Business Cybersecurity - what are the issues you all are wrestling with? - GoFuckYourself.com

seksi · 01-03-2024, 08:07 PM

Hey folks,

I'm a Nevada local now and talking some networking and cybersecurity courses at a local community college!

I'm thinking about trying to craft a survey or some sort of virtual helpdesk at Internext/AVN where I can both give something back to the community and collect info for future research projects.

So would love to hear your issues, concerns, stories here on the board or over a beverage at the circle bar.

I see a post from someone offering pen testing services, and I am curious about their value and checking a box with your cyber insurance and PCI-DSS requirements. How much demand for that exists in the adult entertainment space? What cyber insurers are adult entertainment friendly?

I case you've forgotten my face, it's me!

EZRhino · 01-04-2024, 08:29 AM

See you in Vegas. Hope the Circle bar is as good as it used be. It's been a long time.

Klen · 01-04-2024, 09:01 AM

Get OSCP certificate if you want to be taken seriously

seksi · 01-04-2024, 10:27 AM

Quote:

Originally Posted by Klen

Get OSCP certificate if you want to be taken seriously

I'm just an infrastructure and ops guy, but I find the stories of pen testers on DarkNet Diaries fascinating. Unfortunately there's not that much work in/demand for pentesters: https://www.cyberseek.org/heatmap.html but adding Security+ to my resume in the coming days might impress some Feds and some banks?

I do the CTFs and play curious about picking locks and the other nonsense to get along with folks in the club, but my main interest, personally in security is avoiding liability and having lots of availability for the websites I occasionally create for beer money. Since my main interest is staying legal and out of jail, I don't really have the skills and background to do that much pentesting myself, but I do know folks who are available to do some if the cause is right, if its interesting, and/or we could write about it, talk about it for a paper, a poster, a presentation or a podcast.

I am not sure if the pentester in the other thread listed any certs, credentials, or experience, but was vouched for by a payment processor.

So far, I've been able to avoid having to deal with payments myself! My worst cybersecurity incident that I can quickly recall was one of my sites being used in reflection/amplification for a DDoS against a Central Asian news source that apparently had content that was not desirable to some warring party in Nagorno-Karabakh. My solution was easy, hardening Wordpress, updating a firewall rule, and I sort of became obsessed with blocking networks that were never going to make a purchase through one of my affiliate links

I also had pretty restrictive limits on what sorts of ads and links I would host, to protect my various websites' visitors. Now that I've taken some of the foundational cybersecurity courses, I am curious about how much that basic care to avoid incidents is worth, how much cyber insurance costs, which insurers would touch adult, and what sorts of stories and advice might actually be useful/practical for the masses, the porn consumers and the independent content creator.

I'm boring, because I'm pretty risk averse, but I bet some of you have stories and I'd like to find ways to learn from them. I have friends and colleagues who would be interested in much more technical details and malware that you've encountered, and right now I'm just thinking about the best ways to collect stories, data, testimonials at AVN.

For the really brave, I'd love on camera interviews and stories, but I can try to find a way to anonymize a more general survey just to understand, again, if there is a market for InfoSec services that focus on adult (my guess, no), and maybe what the need is whether or not creators and consumers can and will pay for privacy and security.

Klen · 01-05-2024, 04:29 AM

Quote:

Originally Posted by seksi

I'm just an infrastructure and ops guy, but I find the stories of pen testers on DarkNet Diaries fascinating. Unfortunately there's not that much work in/demand for pentesters: https://www.cyberseek.org/heatmap.html but adding Security+ to my resume in the coming days might impress some Feds and some banks?

I do the CTFs and play curious about picking locks and the other nonsense to get along with folks in the club, but my main interest, personally in security is avoiding liability and having lots of availability for the websites I occasionally create for beer money. Since my main interest is staying legal and out of jail, I don't really have the skills and background to do that much pentesting myself, but I do know folks who are available to do some if the cause is right, if its interesting, and/or we could write about it, talk about it for a paper, a poster, a presentation or a podcast.

I am not sure if the pentester in the other thread listed any certs, credentials, or experience, but was vouched for by a payment processor.

So far, I've been able to avoid having to deal with payments myself! My worst cybersecurity incident that I can quickly recall was one of my sites being used in reflection/amplification for a DDoS against a Central Asian news source that apparently had content that was not desirable to some warring party in Nagorno-Karabakh. My solution was easy, hardening Wordpress, updating a firewall rule, and I sort of became obsessed with blocking networks that were never going to make a purchase through one of my affiliate links

I also had pretty restrictive limits on what sorts of ads and links I would host, to protect my various websites' visitors. Now that I've taken some of the foundational cybersecurity courses, I am curious about how much that basic care to avoid incidents is worth, how much cyber insurance costs, which insurers would touch adult, and what sorts of stories and advice might actually be useful/practical for the masses, the porn consumers and the independent content creator.

I'm boring, because I'm pretty risk averse, but I bet some of you have stories and I'd like to find ways to learn from them. I have friends and colleagues who would be interested in much more technical details and malware that you've encountered, and right now I'm just thinking about the best ways to collect stories, data, testimonials at AVN.

For the really brave, I'd love on camera interviews and stories, but I can try to find a way to anonymize a more general survey just to understand, again, if there is a market for InfoSec services that focus on adult (my guess, no), and maybe what the need is whether or not creators and consumers can and will pay for privacy and security.

True how there is not much jobs in that area , but a lot of them require either OSCP or some other heavy grade certificate, which means there wont be much applications to such jobs, so it still worth it.

ladida · 01-05-2024, 05:22 PM

Quote:

Originally Posted by Klen

Get OSCP certificate if you want to be taken seriously

Certs are when you don't know who to hire. OSCP is no different.

There's only one valid cert that's worth anything, and that's sans certificates. That's why they cost as much and last as much.

All other are just circlejerking to get some money from the field where you have to "upkeep" your participation by various forms of stupidity that have no relation to the actual matter at hand (ie : pay me yearly fee, attend x amount of seminars...)

Overall, certs are stupid and offer little real world value in your "security" online.

Klen · 01-06-2024, 02:13 AM

Quote:

Originally Posted by ladida

Certs are when you don't know who to hire. OSCP is no different.

There's only one valid cert that's worth anything, and that's sans certificates. That's why they cost as much and last as much.

All other are just circlejerking to get some money from the field where you have to "upkeep" your participation by various forms of stupidity that have no relation to the actual matter at hand (ie : pay me yearly fee, attend x amount of seminars...)

Overall, certs are stupid and offer little real world value in your "security" online.

While i might agree how they are unnecessary, they can be a job requirement so better to have then. And if you already working such job, it you have them more it can raise your value.

$5 submissions · 01-06-2024, 07:42 PM

Quote:

Originally Posted by Klen

Get OSCP certificate if you want to be taken seriously

Please share a link. Who offers this certification? International, right?

Maybe get a few members of my VA army certified.

V_RocKs · 01-06-2024, 10:35 PM

I'll have to dig up my white paper on the subject from 2004 Internext... DM me. Or I'll forget.

Klen · 01-07-2024, 01:26 AM

Quote:

Originally Posted by $5 submissions

Please share a link. Who offers this certification? International, right?

Maybe get a few members of my VA army certified.

https://www.offsec.com/courses/pen-200/

Squrr · 01-07-2024, 02:05 AM

Quote:

Originally Posted by ladida

Certs are when you don't know who to hire. OSCP is no different.

There's only one valid cert that's worth anything, and that's sans certificates. That's why they cost as much and last as much.

Yeah, I've spent wayyy too much on those GIAC certs, but SANS courses have always been the best quality I've experienced

seksi · 01-07-2024, 11:20 AM

OK, certifications exist for individuals who want to work in InfoSec, but that's not an entirely germane tangent.

I hoped to start a conversation about the vulnerabilities and threat actors that might be specific to online adult entertainment. I hope to maybe create a conversation that would lead to some sort of real world meeting and action for those interested at the upcoming AVN expo / Internext.

One vulnerability that creators and consumers seem to be wrestling with is account impersonation for the purposes fraud, and the major social media platforms have long struggled with issues like stage names versus real names and managing identity.

Another issue we have seen in the industry and there were good technical panels on at least one year at Internext is content piracy, and I suppose a part of that is account & password sharing.

I don't want to just enumerate areas of interest but hear stories and solutions, maybe create some sort of simple list of best practices that address basic cyber security from an adult-friendly perspective, but if there was enough going on, enough data and encouragement, I could see trying to justify doing real research.

To add some more meat to the story I am sharing, the attack originated from Ecatel networks in Amsterdam, a notoriously irresponsible hosting company, and it occurred in January of 2016. I was able to mitigate it my blocking that that network in my firewall rules, and I essentially disabled xmlrpc until WordPress fixed that particular bug, and worked with my designer/writer/business partner to reduce the number of WordPress plugins we used... but that discipline eventually failed, but I started to enjoy looking for similarly untrustworthy networks to block after seeing attacks in logs or WordPress comment spam from broke places that didn't actually buy sex toys through our affiliate links.

01-03-2024, 08:07 PM	#1
seksi Phonetically Sexy Industry Role: Join Date: Dec 2002 Location: USA Posts: 312	Cybersecurity - what are the issues you all are wrestling with? Hey folks, I'm a Nevada local now and talking some networking and cybersecurity courses at a local community college! I'm thinking about trying to craft a survey or some sort of virtual helpdesk at Internext/AVN where I can both give something back to the community and collect info for future research projects. So would love to hear your issues, concerns, stories here on the board or over a beverage at the circle bar. I see a post from someone offering pen testing services, and I am curious about their value and checking a box with your cyber insurance and PCI-DSS requirements. How much demand for that exists in the adult entertainment space? What cyber insurers are adult entertainment friendly? I case you've forgotten my face, it's me!

01-04-2024, 08:29 AM	#2
EZRhino Confirmed User Industry Role: Join Date: Jul 2003 Location: couch Posts: 6,258	See you in Vegas. Hope the Circle bar is as good as it used be. It's been a long time. Last edited by EZRhino; 01-04-2024 at 08:55 AM.. Reason: incomplete post

01-04-2024, 09:01 AM	#3
Klen Industry Role: Join Date: Aug 2006 Location: Little Vienna Posts: 32,235	Get OSCP certificate if you want to be taken seriously

01-06-2024, 10:35 PM	#9
V_RocKs Damn Right I Kiss Ass! Industry Role: Join Date: Dec 2003 Location: Cowtown, USA Posts: 32,409	I'll have to dig up my white paper on the subject from 2004 Internext... DM me. Or I'll forget.

01-07-2024, 11:20 AM	#12
seksi Phonetically Sexy Industry Role: Join Date: Dec 2002 Location: USA Posts: 312	OK, certifications exist for individuals who want to work in InfoSec, but that's not an entirely germane tangent. I hoped to start a conversation about the vulnerabilities and threat actors that might be specific to online adult entertainment. I hope to maybe create a conversation that would lead to some sort of real world meeting and action for those interested at the upcoming AVN expo / Internext. One vulnerability that creators and consumers seem to be wrestling with is account impersonation for the purposes fraud, and the major social media platforms have long struggled with issues like stage names versus real names and managing identity. Another issue we have seen in the industry and there were good technical panels on at least one year at Internext is content piracy, and I suppose a part of that is account & password sharing. I don't want to just enumerate areas of interest but hear stories and solutions, maybe create some sort of simple list of best practices that address basic cyber security from an adult-friendly perspective, but if there was enough going on, enough data and encouragement, I could see trying to justify doing real research. To add some more meat to the story I am sharing, the attack originated from Ecatel networks in Amsterdam, a notoriously irresponsible hosting company, and it occurred in January of 2016. I was able to mitigate it my blocking that that network in my firewall rules, and I essentially disabled xmlrpc until WordPress fixed that particular bug, and worked with my designer/writer/business partner to reduce the number of WordPress plugins we used... but that discipline eventually failed, but I started to enjoy looking for similarly untrustworthy networks to block after seeing attacks in logs or WordPress comment spam from broke places that didn't actually buy sex toys through our affiliate links.