security Archives - The Silicon Underground

Home » security

Are police scanners illegal?

Dave Farquhar security August 19, 2020August 1, 2020

I don’t think it’s news to anybody that there’s been some civil unrest in 2020. And in many cases, when protestors have been detained, cops and feds have cited possession of police scanners as proof that they were up to no good. But are police scanners illegal?

Police scanners are not illegal. A police scanner is just a radio, picking up broadcasts on radio waves, which belong to anybody, some of which happen to be used by police. So-called police scanners have uses other than listening to police broadcasts, and listening to police broadcasts is not illegal.

The difference between CVE and CVSS

Dave Farquhar security August 17, 2020August 9, 2020 0 Comment

What is the difference between CVE and CVSS? It can be confusing, especially if you’re not a security professional. Here’s how to make sense of the alphabet soup you hear from security analysts like me.

Both CVE and CVSS are industry standards that refer to vulnerabilities in computer software. Think of CVSS as the tracking number, and CVE as a measure of severity.

What does CVE stand for? How do you fix one?

Dave Farquhar security August 6, 2020August 2, 2020 0 Comment

What In Information Security and Information Technology, CVE stands for Common Vulnerabilities and Exposure. It is a standard identifier for tracking vulnerabilities in computer software. I’ve only deployed updates to fix about 800,000 of them, but that experience taught me a little bit about working with them.

The CVE database is maintained by MITRE, and there are about 100 CVE Numbering Authorities (CNAs) who assign them. The CVEs themselves don’t include a lot of detail, but they serve the purpose of providing a common identifier that vendors and security professionals can use to track each unique security flaw.

What CVSS is and how to use it

Dave Farquhar security July 28, 2020July 18, 2020 0 Comment

What is CVSS? CVSS stands for Common Vulnerability Scoring System. It is a method to express the relative strength of vulnerabilities compared to each other. It’s a common statistic in computer security, especially in the field of vulnerability management.

There are two versions of CVSS in common use. The major difference is version 3 allows you to account for environmental factors to adjust it, but both of these versions have one significant weakness.

What social engineering is and how it works

Dave Farquhar security July 20, 2020July 18, 2020 1 Comment

Thanks to an embarrassing hack where someone gained access to a Twitter administration tool and used high-profile accounts to tweet out a Bitcoin scam in July 2020, social engineering has a lot of attention. But what is social engineering? How does it work?

There’s no need to complicate social engineering. It’s not something new, it’s just an old-fashioned con job in modern times, sometimes using modern technology.

CISSP salary expectations

Dave Farquhar security July 9, 2020July 4, 2020 0 Comment

Let’s do something taboo today and talk about money. CISSP money. What exactly is realistic when it comes to CISSP salary expectations?

The average CISSP salary is somewhere around $120,000. That’s average, and CISSP covers a broad range of jobs, but keep that number in mind if someone offers you $54,000. I’ve seen $54,000 cited as the low end and that’s, frankly, ridiculously low.

Imposter syndrome in tech and cyber security

Dave Farquhar security July 1, 2020June 27, 2020 0 Comment

I’ve had lots of discussions about imposter syndrome in both tech in general and cyber security specifically. I have thoughts.

Shodan API Python example

Dave Farquhar security June 10, 2020June 7, 2020 0 Comment

I’ve advocated learning Python, and the best way to learn it is with a useful example. Here’s a very simple Python program that does something useful. It queries the Shodan API to tell you who owns an IP address.

What is DDoSing or a DDoS attack?

Dave Farquhar security May 28, 2020May 27, 2020 0 Comment

What is DDoSing? A DDoS attack something every system administrator and security professional needs to be concerned about. You can expect to see this concept on certification tests and get questions about it in job interviews. So let’s look at the concept of DDoS, and why I think this is going to get worse before it gets better.

DDoS stands for Distributed Denial of Service. A DDoS attack is just the process of overwhelming a computer system with more traffic than it can handle, so that it can’t serve its intended purpose.

Pretty print JSON in Python

Dave Farquhar security May 4, 2020May 1, 2020 0 Comment

I do a lot of work pulling data from systems via API, then doing things with parts of that data, whether it means feeding it to another system or creating a report. Some of these data structures are huge and unwieldy. Here’s how to pretty print JSON in Python so you can make sense of those data structures and get on with your code–without using an online pretty print website and potentially exposing sensitive data.

While json.loads is the key to getting your JSON data into a Python data structure, there’s a corresponding json.dumps to print it back out. It doesn’t sound like it would pretty print, but that’s what it does.

← Previous