"We simply have too much critical internet infrastructure maintained by a handful of people in their spare time. And those few people are often not able or incentivized to evaluate what they're creating from a security standpoint.

(...) It's our fault because we know how bad the situation is and we just YOLO through life as if we didn't. The result is that we get to learn about internet-stopping vulnerabilities from the Minecraft community."

Show thread

I like this quote from Daniel Miessler re. log4shell:

"What's so remarkable about this vulnerability (...) is the root cause at the developer incentives level. Like Heartbleed—the project had very few eyes on it, and all those eyes were volunteers. (...) We should be thinking about is how many other projects are out there that have similar characteristics:
1.The project is maintained by very few people in their spare time
2.If the project had a major issue it would disrupt the entire internet

@stemid I've been wanting to play it, specially since it's been out on stadia. My potato machine can only run ASCII roguelikes natively 🥔

@itsakerhetspodden Bra avsnitt! Angående Kaseya attacken, det sägs (varning för lösa källor...) att dekrypteringsnyckeln gavs ut av USAs underrättelsetjänst för att återställa ransomware attacken. Men, det är sånt man aldrig kan få veta säkert...

@giffengrabber @stemid Intressant! Jag hittade hit tack vare keybase... 😁

@joacim And the public transport system survived... This time.

Question to all cybersec professionals out there: what certificate does hold more weight in your field: ones from ISC(2) or those from CompTIA?

@mc@mastodon.sdf.org @joacim At times like these, we need the likes of Amelia Andersdotter and the pirate party...

Very intresting and exciting read on how bitlocker keys can be sniffed out from TPM, and what that could mean for a corporate that has a laptop stolen:


How I feel about the current sunny conditions right now.

@seb interesting! So it's a kind of a sexy RSS reader that mastodon instances can connect to? Look intriguing!

@seb what's a Lemmy instance? A name for a certain version?

@itsakerhetspodden ingen stress! Förstår också om ni väljer bort Mastodon. Är ju en ganska liten "nischad" skara här 😊

:bash: krash boosted

Nu är jag och Mattias tillbaka i studion igen och denna gång tar vi oss an säkerhetsskanning, som visar sig vara något mer än att bara trycka på en knapp och få ut en rapport. Vi har tjänster som lovar full säkerhet, bara man köper deras tjänst och läser listan med alla röda, gula och gröna lampor. Så hur måste man gå tillväga för att kunna känna att man har koll på sitt nätverk och allt som är inkopplat där?


@dasyatidprime Awesome! My need is mostly to make sure that I understand some basic concepts for rather simple programs. As for medium and timing, maybe once a week over IMs or email. I'm flexible 😀

@isagalaev it is indeed, never thought I'd get people actually intrested in helping out ☺

I know this is a long shot, but I'm learning and looking for guidance from someone to help me get a grip on the basics for my home projects during my parental leave. Intrested? Please let me know in that case and lets get to know eachother!

The infosec handbook has left the fediverse:

I joined the fediverse thanks to them. Understandable decision, but still - what a loss... 💔

Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.