Liam boosted
Liam boosted

This thread is very much worth reading, an interesting way of viewing code. That's patterns I've seen before and fought against.

I wonder, what does it tell about a company culture if the codebase is dominated by the "fearful" coding style?

twitter.com/pati_gallardo/stat

BCP and DR? Lesson for any business, make plans and test often.

Digital exchange loses $137 million as founder takes passwords to the grave | Ars Technica arstechnica.com/information-te

Systemd - the gift that keeps on giving. Make sure you are patched.

Linux user? Check those patches! Public exploit published for systemd security holes… wp.me/p120rT-1Q9m

Liam boosted

1. I can not imagine the users, children and teens, have full informed consent.

2. I feel dirty reading this article. No app (maybe antivirus) should install a root cert. This is terrible invasion of privacy and misuse of user trust.

3. No, just no.

Facebook pays teens to download Research app with root access outside App Store Facebook pays teens to download Research app with root access outside App Store techcrunch.com/2019/01/29/face

As if is not a handful enough for non EU countries, now we need to worry about no deal

bhconsulting.ie/no-deal-brexit

The more Zuckerberg tightens his grip ( on the truth ) the more users slip through his fingers.

In WSJ Op-Ed, Mark Zuckerberg Speaks Down to Users and Misses the Point

eff.org/deeplinks/2019/01/wsj-

Lesson learned, make local copies all NIST docs before the next US Gov shutdown.

It is hard to direct people to standards docs when they are not available.

Liam boosted

Hi All

I’m after some advice from the community, I’ll be publishing advised and best practices for regular people in an easy to understand way, mostly via a blog and facebook. I would like to get feedback on what topics, also why that topic. If you know of a great example already please let me know. The aim is to help regular people be more aware of the pitfalls of computers and security, making the internet a safe place for all.

I’m open to all suggestions.

Thank you

Cloud creep cleanup.

Slowly closing out all the free cloud storage accounts that were the rage 5+ years ago, and merging into a self hosted instance.

I am down to only 1 Google drive, 1 Amazon drive, 1 Box account, 1 AWS Glacier.

Closed out 2 accounts, 1 Mega account, 2 free S3, 1 , 1 , 1

How many free clouds are you using?

Liam boosted

Emergency Directive 19-01 - Mitigate DNS Infrastructure Tampering.

cyber.dhs.gov/ed/19-01/

The real problem is not the DNS infrastructure but the stolen credentials. Sure, controls can be put in place to measure DNS setting deltas but why are credentials tied to a regular user account in the first place.

Is Privacy a Right?

"What matters is that the right thing to do is work is on tech that gives each of us ways to guard our private spaces and signal to others what's okay and what's not okay."

linuxjournal.com/content/priva

Liam boosted

Free one day conference for women in cybersecurity, on Feb 22. Day of Shecurity -

dayofshecurity.com/

Instead of "smart" devices, may we have smart business decisions leading to smart and secure devices?

Conducting a code review of a website input script. Ran across this puzzling question:

Just how many nested replace functions are required to mitigate SQL injection attacks?

Answer? Sigh, wrong question.

Infosec Exchange

A Mastodon instance for info/cyber security-minded people.