JohnsNotHere 
@JohnsNotHere@infosec.exchange
- Podcast
- https://purplesquadsec.com/
#Podcaster, Father, #Infosec and knowledge junkie. Defender of the Oxford comma and lover of good BBQ. Toots are my own, but YMMV.
Joined Aug 2018
Pinned toot
Well, it's happening. I've been asked to start presenting to my senior leadership and eventually my board on security concerns within my org. What metrics do you guys share? I have a list (AV stats, phishing stats, training stats, details on pen test results and resolutions, vulnerability assessment results, etc).
What do you share with your leadership when it comes to security? Also looking for recommendations on reading materials or talks on this. ;-)
Pinned toot
For those who are in and around Waterloo, Ontario (in Canada), we have our CFP live! Even if you're not, feel free to look, we're just not offering travel assistance in our first year.
Two tracks, one business and one technical. If you're interested in speaking, take a look:
https://www.papercall.io/cybercityconf
Website: https://cybercityconf.io
Tickets will be available soon for those interested in coming without speaking.
Pinned toot
Me and a few friends are starting up a new Infosec conference in my home base of Waterloo, Ontario. Details are on Twitter but I'm re-posting here for those who may be interested. Come have a look!
----
We are very excited to announce that we will be holding a #cybersecurity and #privacy conference in #waterlooregion @Catalyst137kw on 01.10.2019!!
Call for papers and registration will open up soon.
Follow us for all the details!
#CyberCityConf
#WelcometotheCyberCity
Pinned toot
Got a small #SQLi tip for those doing #KringleCon. When using -- to comment, add a space and another -. MySQL-like engines need whitespace and a character following the -- to know its a comment, and most forms trim whitespace from input values. See: http://www.mysqltutorial.org/mysql-comment/
JohnsNotHere
boosted
boosted
It's official... Fediverse meetup spoonsored by hackers.town will be at DEF CON on August 9th.
We're going to be in the program even...
JohnsNotHere
boosted
boosted
When the product is free, you are not the customer.
JohnsNotHere
boosted
boosted
Defensive Security Podcast Episode 236
https://defensivesecurity.org/defensive-security-podcast-episode-236/
Well, it's happening. I've been asked to start presenting to my senior leadership and eventually my board on security concerns within my org. What metrics do you guys share? I have a list (AV stats, phishing stats, training stats, details on pen test results and resolutions, vulnerability assessment results, etc).
What do you share with your leadership when it comes to security? Also looking for recommendations on reading materials or talks on this. ;-)
By the gods it happened again! Many thanks to @tinker for joining me for another set of stories! Oh, and I finally got to hear how he managed to get that DC that we were all curious about. ;-) #infosec #podcast #tinkerunchained
JohnsNotHere
boosted
boosted
This is a new one: a robocall saying my Apple account has been breached. #phishing
For those who are in and around Waterloo, Ontario (in Canada), we have our CFP live! Even if you're not, feel free to look, we're just not offering travel assistance in our first year.
Two tracks, one business and one technical. If you're interested in speaking, take a look:
https://www.papercall.io/cybercityconf
Website: https://cybercityconf.io
Tickets will be available soon for those interested in coming without speaking.
JohnsNotHere
boosted
boosted
A Love Letter to Information Security
https://medium.com/@Hpatton/a-love-letter-to-information-security-8678c3f3843f #infosec
Me and a few friends are starting up a new Infosec conference in my home base of Waterloo, Ontario. Details are on Twitter but I'm re-posting here for those who may be interested. Come have a look!
----
We are very excited to announce that we will be holding a #cybersecurity and #privacy conference in #waterlooregion @Catalyst137kw on 01.10.2019!!
Call for papers and registration will open up soon.
Follow us for all the details!
#CyberCityConf
#WelcometotheCyberCity
Episode 56 – John Reads: Choose Your Own Red Team Adventure
https://purplesquadsec.com/podcast/episode-56-john-reads-choose-your-own-red-team-adventure/
I do not consider myself a smart man. I *do* consider myself a stubborn man, Sometimes you'll face something hard, something you don't know, something you don't understand.
Don't.
Give.
Up.
Do what you need to in order to overcome it. You'll be a better person for it after.
JohnsNotHere
boosted
boosted
Google Street View letting you case a joint by going into its parking lot and checking rear doors and loading docks is one thing.
Letting you use 360° Photo to case a lobby (and get an idea of physical security and security guards) is another thing entirely.
This is nice!
JohnsNotHere
boosted
boosted
Turns out some security experts are just paying the ransom and charging the victims for it. That's incredibly gross.
https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
JohnsNotHere
boosted
boosted
Israeli espionage firm hacks WhatsApp. Can install spyware with missed call.
My advice: dump WhatsApp today and start using Wire (https://wire.com/en/products/personal-secure-messenger/). Tell your friends and family to do the same. (It’s a simple, free download on all app stores. Easy to use, doesn’t require your phone number, and their business model is based on charging for commercial use and for pro accounts.)
You can find more alternatives on @switchingsocial (https://switching.social/ethical-alternatives-to-whatsapp-and-skype/)
JohnsNotHere
boosted
boosted
Lenovo BIOS Update:
- [Important] Enhancement to address security vulnerability CVE-2018-12126,
(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126)
anticipated to be published 05/14/2019.
- [Important] Enhancement to address security vulnerability CVE-2018-12127,
(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127)
anticipated to be published 05/14/2019.
- [Important] Enhancement to address security vulnerability CVE-2018-12130,
(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130)
anticipated to be published 05/14/2019.
- Updated the CPU microcode.
Purple Squad Security - Episode 55 – Talking Privacy with Matt Beland
https://purplesquadsec.com/podcast/episode-55-talking-privacy-with-matt-beland/
JohnsNotHere
boosted
boosted
Ever app users uploaded billions of photos, unaware they were being used to build a facial recognition system.
JohnsNotHere
boosted
boosted
Mysterious hacker has been selling #Windows #0days to APT groups for three years
https://www.zdnet.com/google-amp/article/mysterious-hacker-has-been-selling-windows-0-days-to-apt-groups-for-three-years/
Purple Squad Security Episode 54 – Tribe of Hackers with Marcus J. Carey
https://purplesquadsec.com/podcast/episode-54-tribe-of-hackers-with-marcus-j-carey/
So for those who want the full background, I found the original Register article that sparked this, as well as the research done:
https://www.theregister.co.uk/2019/04/16/spamhaus_port_scans/
and
https://vc.gg/spamhaus-post-draft.txt
I'll leave my personal opinions out of the Fediverse since I rather like it here.
- Podcast
- https://purplesquadsec.com/
#Podcaster, Father, #Infosec and knowledge junkie. Defender of the Oxford comma and lover of good BBQ. Toots are my own, but YMMV.
Joined Aug 2018
