@Dashrender said:

These newer algorithms that require specific amounts of RAM and have time variables in them to force the decryption to take time are pretty interesting.

Hmmmm.... I'd be interested to see how that works and, more importantly, how does that impact proper decryption versus a cracking attempt?

@johnhooks said:

More reason for me to get my dream car (67 GTO).

GTO, Classic Camaro, Mustang Mach II, Classic Corvette, Dodge Power Wagon.....

or one of my all time favorites -

US Military m109

Thanks, great resource.

Yup, our security guy is a big believer in "Linus' law": "many eyeballs make all bugs shallow" or something like that 😄

This gives me an idea for a topic...

@anonymous said:

Nice Guide. Can you please add a link to the Jumpbox guide, I missed it.....

http://mangolassi.it/topic/6143/linux-lab-project-building-a-linux-jump-box

@Dashrender Eons ago... http://sillydog.org/narchive/full4.php

It was actually pretty good too...

Decent guide for this from NIST:

http://csrc.nist.gov/publications/drafts/nistir-7966/nistir_7966_draft.pdf

@Dashrender said:

It's odd to think the developers of Angry Birds 2 would use an unofficial version of Xcode.

Seriously!

@JaredBusch said:

What the hell is up with the author of that article basically down playing the entire thing because it does not prevent SQL injection?
Seriously WTF?

I agree, that is a bunch of BS. This is about on-disk data at rest security and is a decently big deal.

@JaredBusch said:

@DustinB3403 said:

6 Digit pass-codes are only a minimalist approach to attempt securing their devices.

It is better than 4 by a long shot and the cries if they forced users to switch from the simple code to alphanumeric would be immense

And there isn't any RDP type access to these devices where that access can be attempted remotely. That's a physical input device with a ten attempt limit. It's far more secure than the same thing on an SSH password, for example. I think that people are thinking of it in terms of different types of security.

@JaredBusch said:

@mlnews said:

Cisco routers in four countries have been discovered to have a SYNful malware variant creating back doors in them

I read about this already, but that neither that article nor the one you linked state clearly how the routers had the malware loaded onto them other than to state they were logged into with default credentials.

I've been wondering about that myself. Was this factory loaded, loaded from a shipping location, at customs, simply through online attacks.... any potential options.

@Dashrender said:

Why is a VPN a security risk? because they give you (generally) full access to the network?

Correct. They create unnecessary exposure. Direct access to all hosts (typically) for all protocols and ports. The protections of firewalls and proxies are bypassed. They are generally the least secure form of access because they are the laziest - just expose everything and hope for the best.

@Breffni-Potter said:

But Soviet Russia will invade, We need to beat Al-Qaeda, ect.

They know they are attacking Americans. There can't honestly be any confusion about what they are doing.

@scottalanmiller said:

We need to understand where and when it is happening and why it potentially makes sense and if and where potential concerns exist. But that data is being collected itself is not a major concern.

Agreed. I want a list of what they collect & why & how it's used & who can use it. Then I'll quit sharpening my pitchfork and disperse the mob.

Edit: I may settle for less explanation if they get super specific about what they collect.

Of course UEFI comes with its own risks, as we have recently seen, so it is more imperative that you trust your hardware maker when using UEFI. Not that trusting them wasn't always essential, but their toolkits for being naughty have expanded.

@nadnerB said:

App stores... pfffft who needs them
stares at Lumia wondering what to do with it 😐

😞 yeah All I want is a stupid StarBucks app... lol