Jump to content

QuoVadis

Active Members
  • Content Count

    2582
  • Joined

  • Days Won

    175

Everything posted by QuoVadis

  1. @aismen cotizeaza aici
  2. https://www.businessinsider.com/linkedin-buys-lyndacom-for-15-billion-2015-4 Am avut in toamna 3 stagii de interviuri la LinkedIn pentru un rol de Senior Manager dar probabil nu ar fi trebuit sa fiu 100% onest si sa le spun ca urasc vanzarile, asta fiind 15-20% parte a jobului . Oh well, macar jocurile de personalitate din primul stagiu au fost faine..
  3. Cand ma plictisesc la lucru am zis sa fac uzura de licenta de LinkedIn Learning (fostul lynda.com) si m-am apucat sa fac cursuri de Azure... ca migram incet-incetisor catre ei (dinspre AWS) si sa nu mor prost
  4. ON: e o abordare gresita din foarte multe puncte de vedere, nu are rost si n-am nici chef sa le insir aici. Doar prin noroc daca atragi ceva seriozitate si sa fructifici in ceva legal care sa iti aduca ROI. OFF: Ar fi interesant daca s-ar face odata ceva gen Shark Tank/Dragons Den pe la Def Camp sau intalnirile de genul unde cei cu idei, plan de afaceri sau eventuale start-ups in cyber sec care au nevoie de injectii de cash (contra % din firma) pot baga cate un pitch la investitori pasionati de domeniu. Personal as fi fost interesat de start-up-uri romanesti axate pe securitate in 5G - insa acum a cam plecat trenul. @Nytro , ce zici, ar fi interes sau nu ai cu cine?
  5. Recomand, pentru orice fel de invitatii gratuite si de calitate, luati legatura cu el.
  6. Cata (lipsa de) minte sa ai sa pierzi vremea aruncand insulte pe tema invitatiilor de torrente...
  7. CV-ul ca CV-ul, conteaza mult, ca e prima impresie, insa nici eu nici colegii nu ne oprim in asta si dam totusi o sansa celor in care vedem potential dupa ce si cum scriu in cover letter. Dar daca ai vedea cati o sfeclesc pentru ca nu stiu chestii elementare de intervievare si vin total nepregatiti. Cod scrie mai tot omul dar persoana conteaza mult. Ultimul interviu am chemat pentru IT project manager.. si pe langa CV-ul stufos si burtologia/papagalul lor, eram defapt interesati de om ca persoana: s-ar intelege bine cu restul echipei sau ne-ar da dureri de cap? Se taie ca maioneza daca face unul o gluma mai nepotrivita ori e mai easy-going? E dispus sa invete si e ager chiar daca nu are tot ce ii trebuie din ce am scris noi pe foaie sau e frigid ca tarfa la aghiazma? Etc, etc. Si habar nu stiau sa raspunda concis si la subiect, numai bateau campii. La unul singur care a cerut feedback dupa i-am zis de treaba cu STARR (Situation, Task, Action, Result, Reflect). Adica cel mai bine mi te pot imagina in echipa cand imi dai un exemplu de situatie care ti-l cer, care era problema, ce actiune ai luat, ce rezultat a iesit si ce ai face mai bine in retrospectiv. Disclaimer: la joburile entry level asta conteaza mai putin, e mai mult abator. Ma refer la cele mid catre senior.
  8. Nu sunt ei cei mai tari din parcare dar au acum o oferta buna - https://clients.hostigger.com/?cmd=cart&action=add&id=1822 - $120 anual pentru 4 Core CPU, 15 GB RAM, 150 GB PureSSD, 20 TB Bandwidth, 1 Gbit/s Port. Timp oportun de luat era de Black Friday / Cyber Monday dar na... ai pierdut trenul deocamdata.
  9. Platit acum cativa ani celor de la https://www.cvcentre.co.uk/ sa imi faca CV, profil Linkedin si cover letter generic. Mi-au retusat de 2 ori gratuit, fara comentarii, ca nu am fost 100% satisfacut cu primul draft. Recomand caci am vazut o crestere considerabila la contactul cu recrutorii. Apoi i-am platit sa imi faca si o aplicatie specifica la un job care il vroiam si am fost chemat la interviu si am lucrat acolo 🙂 deci le sunt "dator". De atunci doar updatez ce mi-au facut ei. P. S. au fost scris asa de fain de mine zici ca era eulogie, o trebuit sa mai temperez limbajul 😂
  10. Poti antrena un porc sa le caute
  11. QuoVadis

    Fun stuff

    Legenda spune ca asa a iesit @aelius la ecograf
  12. Daca chiar e asa cum zici si ai facut totul legal poti trimite un complaint si daca nu esti satisfacut deschizi caz apoi la Financial Ombudsman - https://www.financial-ombudsman.org.uk/ - care sunt independenti si adjudeca. In 2 privinte, in trecut, cu alt fel de firme care incercau sa ma ia de fraier, am primit drept de castig la ei + "despagubiri morale" si o dobanda modica pentru perioada cat mi-au fost retinute fondurile. E un fel de alternativa ieftina si convenabila decat mersu la judecata. Asta DACA e totul asa cum zici tu...
  13. @Vasile. mananci cam mult cacat, sorry. Nu sunt fan sau client Revolut ori Monzo insa intra sub regulatia FCA ambele. De exemplu uitandu-ma pe Monzo vad ca sunt inregistrati cu FCSC ce apartine de stat si care iti acopera conturile de pana la £85k in caz de faliment. Nu opereaza chiar asa de capul lor. Insa arunci cu noroi sa te afli in treaba...
  14. QuoVadis

    Camera bord

    Asta o folosesc pe masina. Multumit, fara repros - https://www.amazon.co.uk/gp/product/B07SJ65F23/
  15. Varianta lor: https://nordvpn.com/blog/official-response-datacenter-breach/ Sunt client la ei de vreo 7-8 ani dar platesc (de black Friday cand au reduceri mari) doar in bitcoin dat prin tumbler si cont pe dummy mail de Rusia.
  16. Tex incepe sa rada si Nytro e prea finut. Sa-i umple frigiderul la Gecko
  17. Daca ati fi sa pariati... (eu am facut-o deja 😎), pe cine ati miza sa intre in turul 2 si apoi sa castige? Doar de curiozitate...
  18. Daca ai fi oferit si cate o invitatie filelist celor care participa adunai inca 50 oameni 😂
  19. Sursa Financial Times. La revedere cryptografie asa cum o stim? ...
  20. What the actual fuck... intru rar, ca nu am vreme, dar cand vad topic-uri de genul parca imi vine sa intru si mai rar.
  21. https://nakedsecurity.sophos.com/2019/09/19/air-force-to-offer-up-a-satellite-to-hackers-at-defcon-2020/
  22. Project Zero’s mission is to make 0-day hard. We often work with other companies to find and report security vulnerabilities, with the ultimate goal of advocating for structural security improvements in popular systems to help protect people everywhere. Earlier this year Google's Threat Analysis Group (TAG) discovered a small collection of hacked websites. The hacked sites were being used in indiscriminate watering hole attacks against their visitors, using iPhone 0-day. There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week. TAG was able to collect five separate, complete and unique iPhone exploit chains, covering almost every version from iOS 10 through to the latest version of iOS 12. This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years. I’ll investigate what I assess to be the root causes of the vulnerabilities and discuss some insights we can gain into Apple's software development lifecycle. The root causes I highlight here are not novel and are often overlooked: we'll see cases of code which seems to have never worked, code that likely skipped QA or likely had little testing or review before being shipped to users. Working with TAG, we discovered exploits for a total of fourteen vulnerabilities across the five exploit chains: seven for the iPhone’s web browser, five for the kernel and two separate sandbox escapes. Initial analysis indicated that at least one of the privilege escalation chains was still 0-day and unpatched at the time of discovery (CVE-2019-7287 & CVE-2019-7286). We reported these issues to Apple with a 7-day deadline on 1 Feb 2019, which resulted in the out-of-band release of iOS 12.1.4 on 7 Feb 2019. We also shared the complete details with Apple, which were disclosed publicly on 7 Feb 2019. Now, after several months of careful analysis of almost every byte of every one of the exploit chains, I’m ready to share these insights into the real-world workings of a campaign exploiting iPhones en masse. This post will include: detailed write-ups of all five privilege escalation exploit chains; a teardown of the implant used, including a demo of the implant running on my own devices, talking to a reverse-engineered command and control server and demonstrating the capabilities of the implant to steal private data like iMessages, photos and GPS location in real-time, and analysis by fellow team member Samuel Groß on the browser exploits used as initial entry points. Let’s also keep in mind that this was a failure case for the attacker: for this one campaign that we’ve seen, there are almost certainly others that are yet to be seen. Real users make risk decisions based on the public perception of the security of these devices. The reality remains that security protections will never eliminate the risk of attack if you're being targeted. To be targeted might mean simply being born in a certain geographic region or being part of a certain ethnic group. All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them. I hope to guide the general discussion around exploitation away from a focus on the the million dollar dissident and towards discussion of the marginal cost for monitoring the n+1'th potential future dissident. I shan't get into a discussion of whether these exploits cost $1 million, $2 million, or $20 million. I will instead suggest that all of those price tags seem low for the capability to target and monitor the private activities of entire populations in real time. I recommend that these posts are read in the following order: iOS Exploit Chain #1 iOS Exploit Chain #2 iOS Exploit Chain #3 iOS Exploit Chain #4 iOS Exploit Chain #5 JSC Exploits Implant Teardown https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html
  23. Day rates - se aplica la contracte fixe, temporare Full time - contractele full time, de obicei permanente sau de minim 2-3 ani PDF download: https://we.tl/t-6Kp5kwZhtY Sursa: hays.co.uk Acestea sunt ciferele brute, din care se trage impozitul pe venit si national insurance. Se poate calcula aici net-ul: https://www.gov.uk/estimate-income-tax Pe langa salarii multe companii ofera pachete destul de consistente gen: - contributia angajatorului egala cu cea a angajatului la pensie pana la un anumit procent (ex: daca angajatul contribuie 12% din salar la pensie, angajatorul contribuie si el 12% din salar la pensie) - car/travel allowance/season ticket loan - tax-free loan pentru bicicleta (pana la £1k) - reduceri/gratuitati gym, entertainment, produse electronice, etc. - lucru flexibil de acasa - contributii financiare la dezvoltare profesionala - orice altceva negociati sau ofera deja angajatilor firma respectiva
×
×
  • Create New...