![](/static/253f0d9b/assets/icons/icon-96x96.png)
![](https://lemmy.ca/pictrs/image/ed7bd7d8-a25a-496b-8c3c-3715ec09b129.png)
Between 2005 and 2010, the nation of Canada simply ceased to exist.
Between 2005 and 2010, the nation of Canada simply ceased to exist.
The threat model helps a lot.
I work for a small consulting firm. We do security assessments, but not the kind you’re looking for. I don’t want to sell you anything.
From your intro here, I would expect to book a resource on this project at 50% utilization (to avoid burnout) for about 3 weeks. One week of assessment, one week of report writing, and we’ll say a week of overhead / buffer (to get things rolling / ask questions / interviews / report readout). That’s a total of 60 hours.
My employer is expensive; we charge about $300/hr per resource. That comes out to about $18k. I would call this an upper limit (though in truth there is no upper limit. If you put multiple $700/hr resources on a project and let them bring in SMEs, things get expensive fast)
If you haven’t done a security review before, I wouldn’t worry - you aren’t ready for the $18k service, or the $1k service. You will need a 3rd-party certificate eventually, but right now all you need is trust from your userbase, and openness and transparency are a good initial strategy.
When it’s time, throw a hundred bucks at a local college student who’s into cryptography. Then fix / address all their findings. Then go for the next level, and fix their findings. There will always be findings; what you are buying is user trust. The more in-depth the review, the more trustworthy - but you don’t want the expensive service to be distracted by things a college student could have caught.
I am intoxicated and rambling - let me know what questions you have :)
Arch-packaging-haskell moment
Is it the little toe and the outside half of the second toe? That sounds like exactly what I have on my fingers - cubital tunnel syndrome, from keeping my elbow bent too often. Are you a side sleeper?
I have karhu fusions and I love them. I wouldn’t be able to hand elastic laces, they can’t get tight enough for me, and if they did they would stretch out within a week.
If youtube manages to stop fast forwarding, maybe at the very least we could auto-mute, and maybe overlay photos of puppies or something
Drink hella water, wear less clothes. That’s about all you can do :(
My apologies, allow me to elaborate - grayhatwarfare.com is a cybersecurity company that crawls and indexes publicly-available blob stores, like s3 buckets, azure storage accounts, digital ocean spaces, and google cloud object stores. They offer limited search capabilities for free, no account-wall.
They are a legitimate cybersecurity company, despite their name.
My employer is working on a sensitive data scanning service, to alert clients in case their information surfaces in these buckets (even if they do not own the bucket), leveraging the grayhatwarfare api. In short, allowing us to detect and remediate the problem, which I hope you will agree is a white-hat activity :)
I do not publicly condone breaking the law. I reserve the right to criticize the DMCA tho ;)
And if google dorks aren’t interesting enough, because google does not index enough public buckets for you, then we get to learn about gray hat warfare too :)
You are one of today’s lucky 10,000:
https://knowyourmeme.com/memes/i-crave-that-mineral
But that is a sick fact about the lichen, I did not know that.
They crave that mineral
That sounds like a blast! And a great way to explore. You’ve definitely earned some recovery
I want to see a 600MB image upload. I want to see the upvote federation stress test lemmy’s infrastructure. I want an image so wide that my app crashes. I want to see how far we can push this before admins need a database upgrade to handle it. I want to watch the system burn in the name of a wider en passant.
I’m happy to revisit and explain, but I don’t have much time to type right now - the wikipedia page for estonia has great info; you will need a basic understanding of cryptographic hashing and merkle trees
I pay attention to credit card readers.
I have gotten to know their makes and some models. I have developed preferences. When I go to a run down establishment and they have a nice reader, I am pleasantly surprised. I know that walmart uses ingenico isc250s, and they do not support tap. I know that dunkin has high quality readers, and sometimes tim hortons does too, but less frequently.
When leaving a place, I might say something like “damn, you don’t see that model of verifone very often”, and my friends will look at me funny.
Semi-related, did you know that most receipt printers have embedded telnet servers in them?
At what point does a collection of microservices become a monolith that uses http instead of a bus 🤔
Please continue making hundreds of beavers gifs. It is an absolutely incredible movie.
Those things are awesome. They weigh next to nothing, the small ones have 60 inhales in them, and a single hit is night and day when running at high altitude. A buddy didn’t have time to acclimate before a race, so we got him one as a joke, and it unironically helped him a lot
As “down”, I hereby grant maculata retroactive permission to make the above joke; and formally proclaim that I found said joke to be at least somewhat amusing
This is cyberpunk as hell, and awesome.
Unfortunately apple does not expose mac addresses to apps, so iPhone users can’t do it :(
Get yourself a $5 vpn service and read up on the “Mainline DHT” :)