Any recommendations for books/resources on cyber security? The recent hackings got me curious, and I have been reading around it since. Something more under the hood type of book for a noive.
Also I picked up Python again. I learn best by doing small projects. Any resources for something like that would be appreciated too.
Right.
https://drive.google.com/open?id=0B0aJnaOl7gykRl9tb0lRaUNKY3M This should work, there are copies of some of them in epub and pdf because I don't know what format would be preferred or even available to download so I got them both. The 'Malware Analyst's Cookbook and DVD' does not have the DVD .iso included because it was the same size again as the rest of the others together. I'm sure you can find it if you want it.
Not sure where better to upload it, either. Let me know if the files are corrupt or anything.
>>26023 >>26024 No problem. Just noticed that the Malware Analysts Cookbook wasn't in there at all as it was in another dir and I didn't realise. Anyway it's there now.
The phone doesn't actually store your fingerprint, just some vectors used for comparison. You can't recreate a fingerprint from that data, but you could recreate something that'll pass as a fingerprint on that particular device.
If I was a major player and I wanted your fingerprints and DNA, I'd let Royal Mail do all the hard work for me. I'd send you a bogus letter from the DVLA or HMRC asking you to confirm some details or claim a refund or whatever. You fill out the form (leaving your fingerprints all over it) and lick the gummed strip on the prepaid envelope (giving me a nice smear of DNA). The government could of course lift this from a legitimate piece of correspondence.
I could also send someone purporting to be delivering a parcel or doing a questionnaire, then lift your prints off the clipboard. You can usually get a full set from a clipboard - people tend to accept it in their dominant hand when it's given to them, but then switch to their non-dominant hand when they're given a pen. The stooge can also hand you the clipboard twice by asking you to hold it for a second while they tie their shoelaces or faff about with their deliveries; by handing it to you from the paper end and the clip end, they maximise the odds of getting a clear set of latent prints.
If you're really paranoid, I'd lift them off your recycling bins or your car door. I could also bribe a cleaner at your workplace to steal something likely to carry your prints.
With a top-tier DSLR and a long tele lens, it's possible to take a detailed picture of your fingerprints from across the street. 99% of keys can be duplicated in this manner as well.
>>26092 Well... That's the alphabet agencies out of the way... What about nefarious forces overseas getting that kind of data? You are thinking on a more personal level, as in I will be targeted. I'm not thinking that way. I'm more concerned out someone breaking into some server somewhere and grabbing a bunch of biometric info. You know, like credit card thieves.
The vector stuff was really interesting mate, compared to the all out /boo/ assault...
Targeting is 99% of intelligence. Bulk data just isn't very valuable, which is why so many people in the intelligence community think that the current approach of "collect everything, sort it out later" is actively counterproductive.
Biometric data is of particularly little value in bulk, because it's so intimately tied to your physical presence. If I want to pwn your phone, there are immeasurably easier ways than stealing your fingerprint and either spoofing a fingerprint scan or making a gelatine fingertip. I can't really do anything useful with your fingerprints unless I'm into some serious blackbaggery. A crook would infinitely prefer a Gmail login or a credit card number.
Think from the attacker's perspective - what can they actually do with your fingerprints? Unless you're a high-value target being attacked by a very well-resourced adversary, your fingerprints are of no value to anyone.
