cybersecurity

10 readers
1 users here now

This subreddit is for technical professionals to discuss cybersecurity news, research, threats, etc.

founded 1 year ago
MODERATORS
1
 
 
The original post: /r/cybersecurity by /u/KeitrenGraves on 2024-10-13 16:46:39.

I have been thinking about going for my CCNA as I don't think any networking knowledge would hurt but I am wondering if it is even worth it. As a background I currently have my A+, Network+, Google Cybersecurity Cert, AWS Certified Cloud Practitioner, and was going to Security+ before thinking about doing CCNA. So I was just wondering if skipping out on CCNA would hurt me or help in the long run.

2
 
 
The original post: /r/cybersecurity by /u/NISMO1968 on 2024-10-13 16:06:18.
3
 
 
The original post: /r/cybersecurity by /u/sasko12 on 2024-10-13 15:04:53.
4
 
 
The original post: /r/cybersecurity by /u/petitlita on 2024-10-13 12:32:09.

It's far too easy for an attacker to control practically every level of an LLM - the dataset, model, all parts of the prompt, and as a result, the output. Like there's attacks on agentic models that are basically as easy as phishing but can get you RCE. The fact is that responses by nature have to leak some information about the model, which can be used to find a sequence of tokens that gets a desired response. It's probably unrealistic to assume we can actually prevent someone from forcing an AI to act outside of its guardrails. Why are we treating them as trusted and hoping they will secure themselves?

5
 
 
The original post: /r/cybersecurity by /u/TheMuffinTops on 2024-10-13 11:49:13.

Howdy!

I'm planning to deploy openCTI for brand protection which will monitor domains, fake websites and social media impersonation instead of zerofox/recorded future. What do you think? if so, what connectors should i explore?

Thank you.

edit: typo

6
 
 
The original post: /r/cybersecurity by /u/KeyCommittee97 on 2024-10-13 11:01:59.

I just downloaded metasploitable 2 from https://sourceforge.net/ . I just extract it and all i can see is vmdk - with the TYPE Progold_VirtualBox.Shell.vmdk I was expecting vmdk - with TYPE Virtual Machine Disk Format. Can anyone please help?

7
 
 
The original post: /r/cybersecurity by /u/ThrillSurgeon on 2024-10-13 10:59:10.
8
 
 
The original post: /r/cybersecurity by /u/Rxmp on 2024-10-13 10:34:59.

I am interested about the niche of Email Analysis in Cyber Security, I have seen many roles for SPAM engineer, SPAM analyst, Email Malware analyst starting to appear. I wanted to understand what you do, how interesting the work is and if you enjoy it.

9
 
 
The original post: /r/cybersecurity by /u/MaximumLetter4257 on 2024-10-13 10:00:19.

im male 23 years old from italy. I already have a degree in political science but unfortunately this has never been my path. But in the end I finished my degree to make my parents happy. Now a year ago I started another degree in computer engineering and I really like it. However, I would like to learn more about cybersecurity. Any ideas where to start?

10
 
 
The original post: /r/cybersecurity by /u/towtoo893 on 2024-10-13 07:25:35.
11
 
 
The original post: /r/cybersecurity by /u/ElectroStaticSpeaker on 2024-10-13 06:46:20.
12
 
 
The original post: /r/cybersecurity by /u/eatsweets3232 on 2024-10-13 02:49:56.

I'm 17 and have been getting into cybersecurity, reading up and studying on it here and there. I recently searched for cybersecurity content on TikTok, and honestly, it’s crazy how many people in the comments seem to think it’s some kind of easy way to make quick money. I know for a fact that cybersecurity isn’t a walk in the park, and it’s definitely not a free money generator like people make it out to be. The same goes for computer science it takes serious effort and skill.

13
 
 
The original post: /r/cybersecurity by /u/Serious-Summer9378 on 2024-10-13 02:07:26.
14
15
 
 
The original post: /r/cybersecurity by /u/Due-Student946 on 2024-10-13 01:01:08.

I'm a Cybersecurity student with previous experience in Cybersecurity. But, I have very limited idea about coding. I passed the HackerRank for Goldman after a lot of practice and recently got invited for the Superday.

But, I'm seeing a CoderPad link with my interview. What is this? Does that mean I will have to code live with an interviewer?

I'm pissing my pants to be honest. I wanted this role for a long time but coding is not my forte!

16
 
 
The original post: /r/cybersecurity by /u/mohusein on 2024-10-12 22:11:40.

Hi everyone,

Im trying to encrypt data in my application level and store the encrypted data in a database then decrypted when needed.

I learnt that i need to keep my keys in a secure place such as aws kms.

Here is the problem: If for any reason aws decided to lock me out of the account and i cant access the keys i will not be able to access my data.

Is there a soultion where i can keep a copy of the key locally but still use it with a service like aws kms?

Im traumatized by the idea of a third party having full control on a crusial aspect like this because last year i was locked out of my rds for like 5 days just for changing my payment details, so never again im giving any service provider such high power.

Thanks for any input.

17
 
 
The original post: /r/cybersecurity by /u/cyberkite1 on 2024-10-12 21:38:33.

Chinese researchers have "reportedly" cracked "military-grade encryption" using a quantum computer, marking a significant threat to global security?

The D-Wave system used in this breach targets Substitution-Permutation Network (SPN) algorithms commonly found in sectors like military and finance.

While no specific passcodes were cracked, this breakthrough suggests that quantum computing is rapidly advancing beyond traditional encryption defenses.

The breakthrough hinges on the quantum annealing algorithm, leveraging quantum tunneling effects. Unlike traditional algorithms, which explore every possible solution path, this method allows quantum systems to 'tunnel' through computational barriers to reach solutions faster. Researchers also integrated classical algorithms like Schnorr and Babai for a hybrid approach to cracking encryption.

Does this development present a potential leap in quantum computing applications, particularly in cryptography? As quantum hardware evolves, encryption methods may need urgent reconsideration to protect sensitive information?

It is now urgent that Google , Microsoft and Apple and other major western technology companies to act in switching to quantum hardened encryption but to ensure is still strong in standard computers.

Articles:

Interesting Engineering: https://interestingengineering.com/science/china-military-encryption-hacking-quantum-system

Quantum Insider: https://thequantuminsider.com/2024/10/11/chinese-scientists-report-using-quantum-computer-to-hack-military-grade-encryption/

China SCMP paper: https://www.scmp.com/news/china/science/article/3282051/chinese-scientists-hack-military-grade-encryption-quantum-computer-paper

18
 
 
The original post: /r/cybersecurity by /u/flacao9 on 2024-10-12 17:30:48.
19
 
 
The original post: /r/cybersecurity by /u/itcsps4 on 2024-10-12 17:26:42.

Is there a difference? I'm on the job hunt and I noticed there are Enterprise Security roles popping up that to me look are similar (or the same) as a Security Engineer role.. is this the new evolution of the "Security Engineer" or am I missing something?

20
 
 
The original post: /r/cybersecurity by /u/ka2er on 2024-10-12 16:46:25.

How do you find quality profile especially in France (east-north paris aera) ? I have a postition open and I would be interested to hear how do you chase for the right candidate ? which method do you use if company is not listed on cac40 index or cyber specialist ?

Any advice or real life experience very appreciated.

21
 
 
The original post: /r/cybersecurity by /u/madhanmaaz on 2024-10-12 16:24:00.
22
 
 
The original post: /r/cybersecurity by /u/SadCryptographer7976 on 2024-10-12 16:21:54.
23
 
 
The original post: /r/cybersecurity by /u/wisdom_of_east on 2024-10-12 12:36:21.

Please consider sharing your insight on my project...

🔧 GitHub Repository [Oblivious SRP Library]

Explore the repo and README to get started.

💡 Feedback Request [GitHub Discussions], or email me directly at by clicking here! Also, everyone is welcome to post their feedback in the comments or message me on Reddit itself.

Greetings,

I’m excited to announce the release of my dev project called Oblivious SRP, an evolution of the already highly secure Secure Remote Password (SRP) protocol. SRP is well-known for its use of zero-knowledge password proof, meaning the user’s password is never stored anywhere—not on the client, not even on the server. In SRP, passwords are never even sent over the network, not even in encrypted form! This makes SRP far more secure than other password-based systems. Hence, many major players like Apple and Skiff-mail make extensive use of SRP protocol in their products.

What makes SRP so secure?

  • No Password Storage: SRP doesn’t store your password, not even in an encrypted form. Instead, the password is transformed into a verifier that the server stores. The server uses this verifier to authenticate the user without ever learning the actual password.
  • No Password Transmission: During authentication, the user's password is never transmitted, not even in encrypted form. Instead, a mathematical proof is exchanged, allowing the server to verify the password without knowing it.
  • This makes SRP immune to common threats like password leaks from server breaches, phishing, and replay attacks.

But there’s still a potential vulnerability…

While SRP is extremely secure, it does store a verifier on the server. If a server becomes malicious, it can try to use this verifier to run dictionary attacks (guessing passwords until it finds the right one).

Introducing Oblivious SRP:

Oblivious SRP takes things up a notch by introducing Oblivious Pseudo-Random Functions (OPRF) and multi-server support to close these gaps:

  • OPRF: Instead of storing the verifier directly, the verifier is split into a private and a public component. The public verifier is generated via hashing OPRF evaluations with the private verifier, where the OPRF evaluations are username-rate-limited, making dictionary attacks nearly impossible.
  • Multi-Server Model: Oblivious SRP also supports a multi-server approach, where attackers need to compromise multiple servers to perform a successful attack. This makes password guessing far more complex and increases overall security.

Enhanced Security:

With Oblivious SRP, attackers would need to break into all the servers, bypass their rate-limitations and acquire real-time responses from each one to even begin trying to guess a password. The extra layers of defense significantly reduce the risks of traditional SRP while maintaining its core strengths.🔧

24
 
 
The original post: /r/cybersecurity by /u/MethodPleasant6478 on 2024-10-12 12:22:15.

In large enterprises, how is authentication and authorization typically managed across multiple applications (e.g., more than 20)? It doesn't seem efficient for each application to have its own isolated system for managing users, roles, and permissions. What strategies are commonly used to centralize user profiles, roles, and authorities across different systems? How do companies avoid redundancy and maintain security at scale?

25
 
 
The original post: /r/cybersecurity by /u/eatfruitallday on 2024-10-12 08:16:23.
view more: next ›