Security Errata
@securityerrata
Pointing out the good and bad in InfoSec via links, RTs, and commentary. This account is no longer monitored.
You might like
I am verifying that @hexwaxwing's new account is now @0xwxwng. I have authenticated her identity, so as not to cause any doubt or confusion. She locked herself out of her old account in 2021 and wanted her identity to be verified for this account.
Reminder! Anyone can write a blog / article exposing bad actors, be it threat actors or 'infosec' bad actors. Cross your T's, dot your I's, consult your lawyers (seriously). But it isn't as difficult as people think, and the more that do it, the harder it is for the bad ones.
Incidents like this is why I wish @attritionorg was still being updated. I didn't realize this dude was such a mess until Jack spoke up.
This has long been concern for victims of domestic violence/stalking who risk escalating prob when they discover they're being tracked and disable it. Security people who help victims remove spyware from their phones have to be careful about this risk people.com/man-allegedly-…
Got email this wk from writer who got laid off from job and wanted advice to go freelance. My advice: Never sign 1st contract they give you. Always negotiate better terms or write for pub that will give better terms. They do exist and the editors tend to be nicer, more respectful
Read this thread. Resiliency is the new landscape. One and done "hacks" are not how the world works.
You *can* win at defense in cyber security. Many orgs tell you that if an attacker lands on a system, or takes over a single account, that you've "failed" That's simply not true. If you believe you have to be perfect to win, buckle up... this is the thread for you! 1
STOP POSTING FAKED STUNT HACKS! Remember the guy "smoking" his power meter with a Flipper? Yet another faked video! The guy (Peter Fairlie) had extra meters setup on the side of his house for this, & these meters can't do what is shown anyway. youtube.com/watch?v=QmNAA2…
youtube.com
YouTube
Flipper Zero Kills Smart Meter?? - Reverse Engineering News - June...
“A Survivor’s Guide to Talking About Sexual Assault: The Quick List of Do’s and Don’ts” by Ariel Robinson link.medium.com/HBLBVT1TuAb Hey @HushCon ! Here’s a resource
A popular newspaper in Switzerland claims that the rise of successful cyber attacks is because we do not talk about them. This is utter rubbish. They are possible because management doesn’t care and wants to optimize profits. That’s the main reason. Everything else is a lie.
Forbes just created a top 200 list of the most secure companies. This will end badly. H/T @mikepsecuritee forbes.com/lists/most-cyb…
Stunning details in this FTC settlement with Amazon’s Ring security camera company. Employee viewed 1000s of videos from women’s bathrooms & bedrooms. Hackers used two-way functionality to taunt children with racist slurs, sexually proposition owners. Family threatened for ransom
The FTC press release on its settlement with Ring 👇🏻 ftc.gov/news-events/ne…
XDR companies trade for billions & we can't protect against "wmic, ntdsutil, netsh, and PowerShell." #weak Test your tools, learn your gaps and fix them. Focus on resiliency not some vendor pitch. If you can't go hunt these TTP's right now you're blind. cisa.gov/news-events/cy…
TL;DR: Skytalks has regretfully decided to not participate in DEF CON 31. For our full statement, read our full blog here: skytalks.info/skytalks-2023-…
Kelly's family wishes to prevent rumors on circumstances of her passing from being spread. Kelly did not take her own life, but passed due to progressed critical illness, in a hospitalized setting surrounded by her family.
🔥 take: I take a lot of notes on who in the security industry pops off on the current zeitgeist without _any_ actual knowledge of the situation. Nuance means so much in security… to bloviate by “reading between the lines” is irresponsible.
Much like cDc and them bragging about their lies during the 90's and 00's, gloating at how they deceived the media.
'Ethical hacker' among ransomware suspects cuffed by Dutch cops reg.cx/47zR?utm_sourc…
I don't have a CISSP mostly because I'd be too embarrassed. To pass the test, you have to claim things that are false. For example, from this official study guide, the entire page is complete nonsense -- none of it's true.
I cannot describe the agony of resetting/losing a phone that had your Authentication app on it. I’m four hours in to an absolute disaster of an evening that will stretch so long. 2FA apps NEED to have multi-device access
United States Trends
- 1. Blazers 4,705 posts
- 2. Will Richard 4,704 posts
- 3. Horford 1,442 posts
- 4. Marcus Smart 1,679 posts
- 5. Westbrook 5,342 posts
- 6. #AEWDynamite 18.9K posts
- 7. #RipCity N/A
- 8. Podz 2,024 posts
- 9. Kuminga 2,976 posts
- 10. #Survivor49 3,198 posts
- 11. Spencer Knight N/A
- 12. Bertuzzi N/A
- 13. Sochan 1,781 posts
- 14. #AmphoreusStamp 3,277 posts
- 15. Klay 7,097 posts
- 16. Deni 5,583 posts
- 17. Dalton Knecht N/A
- 18. Godzilla 30.6K posts
- 19. Jaylen Brown 7,587 posts
- 20. #SistasOnBET 2,244 posts
You might like
-
Paul Asadoorian @[email protected]
@securityweekly -
Ron Gula
@RonGula -
jericho
@attritionorg -
Wicked Pond
@WeldPond -
Erin Jacobs
@SecBarbie -
jcran
@jcran -
Chris Nickerson
@indi303 -
Ian
@iiamit -
David Litchfield
@dlitchfield -
InfosecMafia
@infosecmafia -
Kevin Johnson - Same on the Blue site. :)
@secureideas -
Security4all
@security4all -
Steve Werby
@stevewerby -
Ryan Dewhurst
@ethicalhack3r
Something went wrong.
Something went wrong.