I wanted an enterprise grade firewall for my home network so I could gain work experience with it. I couldn't afford any of them I saw and then loads of flaws in them were announced. I then bought a workstation/server and installed OpenBSD on it and love it.
@GhOs7-Operator WiFi isn't very good under OBSD but I used an old Asus router for that, which is connected to my firewall though and Ethernet cable and I have no problems there either. I put 16GB ECC RAM in (this was 2015) which I know is much more than would be needed but it let me setup part of it as a RAM disk so the SSD drive is almost only used during boot ups and software updates to help it last longer.
in 2016 we were only discovering maybe 10K-30K CVE's a year. in 2022 we were discovering 100,000 CVEs a year. in 2024 we're discovering 4x the amount of CVEs a year. goodluck blue team. this year is gonna be hell for you. 😭😭
@@rohanofelvenpower5566 lol with that mindset, I wonder what insecure world would we live in then. This actually give a survival bias, where in actual there is 'more' need of infosec than running out of it.
@@markmonster3315if you enjoy regular overtime, 10 hours shifts, sometimes and earning 5x less than some dude typing SQL commands at a bank for 10 hours a week, sure. That is basically game dev industry, that is why i always say to new programmers to not do game dev. I do not know about cybersec industry, maybe it is not as bad, since it is more boring than game dev. The pay and working conditions of a programming job is proportional to how boring it is. - me, 2024
@@rj7250aso the more boring something is, the better the pay and the better the work conditions? I have a feeling you meant to say inversely proportional...
funnily enough, the Security+ certificate which is considered fundamental cert, provided by CompTIA, actually calls out that security controls themselves have the possibility to be vulnerable and open to attack vectors.
I wonder if this is how my university I go to got hacked into. Whoever it was critically damaged or wiped all the virtual machines and had access to tons of private information.
"D-disable telemetry to g-get it to stop? John you're smart, will the breach or disabling telemetry lose us more money? "Sir, the telemetry is for just the employees" "Then it's more valuable!!!" "..."
The only thing keeping Java from being destroyed as it deserves is Minecraft. I tell ya, if I never have to use, or see Java again, I will feel true happiness.
Isn't the bedrock edition just Minecraft in C++ because of all the problems the Java edition caused? (Shitty GC, etc) You can still find nice MC clones written in other languages as well
@@zyriab5797 No, I will never play that facsimile of what Minecraft is. The thing that made Minecraft great was BECAUSE it was written in a language like Java. Java is EASILY reverse engineered, and easily modded. That must stay in place for me to even consider it. Classicube comes CLOSE, but the fact that they restrict themselves to classic is very very unfortunate. Beta 1.7.3 is and has always been the best version of Minecraft. and things like Glowstone are so incomplete it isnt even worth it.
so then the exploit guard needed for this is something that can watch out the use of any commands on CSS file creation, or watching out the vailidity of the CSS creation itself.
I dont use a firewall ..i dont use AV my password is the same across all my devices and has been since i was online.. i just hope haxxors see my pathetic shit and move on to somwone more interesting. Is rather be hacked by BH oe RH than have an active attack from NSA or whatever tho.
This is a $200,000-$500,000 product. And that doesn't even include the annual support agreement that's required to purchase the HW, easily another $10k/mo. I seriously doubt even 0.5% of your audience has ANY administrative control over any of these affected network appliances. And if they do, they're certainly already aware of the vulnerability and have 24/7 on-site vendor incident support. For the rest of us tourists, including myself, none of the info you're presenting here is actionable. Therefore it's basically a waste of time.
I think understanding the depth of what's going on is never a waste of time and you are wrong regarding the part of "0.5 % of the audience has any administrative control over any of those affected network appliances", I used to work at a very large mssp and we managed a lot of these devices for a lot of customers.
We know you work for the glowies unsubscribed a while ago and asked RU-vid to stop recommending yet I still see every video you upload at the top of my feed
I'm responsible for a pair of Fortigate appliances. We've had to patch out vulnerabilities before but we generally stay on top of it. While we are attacked relentlessly and constantly, we've so far never had a breech (at least not that we know of yet). What's frustrating, is I can't get upper management to take anything seriously, so we have a weak backup policy and no budget to do anything.
Maybe sell it to them like an insurance policy, you rather pay some money in order not to become bankrupt, incase it does go bad Because this would be the worst possible outcome.
I manage one at work and a personal one at home. We’ve closed off as much as we can and enabled 2FA on basically everything but with how bad exploits have gotten over the past few years, I take a zero tolerance policy towards updating. If a new update drops, I send out a email saying internet will be offline for about 5 minutes at the end of the day and the only one that can tell me any different is my boss’s boss.
Everybody is getting on the hype train for Rust thinking it's the magic bullet to all their problems. Just like Java was the magic bullet back in the 2010s. It's idiotic to suggest a programming language can be the goto solution for solving security problems in software that is fundamentally not secure.