Some people work while they're stressed and locked indoors. I wrote most of a book during the covid crisis:

twitter.com/search?q=from%3Ado

I was feeling pretty pleased with myself on that score, but then I found out what Oriol Ferrer Mesià did with his time.

His "Modern Retro Computer Terminals" project are a series of tiny computers built around low-cost processors like the Raspberry Pi and Nvidia Jetson Nano, run off a 3D printer and assembled.

uri.cat/projects/modern-retro-

1/

Even though I'm skeptical of the methodology behind things like Gartner's Magic Quadrant and Forrester's WAVE, it is still a nice compliment to be at or near the top on things like that!

And doubly so when it's because we've invested heavily in making a better security tool experience for developers

businesswire.com/news/home/202

I finally am getting around to learning Golang (yay!) and JavaScript (meh!)

And once again I’m reminded that most language tutorials assume this is your first language. There’s got to be something between “learn x in y minutes” and “here let me teach you how to program, incidentally in x”

Apple now requires app authors to post a privacy “nutrition label” on all apps. This is outstanding and helps make this information understandable to end users.

For example, here’s Facebook’s privacy label.

I remember when netbooks were A Thing, and it was because there was a market for “laptop that’s ok being underpowered because it’s so cheap and portable”, which has now been largely eaten by chromebooks and tablets

I want the same thing to happen again but with “this is a really nice screen and keyboard, but otherwise it’s basically a thin client”. Like a slightly less constrained Chromebook with a different set of trades

I'm hiring a Principal Security Researcher at Veracode. Fully remote always (not just for pandemic times). If you're interested or know someone, please either by apply at the link below or DM me here. Happy to answer any questions. Boosts appreciated

(also, I'm new at job descriptions so if you have advice on this one, please tell me)

veracode.com/job-post?gh_jid=4

What's the collective wisdom on how much having a CEH (Certified Ethical Hacker) cert says about someone's pen-testing skills?

I seem to remember it being pretty basic, but I haven't looked at it in a while...

I'm hiring a Principal Security Researcher at Veracode. Fully remote always (not just for pandemic times). If you're interested or know someone, please either by apply at the link below or DM me here. Happy to answer any questions. Boosts appreciated

(also, I'm new at job descriptions so if you have advice on this one, please tell me)

veracode.com/job-post?gh_jid=4

I can’t believe I just wrote this up. 

BotNet:Gr@vy8o47(APT: Cold Turkey) 
 
BotNet:Gr@vy8o47 is a botnet that targets a specific vulnerability in Wifi connected Turkey Fryers around the globe. Massachusetts based APT:0xc00lturk3y Is the organizer behind the attacks. 

USpol, COVID, rant 

Welp, congrats everyone who completely ignored or massively downplayed the risk of COVID for political or economic reasons—we're back in lockdown until mid-December to try to keep hospitals from being overrun, you short-sighted, ignorant fucks

Hi. I know there are some folks who built their own super low profile split keyboards.. Unfortunately, I didn't bookmark the posts in question.

Which ones do you have? Asking for a friend who's looking to migrate away from an ortholinear setup.

Always proud of the work @Veracode@twitter.com does on the State of Software Security report. Volume 11 is no exception: info.veracode.com/report-state

(If you don't want to give out your contact for access, hit me up and I'll happily get you a copy)

If you use 3rd party network filters (like VPN clients or firewalls) on macOS, hold off on Big Sur. Pretty big hole that Apple's apps use and malware can use to bypass such tools using the new network filter system.

thenextweb.com/plugged/2020/11

HT @lrvick & @TheGibson

And this is why phishing is worth attackers' investment (HT WeldPond): twitter.com/tazwake/status/132

“Got to see my favourite type of Incident Ticket today.
User got suspicious email, reported it because when they followed the link it went to a sign in page but 'none of their corporate credentials worked'
For added value, service desk closed ticket cos it wasn't a supported site”

Me and my friend tried went to what we thought was an empty house to retrieve stolen ballots for Mr Trump, but there was this kid in the house, and he rigged the house with a bunch of booby traps. I got hit in the head with an iron, and my friend got his head set on fire.

Setting up forensically required VLANs as one does.

Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.