"We simply have too much critical internet infrastructure maintained by a handful of people in their spare time. And those few people are often not able or incentivized to evaluate what they're creating from a security standpoint.

(...) It's our fault because we know how bad the situation is and we just YOLO through life as if we didn't. The result is that we get to learn about internet-stopping vulnerabilities from the Minecraft community."

Show thread

I like this quote from Daniel Miessler re. log4shell:

"What's so remarkable about this vulnerability (...) is the root cause at the developer incentives level. Like Heartbleed—the project had very few eyes on it, and all those eyes were volunteers. (...) We should be thinking about is how many other projects are out there that have similar characteristics:
1.The project is maintained by very few people in their spare time
2.If the project had a major issue it would disrupt the entire internet

Question to all cybersec professionals out there: what certificate does hold more weight in your field: ones from ISC(2) or those from CompTIA?

Very intresting and exciting read on how bitlocker keys can be sniffed out from TPM, and what that could mean for a corporate that has a laptop stolen:


How I feel about the current sunny conditions right now.

:bash: krash boosted

Nu är jag och Mattias tillbaka i studion igen och denna gång tar vi oss an säkerhetsskanning, som visar sig vara något mer än att bara trycka på en knapp och få ut en rapport. Vi har tjänster som lovar full säkerhet, bara man köper deras tjänst och läser listan med alla röda, gula och gröna lampor. Så hur måste man gå tillväga för att kunna känna att man har koll på sitt nätverk och allt som är inkopplat där?


I know this is a long shot, but I'm learning and looking for guidance from someone to help me get a grip on the basics for my home projects during my parental leave. Intrested? Please let me know in that case and lets get to know eachother!

The infosec handbook has left the fediverse:

I joined the fediverse thanks to them. Understandable decision, but still - what a loss... 💔

Amazon just went live in Sweden and, wow, the degree or translation errors is HILARIOUS. Some products are translated to the letter (the game "watchdogs" became "looking at dogs") and some products were described with våldtäkt (rape) in their description. This is machine learning going, like, REALLY sideways.

Well, I guess AI isn't so scary after all... 😁



:bash: krash boosted

Good on the EU Parliament!

"The European Parliament rejected a proposal to ban terms such as “burger” and “sausage” to describe plant-based food. Europe’s farming lobby had claimed that using meat-like names could confuse consumers".

Out of all the risks of 5G, there is one that I'm really afraid of. That is the web becoming even more bloated than it is today thanks to higher bandwith in the 5G network.

The web needs to be saved from the current "track everything" paradigm 😕

There's one kind of party that I hope will be wipe off the earth's face, that is recent and that belongs to the medieval times...

"Gender reveal party".


:bash: krash boosted

Since when did external full-size keyboards require the fn-key to be pressed in order to use F1-F12?! *rants shockingly*

Stupid question: if I host a webside over itty.bitty.site without SSL certificate, but with a hash at the end of the website, then the end-user could check the websites integrity and authentication against my GPG public key to prove that it hasn't been tampered with and was written by me.

What the end-user won't get is the TLS-encrypted connection and transfer of the website.

Am I getting it right?

Swedish Consumers Association did not show mercy to Amazon in their open letter, in regards to them establishing their presence in the next few weeks: sverigeskonsumenter.se/media/4

I used to be excited for Amazon coming to Sweden, but I rather spend my money on a company that is *slighty* more ethical in their business practices.

Third time I'm deleting Facebook over course of its inception - and now for good.

It is a disease to modern society. A plague of privacy abuse and desinformation that causes deadly outcomes from anti-vaxxers and insane conspiracies. It has gone from being a tool of communication to being a weaponised platform for destabilisation and propaganda.

Fuck Facebook. The less people using it - the better.

To all Swedish speakers: säg hej till @itsakerhetspodden som just anlände till Mastodon! En informativ och underhållande podd om IT-säkerhet.

Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.