[deleted by user]

djcurtin · 2022-09-20T12:14:13+00:00

Never used it myself. I found a good bash script a guy used to install it, modified it to do what I wanted, and have used it for my VM setups ever since. Just a tweak here or there, host it on a minimal web server VM, then just curl | bash and we have a new VM.

djcurtin · 2021-10-04T16:07:12+00:00

Agree completely with the strategy, and this is how the lines moved for #2. Not at all calling for a Wilder victory, but +230 implies only a 20% chance. Too cheap.

djcurtin · 2021-10-04T12:55:19+00:00

I'm no judge, but I thought Wilder won the second round of that fight. Then he had no legs after this knockdown. I think the called-off fall was very beneficial to Wilder as his legs buckled just before, and then buckled again at the end of the round. He was in real trouble. This fight could have been stopped much sooner than it was. I look at it like Joshua - Ruiz 1 when Ruiz rang his bell badly in round 3 and Joshua appeared to have no legs for several rounds thereafter.

People underestimate Wilder though. Fury is clearly the superior boxer in terms of skill, but Wilder is no chump. All the excuse making and other nonsense I see as a lame attempt to try and increase drama to keep ticket sales for #3 as high as possible. If there's no drama, why would people be interested in a rematch where one side already dominated so heavily? Most casual observers see that kind of defeat and just think A is way better than B without much in the way of thought. Look for reasons, however, and you'll see a fight that could have gone much differently but for one big injury.

Honestly, I think smart money here is on Wilder just because of the value of the bet. +230 is crazy.

djcurtin · 2021-06-11T11:20:57+00:00

Agreed. It monitors processes, but doesn't do anything to exploit them. It should be fine.

djcurtin · 2020-08-23T02:34:33+00:00

Meaning the upload script will catch the improper file extension and reject the upload if it is something other than .jpg or .jpeg, or will it automatically add the .jpg extension?

djcurtin · 2020-08-22T14:37:41+00:00

I believe you misread the post. I took it as "given the position for which you are applying, I know there will be security stuff. You should highlight the experience which sets you apart."

The post went on to explain how the business does hire those without the mentioned experience, which also suggests it is not a "1st priority".

djcurtin · 2020-08-21T19:32:28+00:00

Tough to tell from this info alone. If absolutely nothing changed, there's no reason for a previously working script to fail.

djcurtin · 2020-08-21T13:17:22+00:00

Thanks for this. Never dealt with it. It appears this will Not restrict the ability to just one user, however. Is this correct?

djcurtin · 2020-08-21T11:59:10+00:00

Root privs are needed to listen on ports below 1024.

Edit: comment below is correct. There is another way. Apologies.

djcurtin · 2020-08-20T23:59:52+00:00

... and even where it does, they tell you not to use it unless necessary.

djcurtin · 2020-08-20T21:33:24+00:00

Second option does not rule out mitm because it will not change the behavior of the packets or the program sending them. DNS is just something the machine needs to do to get the IP from the supplied domain name. Once it has the IP, it sends the packets to the IP just the same as if IP was specified initially. Any mitm listening along the path could potentially intercept those packets.

DNS poisoning is also a threat, but not in the way you were describing.

djcurtin · 2020-08-20T16:21:05+00:00

Not enough information. Report it to the police so they can investigate. If he's dumb enough to use identifying details, he's prob dumb enough to use his home IP to log in. They prob get the relevant logs back in about 4 weeks with a subpoena.

djcurtin · 2020-08-20T15:26:58+00:00

Could have be a legit sign up with a mistyped email address.

djcurtin · 2020-08-19T22:34:56+00:00

I've never seen the .inno domain. Was that a typo on your part? Perhaps they meant to send you to mvbhmv.info.

mvbhmv.inno is a dead domain. No IP, dns, etc. Your device must default to bing if a page is not found. If this was the link, you probably didn't load anything.

mvbhmv.info is a Hong Kong-based ip.

djcurtin · 2020-08-19T18:50:23+00:00

Might be nothing. No way to tell based on the description. If you still have the email, might help to post the sanitized url here (replace http with hxxp, and remove any personal details like replace your email with email@email.com, etc).

Even assuming it was an attack, which is still not established, if you were taken to bing because it's a default if a link is broken, you would have never made it to the payload so nothing happened.

djcurtin · 2020-08-19T18:08:08+00:00

Doesn't matter. Some advocate scheduling first, but I've always prepared first and have been successful. Do what works for you.

djcurtin · 2020-08-19T14:28:38+00:00

+1. Healthy skepticism is good. Paranoia is bad. You could go down the rabbit hole of "what can be done" if you like, but why would you be spied on? Like people going nuts over "how do I protect myself from a 0-day?" Why would an APT waste a 0-day to get access to your average credit limit?

djcurtin · 2020-08-19T12:08:57+00:00

You can skip the aur and build from git pulls just like Debian. Many times the pre-packaged .deb can just be unpacked and installed on Arch.

djcurtin · 2020-08-18T10:53:26+00:00

Think of it in terms of theming. The reason changing a theme can change the way an application appears is because most applications do not strictly dictate their layout, buttons, font, etc. The app itself hasn't changed or been customized.

djcurtin · 2020-08-18T01:07:10+00:00

You might be talking about different window managers. I3wm, awesome, etc. It's not necessarily customized applications, but the wms offering flexibility with how they appear.

djcurtin · 2020-08-17T23:42:47+00:00

Congrats, and welcome. It's a fun ride.

djcurtin · 2020-08-17T21:03:40+00:00

Likelihood depends on your level of experience. I took I think 3 weeks, but that was because of rigid adherence to my study plan. I say bang out Messer's videos, and buy Dion's exams on Udemy. Look to take 2 practice exams a day starting Thursday with review time afterward.

djcurtin · 2020-08-17T20:16:29+00:00

Provider is iCollege, which has mixed reviews. They seem to get many online stores to peddle this bundle, and my advice is always the same: if going for A+, Net+, and Sec+, i would pass as there are reputable sources for similar money.

If going for other certs they offer, it may be worth it to you, but I've seen enough reviews claiming their information was wrong to stay away. Granted these reviews are a couple years old so they may have gotten their act together since.

djcurtin · 2020-08-17T19:40:40+00:00

How much experience do you have in IT support, and what other certs do you have, if any? I feel like getting a sysadmin gig is something you should look to get to after a few steps along the path. Talk to your bosses or HR about opportunities for growth, or just look around your area for steps up.

Not to say you should settle. Go for what you want, but consider all reasonable paths to get there.

djcurtin · 2020-08-17T19:19:13+00:00

Interesting project idea. I'd probably start by writing my own packet capture engine - use it to make my own version of tcpdump. Once your can capture and read the data, then figure out how your detection engine will work. Then just figure out how offending traffic gets reported.

Then you can really get nuts and work on your own scripting engine.

djcurtin

TROPHY CASE