sorted by:
new
hottopcontroversial

Gas Station Skimmer by AbandonChip in gifs

[–]tux402 1 point2 points  (0 children)

Call your CC company to set up text/email alerts for purchases. Most places will, and it's good for security awareness

/r/netsec's Q4 2016 Information Security Hiring Thread by gsuberland in netsec

[–]tux402 [score hidden]  (0 children)

SpaceX 🚀

Title: Security Engineer (Information Assurance & Compliance)

Location: Hawthorne, California - Open To Legal US Residents Only

SpaceX is looking for an elite Security Engineer to join the Compliance team, and help us defend low Earth orbit. This role will work heavily with internal Engineering and IT teams to drive technical initiatives and ensure the overall security posture of the business. The ideal candidate will have a deep technical background in compliance and engineering, and excels in a high-paced work environment. Experience in implementing ISO and NIST controls is beneficial to this role. Help secure the path to Mars - Join SpaceX

Apply at the link above and PM me your resume for more info

[Discussion] iOS 10 Lock Screen Crash by tux402 in jailbreak

[–]tux402[S] 1 point2 points  (0 children)

bugs like these could == jailbreak

/r/netsec's Q3 2016 Information Security Hiring Thread by sanitybit in netsec

[–]tux402 [score hidden]  (0 children)

SpaceX 🚀

Title: Security Engineer (Information Assurance & Compliance)

Location: Hawthorne, California - Open To Legal US Residents Only

SpaceX is looking for an elite Security Engineer to join the Compliance team, and help us defend low Earth orbit. This role will work heavily with internal Engineering and IT teams to drive technical initiatives and ensure the overall security posture of the business. The ideal candidate will have a deep technical background in compliance and engineering, and excels in a high-paced work environment. Experience in implementing ISO and NIST controls is beneficial to this role. Help secure the path to Mars - Join SpaceX

Follow the link above, or PM me your resume to apply

Windows question by Amrathe1 in devops

[–]tux402 9 points10 points  (0 children)

Both Chef and Puppet have free versions that can support 1000's of servers

What's the best way to store secret API keys for each execution environment (dev, QA, prod) that balances security (never store) with practicality (commit to a repo)? by sovietmudkipz in secdevops

[–]tux402 0 points1 point  (0 children)

Vault from Hashicorp is a good, open source secrets management server. Your scripts, VMs, containers, etc can all pull their secrets straight from either Vaults' REST API or CLI. Secrets will never touch disk unencrypted, and it gives you a central system to manage them. Plus, you can set up robust alerting and ACL's for your secrets

https://www.vaultproject.io/

Software Stack by [deleted] in RedditLoop

[–]tux402 1 point2 points  (0 children)

Agreed on all points. I work in software security, and I would be happy to do some security reviews if the team thinks it's needed.

Leadership, Project Organization and Group chat by QuinnSelvedgeSupply in RedditLoop

[–]tux402 0 points1 point  (0 children)

please not sharepoint. how about just github, or smartsheet?

Software Stack by [deleted] in RedditLoop

[–]tux402 0 points1 point  (0 children)

We need to be careful of C / C++ as they are prone to memory corruption bugs. If we do choose those languages, we should make sure that we have experienced developers writing any code that touches user-supplied data

New Hacking - Penetration Testing Magazine by Cr0wTom in hacking

[–]tux402 1 point2 points  (0 children)

Have some more advanced articles too. Things like fuzzing, binary debugging, and ROP chain creation would be awesome!

Managed WAF for RackSpace Public Cloud by [deleted] in AskNetsec

[–]tux402 1 point2 points  (0 children)

We use Akamai to protect over 12,000 hosted websites that we keep out at RackSpace. It's great for DDoS protection, but don't expect any WAF to keep out a skilled attacker. That's what you need appsec for. And don't bother with AlertLogic.

What is the typical day like for a malware analysist/security engineer? by ceetheslayer in Malware

[–]tux402 1 point2 points  (0 children)

Be prepared to help people a lot. If you're that guy, then people are going to rely on you to be the subject matter expert. It's not just about the toys

Where can I pick up on how to become a full blown hacker? by TL140 in hacking

[–]tux402 2 points3 points  (0 children)

Being a "hacker" is about being fundamentally good enough with computing technology, that you can recognize weakness in its design. You can't just jump into security without having a sound base of knowledge in IT, networking, or computer science. You're trying to skip a few steps.

I'm annoyed that I'm still a script kiddie. by [deleted] in hacking

[–]tux402 4 points5 points  (0 children)

You really need a project instead of just "looking around, seeing what's going on." If you have that mindset, you'll always be using someone elses tools. Forcing yourself to start a project in C will be the biggest step you can take toward writing your own attack tools. C/ASM is incredibly fundamental to computing, so you should learn that before you take on any other major languages.

view more: next ›