Thanks, great resource.

Yup, our security guy is a big believer in "Linus' law": "many eyeballs make all bugs shallow" or something like that 😄

This gives me an idea for a topic...

@anonymous said:

Nice Guide. Can you please add a link to the Jumpbox guide, I missed it.....

http://mangolassi.it/topic/6143/linux-lab-project-building-a-linux-jump-box

@Dashrender Eons ago... http://sillydog.org/narchive/full4.php

It was actually pretty good too...

Decent guide for this from NIST:

http://csrc.nist.gov/publications/drafts/nistir-7966/nistir_7966_draft.pdf

@Dashrender said:

It's odd to think the developers of Angry Birds 2 would use an unofficial version of Xcode.

Seriously!

@JaredBusch said:

What the hell is up with the author of that article basically down playing the entire thing because it does not prevent SQL injection?
Seriously WTF?

I agree, that is a bunch of BS. This is about on-disk data at rest security and is a decently big deal.

@JaredBusch said:

@DustinB3403 said:

6 Digit pass-codes are only a minimalist approach to attempt securing their devices.

It is better than 4 by a long shot and the cries if they forced users to switch from the simple code to alphanumeric would be immense

And there isn't any RDP type access to these devices where that access can be attempted remotely. That's a physical input device with a ten attempt limit. It's far more secure than the same thing on an SSH password, for example. I think that people are thinking of it in terms of different types of security.

@JaredBusch said:

@mlnews said:

Cisco routers in four countries have been discovered to have a SYNful malware variant creating back doors in them

I read about this already, but that neither that article nor the one you linked state clearly how the routers had the malware loaded onto them other than to state they were logged into with default credentials.

I've been wondering about that myself. Was this factory loaded, loaded from a shipping location, at customs, simply through online attacks.... any potential options.

@Dashrender said:

Why is a VPN a security risk? because they give you (generally) full access to the network?

Correct. They create unnecessary exposure. Direct access to all hosts (typically) for all protocols and ports. The protections of firewalls and proxies are bypassed. They are generally the least secure form of access because they are the laziest - just expose everything and hope for the best.

@Breffni-Potter said:

But Soviet Russia will invade, We need to beat Al-Qaeda, ect.

They know they are attacking Americans. There can't honestly be any confusion about what they are doing.

@scottalanmiller said:

We need to understand where and when it is happening and why it potentially makes sense and if and where potential concerns exist. But that data is being collected itself is not a major concern.

Agreed. I want a list of what they collect & why & how it's used & who can use it. Then I'll quit sharpening my pitchfork and disperse the mob.

Edit: I may settle for less explanation if they get super specific about what they collect.

Of course UEFI comes with its own risks, as we have recently seen, so it is more imperative that you trust your hardware maker when using UEFI. Not that trusting them wasn't always essential, but their toolkits for being naughty have expanded.

@nadnerB said:

App stores... pfffft who needs them
stares at Lumia wondering what to do with it 😐

😞 yeah All I want is a stupid StarBucks app... lol

I'd buy any DVR that matches the camera type that want.

And then buy the camera's separate. Any basic unit that you'd buy from Amazon are going to have crap camera's.

All you need is the software and storage space.

If you don't want to purchase a prebuilt system you could try something line ZoneMinder, and simply purchase camera's that are on the HAL.

ZoneMinder
HAL List

@PSX_Defector said:

@johnhooks said:

Piggy backing on one of the other threads. If it was an insider, how do you think the FTC would have grounds to sue? I don't think there is a way to stop something like this unless no employees have access to the data.

Be kind of hard for the FTC to sue a Canadian company.

Haha good point. It was just a hypothetical about this type of situation.