/biz/ - Business & Finance

>>12917735

do you test new blockchains for their bounty programs? seems like it'd be a goldmine if you new your stuff

I see a lot of people using hardware wallets now. Why is that superior to my method which I've been using since 2012: offline Linux laptop with cold wallet stored on paper?

Seems like these hardware wallets lead to a lot of SFYL while I've never lost a single satoshi. What's your take OP

>>12917748
>do you test new blockchains for their bounty programs? seems like it'd be a goldmine if you new your stuff

No, I'm not a vuln / bounty hunter. Most of my work is defensive - hardening, deploying intrusion detection, malware analysis / response, secure application development.

I'm not really a pen tester per se.

Also, most of the shitcoins - I doubt they have bounty programs. The one I hardened certainly didnt.

My experience is most alt-coins don't even want to think about security.

Money wise - ERC20 audits might be worth getting into, but I'm not sure ETH is going to actually make it right now, so I'm not going to study them.

BTC is my main HODL if thats instructive.

>>12917755
>I see a lot of people using hardware wallets now. Why is that superior to my method which I've been using since 2012: offline Linux laptop with cold wallet stored on paper?

I agree with you. In my book you're doing it right. Based on years of analysing systems / projects for security gaps I'm in no hurry to add another layer that could go tits up (the hardware, the firmware)

I think hardware wallets are a meme, but im no expert on them.

>>12917783
>cold wallet stored on paper?

of course, you have a fireproof safe anon? If you have a decent amount thats what you should invest in.

Want to build a Ethereum private network (quorum based) between 5 separate companies. How does one organize/secure communication of eth nodes between the networks of those companies?

Another question if you'd allow.
Want to create a JPM Quorum based system inside a company. How does one deal with private keys, given the whole point is that employees use them to make transactions that are supremely auditable.

I can't rely on them remembering them. I don't want to rely on some centralized system that would be breachable by a single malicious actor breaking the auditability guarantees which are the main selling point.

>>12917735
How math heavy is cybersec/info sec? Also how much comp sci would one need to know? I'm doing a commerce/info systems degree at uni and really interested in networking/cybersec, but i'm worried i'm aiming too high

OP might have departed. Oh no.
Please don't go OP.

>>12918360
>OP might have departed. Oh no.

hiya, im back.

>>12918400
Sounds like you need to build it OP

>>12918221
>How does one organize/secure communication of eth nodes between the networks of those companies?

I'm going to be annoying and answer with questions -

>Who owns these boxes, in the sense of a RACI or other framework (if no-one owns this shit, then walk)
> are there ISO 27001 compliant or similar policy suites in the orgs, signed off by the exco's?
> are there binding, legal agreements between the companies
> what are they doing, these nodes?...

It sounds like an expensive proposition at first blush (1 month minimum project, more like 3-6 months?) Finger in the air I'd want between 20 and 100 grand to manage the overall security on sec rates.
If you're just interested in the protocol being encrypted then use VPN's, but then you still have big problems with Internal / employee risk - ESPECIALLY from IT...

If you have fuck all money, can't get all the VPN'ing in, and need this tomorrow start with whitelisting the company networks on each others routers as a minimum)

But personally, I think eavesdropping on traffic is overblown, and isnt ETH / BTC etc pretty much OK with being in the clear, traffic wise? I thought all the crypto was being doing at application level?...)

>>12918305
>How math heavy is cybersec/info sec? Also how much comp sci would one need to know? I'm doing a commerce/info systems degree at uni and really interested in networking/cybersec, but i'm worried i'm aiming too high

It takes four years to get good, minimum, either in or out of college (preferably out)

For journeyman sec guys (95%) I'd say math is not important. Virtually zero use in infrastructure security, very little use in Application security too) There's an elite few, assembler coder type fuckers who probs use it when fuzzing chips and code and shit, but its still a simple toolset)

>>12918305
>Also how much comp sci would one need to know?
Foundational stuff at minimum can usually be enough to start making yourself useful (6 months to a year, if you have your other ducks, specific skills in a row, like a specific platform / language)

You really have to be a nerd to get moving with this. If you love Linux / know Linux, or can code that's half the battle. All you need then is some basic methodology.

I'm not sure your degree is suited to the field, overall. Having said that, a lot of sec guys are hard nerds with little appreciation of higher level stuff so overall its good study - I myself have gaps all over the place when it comes to alot of tech 'theory'

>>12918496
thanks man good info

>>12918496
>I'm doing a commerce/info systems degree at uni

actually 70% of the job is horse trading with IT owners / managers. I'd base your approach on proportionally how many it managers have this type of background... I'm not college educated and it means I bond best with IT managers with the same background (we take the piss out of grads relentlessly, but i may be a minority)

Also, you need to be able to write / put across complex info well, if you dont want to be stuck in the trenches)

>>12918400
slightly off-topic but what are my chances getting a infosec job with a business degree (major in information systems)?? do you think that plus a couple of certs for linux, networking, compliance, etc will be enough for some kind of analyst or consulting role?

i know how to code fairly well, although i know i can't compete with those doing it 24/7. i am most interested in a job that both requires a business background and solid IT and cybersecurity knowledge.

any advice would be highly appreciated OP!

>>12918459
>Who owns these boxes
The ideal scenario is that there's a node on every machine in the company - even standard issue employee laptops. All user communication with the network being done by sending RPC requests to localhost.
Thank you for mentioning the RACI matrix concept - the more roles hold nodes, the better for the credibility of the system basically.
>are there ISO 27001
Will have this ISO standard in mind. Working on proposing systems to potential clients, so can't really tell now. Probably they won't have this in place.
>are there binding, legal agreements between the companies
The default situation would be a one without legal bindings parallel to smart contracts being put into the system - but this isn't really out of the question.
>what are they doing, these nodes?
They'd serve as uniform communication points for users and enforcers of "network decentralization" (auditability guarantees + resiliancy)
>I'd want between 20 and 100 grand to manage the overall security on sec rates.
Very interesting
>Whitelisting company networks/application level encryption as a costless solution
Very interesting, thank you.

>>12918536
>slightly off-topic but what are my chances getting a infosec job with a business degree (major in information systems)?? do you think that plus a couple of certs for linux, networking, compliance, etc will be enough for some kind of analyst or consulting role?

kind of answered this already I think?... It can't ALL be certs m8, you gotta get your hands dirty somewhere...

Sorry, biiiig topic, cant help much...

>>12918540

anon, you're not going to like this but you misunderstood some of what I told you. You're gonna have to pay someone to do this realistically...

What you're doing sounds nifty and impressive, and I wish you well, and dont forget that at the end of the day nearly all security is shit (Ive seen enough of it) so dont get too caught up in sec issues.

The decentralised protocols carry an inherently very high level of security, you dont have to be proficient at that...

I don't know the JPM system - whats their documentation like - that should define your scope if JPM are on point)

i have to push off for a few hrs - 4pm gmt soz.

>>12918591
>end of the day nearly all security is shit
It's even difficult to know where one can start Digging into how to make such a solution secure, that's why all the info you provided I'm grateful for.

The system is basically a fork of ethereum (golang implementation) with added privacy features. Everything that applies to private ethereum network applies here to be frank.
>https://www.jpmorgan.com/country/US/en/Quorum

>>12917735
id like to know how you protect against keyboard acoustic theft when typing in mnemonics

>>12918632
bump for OP

>>12918846
>id like to know how you protect against keyboard acoustic theft when typing in mnemonics

u fkn wot m8?
tell me when you find out.

>>12919339
software keyboard that you use by clicking on it with a mouse?

>>12919383
>software keyboard that you use by clicking on it with a mouse?

fuk off m8 im only so autistic, go and find out.

>>12918655
>The system is basically a fork of ethereum (golang implementation) with added privacy features. Everything that applies to private ethereum network applies here to be frank.

I know v little about ethereum. I'm really only semi knowledgeable on bitcoin.

I had a look. Why are you putting that in? Who for?

Their site is word salad but then they're a bank. If JPM aren't eating this dogfood themselves I wouldnt bother with it. why rely on those cunts?

>>12917735
Bro come hang out in the chainlink discord. We will suck your dingus both literally and figuratively. It's wall to wall neets with nodes.

>>12919416
Can you gimme the easy route to learn info security. Or at least a starting point, any books, websites or tutorial series?

I had a single masters computer security module in Uni and it assumed we knew more than we did. Should I be more focused on learning computer networks as a backbone or just learn in conjunction with each other?

>>12919498
>It's wall to wall neets with nodes.

sounds gr8 m8, whats the addie?

>>12919508
>Can you gimme the easy route to learn info security.

CISSP

>>12919547
Cool invite link is 6xp58b
There's a "nodes" channel specifically for troubleshooting

>>12917735
Im in my 3rd year of a 4 year infosec bachelor degree and based on my coop interview questions i feel behind despite doing well in school compared to my peers (3.8 gpa). I havent done too much stuff outside of my schoolwork and am slowly regretting that mindset. Any general tips for a student looking to learn more outside of school?

>>12917755
>>12917776
How do I securely make an ethereum paper wallet without leaving any digital trace? Do I download mew and generate the seeds? I read something about having to update your wallets and am brianlet, scared I might fuck up some way. Is there a brainlet-proof way of making na eth paper wallet? Thanks anons

>>12920481
>Any general tips for a student looking to learn more outside of school?

anything IT related is good. If its a hobby thats a big win.

>>12920501
>How do I securely make an ethereum paper wallet without leaving any digital trace?

i dont follow. presumably you can make the wallet securely if the host is secure and you follow operational security for anonymity to the letter.

But wouldnt funds sent to it be totally auditable on etherscan?

Sorry im not understanding.