Cheeky Monkey....

[diddiyo]

been using my neighbors wifi for the last three days because comcast messed up our connection once again.

dear neighbor, thank you for not using a pwd.

[CuCullin]

Quote:

Originally Posted by diddiyo

been using my neighbors wifi for the last three days because comcast messed up our connection once again.

dear neighbor, thank you for not using a pwd.

Precisely why I leave a net connection open. Its neighborly

[azwildcats70]

Could be that because I have been in Information Security and Risk Management for so long, that I am uber paranoid, but then again, that's what I get paid to do.

"Security requires a particular mindset. Security professionals -- at least the good ones -- see the world differently. They can't walk into a store without noticing how they might shoplift. They can't use a computer without wondering about the security vulnerabilities. They can't vote without trying to figure out how to vote twice. They just can't help it. This kind of thinking is not natural for most people. It's not natural for engineers. Good engineering involves thinking about how things can be made to work; the security mindset involves thinking about how things can be made to fail. It involves thinking like an attacker, an adversary or a criminal. You don't have to exploit the vulnerabilities you find, but if you don't see the world that way, you'll never notice most security problems."This is from an article called "Inside the Twisted Mind of the Security Professional" Commentary: Inside the Twisted Mind of the Security Professional

[CuCullin]

Quote:

Originally Posted by azwildcats70

Could be that because I have been in Information Security and Risk Management for so long, that I am uber paranoid, but then again, that's what I get paid to do.

I used to do pen testing, so I understand the mindset.

At the same time, as many here know, I'm arrogant - so arrogant that I'm incredibly doubtful anyone would attempt intrusion, beyond that even MORE doubtful anyone would be able to come close to personal data, and even MORE doubtful that I wouldn't notice...

Firewall is the obvious first. Access to ports for "neighbor" users is highly limited. Then comes my port monitoring, with notification of any user aside from me using an otherwise blocked port. Then comes LIDS (I use the 2.6 tree, so no openwall for me). Add into that some decent monitoring for rootkit activities, and my compulsive checking of logs, and I'm fairly hardened up.

A few years ago, I had stated in my little user agreement page that they were welcome to attempt hacking one specific server. A chunk of people did try; there were three that got in, 2 of which couldn't accomplish anything beyond user level access - one impressed the hell out of me and got root! The culprit? A recent patch I had applied. The person left me a note telling me about it, I had missed it despite my checking a variety of places for security issues on the regular.

I fixed it and gave them shell access as a thank you for finding holes