Cybersecurity - Blog Posts

here's the story. i know expressvpn has been recommended in some 🏴‍☠️ how-to posts but it is not trustworthy. the parent company, kape technologies, not only used to distribute malate but has ties to multiple state surveillance agencies. and be careful where you look for info about good vpns, because kape technologies owns a bunch of "vpn review" sites too

Warning: Sending these WhatsApp messages in South Africa could now land you in jail.

businesstech.co.za

Warning: Sending these WhatsApp messages in South Africa could now land you in jail

President Cyril Ramaphosa has signed the Cybercrimes Bill into law, with parts of the bill now set to take effect from 1 December 2021.

Menjejaki Sistem Cybersecurity Pemerintah Indonesia Terpusat

LatarBelakang

Cybersecurity menjadi isu yang nyaris mencuri perhatian publik dan semua kalangan dari berbagai latar belakang, khususnya ditengah-tengah mencuatnya isu penyadapan baru-baru ini. Kelemahan-kelemahan Pemerintah Indonesia di level cybersecurity pun menjadi sorotan dunia, baik di lingkungan regional maupun global. Pemerintah Indonesia tidak bisa sepenuhnya menyalahkan pihak negara Penyerang dalam hal kelemahan sistem yang berhasil di exploitasi tanpa pertanggungjawaban diplomatik dalam isu penyadapan misalnya, melainkan juga harus mengoreksi sistem keamanan negara itu sendiri.

Banyak kritik bermunculan dari berbagai kalangan, khususnya peneliti-peneliti Cyber Security asing terkait sistem keamanan siber Indonesia, diantaranya yaitu kurang sinerginya kerja lembaga-lembaga atau think-tank Pemerintah di bidang keamanan siber dalam fungsi-fungsinya. Mengutip pernyataan Kathleen Rustici[i]:

“Indonesia faces numerous challenges in developing its Cybersecurity capabilities, including coordinating across a large and difuse government. Currently, the government has no coordinated strategy for cybersecurity.... “

Kemudian, mempertimbangkan masukan dari berbagai pihak yang mengkaji isu-isu Cybersecurity Indonesia, diantaranya:

              “As Indonesia continues to develop rapidly and increase its cyber dependency in the process, the country will become more vulnerable toa growing number of sopisthicated threats, some of which may be politically motivated, hence Indonesia must put cybersecurity into a wider societal context and make necessary preparation to meet this challenge.”[ii]

  Dengan demikian, diantara yang menjadi kebutuhan dalam upaya meningkatkan Sistem Keamanan Sistem Siber Indonesia adalah merespon inisiasi-inisiatif yang masuk dari berbagai pihak tersebut.

Diantaranya persoalan penting terkait sistem keamanan siber negara ini, yang dapat dirangkum adalah: pertama,lemahnya regulasi-regulasi Pemerintah dalam pengaturan cybersecurity, serta payung kebijakan terkait peningkatan sistem keamanan siber yang belum berdiri atas dasar kesepakatan pihak-pihak yang bekerja di bidang keamanan itu sendiri. Persoalan kedua adalah tingkat kesadaran publik tentang pentingnya menjaga Keamanan Siber sebagai kebutuhan bersama dan tanggung jawab berbagai pihak. Persoalan terakhir, yang sangat penting sebagaimana dipaparkan sebelumnya adalah lemahnya kordinasi antara lembaga-lembaga keamanan negara yang terlibat dalam tanggungjawab Cybersecurity Indonesia.

  Solusi Infrastruktur IT yang Terpusat

Melihat kebutuhan akan kerjasama sistem keamanan yang lebih terkordinasi tersebut, adapun upaya yang mungkin dilakukan oleh Pemerintah dalam hal ini adalah menciptakan insfrastruktur IT yang terpusat, dimana pengelolaan-pengelolaan sistem dimasing-masing lembaga pemerintahan diatur oleh pemegang otoritas khusus. Lembaga ini kemudian berfungsi mengawasi seluruh jaringan internet pemerintah yang sebelumnya terpisah karena kebijakan masing-masing lembaga pemerintahan.

Ketika sebuah sistem keamanan ciber dibangun dibawah kordinasi Pemerintah atau secara terpusat, seluruh penyelenggara keamanan di tingkat lembaga-lembaga pemerintahan seperti kementrian, lembaga-lembaga militer dan lembaga-lembaga non-government –yang ter’hired- yang terlibat di dalam penyelenggaraan sistem keamanan cybersecurity tersebut harus berkordinasi dalam satu ruang kerja dibawah kendali pemerintah. Model sistem keamanan ciber terpusat sudah menjadi perhatian banyak kalangan dan diterapkan dibeberapa negara di dunia, seperti China dan Amerika Serikat.

Bagan dibawah ini adalah model akuisisi sistem keamanan siber yang diterapkan di Amerika Serikat:[iii]

  Menghadapi ancaman-ancaman cybersecurity Indonesia kedepan yang menjadi tanggungjawab Pemerintah, serta indikasi Pemerintah itu sendiri menjadi target atau sasaran dari kepentingan-kepentingan lewat dunia maya, Pemerintah sudah seharusnya merumuskan suatu bentuk sistem keamanan cyber yang memperhatikan pentingnya lembaga-lembaga Pemerintahan bekerja dibawah kendali keamanan terpusat. Dengan demikian, membangun infrastruktur IT negara yang terkordinasi atau terpusat, akan lebih mempermudah Pemerintah dalam melakukan pengawasan serta mencari solusi persoalan-persoalan keamanan cyber dimasa datang.

  [i]Kathleen Rustici, Indonesia’s Cybersecurity: An Opportunity for Deeper Cooperation, November 26, 2013, Center for Strategic and International Studies.

[ii]“Making the Cybersecurity Challenge in Indonesia: An Executive Summary”, DAKA Advisory, March, 2013.

[iii]Rita Creel, “Assuring Software System Security: Life Cycle Considerations for Government Acquisitions”, June 2007, Curnegie Mellon University, sources: https://buildsecurityin.us-cert.gov/articles/best-practices/acquisition/assuring-software-systems-security---life-cycle-considerations-government-acquisitions

Perfectio

How is the FBI Connected Withsoft Software Development [2024]

Most people don’t know how is the FBI connected with soft software development. Read the article to learn the FBI’s roles and efforts made f

✨ Did you know the FBI contributes to software development? Uncover the influence of federal agencies in creating cutting-edge digital tools for a safer tomorrow.

Multiple Users Masquerading As One

I don't think that "we don't know anything about hosting an even moderately secure website, we haven't secured our database and we don't know how to protect classified information" is the kind of "most transparent government organisation ever" that we want.

My First CTF (Capture the Flag)

I've never had any experience doing CTF's or using nmap, but today has been really fun as I continued to learn how to find flags using nmap. For this to be able to happen, I went on Hack The Box and started practicing on there.

My experience with this was actually quiet fascinating. I learned about port scanning through nmap and have picked up a skill in knowing how to use the Linux terminal and navigate through it. Today, two of my CTF's contained lessons about using nmap to find open ports for Telnet and FTP (File Transfer Protocol). I'll admit it took me a while to learn how to find the flags within those services but I found great enjoyment in it. To be honest, I want to do so much more as I develop these skills and learn how to use new tools. Doing this also has helped me stay off the phone for a bit because doom scrolling on Instagram or YouTube is really unhealthy.

As a beginner in this area, I highly encourage newcomers to get on Hack The Box if you want to learn how to use nmap, as it also gives you a step by step lessons on how to find the flags and teaches you what to look for, for your future use of nmap.

I felt like sharing this post today because I wanted to show the hacking community how excited I am learning these skills, and even though I haven't done as much and an experience hacker, I'm still proud of the work I've done. If there's any advice, or pointers that anyone is willing to give me, I'll gladly take it. Anyways, thank you for reading this post.

And as always, Godspeed everyone.

First Time Setting Up Arch Linux

Today I finally decided to practice setting up Arch Linux on a virtual machine and not gonna lie, that was TOUGH. I was only having trouble installing grub because I didn't know the difference between UEFI and BIOS, lmao. All good though.

Within the last hour, my user had a password already which had left me stuck because I couldn't log in. So i had to look up online how to delete the password for my user. Luckily I figured it out,(still learning the terminology so please be patient with me) I had to be in root or chroot and use the command passwd -d [user] which then I could put a new password for my user.

I know my situation sounds dumb but I had a lot of fun setting up Arch Linux, and I hope to learn more as I continue using Arch.

Anyways, thank you for reading this post, and Godspeed :)

Cybersecurity in the Age of IoT: Safeguarding a Connected World

The Internet of Things (IoT) is a digital landscape woven into the fabric of our daily lives. From smart thermostats that adjust our home's temperature automatically to wearable fitness trackers that monitor our health, IoT devices make our lives more convenient and efficient. However, this convenience comes with a potential downside: cybersecurity risks. In this article, we'll break down the challenges posed by IoT and discuss how to protect these connected devices, all in plain language.

The Growing Web of Connected Devices

Picture this: you have a smart fridge that tells you when you're running low on milk and a smart lock that lets you unlock your front door with your phone. These devices connect to the internet, and that's where the trouble begins. Unlike your computer or smartphone, many IoT devices lack strong security measures. This makes them prime targets for hackers looking to sneak into your digital life.

Why Cybersecurity Matters

When hackers breach an IoT device, they could steal your personal data or use the device to gain access to your whole network. Imagine if someone could open your front door remotely or monitor your private conversations through a compromised baby monitor. That's the nightmare IoT security aims to prevent.

Protecting IoT Devices

To keep your IoT devices safe, follow these steps:

Strong Authentication: Device manufacturers must make sure only authorized people can access these gadgets. They do this by using things like fingerprints or special codes, so hackers can't just waltz in.

Regular Updates: You know how your smartphone asks you to update its software? IoT devices need those updates too. These updates fix security holes and keep your gadgets safe from prying eyes.

Encrypted Communication: When your IoT devices talk to the internet, they should use a secret code (encryption) to keep their conversations private. Just like you wouldn't want anyone listening to your phone calls, you don't want hackers eavesdropping on your devices' chats.

Network Segmentation: Imagine if your house had different sections with separate locks. That's what network segmentation does for your digital world. It separates your IoT devices from your important stuff, making it harder for hackers to sneak in.

Keeping Informed

Stay up-to-date with these important things:

More Vulnerabilities: The more IoT devices out there, the more ways hackers can try to get in. So, be aware of the latest security issues and take steps to protect your devices.

Botnet Threats: Hackers use groups of compromised devices (botnets) to launch attacks. Make sure your devices have strong passwords and are updated to avoid becoming a part of these cyber armies.

Data Privacy: Be mindful of what data your IoT devices collect about you. Read their privacy policies, be cautious when granting permissions, and consider how your data is used.

Supply Chain Security: Buy your IoT devices from trusted sources. There have been cases where tampered devices ended up in unsuspecting hands.

Regulatory Measures: Keep an eye on government rules about IoT security. These rules can help protect you and your devices.

In our interconnected world, the security of IoT devices is essential. By following these steps and staying informed, you can enjoy the benefits of smart technology while keeping your digital life safe from prying eyes and cyber threats.

Large language models accepting remote commands without even verifying or vetting the sources of them. Sometimes accepting remote commands thinking they are coming from a physically present user.

I’ve been waiting a year to post this

bless

MICROSOFT MIXED REALITY PORTAL

WIRELESS SENSORY REPLACEMENT MATRIX