Always assume the worst

The latest NSA surveillance and PRISM news (aka Snowden leak) seems to have gotten a lot of people by surprise. Who would have thought that the NSA was doing that?

Seriously? Where else would they be spending their $10 billion budget? Or using their 40,000 employee force? Or how could they be the largest consumer of power in the state of Maryland?

Of course there was something going on.

What about the Chinese hacking the rest of the world? Are they really? Of course they are. But so is the USA and most developed countries. Did we forget where Stuxnet came from?

I know there are differences in targets, but any country not investing in their cyber force is not really paying attention to our world.

And governments are not the only ones. Private companies are watching us all the time. Oh, and I didn’t even get started on criminal and hacking activities. Who knows how many servers and companies out there they have owned and are monitoring lately.

Always assume the worst

And I am not trying to go into the Politics of what is right or wrong, but trying to point out that we always have to assume the worst. That either a government or company or criminal (or even a friend) might be monitoring what you do in “private” online.

Some rules to remember:

Always assume that you are being monitored. Specially online. It could be your government, a foreign country, your ISP, or even from within your network. Someone might be watching you.
Always assume that your network is compromised. Because it might really be and you don’t know yet.
Always assume that all your emails are being read.
Always assume that all your IM (instant messages) are being read.
Always assume that any “private” content you put online is going to be public someday.
Always assume that your data will be lost.
Always assume that some servers or computers that you own are already compromised.
Always assume that some of your employees (or co-workers) can’t be trusted. And you really don’t know which ones are.
Always assume that there is someone, right now, trying to hack you. This one is really true.
Always assume that there is someone, right now, that is smarter than you, trying to hack you.

When you make those assumptions, you become a lot more careful and vigilant on what you do online. And this is not to make anyone paranoid, but to at least know the risks so you can know what to share or what to say online (within limits). Plus, you can take extra measures to minimize the chances of any of these things happening.

I know it is sad, but it is the reality of the world we live in.

Posted in thoughts by Daniel Cid (dcid)

Daniel Cid Research

In this section you will find some of my research, project and articles. Look around and if you have any questions, reach out.

My companies

If you want to check out my current companies:

* CleanBrowsing
* Trunc
* NOC.org

And my other projects.

Latest articles

Latest articles from my blog.

2021-12-16
log4j honeypot logs - jndi exploit

2021-11-14
DNS Database repository available

2021-10-11
CleanBrowsing Anycast Network is Growing

2021-06-11
1st degree BJJ blackbelt

2020-09-02
Decentralize the web - again

2020-06-11
Mastodon Instance - noc.social

2019-03-20
OSSEC conference - 2019 - The untold story of OSSEC

2017-01-19
WordPress Performance Optimization Guide

2016-04-07
OSSEC v2016-04: Improving detection

2016-02-03
OSSEC v2016-02: New rules options + GeoIP by default

2015-12-30
OSSEC v2015-12: GeoIP + Integratord

2015-02-02
Sudo: The most misused security tool ever

2014-10-26
The S in HTTPS does not equal to a secure site

2014-10-09
Indicators of Compromised Behavior (IOCd-B)

2013-06-20
Always assume the worst

2013-05-12
How to get start contributing to an open source project

2013-04-19
Using your phone SMS as 2FA

2013-03-16
Sucuri WAF - Not your traditional WAF

2012-05-09
OSSEC rule for the PHP-CGI vulnerability

2012-05-08
Database Logging (PostgreSQL and MySQL)

2012-04-21
Setting up OSSEC - Step by step guide

2011-10-25
3WoO: Alerting on DNS (IP Address) changes

2011-09-21
Detecting outdated (web) applications with OSSEC

2011-05-26
Improved reporting for file changes on OSSEC

2011-04-05
Running multiple OSSEC decoders on the same event

2011-02-11
Blocking repeated offenders with OSSEC

2011-02-01
What is a good password?

2011-01-19
Automatically creating and setting up the agent keys for OSSEC

2010-10-20
OSSEC Award daemon

2010-10-19
How to contribute to OSSEC

2010-09-27
OSSEC v2.5 released

2010-04-01
OSSEC v2.4 released

2010-03-11
OSSEC Alerting when a log or output of a command changes

2010-02-09
New member of the OSSEC team: Priscila Cid

2009-12-07
OSSEC v2.3 released

2009-11-05
Process monitoring with OSSEC

2009-08-21
Q&A: OSSEC interview with Daniel Cid

2009-06-12
Compiling the Windows Agent from a Linux system

2009-02-27
OSSEC v2.0 released

2009-01-02
OSSEC book as Best Book Bejtlich Read in 2008

2008-07-25
Sending OSSEC alerts via syslog

2008-06-17
Third Brigade acquires OSSEC

2008-05-01
OSSEC v1.5 released

2008-01-24
Ugliest application logs ever

2008-01-23
OSSEC book is out

2007-12-18
Syslog - Last message repeated X times (rant)

2007-09-05
OSSEC at the 'Own the Box' competition

2007-08-20
Bruce Schneier on log analysis

2007-07-12
OSSEC switching to GPLv3

2007-06-29
Hidden ports on Linux

2007-06-06
Remote log injection paper

2007-06-02
OSSEC Presentations at AusCERT/Confidence

2007-05-01
Daily/Chained checksum of OSSEC alerts

2007-04-10
OSSEC performance testing (v2)

2007-03-18
New member of the OSSEC team: Davi Cid

2007-01-10
Security monitoring with your Logs

2007-01-09
2006 OSSEC download numbers

2006-11-13
Logging authentication events from Cisco IOS

2006-05-02
Log analysis for intrusion detection

2006-03-20
Analysis of SSH brute force attacks

Contact us!

Do you have an idea for an article that is not here? See something wrong? Contact us at realpeople@noc.org

Tired of price gouging

Clear pricing. No need to guess. Real people. Real logging.