"We simply have too much critical internet infrastructure maintained by a handful of people in their spare time. And those few people are often not able or incentivized to evaluate what they're creating from a security standpoint.
(...) It's our fault because we know how bad the situation is and we just YOLO through life as if we didn't. The result is that we get to learn about internet-stopping vulnerabilities from the Minecraft community."
I like this quote from Daniel Miessler re. log4shell:
"What's so remarkable about this vulnerability (...) is the root cause at the developer incentives level. Like Heartbleed—the project had very few eyes on it, and all those eyes were volunteers. (...) We should be thinking about is how many other projects are out there that have similar characteristics:
1.The project is maintained by very few people in their spare time
2.If the project had a major issue it would disrupt the entire internet
Very intresting and exciting read on how bitlocker keys can be sniffed out from TPM, and what that could mean for a corporate that has a laptop stolen:
Nu är jag och Mattias tillbaka i studion igen och denna gång tar vi oss an säkerhetsskanning, som visar sig vara något mer än att bara trycka på en knapp och få ut en rapport. Vi har tjänster som lovar full säkerhet, bara man köper deras tjänst och läser listan med alla röda, gula och gröna lampor. Så hur måste man gå tillväga för att kunna känna att man har koll på sitt nätverk och allt som är inkopplat där?
I know this is a long shot, but I'm learning #python and looking for guidance from someone to help me get a grip on the basics for my home projects during my parental leave. Intrested? Please let me know in that case and lets get to know eachother!
The infosec handbook has left the fediverse:
I joined the fediverse thanks to them. Understandable decision, but still - what a loss... 💔
Amazon just went live in Sweden and, wow, the degree or translation errors is HILARIOUS. Some products are translated to the letter (the game "watchdogs" became "looking at dogs") and some products were described with våldtäkt (rape) in their description. This is machine learning going, like, REALLY sideways.
Well, I guess AI isn't so scary after all... 😁
Stupid question: if I host a webside over itty.bitty.site without SSL certificate, but with a hash at the end of the website, then the end-user could check the websites integrity and authentication against my GPG public key to prove that it hasn't been tampered with and was written by me.
What the end-user won't get is the TLS-encrypted connection and transfer of the website.
Am I getting it right?
Swedish Consumers Association did not show mercy to Amazon in their open letter, in regards to them establishing their presence in the next few weeks: https://www.sverigeskonsumenter.se/media/40ydnrpm/letter-to-amazon-270820.pdf
I used to be excited for Amazon coming to Sweden, but I rather spend my money on a company that is *slighty* more ethical in their business practices.
Third time I'm deleting Facebook over course of its inception - and now for good.
It is a disease to modern society. A plague of privacy abuse and desinformation that causes deadly outcomes from anti-vaxxers and insane conspiracies. It has gone from being a tool of communication to being a weaponised platform for destabilisation and propaganda.
Fuck Facebook. The less people using it - the better.
CTO in a NGO. Passionate for technological advancement, social justice and a balanced life.
Self-proclaimed world champion in airhockey.
A Mastodon instance for info/cyber security-minded people.