making decisions on endpoint encryption.

> some applications are used strictly within an company from company devices

Some are, lots are not. This reads like someone who has worked in enterprise environments with well funded security teams, not a small business with one IT guy running the show.

> But even then, the attacker could install a browser extension that sends your credentials to them the next time you log in.

This contradicts the rest of the article. Why is a company securing logs, encrypting disks, locking down where users can access apps, but then allowing anyone to install browser extensions?

I agree that short sessions are not the quick fix that some devs make them out to be, but the author is ruling out a perfectly acceptable control based on an imaginary end user setup.
ideksec
·há 3 anos·discuss
Again, completely untrue. Automatic unfair dismissal does not have a minimum tenure to be applicable. Here [1] is a handy list of protections that do not require two years. You've also conveniently ignored all the other benefits in that list that are not available in the US.

You've already been corrected by someone else on the unemployment benefits so I'll not waste time repeating that.

The UK has a lot of problems, but downplaying workers rights in comparison to the states is a strange hill to die on.

1) https://www.tribunalclaim.com/unfair-dismissal/automatic-unf...
ideksec
·há 3 anos·discuss
Can you elaborate more on how the UK's workers rights are "literally worse than the US"? I would say things like statutory sick pay, mandatory holiday allowance, protection from unfair dismissal and the right to uninterrupted breaks are all pretty progressive compared to the States.
ideksec
·há 4 anos·discuss
Very much feels like we're watching history, just a matter of time it seems
ideksec
·há 4 anos·discuss
I see this very quickly made it's way to the front page, are the HN mods trying to tell us something? /s
ideksec
·há 4 anos·discuss
This article is from 2019, but it was my recent experiences with autocorrect which led me to finding this. My phone will occasionally have a few days of complete autocorrect meltdown (words completely out of context, random capitalisation, Spanish?) before normal service resumes.
ideksec
·há 4 anos·discuss
Anyone who has worked in the domain takedown space knowns namecheap are one of the worst, so I'm interested to see what (if any) effect this will have
ideksec
·há 5 anos·discuss
There are countless reports, studies, Gov intel briefings, even whole books, all pointing towards Russia and neighboring countries being a huge exporter of these style of attacks. I'm not saying ALL ransomware is from that region, but the industry agrees that a huge percentage is.

Do you have something to the contrary, or is this just a hunch?
ideksec
·há 5 anos·discuss
An organization going out of business isn't just a case of bad management being eliminated.

I wrote that line thinking of the clients I've worked with who've been hit by ransomware and didn't realize IT were not doing their job until it was too late. In some cases it's a failure on their part - not investing enough time or resources and seeing IT as "the guy who installs windows". More often than not, they were assured it was taken care of. I don't expect a manager of a car dealership to know if their Exchange server is running recent patches. If companies like SolarWinds and Kaseya can get popped and compromise their downstream customers, think of the number of small MSPs causing that same issue every day. I don't think a business should go under with people losing their jobs because IT screwed up.

We would be better off without leadership who take no interest in security, and once a company is hit with a 100k ransomware bill you can bet they'll care going forward.
ideksec
·há 5 anos·discuss
While I agree with the sentiment around not paying, I don't think it's as simple as that. Calling on law enforcement to "track down the adversary" is not easy, and when you track it back to a random Russian cybercrime group what can you do with that information?

A lot of these payments are not fortune 500 companies with unlimited IT budget, it's small or medium businesses with a 3 person IT team. Should they have proper off-site backups? Yes. Should we just let these companies go out of business until organizations learn their lesson? I would say no.

I really like the idea of making payment more difficult and mandating organizations to report these incidents. You're correct, companies do have the incentive to cover things up. Banning payment won't stop that.

I'm interested to see how people will circumvent this if the bill passes. If you pay a third-party company who "deal with the issue" on your behalf, all under legal privilege of course, would you still need to report?