#Education Resume CV | Explore Tumblr Posts and Blogs

qqueenofhades · 10 months

Note

coming from one of those "born in mid 2000s and is now suddenly an adult, making everyone feel old," people, do you have any resources to learn how to bullshit your way through getting a job with zero experience. cause i cant even put like "babysitting" or anything since covid prevented literally any teenage-typical jobs and i kinda dont know what to put on a resume beyond the university im currently attending and the high school i graduated from. and they still dont teach you this in school even though we've complained for years 😭

Okay my chilluns, listen up. This is how to bullshit your way into a basic 1-page resume even if you think you have absolutely dum-dum-diddlysquat to put on it. I completely feel you, as it's hard as hell to get a job even in the ordinary course of things, and especially when everything seems to want 10 years of experience and a bachelor's degree (and still pays like shit). But you gotta be persistent anyway. So here follows the step-by-step guide of How To Resume:

Open a new Word (or other word-processing software of your choice) document.

Pick a nice, professional-looking font (for the love of God, no Comic Sans). Times New Roman is fine; you don't have to overthink it. My own CV is currently in Perpetua, because it's a nice serif that looks crisp and a little different, but it is still clean and readable. Garamond or Cambria or other starter typefaces are fine too. Make sure it is the right size, usually around 12pt.

Put your full name at the top, centered, in BOLD CAPITALS. Increase the typeface size a few more points on this, to make it stand out and to make it take up space.

Underneath this, in regular-sized text, put your contact information: mailing address if you're comfortable sharing it, or if not, at least your phone number and email address. Use a school email if you have it, and not some weird/in-jokey personal email.

Start a new paragraph. In a slightly smaller font (italic if you want to make it look classy) write a few words about yourself. This should be something like I am a [Major] student at [University] looking for a part-time, entry-level position in [sales, retail, office, etc]. A [year] graduate of [High School] in [City, State], I am [prompt, reliable, detail-oriented, mature, friendly, etc] and a hard worker who is eager to gain experience and positively contribute to your business.

Start a new paragraph. Change the alignment from Center to Left. Create a new heading in bold underline labeled Education.

Under this, fill in your education (college first, followed by high school). Include the institution name, city, and state, the year you graduated or expect to graduate, any honors or awards, any extracurriculars, any grade-point averages if they're good (i.e. 3.0 and above), and your expected major in college.

Start a new paragraph. Create another heading: Experience.

This is where you put absolutely anything you can think of (in chronological order, most recent first and counting backward). Did you volunteer for something ever in your life? Put it down! (Title of work, dates, location, brief description of work). Did you do yard work for someone for a weekend? Put it down! Were you (or are you) part of a student club or organization in high school or university? Have you organized or taken part in any local initiatives in your community or neighborhood? Put it down! Basically, absolutely any kind of work, paid or unpaid, that might be relevant, regardless of how long it was or when it took place.

Under that, put the new heading/paragraph Skills and Interests.

Have you worked with Microsoft Word, Outlook, PowerPoint, Adobe, Photoshop? Put it down! People love that shit! Do you use social media and/or know how to work it better than the average grandma? Put 'er down! You get the idea. Think of anything in your daily life that can be put in Job Language and then see if you can do that. You are in university; do you have any projects, papers, or other things that you're proud of? Have you successfully managed a (gasp) group project? Do you make any kind of art? Are you a registered voter who has taken part in civic/political organizations, drives, or events? (If not, REGISTER TO VOTE! This is your angry grandmother speaking). All of that can go down. Even if it's not job experience per se, it's life experience and shows that you are someone who is engaged with the world and working to gain more.

Last paragraph and heading: References. Ask a few trusted adults who know you well and aren't related to you, such as a favorite high school teacher or a university faculty member/degree advisor, if they'd be willing to serve as referees. Put down their full names, titles/place of work, email addresses, and phone numbers.

Voila! You have a full page resume, probably even a little more if you're lucky. Proofread, make sure the spacing is even and the alignment is right, it doesn't look weird, the text is a consistent size, it's all the same color, there are no glaring typos or grammatical errors, etc. etc. Save it as a PDF.

Boom. Done. You are now a Job Hunting Maestro.

If you get an interview, you don't need to pretend that you have tons of experience or that you're something you're not, but you can present what you ARE in a positive light anyway. Don't apologize for yourself or play yourself down pre-emptively; be confident about yourself and what you can offer. You're a college kid looking for your first part-time job, COVID prevented you from a lot of normal teenage work experience, you're willing to work hard and learn new things. Here's your resume. What would be a good time to talk again.

Good luck! I believe in you.

#anonymous #ask #how to adult #how to make a resume

195 notes · View notes

mostlysignssomeportents · 7 months

Text

A link-clump demands a linkdump

Cometh the weekend, cometh the linkdump. My daily-ish newsletter includes a section called "Hey look at this," with three short links per day, but sometimes those links get backed up and I need to clean house. Here's the eight previous installments:

https://pluralistic.net/tag/linkdump/

The country code top level domain (ccTLD) for the Caribbean island nation of Anguilla is .ai, and that's turned into millions of dollars worth of royalties as "entrepreneurs" scramble to sprinkle some buzzword-compliant AI stuff on their businesses in the most superficial way possible:

https://arstechnica.com/information-technology/2023/08/ai-fever-turns-anguillas-ai-domain-into-a-digital-gold-mine/

All told, .ai domain royalties will account for about ten percent of the country's GDP.

It's actually kind of nice to see Anguilla finding some internet money at long last. Back in the 1990s, when I was a freelance web developer, I got hired to work on the investor website for a publicly traded internet casino based in Anguilla that was a scammy disaster in every conceivable way. The company had been conceived of by people who inherited a modestly successful chain of print-shops and decided to diversify by buying a dormant penny mining stock and relaunching it as an online casino.

But of course, online casinos were illegal nearly everywhere. Not in Anguilla – or at least, that's what the founders told us – which is why they located their servers there, despite the lack of broadband or, indeed, reliable electricity at their data-center. At a certain point, the whole thing started to whiff of a stock swindle, a pump-and-dump where they'd sell off shares in that ex-mining stock to people who knew even less about the internet than they did and skedaddle. I got out, and lost track of them, and a search for their names and business today turns up nothing so I assume that it flamed out before it could ruin any retail investors' lives.

Anguilla is a British Overseas Territory, one of those former British colonies that was drained and then given "independence" by paternalistic imperial administrators half a world away. The country's main industries are tourism and "finance" – which is to say, it's a pearl in the globe-spanning necklace of tax- and corporate-crime-havens the UK established around the world so its most vicious criminals – the hereditary aristocracy – can continue to use Britain's roads and exploit its educated workforce without paying any taxes.

This is the "finance curse," and there are tiny, struggling nations all around the world that live under it. Nick Shaxson dubbed them "Treasure Islands" in his outstanding book of the same name:

https://us.macmillan.com/books/9780230341722/treasureislands

I can't imagine that the AI bubble will last forever – anything that can't go on forever eventually stops – and when it does, those .ai domain royalties will dry up. But until then, I salute Anguilla, which has at last found the internet riches that I played a small part in bringing to it in the previous century.

The AI bubble is indeed overdue for a popping, but while the market remains gripped by irrational exuberance, there's lots of weird stuff happening around the edges. Take Inject My PDF, which embeds repeating blocks of invisible text into your resume:

https://kai-greshake.de/posts/inject-my-pdf/

The text is tuned to make resume-sorting Large Language Models identify you as the ideal candidate for the job. It'll even trick the summarizer function into spitting out text that does not appear in any human-readable form on your CV.

Embedding weird stuff into resumes is a hacker tradition. I first encountered it at the Chaos Communications Congress in 2012, when Ang Cui used it as an example in his stellar "Print Me If You Dare" talk:

https://www.youtube.com/watch?v=njVv7J2azY8

Cui figured out that one way to update the software of a printer was to embed an invisible Postscript instruction in a document that basically said, "everything after this is a firmware update." Then he came up with 100 lines of perl that he hid in documents with names like cv.pdf that would flash the printer when they ran, causing it to probe your LAN for vulnerable PCs and take them over, opening a reverse-shell to his command-and-control server in the cloud. Compromised printers would then refuse to apply future updates from their owners, but would pretend to install them and even update their version numbers to give verisimilitude to the ruse. The only way to exorcise these haunted printers was to send 'em to the landfill. Good times!

Printers are still a dumpster fire, and it's not solely about the intrinsic difficulty of computer security. After all, printer manufacturers have devoted enormous resources to hardening their products against their owners, making it progressively harder to use third-party ink. They're super perverse about it, too – they send "security updates" to your printer that update the printer's security against you – run these updates and your printer downgrades itself by refusing to use the ink you chose for it:

https://www.eff.org/deeplinks/2020/11/ink-stained-wretches-battle-soul-digital-freedom-taking-place-inside-your-printer

It's a reminder that what a monopolist thinks of as "security" isn't what you think of as security. Oftentimes, their security is antithetical to your security. That was the case with Web Environment Integrity, a plan by Google to make your phone rat you out to advertisers' servers, revealing any adblocking modifications you might have installed so that ad-serving companies could refuse to talk to you:

https://pluralistic.net/2023/08/02/self-incrimination/#wei-bai-bai

WEI is now dead, thanks to a lot of hueing and crying by people like us:

https://www.theregister.com/2023/11/02/google_abandons_web_environment_integrity/

But the dream of securing Google against its own users lives on. Youtube has embarked on an aggressive campaign of refusing to show videos to people running ad-blockers, triggering an arms-race of ad-blocker-blockers and ad-blocker-blocker-blockers:

https://www.scientificamerican.com/article/where-will-the-ad-versus-ad-blocker-arms-race-end/

The folks behind Ublock Origin are racing to keep up with Google's engineers' countermeasures, and there's a single-serving website called "Is uBlock Origin updated to the last Anti-Adblocker YouTube script?" that will give you a realtime, one-word status update:

https://drhyperion451.github.io/does-uBO-bypass-yt/

One in four web users has an ad-blocker, a stat that Doc Searls pithily summarizes as "the biggest boycott in world history":

https://doc.searls.com/2015/09/28/beyond-ad-blocking-the-biggest-boycott-in-human-history/

Zero app users have ad-blockers. That's not because ad-blocking an app is harder than ad-blocking the web – it's because reverse-engineering an app triggers liability under IP laws like Section 1201 of the Digital Millenium Copyright Act, which can put you away for 5 years for a first offense. That's what I mean when I say that "IP is anything that lets a company control its customers, critics or competitors:

https://locusmag.com/2020/09/cory-doctorow-ip/

I predicted that apps would open up all kinds of opportunities for abusive, monopolistic conduct back in 2010, and I'm experiencing a mix of sadness and smugness (I assume there's a German word for this emotion) at being so thoroughly vindicated by history:

https://memex.craphound.com/2010/04/01/why-i-wont-buy-an-ipad-and-think-you-shouldnt-either/

The more control a company can exert over its customers, the worse it will be tempted to treat them. These systems of control shift the balance of power within companies, making it harder for internal factions that defend product quality and customer interests to win against the enshittifiers:

https://pluralistic.net/2023/07/28/microincentives-and-enshittification/

The result has been a Great Enshittening, with platforms of all description shifting value from their customers and users to their shareholders, making everything palpably worse. The only bright side is that this has created the political will to do something about it, sparking a wave of bold, muscular antitrust action all over the world.

The Google antitrust case is certainly the most important corporate lawsuit of the century (so far), but Judge Amit Mehta's deference to Google's demands for secrecy has kept the case out of the headlines. I mean, Sam Bankman-Fried is a psychopathic thief, but even so, his trial does not deserve its vastly greater prominence, though, if you haven't heard yet, he's been convicted and will face decades in prison after he exhausts his appeals:

https://newsletter.mollywhite.net/p/sam-bankman-fried-guilty-on-all-charges

The secrecy around Google's trial has relaxed somewhat, and the trickle of revelations emerging from the cracks in the courthouse are fascinating. For the first time, we're able to get a concrete sense of which queries are the most lucrative for Google:

https://www.theverge.com/2023/11/1/23941766/google-antitrust-trial-search-queries-ad-money

The list comes from 2018, but it's still wild. As David Pierce writes in The Verge, the top twenty includes three iPhone-related terms, five insurance queries, and the rest are overshadowed by searches for customer service info for monopolistic services like Xfinity, Uber and Hulu.

All-in-all, we're living through a hell of a moment for piercing the corporate veil. Maybe it's the problem of maintaining secrecy within large companies, or maybe the the rampant mistreatment of even senior executives has led to more leaks and whistleblowing. Either way, we all owe a debt of gratitude to the anonymous leaker who revealed the unbelievable pettiness of former HBO president of programming Casey Bloys, who ordered his underlings to create an army of sock-puppet Twitter accounts to harass TV and movie critics who panned HBO's shows:

https://www.rollingstone.com/tv-movies/tv-movie-features/hbo-casey-bloys-secret-twitter-trolls-tv-critics-leaked-texts-lawsuit-the-idol-1234867722/

These trolling attempts were pathetic, even by the standards of thick-fingered corporate execs. Like, accusing critics who panned the shitty-ass Perry Mason reboot of disrespecting veterans because the fictional Mason's back-story had him storming the beach on D-Day.

The pushback against corporate bullying is everywhere, and of course, the vanguard is the labor movement. Did you hear that the UAW won their strike against the auto-makers, scoring raises for all workers based on the increases in the companies' CEO pay? The UAW isn't done, either! Their incredible new leader, Shawn Fain, has called for a general strike in 2028:

https://www.404media.co/uaw-calls-on-workers-to-line-up-massive-general-strike-for-2028-to-defeat-billionaire-class/

The massive victory for unionized auto-workers has thrown a spotlight on the terrible working conditions and pay for workers at Tesla, a criminal company that has no compunctions about violating labor law to prevent its workers from exercising their legal rights. Over in Sweden, union workers are teaching Tesla a lesson. After the company tried its illegal union-busting playbook on Tesla service centers, the unionized dock-workers issued an ultimatum: respect your workers or face a blockade at Sweden's ports that would block any Tesla from being unloaded into the EU's fifth largest Tesla market:

https://www.wired.com/story/tesla-sweden-strike/

Of course, the real solution to Teslas – and every other kind of car – is to redesign our cities for public transit, walking and cycling, making cars the exception for deliveries, accessibility and other necessities. Transitioning to EVs will make a big dent in the climate emergency, but it won't make our streets any safer – and they keep getting deadlier.

Last summer, my dear old pal Ted Kulczycky got in touch with me to tell me that Talking Heads were going to be all present in public for the first time since the band's breakup, as part of the debut of the newly remastered print of Stop Making Sense, the greatest concert movie of all time. Even better, the show would be in Toronto, my hometown, where Ted and I went to high-school together, at TIFF.

Ted is the only person I know who is more obsessed with Talking Heads than I am, and he started working on tickets for the show while I starting pricing plane tickets. And then, the unthinkable happened: Ted's wife, Serah, got in touch to say that Ted had been run over by a car while getting off of a streetcar, that he was severely injured, and would require multiple surgeries.

But this was Ted, so of course he was still planning to see the show. And he did, getting a day-pass from the hospital and showing up looking like someone from a Kids In The Hall sketch who'd been made up to look like someone who'd been run over by a car:

https://www.flickr.com/photos/doctorow/53182440282/

In his Globe and Mail article about Ted's experience, Brad Wheeler describes how the whole hospital rallied around Ted to make it possible for him to get to the movie:

https://www.theglobeandmail.com/arts/music/article-how-a-talking-heads-superfan-found-healing-with-the-concert-film-stop/

He also mentions that Ted is working on a book and podcast about Stop Making Sense. I visited Ted in the hospital the day after the gig and we talked about the book and it sounds amazing. Also? The movie was incredible. See it in Imax.

That heartwarming tale of healing through big suits is a pretty good place to wrap up this linkdump, but I want to call your attention to just one more thing before I go: Robin Sloan's Snarkmarket piece about blogging and "stock and flow":

https://snarkmarket.com/2010/4890/

Sloan makes the excellent case that for writers, having a "flow" of short, quick posts builds the audience for a "stock" of longer, more synthetic pieces like books. This has certainly been my experience, but I think it's only part of the story – there are good, non-mercenary reasons for writers to do a lot of "flow." As I wrote in my 2021 essay, "The Memex Method," turning your commonplace book into a database – AKA "blogging" – makes you write better notes to yourself because you know others will see them:

https://pluralistic.net/2021/05/09/the-memex-method/

This, in turn, creates a supersaturated, subconscious solution of fragments that are just waiting to nucleate and crystallize into full-blown novels and nonfiction books and other "stock." That's how I came out of lockdown with nine new books. The next one is The Lost Cause, a hopepunk science fiction novel about the climate whose early fans include Naomi Klein, Rebecca Solnit, Bill McKibben and Kim Stanley Robinson. It's out on November 14:

https://us.macmillan.com/books/9781250865939/the-lost-cause

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2023/11/05/variegated/#nein

137 notes · View notes

unichrome · 10 months

Text

The biggest heist that almost was

Let me tell you about the most insane bank heist that is going to sound like I'm just leaking the script for the next American hacking movie. The goal? Steal one billion USD. And it all began with an email and a printer, which as we all know is where problems usually start. Another weapon in this heist was... Weekends and time zones.

As usual, no prior computer science education needed.

What happened?

On the morning of February 5th 2016, a printer had stopped working in the central bank of Bangladesh (Bangladesh Bank). But it wasn't just any printer, it was the printer responsible for printing all the records of the multimillion transfers going in and out of the bank. When the poor employees finally won the printer battle and had it resume normal operation, they saw a very concerning account transfer in the records that was coming out. The bank had an USD account in the USA, at Federal Reserve Bank, with approximately 1 billlion Dollars in it, and the Federal Reserve Bank had received instructions to drain almost the entire amount. In the records that came out in the printer, the American bank had attempted to urgently message the Bangladesh bank regarding this transfer, but couldn't get through to them. This was because the hack had actually started the day before, Thursday 4th, at around 20:00 Bangladesh time, when the bank was closed. However, USA had just started their day, giving the American bank plenty of time to follow through with the instructions from the Bangladesh bank to drain their entire account while they were closed. And that wasn't the end of it, as weekends are from Friday to Saturday in Bangladesh, meaning that the Bangladesh bank headquarters in Dhaka wouldn't discover this withdrawal until Sunday morning. That's when they immediately tried to reach the American bank, which of course didn't work as over there it was Saturday evening, and the American weekend is from Saturday to Sunday, meaning that they wouldn't be reachable until Monday.

You see what I mean by the hackers using time zones and weekends, finding the perfect time for the American bank to execute their orders while Bangladesh discovers the withdrawal several days too late, and again several days too late for Americans to be reachable. But it didn't stop there with their timehacking.

The money had to go somewhere from the American bank, and it would be stupid to send it directly to the hackers own account without laundering the money first. So they had set up four different bank accounts in the Philippines, using fake names and credentials. Why the Philippines? Because the Lunar new year was on Monday the 8th, which is a holiday and holiday means no bank activities in either Bangladesh or the Philippines, buying the hackers even more time. As a final act, they messed with the printer responsible for printing transaction records, adding another few hours to their schedule. Moon and stars really aligned perfectly for this plan.

But how did they do it?

It all began one year prior, in January 2015, with an email sent to several employees at the Bangladesh Bank. The email seemingly contained a job application from a person who didn't actually exist, but who was very polite in his request for a position at the bank, with a link to his CV and cover letter. Naturally this link led to a document with a little surprise gift - malware. Since the heist happened, at least one of the recipients must have clicked the link, and successfully deployed a RAT - Remote Access Trojan, malware that lets you control a computer from the comfort of your own home, as well as a toolkit with various malware to move from computer to computer, avoiding discovery, and covering their tracks.

From there, the hackers slowly made their way through the bank offices network, one step at a time to avoid setting off alarms, looking for any computer that had control of the banks SWIFT setup. SWIFT lets banks transfer large amounts of money between themselves and other banks connected to SWIFT. And as soon as they found one of those computers, they stopped. They didn't need to hack SWIFT in the traditional sense of the word - since they operated in a bank computer, the SWIFT-software assumed they naturally had to be bank employees. However, one of the parts of the malware used in the heist was for manipulating the SWIFT system, as the hackers weren't physically there to press anything. Additionally, since they were laying dormant for the time to strike, they needed to keep an eye out for SWIFT updates that could detect any tampering with the system, and adapt accordingly.

Then they waited many months for the stars to align on February 4th, 2016.

There were 35 transfers made by the hackers from the American bank account, totaling almost 1 billion USD, but there were two of these tiny little seemingly insignificant details that prevented this from becoming the worlds largest bank heist in history. The hackers biggest enemy became this concept known as “words”.

The Philippine bank accounts were all located in the same RCBC Bank office on Jupiter Street in Manila. And this would be the hackers downfall, as USA had sanctions put on an Iranian cargo ship called Jupiter. Since the transactions went to a recipient that contained the word “Jupiter”, it created a security alert in the Federal Reserve Bank that the employees needed to investigate. When they saw what was going on, they managed to stop all but five of the initial 35 transactions, thus “only” roughly 100 million USD made it to the Philippines. The Bangladesh bank requested to reverse the transactions, but since the money was in the Philippines, they would need bureaucracy in form of a court order to reclaim the money, and we all know that's not a 5 minute project. It was when Bangladesh filed the court order in late February that the case became public (since court orders are public documents) and the news broke to the country.

Once in the RCBC bank accounts, the money arrived on Friday the 5th and was immediately moved again. First the 100 million was converted to local currency, and some of it was withdrawn in cash, while the rest was sent off to other hacker-controlled locations. And this is where the second tiny little detail cut off even more of the hackers precious payday. 20 million USD had been sent to Shalika Foundation, a charity organisation in Sri Lanka. But, once again the hackers worst enemy - words - decided to strike again. A typo was made in their transaction, sending the money to “Shalika Fundation”, and a bank employee who must have had their morning coffee spotted this typo and rejected the transfer and kept the funds frozen. This left the hackers with 80 million USD.

✨Now comes the money laundering!✨

There was a second reason for choosing the Philippines as deposit zone; gambling is legal and the casinos had no money laundering regulations imposed. The accomplices of the heist booked private rooms in two casinos located in Manila - Solaire and Midas - and proceeded to purchase tokens to gamble for with the stolen money. Since they played with a room consisting of their fellow accomplices, winning was not really much of a challenge. Then the tokens could be exchanged back to money that would now be clean. To avoid suspicion, they didn't gamble all of the money at once, but over the course of several weeks gambled away the dirty money to clean money.

Who was behind it?

It's normally difficult to pinpoint where the more sophisticated hacking groups come from. Oftentimes, they will leave false clues behind that points to another group so they will face more trouble instead of the group that did it. They may even place clues from several different groups, just to mess with the analysts. It's also quite common to simply “steal” a way of working from another group, or use a leaked/stolen tool from another group (criminals aren't safe from other criminals, especially not in this business) - there are new malware coming out all the time with code that is just a slight modification of a well-known malware actor that had their source code leaked or simply had hired the same programmer. Or they may leave no clues as to who was behind it. Attribution to the guilty part is usually the single most difficult mission in IT-security - often it's just pure guesswork with little to no solid evidence to back it up, if you're lucky there's circumstantial evidence.

This case was no different. The first clue came from the IP the bad guys used to connect to the Bangladesh bank from. It was located in Pyongyang, North Korea. But, as I mentioned, this is not a conclusive verdict, as the IP may simply be planted false evidence to throw the analysts off their track. After the heist, the hackers used a data-wiper to scrub as much of their malware off the bank systems, but they didn't succeed in deleting all of it, some of the tools were still present, including the wiper.

Due to the scale of this operation, it caught the attention of every single IT-security person and IT-security company worldwide, who all of course wanted to know who and how they did it. With the remaining malware, a joint effort was made, comparing malware code to other malware code for similarities. Some was found in Poland, after an analyst noted the similarities from another suspected North Korean hack. Some was found in another infamous North Korean hack targeting Sony Pictures. More and more signs pointed towards the same actor. Some were false leads, the hackers seemed to be wanting to implicate the Russians did it, but failed quite miserably at that, just sprinkling random Russian words into the malware and making it way too obvious it was a ruse.

You may not believe this, but the North Korean government has one of the most notorious hacking groups in the world, known as the Lazarus Group. Some of its more well-known adventures include an extremely data-destructive hack of Sony Pictures (as punishment for releasing “The Interview”), creation of the ransomware WannaCry which was used against many targets worldwide (including hospitals), and various attempts at gathering information from governments and government-affiliated corporations all over the world. And, of course, this heist.

Eventually, after months of collaboration all over the world, the final verdict fell on North Korea, and specifically one of their programmers. His name is Park Jin Hyok, and worked for Chosun Expo - a front company for the North Korean government, located in Dalian (China) who used the funds of the fake corporation gained from legitimate programming jobs from customers worldwide to create the malware and plan the heist with all of its expenses. Of course he wasn't the sole person involved in this project, but it's the only person we know was in it.

This particular heist had been meticulously planned for several years, and Park Jin Hyok had moved to Dalian, set up fake IDs and built a network of contacts there to avoid suspicion. However, he didn't manage to delete all of his online footprints, and became the number one suspect when his internet activities suddenly came from Pyongyang, North Korea.

Additionally, several Chinese business men - many associated with the casino industry in China's Macau territory - were also charged and arrested for assisting with setting up the gambling rooms and coordinating the money laundering process. One unknown Chinese business man managed to get away with 31 million USD of the 80 million that remained after the heist, and as you would expect, he was never to be seen again.

With the middlemen from China paid off, not much remained of the original 1 billion to North Korea. But the heist has fascinated the whole IT-security world nonetheless.

I remember when the news of this case dropped to the IT-security world, who all wanted to take part in the hunt. It was a very fun time, we were all sitting at the edge of our seats waiting for the next update. I hope it was at least somewhat exciting for you too to read about, and thank you for reading this long post! If you liked it, please consider reblogging as it motivates me to write more. You may also like malware stuff I've written about before, such as Stuxnet or just plain evil malware that is a threat to our daily lives.

As always my inbox is open if you have any questions.

#datatag #bangladesh #heist #lazarus #north korea #malware #security #Bank #Hacking #Cybersecurity

77 notes · View notes

izicodes · 2 years

Text

Cut to the chase, this will be a very long post because of the amount of information the people presenting gave us! So much! Anyhoo, the 1.5-hour Zoom meeting was a bunch of representatives from mostly tech companies giving out advice for CVs/Resumes, practical career advice, interviews, and technical interviews. Though this is targeted towards tech people, anything can find the information given to be somewhat helpful!

The Sections

CV/Resume Advice focused

Preparing for first round Interview

How to Stand Out on LinkedIn

Technical Interviews and how to stand out to the Tech Hiring Manager

Career and CV/Resume tips for Tech Graduates

Warning Signs from An Interview

Section 1 - CV / Resume Advice 💻📑

Employers only read your CV in 30 seconds - make the information they are going to read count.

Make it personal to you AND relevant to the role you are applying for

Make sure the content on your CV is concise - don't ramble on forever

The layout should be easy on the eye - not all stuck together in terms of text but not too colorful and in your face

Formatting - The most important and relevant information at the top.

Create a punchy Bio summary at the top - Three-four sentences about who you are and what you do - what you are passionate about

It’s okay to have a 2-page CV/Resume IF the information is all relevant. If not, keep it to 1 page.

Skills - Technical skills and soft skills listed

Your experience ✨

Fact-based.

Don’t copy the job descriptive

Talk about YOUR achievements

Don’t use too much “I did this… I am this…”

Your education 🏫

Include everything relevant like bootcamps, apprenticeships in the area you are applying for

Keep high school information minimal if not relevant

Hobbies and Interests 🎮🎲

Share hobbies that show a skill

Think about what the company does e.g. A gaming company and you're a gamer

Share you’re creative - an eye for colour, design, and creative thinking

Know how to destress - you like yoga and mindfulness

Don’t include hobbies that are more lifestyle e.g. shopping and eating out

Include awards you have gotten that would be relevant to the job you are applying to.

Section 2 - Preparing for first round Interview 👩‍💻

❌ Don't ❌

Do not speak negatively of your previous company/employees - it has a bad look on you and might jeopardize your employment stage if you get the job when they talk to your previous manager

Do not appear to be disengaged/uninterested when interviewed - body language can be assessed also

Do not give false information - about your skill set, don't lie saying you know a language when you don't, and be transparent

✅ Do ✅

Do ask for clarification if you are unsure about anything. Could be about the job description, or want them to expand on things, do ask questions 💯

Do active listening and respond 👂 - ensure that you are present in the moment

Do ensure you sell your strength/have a positive attitude - sell yourself so that they can pick you

What is the typical interview process? 🎬

Phone/Video Screening with the hiring manager/someone from the company

1st interview - Face-to-Face / Remote with the hiring manager/member of the team via Teams / Zoom etc

2nd Interview

Stakeholder/Hiring Manager

Might do a presentation or a task (technical interview if for a tech role)

Give yourself enough time to complete the task

Key Tips to succeed in the interview 🔑

Preparation - ensure you look up who the attendees are for the interview (e.g. via Linkedin)

Research - Look up the company information/Statistics/Glassdoor reviews/Social media content. See how they are online, what the company’s culture is like, pros and cons

Questions - Do not be afraid to have a list of questions for your potential employer / take a notepad with you, to prompt this / take responses down.

Review - Study the job descriptions to identify the pros and cons of the job.

Structure your answers - STAR approach - Situation, Task, Action, Approach

Time management - If you have multiple interviews to prepare for, schedule allocated time in your day to prepare for each process

Rest - Ensure to have a good night's rest prior to the day. Allow yourself no distractions in the last 15 mins leading up to your interview!

Section 3 - How to Stand Out on LinkedIn 🙌

Going through each section of your LinkedIn profile and tips on how to improve it!

Banner

Having a banner is best, don’t leave it empty.

Make it related to your desired role - a techy image for tech people, the image of the city’s business sector for business people

Profile picture

Have a profile picture to have an idea of who you are

Have the “Looking for work” banner on

Sub-section

The headline: Be passionate about who you are. Have key elements of who you are.

Have your name and pronouns

It's okay to use emojis in your profile - shows personality

Featured Section

Use the featured section to show off who you are

Show pieces of work you’ve done

Have certificates? Show them here

You can have up to 5 pieces in the featured section so choose wisely

It shows the employer how active you are in the community for tech people

Activity

Write posts every so often

Use hashtags (only 4-5 at most) to make your post reach more

Use hashtags that have a lot of followers (search in on LinkedIn to find out how many followers the hashtag has)

If you have recently been let go, make a post about it, with the hashtag, and people will repost or comment to help you

About

Another part where you can talk about yourself

Make it really personal

Be specific - not just a long paragraph about yourself

Key skills - programming languages, even things you are currently working to learn

Talk about your strong areas

Add a GitHub, Replit, GitLab, etc

Recommendation

If you have worked somewhere else, have an ex-coworker make a recommendation for you - employers love to see how other people who have interacted with you have to say about you

Talking to Hiring people - Not a section but a to-do

It can be scary but it’s okay to message the hiring individual to say “Hey I have recently applied, is it okay to look out for my application” and go on more about why you would be a good candidate.

The hiring managers have to look at so many applications and CVs/Reumes and they find it difficult to see people’s values and personalities so giving them a message will prompt them to search for your application and read through it.

Section 4 - Technical Interviews and Standing out to the Hiring manager in one 🚀🤘

Each company is different and will be doing it in a different way - e.g. one company tests your C# skills and another might test your PHP skills

Prepare by asking questions about what it would involve - most employers tell you what languages will be involved, if they don’t, ASK!

Coding exercises and Take-Home challenges are the most common

Understand what platform and what format will it be in e.g. what programming language you will use

Ask questions if you don’t understand something! - You don’t understand one part of the coding exercise, ask. It’s not weak to ask questions, you don’t want to do the exercise completely wrong.

Use Google - It's okay to Google to refresh your knowledge you've forgotten a bit. Googling is a skill in itself.

Use the STAR technique

Be honest and be yourself - don’t lie, be honest if you completely don’t understand something

Be confident in what you CAN do

How to Impress a Tech employer 👀

Ask questions 🤔

The relevant question to the job role

Ask about the team, company, culture, responsibilities, and career path, and even ask the Hiring Manger why they like their job also!

Don’t wing it

Highlight additional learning

Coding bootcamps, open source contributions, online free learning

Showcase your previous work

GitHub, GitLab, Projects, Presentations, etc.

Section 6 - Warning Signs from An Interview 😰❌

Not every company knows how to hire and interview well - making the whole process even worse. Here are some things to watch out for...

Structure ❌

No structure to the interview

No intro to set expectations

Not being able to articulate what the company does not get you excited about the work they do

Or it’s like they asked to do an interview with 10 minutes notice…

The Interviews 😨

Whenever you ask how long the interview process / how many rounds there will be and they don’t give you a concrete answer… start to worry…

Rule of 4 interviews - having so many rounds wastes your time and the company’s time. 4 interview rounds at most!

Quality ❌

It might be structured but they might be asking shit questions that have no relevance to the job role at all

E.g. “How many golf balls can you fit in a mini car?” Why are you asking me that when I’m applying for a C# Developer role?

Power to the people!!! 🤘💯

Leave reviews on Google, Glassdoor, or anywhere else if the interview process was terrible.

Let other people know what the company is really like!

Call them out and make them improve their interviewing process.

┌── ⋆⋅☆⋅⋆

Well, that's all! I hope some or all of the information I collected help you! If you think any of the information is incorrect or false, take it to the companies because I just copied what they presented on their slideshows 😋

Have a nice day/night and happy programming 👍🏾💗

└── ⋆⋅☆⋅⋆

208 notes · View notes

argyrocratie · 3 months

Text

Hein:

Also, let’s talk about your self-styled anarchism. How did you become an anarchist? Let’s say, for me, an incident was pivotal. For example, I fell in love with my childhood best friend, who is a devot Buddhist girl, whereas I’m just an average teenager who doesn’t take religions seriously. The majority of Buddhist society thought of my Muslim bloodline as something they could use to discriminate against me. At the same time, the so-called minority Muslim family members of mine are forcing me to convert my lover of that time by any means if I want to marry her. They said marrying an idolatry worshipper (Buddhist) is not legal under Islamic Sharia law, and it is sinful for me to do so. That’s when I started to question everything around me: the whole mainstream politics of victimhood and oppressors and the whole narratives of religions as lovingly and peaceful. Is there a similar kind of incident for you? Not necessarily a love affair like mine, but some sort of tragic moment in life where you became too angry at society.

Thiha:

I will have to explain my life to explain that. You will have to understand my socio-economic background. I came from a lower middle-class family in terms of social class. I’m the only son in the family, and my father is the sole source of income in the family, with my mom being a housewife. And the income was not too stable for him. So, this socio-economic burden came to me as well. After that GTI student movement, some friends of mine managed to get a bachelor's degree and entered the workforce. However, I didn’t have that chance. With the qualifications offered by GTI, I tried to seek job opportunities. Since we had to express religion and ethnicity in our CVs and resumes, along with the reference letter from the local police department, most employers used my religion as something they could use to discriminate against me with prejudice. Even the police from the police station asked me if I still could not secure a job, even though I had requested several reference letters from them. Those discriminations I suffered at my lowest time when my family needed me to support them play a role too. Also, at that time, Yangon University of Distance Education had opened, and law degrees were offered. I am enrolled in a law degree. I managed to graduate around 2005. The more I learned about laws, the more confident I’m to conclude that laws are being written to serve the interests of the ruling class. Laws are attempts to confuse the average population with the words and sentences to be cherrypicked by a “class of people” who are educated enough to use them. So, technically, laws are more or less similar to religion. Just as the clerical class has this kind of cherry-picking power over the average religious person, the laws also have similar features. So, even though I graduated with a law degree and was doing my internship chamber at the local state courts, I chose not to become a licensed lawyer.

-Hein Htet Kyaw, "Interview with Thiha, a lifelong anarchist thinker from Burma"

#anarchism #religion #burma #myanmar #atheism

17 notes · View notes

careernextplus · 9 months

Text

Clean Resume Template Google Docs, Word & Pages, Minimalist Executive Resume, Simple Modern Smooth Template, Minimal Resume Template 2023

#careernextplusresumetemplates #careernextplusresumewritingtips #elementary teacher resume #education resume cv

0 notes

acapelladitty · 9 days

Note

Any starting points or basic tips for someone who's never made a resume/CV? I don't really qualify for the jobs that ask for one instead of blindly hiring online (no completed education past high school level, only worked entry-level jobs) but it doesn't hurt to learn corpospeak just in case lol

I'll give an example! I once worked as a cashier in a Chinese restaurant and it was the most BASIC shitty job (didn't even have an electronic till and i sat with my feet up most of the time lmao) but on my CV the recount for said job read something like:

Customer Services (Restaurant): As part of my role within this establishment, I took lead responsibility in managing orders and ensuring that customers were satisfied with their purchases across both telephone and physical consultations. I also controlled the financial aspects of said purchases while ensuring that all transactions were recorded in an easy-to-access system which made tracking of orders more efficient. In terms of interpersonal relationships, I was responsible for developing and maintaining a consistent line of communication between front of house and back of house staff to make certain that all workers were up-to-date with necessary information. Due to the fast-paced nature of this role, I was consistently prepared for a shifting workload and this flexibility is a skill I have transferred across all aspects of my work ethic.

Sometimes, I think the best way to think about it is to consider every aspect of the work you have undertaken and morph that into how it would benefit the job you are applying for. If it's a very people-heavy job then focus on communication and interpersonal skills while if its more of an office job then the focus should be more on technical and practical skills etc.

#miss that job sometimes #an absolute skive lmao #job

9 notes · View notes

suryanm90 · 11 months

Text

Best practices for formatting and layout on your resume , Creating a <a href="https://www.truresume.ai">professional resume</a> is an essential step in securing your dream job. Your resume is the first impression that a potential employer will have of you, and it needs to stand out from the competition. Fortunately, with the help of truresume.ai, you can create a resume that showcases your skills and experience in a professional manner.

#resume #resume builder #education #resume maker #carrier #cv

0 notes

inscrutable-shadow · 8 months

Text

Whumptober 2023 Day 6 - Opening Act

@whumptober-archive

Alt Prompt - Lab Rat

In at the wire, amirite? And a form experiment? During Whumptober? Less likely than you'd think! I can't put a readmore in a chat format I am so sorry hopefully the new post shortening feature is sufficient ;-;

I don't feel comfy deciding how much of the Doc's backstory is canon to FCD right now so have a new banner, I guess. They should be about nineteen here, and this is one of their first subjects. Have them being horrifying for a bit lol.

contains: gore, medical experimentation, medical malpractice, lab whump

also available on ao3!

Partial audio recording recovered from raid of former Astra Group research facility. Subject has been identified from accompanying documents as subject 003-CV. [rustling sounds, as if the recording device is being worn around the DOCTOR’s neck. their voice is louder than 003’s because of the resonance.] 003: W-What are you going to do to me? DOCTOR: (brightly) Mm, well, I was thinking, given your broad shoulders and larger than average chest cavity, that you would be an excellent subject for my experiments regarding the integration of a secondary pulmonary system into a living human. I believe I have found a pair that will quite fit you.[sound like velcro pulling and leather stretching] DOCTOR: Ah, take care when you pull at the restraints! They are quite secure. I would not want you to injure yourself. 003: Extra lungs? What do I need extra lungs for? DOCTOR: Just think of the applications! You could hold your breath for twice as long. With some additional modifications, perhaps even breathe in and out at the same time. Much more efficient. Though, well, you are unlikely to do either. I am not arrogant enough to assume that my first attempt at this procedure will be that successful. 003: So I’m going to die? DOCTOR: Like as not, yes. 003: Didn’t you take an oath or something? Do no harm? DOCTOR: Me? Oh, certainly not! Even if I were in the habit of making promises I did not intend to keep, my education was… unorthodox. Not that I truly mind spinning public falsehoods, but life is easier when you keep those to a minimum, I think. [the clinking of metal tools] DOCTOR: Plus, I believe those sorts of ethical quibbles only hold the art of medicine back. To truly drive progress forward, we must be willing to do what was previously held to be impossible. 003: Wait! Er, why are you doing this? Surely there’s some other way to- DOCTOR: Ah, I see. You are working with a faulty premise. I am not some young, idealistic doctor blinded to ethics by their drive to seek the truth. On the contrary, I do this because I love it! [DOCTOR laughs] DOCTOR: Slicing through skin, pulling apart sinew, grinding through bone, I find it all absolutely delightful. Hold still a minute, quick pinch coming… 003: (slurred) What… what’d you give me? DOCTOR: That should numb the pain and prevent you from moving. It is a little experimental thing I have been working on. We shall see if it works, no? 003: Please… no… DOCTOR: Hush, love. The less you talk, the less it will hurt. [slicing sounds. 003 screams.] DOCTOR: (gleefully) Oops. I lied. [more slicing sounds. 003 continues to wail and moan.] DOCTOR: (giggling) Pardon me a moment. Need to… step away to compose myself… Ah, this is incredible! [their voice is muffled, as if pressing a hand over their surgical mask. the laughter’s volume is unchanged.] 003: You’re insane! DOCTOR: (still laughing) Oh, certainly! Glad to see you understand! [more giggles and a few deep breaths, then the slicing sounds resume.] DOCTOR: Oh, this is my favourite part. [the whirring of a bone saw. the DOCTOR hums a folk tune, possibly ‘Daisy Daisy’. 003 screams louder than previously, but is cut off. recording ends.]

taglist: @athenswrites, @i-eat-worlds, @demondamage you seem invested in doc stuff so idk if you want to be tagged? just let me know!

#whumptober 2023 #whumptober2023 #no.6 #alt prompt #lab rat #gore tw #oc #fic #original fiction #my writing #writeblr #coy writes #whumpblr #coy whumps #the doctor five card draw #first do harm au #it's not really an au but yanno #grownup doc laughs during procedures much less but yanno sometimes it just has to come out

19 notes · View notes