Pinned toot

Well, it's happening. I've been asked to start presenting to my senior leadership and eventually my board on security concerns within my org. What metrics do you guys share? I have a list (AV stats, phishing stats, training stats, details on pen test results and resolutions, vulnerability assessment results, etc).

What do you share with your leadership when it comes to security? Also looking for recommendations on reading materials or talks on this. ;-)

Pinned toot

For those who are in and around Waterloo, Ontario (in Canada), we have our CFP live! Even if you're not, feel free to look, we're just not offering travel assistance in our first year.

Two tracks, one business and one technical. If you're interested in speaking, take a look:

papercall.io/cybercityconf

Website: cybercityconf.io

Tickets will be available soon for those interested in coming without speaking.

Pinned toot

Me and a few friends are starting up a new Infosec conference in my home base of Waterloo, Ontario. Details are on Twitter but I'm re-posting here for those who may be interested. Come have a look!

----

We are very excited to announce that we will be holding a and conference in @Catalyst137kw on 01.10.2019!!

Call for papers and registration will open up soon.

Follow us for all the details!

Pinned toot

Got a small tip for those doing . When using -- to comment, add a space and another -. MySQL-like engines need whitespace and a character following the -- to know its a comment, and most forms trim whitespace from input values. See: mysqltutorial.org/mysql-commen

It's official... Fediverse meetup spoonsored by hackers.town will be at DEF CON on August 9th.

We're going to be in the program even...

When the product is free, you are not the customer.

Well, it's happening. I've been asked to start presenting to my senior leadership and eventually my board on security concerns within my org. What metrics do you guys share? I have a list (AV stats, phishing stats, training stats, details on pen test results and resolutions, vulnerability assessment results, etc).

What do you share with your leadership when it comes to security? Also looking for recommendations on reading materials or talks on this. ;-)

By the gods it happened again! Many thanks to @tinker for joining me for another set of stories! Oh, and I finally got to hear how he managed to get that DC that we were all curious about. ;-)

This is a new one: a robocall saying my Apple account has been breached.

For those who are in and around Waterloo, Ontario (in Canada), we have our CFP live! Even if you're not, feel free to look, we're just not offering travel assistance in our first year.

Two tracks, one business and one technical. If you're interested in speaking, take a look:

papercall.io/cybercityconf

Website: cybercityconf.io

Tickets will be available soon for those interested in coming without speaking.

Me and a few friends are starting up a new Infosec conference in my home base of Waterloo, Ontario. Details are on Twitter but I'm re-posting here for those who may be interested. Come have a look!

----

We are very excited to announce that we will be holding a and conference in @Catalyst137kw on 01.10.2019!!

Call for papers and registration will open up soon.

Follow us for all the details!

I do not consider myself a smart man. I *do* consider myself a stubborn man, Sometimes you'll face something hard, something you don't know, something you don't understand.

Don't.
Give.
Up.

Do what you need to in order to overcome it. You'll be a better person for it after.

Google Street View letting you case a joint by going into its parking lot and checking rear doors and loading docks is one thing.

Letting you use 360° Photo to case a lobby (and get an idea of physical security and security guards) is another thing entirely.

This is nice!

Turns out some security experts are just paying the ransom and charging the victims for it. That's incredibly gross.
features.propublica.org/ransom

Israeli espionage firm hacks WhatsApp. Can install spyware with missed call.

theguardian.com/technology/201

My advice: dump WhatsApp today and start using Wire (wire.com/en/products/personal-). Tell your friends and family to do the same. (It’s a simple, free download on all app stores. Easy to use, doesn’t require your phone number, and their business model is based on charging for commercial use and for pro accounts.)

You can find more alternatives on @switchingsocial (switching.social/ethical-alter)

#WhatsApp

Lenovo BIOS Update:
- [Important] Enhancement to address security vulnerability CVE-2018-12126,
(cve.mitre.org/cgi-bin/cvename.)
anticipated to be published 05/14/2019.
- [Important] Enhancement to address security vulnerability CVE-2018-12127,
(cve.mitre.org/cgi-bin/cvename.)
anticipated to be published 05/14/2019.
- [Important] Enhancement to address security vulnerability CVE-2018-12130,
(cve.mitre.org/cgi-bin/cvename.)
anticipated to be published 05/14/2019.
- Updated the CPU microcode.

:flan_think:

So for those who want the full background, I found the original Register article that sparked this, as well as the research done:

theregister.co.uk/2019/04/16/s

and

vc.gg/spamhaus-post-draft.txt

I'll leave my personal opinions out of the Fediverse since I rather like it here.

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.