Google "System Design Github.com". There are some amazing guides there. GCP names their products pretty clearly (looking at you AWS) so mapping them to Google Cloud products should be easy.
Readit NewsTop19 commented on Ask HN: How can I practice for a Google non-abstract system design interview? · Posted by u/z_zetetic_z
It has always struck me as strange there is no 2FA function on HackerNews along with no real delete function.
Also some of us have noticed for a while Hacker News is hosted differently than the rest of YCombinator. While YCombinator uses AWS, which makes sense, Hacker News uses a small San Diego firm called M5 Computer Security. They have commented on here from time to time.
M5 Computer Security, also known as Cloud 5 Hosting and a few other names, has popped up on other forums too. The IPs that are owned by them (at least according to WHOIS) wind up holding very strange other websites that aren't say hosting customers (like how to weld underwater, how to get a foreign visa, etc). Some of their name servers also hold data for websites that are definitely not supposed to be there, like the regional government sites of a foreign country (could be part of the Sea Turtle DNS attack we have thought [1]). Also for a security company they seem to have strangely out of date websites [2]. Copyright 2003?
A few weeks ago we wound up calling the FBI's Cyberstorm hotline after we saw something weird with a government in the United States that traced back to M5 and American Internet Services, LLC (they often appear alongside M5 in the hosting records). A week later I had someone from DHS interview me at length (they just showed up at the door) for about 30 minutes. They seemed to be around organized crime, but near the end of the conversation it was mentioned "well they also do a lot of Department of Defense stuff". Uh oh. This seems to be true as they mention it on one of their websites actually [4].
Hopefully someone a few months from now will pick up the case and find out / connect to one of the many other DNS mysteries out there.
[1] - https://blogs.cisco.com/security/talos/sea-turtle-keeps-on-s...
[2] - https://www.m5computersecurity.com/audit-private.php
[3] - www.htleng.com
[4] - https://www.m5hosting.com/about-us/data-centers/san-diego-li...
Who on here was saying front company for intelligence agency? I imagine if that is the case this is already being picked up by any number of threat intelligence solutions like Shadow Dragon [1].
Also this group looks almost cliche Cold War intelligence agency. Their UK name servers appear to host the authoritative records for half a dozen amateur radio groups / HF repeater runners in the UK. Fascinating, could someone reach out to them? cleddau-amateur-radio-society.org.uk AND tenby-radio-repeater-group.org.uk AND taffvaleradio.club with DNS records served from ns1.mhosting.co.uk.
Dead Comment
Top19 commented on Accidentally altering data on senate.gov blog.12security.com/accid... · Posted by u/rshnotsecure
So Granicus posts online streaming video of every gov agency in the country basically. They have their own custom hardware to do this too that sites inside of gov datacenters it seems.
Apparently they left open their main production database a few months ago. The issue here though seems to be that even now they require all these agencies to whitelist on all ports their two /24 "remote support" subnets.
He pulled an SSH key from one of the remote support servers and found it also on dozens of Chinese servers...
Top19 commented on Ask HN: Where can I work as a software engineer to combat large global problems? · Posted by u/talking_panda
Mass Organ Harvesting and Mass Killing in Xinjiang.
If you are familiar with ICS security / systems, you can literally see the incinerators with dashboards of “humans per hour” and things like that.
Anyone with data wrangling skills (BigQuery, DataPrep, stuff like that), setting up cloud infra, or even just really good hard-code internetting research skills would be appreciated.
001-alias-aw@outlook.com
I actually wouldn’t have minded posting my real name, but it seemed somehow like it would take away from my post unless I used a cool anonymous (but not really) alias.
Is the identity of the breached third party public knowledge? Is there a way for other startups to determine if they may be at risk as well? If it has that many high-profile clients it is likely a popular service.
There is an email in the summary of the commenter profile.
If this comment gets downvoted, it's probably because its kind of off-topic and a little hard to follow. Maybe write a blog post with some of the emails, I guess, instead of a long comment, and then submit that?
I get your comment for sure, but it is not true when you say those on Hacker News would downvote a comment for being off-topic when it is for a somewhat concerning moral issue. Many of the members here are better than that or at least more able to see the larger issues at stake I think.
Again though I still see your point and those claims, if situation was a little more mundane, are absolutely true.
Top19 commented on DHS, FBI say election systems in all 50 states were targeted in 2016 arstechnica.com/informati... · Posted by u/howard941
Yeah not surprising. Used to work for the Texas Gov Storage IT. Those guys left the single file server for all of Secretary of State (department that manages elections) up on the internet for months to make remote access / working from home possible. SSL certs, keebase backups, it was all there.
Behind a single user/pass form with a 12 char pass. Would be stupid to not target these states.
This was in September 2018.
Deleted Comment
For reference, they’re saying it’s worse than anything that occurred during the Cold War in terms of informants lost/killed, including more than lost via Aldrich Ames (he was eventually arrested in 1994).