Serious Discussion Those of you who are true IT sec prof here and not doing this for just a hobby be careful.

cartaphilus

cartaphilus

Level 19
Thread author
Verified
Top Poster
Well-known
Mar 17, 2023
945
3,190
1,768
The N**i Base on the Moon
We all take opsec and cyber training, but all I have to say is watch out for "your passion" questions. If I were to scrape this database and have access to who answer the question to of each poll then I would have a very nice psych and infrastructure profile of each IT professional.

I will know where you are leaning towards which companies you subscribe to both at home and at work. What was tested and failed. What you and your company is exploring as an option and thus either do not have that working yet or learning thus more likely to let false positive as true positive through. What you consider as sacred so I can gear my questions towards my spear fished user and interrogate the infrastructure they are in charge off by just asking questions and providing answers that they might agree with or vahemously defend or bad mouth.

Etc

Also be weary of all the bot questions. Those look and sound innocent but they slowly get to the heart of your TTPs. I am all for answering the questions but I would rather see home users being truthful rather than IT professionals.



Aaaand I am off my soapbox.
 
  • Like
  • +Reputation
  • Applause
Reactions: simmerskool, Miraculix, Sampei.Nihira and 3 others
You hit on a crucial point with the 'passion' questions, but there’s a massive blind spot being overlooked here, the PC and Mobile configuration threads. Posting your exact security configs isn't just a minor leak; it’s handing threat actors a free blueprint of your attack surface.

Assuming we're safe just because 99.9% of us are using alternate names is a dangerous OPSEC trap. Threat actors don't need to breach the server for emails or IPs. They use OSINT. The 'Mosaic Effect' is real, piecing together a rant about a specific vendor outage, a niche troubleshooting question, and your preferred tech stack over a few months is often more than enough to cross-reference with LinkedIn and pinpoint your exact company. Pseudonyms only protect you if your operational hygiene is flawless across the entire internet.
 
  • Like
  • Hundred Points
  • +Reputation
Reactions: blackice, simmerskool, cartaphilus and 4 others
We're starting off the premise that we're cybercriminal's most wanted targets? Or are we being chased after by the FBI? If that's the case, anything but the dark web is off-limits for the IT professionals. We should all be using Tor, a VPN, a Mac Spoofer, and following strict connection safety measures.

Why would I mind if Peter504 from MalwareTips knows I use Kaspersky Standard as my main line of defense? Is he gonna send me a phishing link over e-mail? Is he personally infiltrate on my LAN to get access to my pictures in Barcelona 2024?

Although I get your point, nobody's making a digital security footprint of forum's users for the sake of it. And even if they are, my profile would be something like:
  • Uses Kaspersky & Chrome
  • Lives somewhere in South America
  • Had a cold last week
If someone's smart enough to monetize that, I'd be proud.
 
  • Like
  • Applause
  • Hundred Points
Reactions: simmerskool, lokamoka820, Zero Knowledge and 6 others
RoboMan said:
Why would I mind if Peter504 from MalwareTips knows I use Kaspersky Standard as my main line of defense? Is he gonna send me a phishing link over e-mail? Is he personally infiltrate on my LAN to get access to my pictures in Barcelona 2024?
Click to expand...
Cannot confirm both the pyschological condition and the techniqual capabilities of each single member on any forum; better safe than sorry.
 
  • Like
  • Sad
  • Wow
Reactions: simmerskool, lokamoka820, Zero Knowledge and 3 others
I believe that the Western governments' obsession with national security, nuclear deterrence, air superiority, etc., which is presented in the Western media, has been transferred to the people, who have become afflicted with phobias and paranoia without realizing it. If someone knew that I use Kaspersky, for example, would it be easier for them to hack me? If they knew my email, LinkedIn profile, or Facebook profile, would they be able to hack me? If they had an idea about my personality or preferences, would they create a profile of me? And then what? What's the next step?

Although I'm relatively new here, I've noticed that the most popular and admired members are often the most outspoken, not necessarily the most experienced. If members continue to be pretentious and deceitful, this forum will be no different from any other popular but ultimately useless social media platform, like Facebook, for example.
 
  • Like
  • Hundred Points
  • Applause
Reactions: simmerskool, RoboMan, Sorrento and 3 others
Divergent said:
You hit on a crucial point with the 'passion' questions, but there’s a massive blind spot being overlooked here, the PC and Mobile configuration threads. Posting your exact security configs isn't just a minor leak; it’s handing threat actors a free blueprint of your attack surface.

Assuming we're safe just because 99.9% of us are using alternate names is a dangerous OPSEC trap. Threat actors don't need to breach the server for emails or IPs. They use OSINT. The 'Mosaic Effect' is real, piecing together a rant about a specific vendor outage, a niche troubleshooting question, and your preferred tech stack over a few months is often more than enough to cross-reference with LinkedIn and pinpoint your exact company. Pseudonyms only protect you if your operational hygiene is flawless across the entire internet.
Click to expand...
If I could give this 300% I would but then I would be working in Federal Treasury.
 
  • Like
  • HaHa
Reactions: simmerskool and Wrecker4923
lokamoka820 said:
I believe that the Western governments' obsession with national security, nuclear deterrence, air superiority, etc., which is presented in the Western media, has been transferred to the people,...
Click to expand...
Actually I believe that it is the other way around: those in power are merely reflecting the overall consciousness of the majority of the people ... now THAT is scary.
Acadia
 
  • Wow
  • Like
Reactions: Sorrento, oldschool and lokamoka820
lokamoka820 said:
I believe that the Western governments' obsession with national security, nuclear deterrence, air superiority, etc., which is presented in the Western media, has been transferred to the people, who have become afflicted with phobias and paranoia without realizing it. If someone knew that I use Kaspersky, for example, would it be easier for them to hack me? If they knew my email, LinkedIn profile, or Facebook profile, would they be able to hack me? If they had an idea about my personality or preferences, would they create a profile of me? And then what? What's the next step?
Click to expand...
LOL. Are you serious? Off course if attackers knew that you used Kaspersky, your email, Linkdln profile, Facebook profile it would be easier to social engineer you or hack you.

But that's OK we are all probably labeled 'extremists' by many governments because we discuss security and Linux. Your not alone there.
 
  • Like
  • Hundred Points
  • Sad
Reactions: simmerskool, Sorrento, lokamoka820 and 2 others
Zero Knowledge said:
LOL. Are you serious? Off course if attackers knew that you used Kaspersky, your email, Linkdln profile, Facebook profile it would be easier to social engineer you or hack you.

But that's OK we are all probably labeled 'extremists' by many governments because we discuss security and Linux. Your not alone there.
Click to expand...
But even if they hack me, they will discover that I'm just a regular person, so what will they do? It's like attempting to take something from someone who has nothing.
 
  • Like
Reactions: simmerskool, RoboMan, Sorrento and 1 other person

You may also like...