When verifying account on keybase, it generally helps to enter in the correct username.

Happy discovery of the day: cybrary.it/ has free online CISSP training. #infosec

WannaCry's "accidental hero" pleads guilty to malware charges, Samsung and Nokia have fingerprint fumbles, the NCSC publishes a list of 100,000 dreadful passwords, and Apple finds itself at the centre of an identity mix-up.

All this, and much much more, is discussed on the latest edition of the "Smashing Security" podcast.

Find us in your favourite podcast app, or on our website at smashingsecurity.com/125

Thinking about the case of Marcus Hutchins (@MalwareTech) who just plead guilty to writing banking Trojans. Wanted to do a poll to get people's opinions about that. Personally, I think that even if he did write the malware, it was so long ago and he seems to have made changes in his life that it seems a bit much to have held him in the US this long.

Got a chance to tell a story on with Jack Rhysider.

Ep 36: Jeremy from Marketing

"A company hires a penetration tester to pose as a new hire, Jeremy from Marketing, to see how much he can hack into in his first week on the job. It doesn’t go as planned."

You can listen to it here: darknetdiaries.com/episode/36/

5 lessons learned from the matrix.org breach:

infosec-handbook.eu/blog/matri

– purely focusing on technical security causes insecurity
– the cause of the breach isn’t limited to matrix.org at all
– think twice about using any service on the internet
– think twice about running your own server on the internet
– react to any security-related messages

#matrix #serversecurity #vulnerability #lessonslearned #goodpractices #responsibility #webserver #server #infosec #security #cybersecurity

I saw a survey that said that half of all security professionals would rather walk in a public restroom barefooted than connect to public Wi-Fi. Personally, I don't mind using public Wi-Fi if I can use my VPN. But if I can't use the VPN, then it's barefoot I go. What about you?


I was writing an email to a colleague stating some of my personal weakness and areas for growth in my career. In a tongue-in-cheek fashion I mentioned that I had trouble selling myself as a service to the employer. Got me thinking, what does that look like? Even with all the big breaches, it's hard to sell infosec to mahogany row. Any pointers on how to do this?


I just saw the dumbest attempt at hacking.

#1 Phishing email made an unconvincing and obvious attempt at appearing to be an insider.
#2 Hovering over link showed an entirely different link.
#3 L337 Haxxor copied and pasted Macro code on the Word doc, not into the Macros where it belongs.
#4 Haxxor didn't even copy and paste the whole Macro.

@JohnsNotHere I wish I had heard of your podcast sooner. I was listening to older episodes. Loved the D&D Tabletops. Wish I had heard them last year when I had to put together a TTE after only having a few months on the job.

Check out the latest "Smashing Security" where we discuss Office Depot customers being tricked into thinking they had malware, car alarm hacking, facial recognition... and our special guest even has time for a spelunk down a windy, twisty passageway!

Listen to the full show at smashingsecurity.com/122 or subscribe in your favourite podcast app.

New episode of Purple Squad Security is out now! John The Generalist, where I go solo and ramble about being a generalist within Information Security rather than a dedicated red or blue team practitioner. Listen if you like rambling.

purplesquadsec.com/podcast/epi

Some doubters think our VPN is run by some dude in a dolphin onesie. Rest assured, there’s a whole team of us. (Turn 🔉 ON) reddit.com/r/ProtonVPN/comment

#Email is the oldest and most popular way to communicate online.

However, some email providers don't respect privacy. For example, Gmail reads your mail and lets third parties read it too.

There are much more privacy-friendly email providers out there, for example:

Tutanota
tutanota.com/
@Tutanota

Posteo
posteo.de/en

Protonmail
protonmail.com

Fastmail
fastmail.com

Thexyz
thexyz.com

#AlternativesAtoZ #DeleteGmail

It seems that ASUS employees uploaded some of their passwords to GitHub:

techcrunch.com/2019/03/27/asus

If true, this may have led to the compromise of their update servers, now known as Operation ShadowHammer:

mastodon.at/@infosechandbook/1

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.