Security
The protection resistance is matter of time, money or opportunities. Anything is vulnerable directly or indirectly.
on ne peut chiffrer ou déchiffrer une donnée, l'inscrire ou la supprimer d'une mémoire sans apporter et déposer une trace sur l'ordinateur, sans modifier et prendre quelque chose qui s'y trouvait auparavant.
It's cheaper to get hacked than build strong IT defenses
— Sad reality: It's cheaper to get hacked than build strong IT defenses • The Register
areoplanes include strict systems to separate the cabin from the cockpit [...] concept of "security domains"
— When fictional worlds are an accurate representations of IoT security – LearntEmail
We had cryptographic potatoes for dinner. They were salted and hashed.
— Andromeda Yelton
Don't trust anyone
Resources
Free OS X Security Tools Objective-See
IP lists of suspicious activities (some lists are non-free) I-BlockList | Home
CS253 - Web Security - Stanford course for a comprehensive overview of web security
Web security
Data access and integrity
Malware
Types: ransomware, etc.
SMTP stands for Simple Malware Transport Protocol.
— Kevin Beaumont
Detect and report ransomware: Crypto Sheriff — The No More Ransom Project
[How malware bypassing anti-viruses work](Straight Pole + Curved Hole Illusion.mp4)
RAA - An entirely new JS ransomware delivering Pony malware - ReaQta https://news.ycombinator.com/item?id=11934717 https://gist.github.com/Antelox/020c727e1917bd018441cb6425cae397
DDoS
Could be a protest, a capabilities test, etc.
10MB + 10x CC to the same email = 100MB into the inbox while you sent only 10MB
Subscribe to more than 1000 mailing-list will flood your mailbox
SPAM and Phishing
A targeted fishing after a smartphone has been stolen, to get unlocked the protection This is what Apple should tell you when you lose your iPhone
Warning: beware of fake TibiaMaps.io copies! · TibiaMaps.io - Phishers copy site, add malware, & buy Google ads to make them appear above the original website in search results
authenticate your email domain with SPF
Report
whois AA.BB.CC.DD
, search for OrgAbuseEmail
to report an abuse or use the address abuse@AA.BB.CC.DD
Report a Suspected Web Forgery
hl=en&url=http%3A%2F%2Fexample.com
Wi-Fi
KisMac2 – security tool for Wi-Fi https://github.com/IGRSoft/KisMac2
Harassment
Aka spontaneous events, flash mob, strike, protest, sit-in (sit-in against a business , DoS IRL), SPAM, unsolicited, etc.
Could handle the mass of people, crowd overtake
Issues: health, order, safety, etc.
Wrong Number Puts Rotterdam, NY, at Center of Turkey-Netherlands Rift - People call the wrong phone number, Rotterdam Police could refer to Politie Rotterdam, Netherlands or Rotterdam Police Department, New York, USA
A Tweet to Kurt Eichenwald, a Strobe and a Seizure. Now, an Arrest. - The New York Times - Send a blink GIF to a photosensitive epilepsy person.
Dennō Senshi Porygon — Wikipedia - trigger a seizure in vulnerable users with a movie (contains flashes) or with strobe lights
Use Virtual mobile number or spoof SMS to send lot of SMS to one target (DDoS)
See DDoS See Usurpation & social engineering
Sabotage
black hat trolling, social sabotage, guerilla
Simple Sabotage Field Manual by United States. Office of Strategic Services | Project Gutenberg - Declassified OSS document https://web.archive.org/web/20121126170237/http://www.gutenberg.org/files/26184/page-images/26184-images.pdf
https://web.archive.org/web/20120927000536/https://www.cia.gov/news-information/featured-story-archive/2012-featured-story-archive/CleanedUOSSSimpleSabotage_sm.pdf
Backup
The 3-2-1 rule can aid in the backup process. It states that there should be at least 3 copies of the data, stored on 2 different types of storage media, and one copy should be kept offsite, in a remote location
https://infosec.uthscsa.edu/sites/default/files/documents/Backup.pdf
Last updated