₦airaland Forum

Welcome, Guest: RegisterLoginWith GoogleTrendingRecentNew

Stats: 3,330,926 members, 8,447,785 topics. Date: Sunday, 19 July 2026 at 12:41 AM

Toggle theme

Ayodejioak's Posts

Nairaland ForumAyodejioak's ProfileAyodejioak's Posts

1 2 3 4 5 6 7 8 9 10 (of 33 pages)

CrimeHow To Find Out If Your Password Has Been Stolen by Ayodejioak(op): 6:36pm On Jan 17, 2019
What just happened?
Yesterday, it emerged that more than a billion unique email address and password combinations had been posted to a hacking forum for anyone to see in a mega-breach dubbed Collection #1.

The breach was revealed by security researcher Troy Hunt, who runs the service allowing users to see if they’ve been hacked called Have I been Pwned. He has now loaded the unique email addresses totalling 772,904,991 onto the site.

The data includes more than a billion unique email and password combinations – which hackers can use over a range of sites to compromise your services. They will do so by utilizing so-called credential stuffing attacks, seeing bots automatically testing millions of email and password combinations on a whole range of website login pages.

The data originally appeared briefly on cloud service MEGA and was later posted to a popular hacking forum. The Collection #1 folder is comprised of more than 12,000 files weighing in at 87 gigabytes.

Most concerningly, the protective hashing of the stolen passwords had been cracked. This means they are easy to use because they are available in plain text rather than being cryptographically hashed as they often are when sites are breached.

Should I be worried?

In a word: Yes. It’s a massive concern, not least because scale of this breach is huge: Yahoo’s breaches saw 1 billion and 3 billion users affected but the stolen data hasn’t actually resurfaced yet.

And unlike other huge hacks such as Yahoo and Equifax, this breach cannot be tied down to one site. Instead it appears to comprise multiple breaches across a number of services including 2,000 databases.

https://cdn.grahamcluley.com/wp-content/uploads/2015/08/password-wide.jpeg

Hunt says there are many legitimate breaches in the directory listing, but he cannot yet verify this further. “This number makes it the single largest breach ever to be loaded into HIBP,” he adds in a blog.

What’s more, his own personal data is in there “and it’s accurate”, he says. “Right email address and a password I used many years ago. Like many of you reading this, I’ve been in multiple data breaches before which have resulted in my email addresses and yes, my passwords, circulating in public.”

Finding out if you’re affected
If you are one of the 2.2 million people that already use the Have I Been Pwned site, you should have received a notification: Nearly half of the site’s users – or 768,000 – are caught up in this breach.

If you aren’t already a member, you need to visit Have I Been Pwned now. Once on the site, you simply need to type in your email address and search, then scroll down to the bottom of the page. The site will let you know if your email address is affected by this breach – and while you are there, you can see if your details were stolen in any others too.



To find out if your password has been compromised, you separately need to check Pwned Passwords– a feature built into the site recently. This feature also helps you to use strong passwords: if yours is on there, it’s safe to assume others are using it and your accounts could be easily breached.

What if my details are there?
Hunt says in his blog: “Whilst I can’t tell you precisely what password was against your own record in the breach, I can tell you if any password you’re interested in has appeared in previous breaches Pwned Passwords has indexed. If one of yours shows up there, you really want to stop using it on any service you care about.”

If you have a bunch of passwords, checking all of them could be time-consuming. In this case, Hunt suggests 1Password’s Watchtower feature which can take all your stored passwords and check them against Pwned Passwords in one go.

Most importantly, if your password is on the list, do not ignore it as it can be used in credential stuffing attacks mentioned earlier. Hunt says: “People take lists like these that contain our email addresses and passwords then they attempt to see where else they work. The success of this approach is predicated on the fact that people reuse the same credentials on multiple services.”

More generally, as the number of breaches and their sheer scale increases, it’s time to clean up your password practices. In addition to using two-factor authentication, passwords should be complex – such as a phrase from a favourite book or a line from a song. At the same time, security experts don’t rule out analogue books containing your password – as long as these are not stored on your device or with it.

If you take these measures into account you should be able to avoid using the same password across multiple sites. Ideally, start using a password manager to ensure you can remember these.

Source: Forbes, via itblogr - http://itblogr.com/how-to-find-out-if-your-password-has-been-stolen/
CrimeRe: Hacker Who Took Down A Nation’s Internet Jailed by Ayodejioak(op): 2:49pm On Jan 16, 2019
Cc: lalasticlala Mynd44 OAM4J
CrimeRe: Hacker Who Took Down A Nation’s Internet Jailed by Ayodejioak(op): 1:51am On Jan 16, 2019
DavidBolu2019:
Oh no.
He might be useful
News like these got me wondering how vulnerable or secure mobile telecom and financial in companies Nigeria can be.
CrimeHacker Who Took Down A Nation’s Internet Jailed by Ayodejioak(op): 1:34am On Jan 16, 2019
A British hacker whose cyberattacks took the nation of Liberia offline has been jailed for almost three years.

Daniel Kaye launched a series of attacks on Liberian cell phone operator Lonestar in October 2015, which became so powerful they knocked out the west African country’s internet the following year.

Kaye, 30, had been hired to carry out the attacks by a senior employee at rival operator Cellcom, Britain’s National Crime Agency said in a statement, although there is no suggestion that Cellcom was aware of the activity.

He pleaded guilty to creating and using a botnet, a series of computers connected in order to attack systems, and possessing criminal property last month. Kaye was sentenced on Friday at Blackfriars Crown Court in central London to two years and eight months in prison.

While living in Cyprus, Kaye used a botnet he had created to trigger repeated distributed denial of service (DDoS) requests on Lonestar, causing the company to spend around $600,000 in remedial action.

The additional impact of customers leaving the network caused the company to lose tens of millions of dollars in lost revenue, the NCA added.
Following his arrest in February 2017, Kaye was extradited to Germany, where he also admitted to attacks on Deutsche Telekom that affected around 1 million customers in November 2016.

“Daniel Kaye was operating as a highly skilled and capable hacker-for-hire,” Mike Hulett, Head of Operations at the NCA’s National Cyber Crime Unit, said.

“His activities inflicted substantial damage on numerous businesses in countries around the world, demonstrating the borderless nature of cyber crime,” he added. “The victims in this instance suffered losses of tens of millions of dollars and had to spend a large amount on mitigating action.”

Source: http://itblogr.com/hacker-who-took-down-a-nations-internet-jailed/

CareerRe: I Am A Nigerian Cybersecurity expert In The US, Ask Me Anything by Ayodejioak(op): 6:20pm On Jan 10, 2019
lynkyinka:
@Ayodejioak

are you up for joining up with a group of Nigerian cybersecurity professionals to share your insight and wealth of experience
Sure, add me up!
CareerRe: Career Thread For Cybersecurity Experts: Meetups by Ayodejioak(m): 6:19pm On Jan 10, 2019
FlyingTOMATOE:
Ayodejioak
Here! Thanks!!
CareerRe: I Am A Nigerian Cybersecurity expert In The US, Ask Me Anything by Ayodejioak(op): 8:54pm On Jan 04, 2019
Peterjosh:
Your link is not going through.
Apparently, link shorteners are being blacklisted here.
Thanks to the mods/antispam bots.
CareerRe: I Am A Nigerian Cybersecurity expert In The US, Ask Me Anything by Ayodejioak(op): 5:11pm On Dec 31, 2018
CeeKay17:
How easy is it for a Nigerian residing here to get a Cybersecurity job in US?
I'm presently working as a Cybersecurity Analyst in a private company and I have Security+ & CEH certifications.
I might not be able to perfectly communicate the level of ease, but It's definitely a possibility. My first route will be making a number of connections with US based recruiters on LinkedIn. They have access to numerous H1-B's for expatriate employment that don't even go obvious enough to make it into job boards. - Call that express entry

If you have some unique coding, technical or application skills you can easily get a large corp sponsor you on any of these platforms: Kickstarter, Ycombinator, Gitlab/Github to mention a few.

I have a friend who will be enroute to the San area in Cali this weekend. He got an awesome offer with Microsoft, He resumes next week. It's his first trip out of Naija too!
CareerRe: I Am A Nigerian Cybersecurity expert In The US, Ask Me Anything by Ayodejioak(op): 4:58pm On Dec 31, 2018
hadizabala:
I have just one question. Are you a hacker?
By non-technical definition, the term hacking implies tweaking or making something work in the way it wasn't designed to.
A simple 'hacking' experience in our everyday life can include something considered insignificant as removing the SIM card in your smart phone using a safety pin - The safety pin wasn't designed for that functionality, but yes! it works.

In technical terms, I have abilities to tweak a computer into performing some 'off the record' tasks as a result of my input while leveraging ethics (within a legal, ethical,authorized and controlled environment). Drawing conclusions from both definitions, I am an ethical hacker.
CareerRe: I Am A Nigerian Cybersecurity expert In The US, Ask Me Anything by Ayodejioak(op): 4:27pm On Dec 31, 2018
Wonderz1:
Please must i learn programming before i can become a cyber security expert.
If I get a Naira everytime someone asks me this question, I'll be friends with the Joneses by now.

Not all cybersecurity professionals have or need coding skills. But without some knowledge of at least one language, you may find your path forward somewhat limited.

As a cyber security expert, you also get to do code review for applications, you want to be familiar with what inputs are being called, if there are any sort of malicious injection within every line of code and 'the only way to find what you're looking for is to know what to look for' - Ayodejioak.

I can bet you need at least some beginner or intermediate level of programming in the following languages in your Cyber Security Career:
Python, JavaScript, HTML, C, C++, Assembly, PHP

It's also cool to mention how getting the syntax of any programming language is the fastest approach towards learning them.
If you're scared of starting, start with HTML. If you have Basic HTML/CSS experience, I recommend Python. Python is arguably the most useful as well as easy to learn PL in the history of coding. As a matter of fact I learnt basic python in 5 hours watching this youtube video - https:///2vPbMns . It could have been 4 hours but I love to play while working. tongue
CareerRe: I Am A Nigerian Cybersecurity expert In The US, Ask Me Anything by Ayodejioak(op):
mogbojaiye:
Thanks man bro for been there for us
My question is this :i have taken an entry level certification course on ComPtia A+ and N+ though I lve networking but I want to grab the basics before heading to ccna .please u are more exposed and open to the outside world than us and I believe you have more friends in this field of urs, which of the branches of ccna do you think is relevant and highly needed in today's world over there? So we don't end up picking a branch dat is outdated

And my 2nd question is :is it possible to apply for jobs online and get interview probably tru skype and what site would you recommend please?

And is there any other country in the western world u can also recommend that u feel this career line is highly needed with good pay attached

Thanks man I kindly wait for your reply
Hi mogbojaiye,

First and foremost, I must commend your giant stride towards chasing your IT dream by taking the entry level certification course for CompTIA A+ and N+. Before I answer your question, I want to make a distinct clarification:

Certification body matters so much but unfortunately, many don't even understand - There is a difference between taking a Linux+ or A+ at NIIT or HIIT and actually taking the certification exam by CompTIA. NIIT and co are mere 'middle-men' trying to prepare you for the real exam.
Yes, you get a certificate of completion, similar to completing a freaking JAMB tutorial and getting a signed document stating that, but can you get enrolled into Unilag with this document? Nope!

I like that you mentioned CCNA also. I'm not sure what you mean by the branches of CCNA, but I'm sure this link - https:///2TiTFjq will help you learn more about the certification. If you are planning on writing the exam, In my opinion, the CCENT >> CCNA (ICND 1 &2) which is literally breaking the whole exam into two, looks like a better track.

Speaking from experience, it is very possible to apply for a 100% remote job from Nigeria. Just have these 4 pieces in your backpack: Faith, Mind-blowing linkedin, goodluck/said skills, and lastly 'among many others'

I admin a few blogs, apps, forums and other websites centered at IT which will be beneficial for both starters and seasoned IT professionals.
I do not hoard information so I'll be giving out lots of content for free. Stay tuned.
CareerRe: I Am A Nigerian Cybersecurity expert In The US, Ask Me Anything by Ayodejioak(op): 3:10pm On Dec 31, 2018
Apologies for the late response and mentions.
Had to host the family for the holidays.
Now let's get to the parts where questions get answered.
CareerRe: I Am A Nigerian Cybersecurity expert In The US, Ask Me Anything by Ayodejioak(op): 4:23pm On Dec 22, 2018
Stan999:
@OP, what would you say about an MSc in information assurance and focus on cyber security @ St. Cloud State University Missouri coming from a graduate of elect/elect engineering?

Next up, is salary expectation dependent on state or firm?
One great thing about studying in US how seamlessly easy it is to port across courses. You can literally be a biology major today then a Licensed pentester tomorrow.

As a matter of fact, my first degree from Nigeria was something close to elect engr but my long nurtured passion propelled me to my IT dream.... So, I'll say 'Go for it!'

Now, compensation is usually dependent on BOTH the state and firm for a simple reason: Big firms have targeted states for their HQs and branches. You won't find a freaking Microsoft HQ in the middle of Iowa, or utah.

That being said, while everybody wants to secure a cybersecurity position in DC, TX, VA, and the rest of the premium cybersecurity US states, it is ideal to start somewhere then climb up the ladder in no time.
CareerRe: I Am A Nigerian Cybersecurity expert In The US, Ask Me Anything by Ayodejioak(op): 3:38pm On Dec 22, 2018
Lorenzop:
I am very passionate about Cyber security, I want to major in it....is it OK to self study then go ahead to certification exams....

Can you assist with study materials pls?
You know yourself much more than everyone else. If self study is your thing, go for it man.

You remind me of my first certification ever, Usually everyone (even nerds) follow the CompTIA trifecta: CompTIA A+ --> N+ --> S+ but I felt my couple years of work as at then qualified me for a Security+ off the bat without having to go the long route. I gave self study a shot, and I was right!

Don't hesitate to reach out if when you need informational help.
CareerRe: I Am A Nigerian Cybersecurity expert In The US, Ask Me Anything by Ayodejioak(op): 6:46pm On Dec 20, 2018
You really don't have to follow the cybersecurity route. I have a colleague next to me, all he does is write python scripts for days and the rest is story.

Its ideal to be comfortable your area of choosing, while applying these same principles to your expertise: Software dev, Digital design, LPN, Big data analysis, AWS, pen-testing or what ever rocks your boat!
CareerRe: I Am A Nigerian Cybersecurity expert In The US, Ask Me Anything by Ayodejioak(op): 6:41pm On Dec 20, 2018
MPVGoddess:
I've got relations who are good with computers.

If they wanted a career in cybersecurity in the West, what sort of certifications or learning paths would you recommend and how long would it take to achieve them?
Great question.
Most tribe have a saying that translates to the fact that every bad has an iota of goodness. That being said, I do more of giving out tips, tricks and fastest routes rather than bore you with epistle.

1. Enrol in a school (community colleges are way cheap) and major in CS - computer science.

2. While in school, start preparing for your entry level certifications ( CCNA, CompTIA N+ etc). The interesting fact is how your classes will overlap with some 80% of the certification coursework.

I ll be digging deep very soon!
CareerRe: I Am A Nigerian Cybersecurity expert In The US, Ask Me Anything by Ayodejioak(op): 6:16pm On Dec 20, 2018
IdaraCHODB:
Can I ask my questions in camera?
I think it's better if someone else gains more info from a public convo like this.

Tho we can always find alternatives going forward.
CareerRe: I Am A Nigerian Cybersecurity expert In The US, Ask Me Anything by Ayodejioak(op): 6:13pm On Dec 20, 2018
tolugar:
Guy am just here downing my garri and kulikuli (#20 for just 5balls)

My question is?


Will buhari go to daura by road or sea
Well, that's funny.
I'll rather stick to the context of this topic!
CareerI Am A Nigerian Cybersecurity expert In The US, Ask Me Anything by Ayodejioak(op):
It's just another day here, working within the Blue team of one of America's largest IT firm, downing my Cheetos and my Maltina ($6 per bottle).

I stopped biting, ask me anything!!

Cc: lalasticlala, 1forall, CrazyMan

TravelRe: My Trip To Shere Hills, Plateau State (Photos) by Ayodejioak(m): 2:28pm On Dec 20, 2018
cool
I was among the pioneer corpers of Mangu camp, Plateau.

Couldn't even explain how I completed the 3 weeks orientation.

Come and see how corpers were lying just to get outta that shiithole.

Imagine a man having menstrual imbalance!! cheesy
SportsRe: 10 Most Memorable Sporting Moments Of The Year For Nigerians by Ayodejioak(m): 2:29pm On Dec 13, 2018
Whats up with this Nairaland Antispam bot?
Technology MarketMeet Formjacking, A Major E-commerce Website Attack by Ayodejioak(op): 8:05pm On Dec 07, 2018
In recent decades, there exist an imminent familiarity of terms  like; Bluejacking (sending of unsolicited messages over  Bluetooth-enabled devices, Clickjacking (A malicious technique of tricking users into clicking something different from what they perceive), Juice jacking ( A cyber attack wherein malware is installed on to, or data surreptitiously copied from, a computer device using a charging port that doubles as a data connection) and Pagejacking (illegally copying a legitimate website content to another website with the aim of replicating the original website) including an endless "jacking" list in computer security, but none like Formjacking.

In September 2018, Formjacking was officially announced by Symantec Corp in this article (www.symantec.com/blogs/threat-intelligence/formjacking-attacks-retailers), with properly outlined records of massive widespread afterward.

Formjacking, which is the use of malicious JavaScript code to steal credit card details and other information from payment forms on the checkout web pages of e-commerce sites, has been making headlines lately.

Taking a closer look at the more technical aspects of formjacking and detail a new campaign affecting many top shopping sites, below is a typical example of a javascript injection for the primary purpose of formjacking.

https://content.connect.symantec.com/sites/default/files/styles/blogs_inline_small/public/2018-09/Formjacking_Infographic_700.png

The code shown collects the payment information entered by users on the website and posts it to the domain google-analyitics.org in the scenario. This domain is usually a typo-squatted version of the legitimate Google Analytics domain, google-analytics.com and very easily admissible by users.

Taking note of the increasing number of payment information-stealing script injections available daily especially by script kiddies who have little or no technical understanding of injection attack, but skilled enough to make use of off-the-shelf tools and judging by the current security trends today, This was no news.

The image below shows how the infection chain is implemented.

https://news-cdn.softpedia.com/images/news2/payment-info-stolen-from-high-profile-store-users-via-formjacking-redirection-524154-2.png
This attack chain is unique because it is the exact opposite of legacy supply chain formjacking attack which went viral during the evolution of the e-commerce industry, where attackers compromise popular third-party script library providers. As many websites load these scripts, with one compromise the attacker manages to load their malicious code on a large number of sites all at the same time. These script creates a script element and sets a fixed .js source which then forces the browser to load malicious obfuscated JavaScript from the original website, which in turn collects the entered payment information and posts it back to the attackers’ domain.

The scripts are obfuscated for difficulty in detection and apply a hook onto forms on the website and collect all the information entered by visitors. The javascript also extracts the URL loaded in the browser and determines if the checkout page of the original site is active. If it has, the script sends the collected form information, which is now the payment information, back to the attacker-controlled domain. This version of a formjacking script was used in various high-profile breaches such as Ticketmaster UK, Shopper Approved, and Feedify.

Prevalence In recent months, an uptick in formjacking attacks against high-profile websites across the globe have been noticed. Websites from security-conscious countries like the U.S., Japan, Germany, and Australia, among other countries, have also being injected with formjacking scripts.

Conclusion

Considering the current standpoint of this vulnerability, which allows attackers to gain unauthorized access to the customer's checkout information of large companies by exploiting the weaknesses in smaller businesses used by the larger company to provide different services, the big picture of this attack points to the fact that the actual number of infected websites is bound to be higher.

Unfortunately for prospective and current victims. It is hard and almost impossible to tell the existence or extent of a formjacking attack as their websites continue to operate as usual, because attackers are sophisticated, stealthy and take advantage of the fact that this is a much more recent vulnerability.

Source: http://itblogr.com/meet-formjacking-a-major-ecommerce-website-attack/
CareerRe: Top 10 IT Certifications In 2019 by Ayodejioak(op): 6:29pm On Dec 06, 2018
I appreciate the mods and those who took their time to show love and support,
considering the fact that this write-up is officially my first and the R& D took only 3 hours.

For those of you sounding like I told you my name is assistant God,
forgetting i'm just another mere imperfect mortal like you, "Well done sir!"
kiss

1 2 3 4 5 6 7 8 9 10 (of 33 pages)