Are Google Cloud Instances completely backdoored from their initial launch?
I am testing out GCP at the moment and am impressed with their slick interface.I was initially amazed and then terrified to learn that with the click of a single button from within my GCP console... without ever uploading a private key of the public key that I supposedly secured my instance with then I launched... that I could login to an SSH session in my browser and get root within seconds!I know it's because I'm using a google-created debian operating system... but that seems really fucked up imho.I come from Amazon EC2 originally where they were always very strong to remind you that "if you lose your private key, we can't get into the server for you".So it's a little off putting to see that with the click of a button pretty much any google employee could just go looking around my instance?Am I crazy and is this just a really popular feature of their platform which is completely secure?I have to admit, it seems awesome to securely login to an ssh session with the click of a button in a browser... it's just a big too much magic for my liking.I like things simple, that's why I like debian.

Submitted October 05, 2017 at 07:35AM by archlinuxQuestions
via reddit http://ift.tt/2fRYhiu

Hello Redditor Security Pro's :-) I made a website that links to a lot of IT security documentation in one place. We also have a ton of original content. Is it helpful for you? I'd love to know your thoughts before I sink more time and money into it.
http://ift.tt/2xNeUTK

Submitted October 05, 2017 at 09:53AM by paperboy-
via reddit http://ift.tt/2y1BhUD

OpenSSH 7.6 (2017-10-03): SSH protocol version 1 support has been completely removed, after being compile-time disabled by default since OpenSSH 7.0 (2015-08-11)
http://ift.tt/2fOLmxA

Submitted October 05, 2017 at 12:26PM by Mcnst
via reddit http://ift.tt/2fTODvw

Handpicked Books for Security Professionals
http://ift.tt/2hO7hFE

Submitted October 05, 2017 at 11:36AM by ajinabraham
via reddit http://ift.tt/2yr6dPi

Mattel Aristotle canceled over privacy concerns
http://ift.tt/2gbf1Oq

Submitted October 05, 2017 at 01:39PM by winflare
via reddit http://ift.tt/2xUw01m

Equifax data breach was due to one person's error says former CEO
http://ift.tt/2xTpLJ4

Submitted October 05, 2017 at 01:31PM by imr2017
via reddit http://ift.tt/2gbf4d4

[LIVE] ISACA/CERT.LV Conference "Cyberchess 2017" (EU cybersec month)
http://ift.tt/2y1nZaC

Submitted October 05, 2017 at 01:14PM by _Ki_
via reddit http://ift.tt/2fMgf1T

How I could have mass uploaded from every Flickr account
http://ift.tt/2yJeNop

Submitted October 05, 2017 at 01:46PM by albinowax
via reddit http://ift.tt/2wzoV2E

NotRuler: Turning Offence into Defence
http://ift.tt/2ylQ1Pn

Submitted October 05, 2017 at 01:41PM by 0xdea
via reddit http://ift.tt/2wzoYLS

CSE CybSec ZLAB Malware Analysis Report: APT28 Hospitality malware
http://ift.tt/2yZgGP1

Submitted October 05, 2017 at 02:21PM by MicheeLengronne
via reddit http://ift.tt/2z14MnQ

Contact for Security, Manpower, Facility management services in Delhi NCR
http://ift.tt/2xjdGe4

Submitted October 05, 2017 at 02:34PM by vasundhara923
via reddit http://ift.tt/2yKHXUk

Yahoo Triples Likely Scope of 2013 Hack to 3 Billion Users
http://ift.tt/2kjaWfv

Submitted October 05, 2017 at 02:30PM by GemmaJ123
via reddit http://ift.tt/2xjiZdq

Read on the Web: Attackers Redefining Objectives, Approaches
http://ift.tt/2xTIarx

Submitted October 05, 2017 at 06:05PM by MicheeLengronne
via reddit http://ift.tt/2yJqtrs

Security In 5: Episode 83 - The Dangers Of Neglecting Your Wordpress Install
http://ift.tt/2y32SEO

Submitted October 05, 2017 at 06:32PM by BinaryBlog
via reddit http://ift.tt/2fUi54B

How to Extract HTTP Requests From Packet Captures As cURL Commands
http://ift.tt/2yJvP62

Submitted October 05, 2017 at 08:02PM by dentalfoss
via reddit http://ift.tt/2gddCqI

homemade virustotal (opensource)
http://ift.tt/2duqgOe

Submitted October 05, 2017 at 08:33PM by blackout-314
via reddit http://ift.tt/2yrVILw

Cyber Threats and Russian Information Warfare – Timely on CyberWar
http://ift.tt/2o7d8aq

Submitted October 05, 2017 at 10:00PM by SecurityTrust
via reddit http://ift.tt/2y2pEfZ

In Chakra, the amount of memory reserved is unrelated to the amount requested. ZDI researcher does deep dive into the enforcement of bounds checks in native JIT code to explain why.
http://ift.tt/2fNeiCx

Submitted October 05, 2017 at 10:46PM by RedmondSecGnome
via reddit http://ift.tt/2xkblQi

Lessons from France's first cyber-attack, nearly two centuries ago
http://ift.tt/2yicoVQ

Submitted October 05, 2017 at 11:13PM by redditor_1234
via reddit http://ift.tt/2fOvAiq

Russian Hackers Stole NSA Data on U.S. Cyber Defense via Kaspersky Labs - The breach, considered the most serious in years, could enable Russia to evade NSA surveillance and more easily infiltrate U.S. networks
http://ift.tt/2fN5uMZ

Submitted October 05, 2017 at 10:42PM by SuccessfulOperation
via reddit http://ift.tt/2yqXVGX

New to the world of contracting/staff augmentation. What is a good hourly rate to ask for in the US (Midwest specifically)?
I am about to go through a staffing agency for a senior security risk analyst position. They offered $54 an hour as a passing comment in the conversation, so now I know that is the low ball number. I am curious to know what is a good hourly rate for staffing a security position in the Midwest. I don’t have any clue what the market rate is now so I would hate to ask for astronomical number and price myself out of a job.

Submitted October 05, 2017 at 10:22PM by ghostmanure
via reddit http://ift.tt/2fN16NR