What do people mean when they talk about “hackers gaining access to our network” (at home)?

Have I fundamentally missed something between the time when I sat with my 486 IBM PC in the house, fully offline, and today? Do normal people actually set up complex local networks in their homes where they have some kind of “trust anyone with an internal IP address” security scheme going on?

What exactly do they mean by this? I get the feeling that either I am extremely ignorant and somehow have not understood basic concepts of networking in spite of dealing with this (and hating it) for 25 years, or they have no idea what they are talking about and have learned everything they know about computers from Hollywood blockbuster movies and crappy TV series…

What does “gaining access” to a home network mean? Is that, like, exploiting the NAT router (if such a thing is used, which has not always been the case for me)? Even if they exploit the router, that doesn’t magically give them any “access” to the “network” (meaning PCs connected to the router)? At best, they can maybe read plaintext traffic, but how much such is there these days? I shall hope 0% of all traffic.

And again, for a long time, I didn’t even have any device “in between” the ISP and my single PC. It was a very “stupid” cable modem or ADSL modem which had no control panel or any NAT features etc. Right now, I’m using a Mikrotik NAT router which I update maybe once a year at best, because it has the most user-hostile, idiotic mechanism for enabling “auto updates”, which you’d think would be not only dead-simply, but enabled by default. Nope. You have to follow their cryptic news and decide when to manually SSH into it (or use the extremely confusing and messy web interface) to apply updates. I guarantee that 99.99% of all people (including “geeks”) have no idea that they even need to do this, let alone actually bother to.

So what do people mean when they talk about “gaining access”? No updated version of Windows has ever just allowed somebody to randomly connect remotely to “gain access”, regardless of the presence/absence of a router/switch/whatever in between. Or, if it has, that’s some kind of “0-day” exploit or unknown-to-the-public exploit. The so-called “hackers” that people talk about more than likely never “gain access” like that at all; I bet it’s 100% social engineering and tricking them into running coolgame.exe as sent to them in an e-mail attachment and things like that.

Since apparently I always sound rude, I should point out that my intention with this question is to understand people and the world, and not an attempt to somehow sound “superior”. I’m genuinely wondering about this since not a day goes by without me feeling extremely paranoid about security and privacy, especially knowing how incredibly naive and stupid I used to be, and how naive and stupid people in general seem to perpetually be about these things.

Why do most people consider a “00” and a “0” on a percentile roll a 100?

Assuming the results of a percentile roll ranges from 1-100, why would the results of a “00” and “0” roll be read as a “100”?

In any other context outside of a percentile roll, the “0” on a d10 is interpreted as a “10”. Also, the “00” is read as a “0” in every other roll of the d100. But specifically for “00” and “0”, it results in a “100”.

This means that the possible results of a “00” roll with any roll of the d10 is 1, 2, 3, 4, 5, 6, 7, 8, 9, and 100.

This raises an additional question of why a “0” on a d10 in the context of a percentile roll is treated as a “0”.

Is this simply to make the reading of the percentile roll easier, or simply to make it so a 100 wouldn’t require an unaesthetic “90” and a “0” instead of the more visually-appealing “00” and “0”?

[ Etiquette ] Open Question : Why do people think I ignore them on purpose at work?

I work at McDonald’s. On multiple occasions, an hourly manager at work called my name multiple times and I never answered. Why? Because I didn’t hear her. She never believed me when I said I didn’t hear her. Well, I was doing something else. She called for me 5 times? ok well I didn’t hear her any of those times. She’s not the only one. The GM sometimes tell me to do something 3 or 4 times b4 I hear him. He doesn’t accuse me of ignoring him. Yet, she says I never listen and ignore the hell out of her. If I’m getting something done, I’m focusing on it. How can anyone expect me to hear anything more than few feet away? Outside work: I could be getting out of a friend’s car when they drop me off somewhere (like work) and as I get out, she be yelling my name but I wouldn’t hear a thing. Then she be so damn offended. Well I was already several feet away

[ Politics ] Open Question : Why won’t liberals let Trump do his job and work for the American people?

Trump SIGNED UP to lead OUR COUNTRY, but so many liberals are delaying our country from making much progress simply because of their irrational contempt for Trump. If you don’t like the things that he says, then just ignore it and focus on producing a VIABLE CANDIDATE to run against Trump! Why do they behave like spoiled teenagers who got a bad haircut?

Can someone explain what I would be able to convince people to do with a 34 persuasion or deception check?

So this character is a lvl 20 hexblade warlock with a 24 in charisma due to her artifact weapon and has the prodigy feat so she has expertise in persuasion and deception. so thats a plus 19 to deception and persuasion. For other reasons, I have advantage on persuasion and deception checks. With glibness as my 8th lvl mystic arcanum, I cant roll lower that a 15 on my charisma checks. So I cannot roll lower that a 34 temporarily. All it says about dc 30 checks is that they are nearly impossible. I cannot roll lower than that. What are the limits of my ultimate charm?

Are there any ways to make an improved familiar speak with people other than it’s master

Outside ones that can talk naturally like the silvanshi who has truespeech I can’t think of any way to get an improved familiar to talk with people other than it’s master. The mascot and decoy familiar archetypes won’t work because they both require speak with animals for the related abilities.

Masoct Ability

Speak with Team (Ex) At 7th level, a mascot gains the ability to speak with all members of its team verbally as if using speak with master.

This replaces speak with master and speak with animals of its kind.

Decoy Ability

Mockingbird (Ex) At 5th level, a decoy can speak any of its master’s languages. At 7th level, it can mimic its master’s voice and intonation perfectly.

This ability replaces speak with master and speak with animals of its kind.

Concerned Lines

Improved familiars otherwise use the rules for regular familiars, with two exceptions: if the creature’s type is something other than animal, its type does not change; and improved familiars do not gain the ability to speak with other creatures of their kind (although many of them already have the ability to communicate).

How to prevent people from duplicating my data structure?


INTRODUCTION

First of all, I’m a beginner in RSA mechanisms and similar but I’m really interested about knowing if this is possible.

The scenario is I organized a party where certain people receive a special invitation voucher I made with my private key. They will later use it to enter and I will check if it is valid with a public key.

On the begining let’s suppose the voucher has someone’s ID “signed” below by a private key. By this mean, I can ensure THIS person will enter with THAT entrance ID.

MAIN PART

But now I want this vouchers to be transferable in OFFLINE mode with some sort of program. So now it would consist of two blocks; the second one ensures the ticket IS the one. And the first block, would contain the actual holder of the voucher:

………………………………………. BLOCK 1

ACTUAL HOLDER DATA

SIGNATURE OF THIS BLOCK

………………………………………. BLOCK 2

ORIGINAL HOLDER

VOUCHER ID

SIGNATURE OF THIS BLOCK

……………………………………….

I provide the first invitee with his own private key, so he can modify the first block to change the ACTUAL HOLDER DATA in virtue of the new person he transfered the voucher to. When he/she does this, he also provides the private key to the new person.

THE FLAW

If (let’s call him) Mallory makes a copy of his voucher before he transfers it to Alice correctly, he would be ALSO able to enter to my party although Alice should be the only one capable of entering. And so, the number of invitees could be infinite.

My question is simple, how can I disable Mallory’s voucher?

  • Option 1 would be to make the transaction online and add to a server which acknowledges that Alice is the new owner of THAT voucher. Otherwise I need a mechanism to make the old voucher obsolete, unless anyone proposes something better.

Anyone?

Assign n people to m rooms of different sizes, such that noone is alone and people are in largest rooms possible

I’m looking for an efficient way to assign n people to m rooms in a very specific way.

INPUT:

The program receives two sets of people (set of males and set of females), as well as a set of available rooms (rooms can have different sizes, ranging from 2 to 6).

ASSIGNMENT CONDITIONS:

The algorithm must assign people to the rooms in a way, that:

  • Males can be in a room with only males (same for females)
  • Noone can be alone
  • The algorithm must maximize groups (one room of 4 is preferred over 2 rooms of 2, etc)

OUTPUT:

The algorithm must return the assignment

I’ve tried to do it, but all of the sollutions I come up with are at least O(n^3). Does anyone know an efficient way to do this?

Late to becoming interested in career in information security. How much disadvantaged am I against those talented people since young? [on hold]

relatively new to stack exchange and I was about 1 year in my career as a Network Security Engineer before I am needed now by the same company as a Special Projects Engineer to help a department set-up a software they procured which rely on SQL database architecture to work. The project basically give me multidisciplinary exposure to many aspects of IT and Computer Science, but it is fun. I am the kind who just cannot be bored or be deterred by pretty much any aspect of tech except electronics and circuitry because my Physics dept. high school just simply couldn’t teach well.

I graduated with Computer Sciecnce Degree with Computer Graphics specialization, was (and still am) an avid gamer, taught Video Games Development as a Teaching Assistant before I decided to give up going into the industry right before graduation (except if I will be going Autodesk or Nvidia, you know, non-end-user product kinda industry like games) because … well if you know about the state of the industry and the business model many AAA publishers are using. I just got disappointed to go in.

Anyways, I raised this question because especially after having been reading and hearing many stories about young teenage hackers (I think one of them included the founder of Symantec who was a black hat before turning white and started Symantec) likely having more skills at that age than where I am now, perhaps selling video game cheats, hacks, or even now, dabble in dark web stuffs far longer than I ever do, and that I am now taking up such a career, I sometimes worry how much, how hard and how long I should catch up before I can match against those who already built up talent since young in cybersecurity … or even cyber-criminal activities.

I also worry if I only get certified as a ethical hacker, I might lose out knowing the skills those black hats are capable of.

Lastly, in one conference in my country, I have a prominent CISO who, when I asked the same question, he told me not to worry too much because “those who are used to attacking are actually poor at defending.” I could not believe what I hear because, I think like in military, surely you should be under wraps while you are out there stealing data or something.

These sometimes makes me wonder, as I strengthen my organisation’s infrastructure, whether I have totally missed out something I have never known that could have been an attack vector for the hackers.

But hey, I still try to spare my free time watching BlackHat conferences online, taking courses, talking to big players in the industry, etc.

Hope somebody can share some insights on this one. Thanks.