biffbiffbiff 
@biffbiffbiff@infosec.exchange
- XMPP
- Biffalo@trashserver.net
- Wire
- @biffalo
- biffalo@protonmail.com
father, husband, sysadmin, infosec hobbyist, technology junky, trail runner, urban explorer, nap taker.
Joined Aug 2018
I'm back - what did I miss?😂
If you do this you're bad and should feel bad. Cmon intel...
Best ticket notes I've ever entered.
"Found that a switch located behind the server had been accidentally been unplugged during the discarding of an empty pizza box. Plugged switch back in and moved plug to ups which is less prone to pizza box related downtime."
Worth noting this was only vulnerable if you allowed for user's to change their own password which is off by default.
Patch your webmin http://webmin.com/security.html
biffbiffbiff
boosted
boosted
@biffbiffbiff I know, but I worry that it'll become a permanent backdoor into my phone.
As long as they're watching my convos, I know they're doing it. I ASSUME they are watching, so that's a point for me. What I'm worried about is what they're doing OUTSIDE of the app.
Andddddddd I'm uninstalling WhatsApp.. https://www.schneier.com/blog/archives/2019/08/facebook_plans_.html
Fun fact. Friend of a friend owns a bar. Scott Stapp played a show last week. Manager called at last minute and said he required a "full sized wooden cross" in his dressing room and none of me was surprised.
Listen if we're going to elect people in USA based on meme potential...what is a better matchup than Trump vs Marianne Williamson?
I write a lot of documentation/wikis at work. Its fun, but also setting me up for future rage when someone asks me something that I know there is a wiki for... double edge sword.
From birdsite. This is most entertaining thing Papa Roach has done since like 2001-2002
I wrote about this briefly. Require strong password of good length. Only reset if you think is breached. Use unique random passwords everywhere. Call your mom. Brush your teeth.
https://adventuresinit.net/books/guides/page/recurring-password-changes-hurt-security
👏 requiring 👏 users 👏 to 👏 change 👏 passwords 👏 all 👏 the 👏time 👏 hurts 👏 security 👏 please 👏stop 👏 it.
When client gets ransomware via open rdp when you have 2x 2 month old tickets where you notified them that is was bad and they needed to let you turn it off.
Followup to toot earlier in the week, I've posted my baseline security audit we do for new client onboardings. Huge thanks to @troyhunt and @MGrafnetter for making this possible and making my job easier.
biffbiffbiff
boosted
boosted
No gods.
No masters.
No saviors.
No kings.
No fate but what we make.
- XMPP
- Biffalo@trashserver.net
- Wire
- @biffalo
- biffalo@protonmail.com
father, husband, sysadmin, infosec hobbyist, technology junky, trail runner, urban explorer, nap taker.
Joined Aug 2018
