Tell me my Infosec peeps, where do you get your phishing templates from? OSINT research, part of a package (a la KnowBe4, etc.), your Spam folder, or something else? Looking to expand my sources a bit.

Just published „Thoughts on video on demand, Netflix and the revival of piracy“
Ranting a little bit about the change in vod landscape, the content industry messing up and YouTube Premium being worth the money timo-zimmermann.de/2019/08/tho

I’m considering moving all my desktop virtualisation to Parallels.

Pro:
Better OS X integration
Keeps up to date with macOS development
Cheaper than VMWare
It’s not VMWare

Con:
Different solution on server and desktop, so VMs are not easily portable
Stupid licensing model

Three step guide for better WiFi in a hotel

- buy mini router
- buy network cable
- use both with one of the lan ports for something unnecessary like the phone or Alexa

Off to San Francisco - if anyone is in town and wants to grep a coffee this week or next ping me :)

Creating incident response table tops is so much work, but always worth it. 5 trainings to prepare before I board the plane mid this month.

Has anyone yet tried training a neural net on leaked passwords to see if it's any good at coming up with other passwords people use?

Published „Zoom, web servers and silent updates“ - I still believe silent updates are the right solution for some problems, expect that to change and don’t like Zoom.
timo-zimmermann.de/2019/07/zoo

I'm quite relieved that this doesn't apply to me. Even back when my social skills were far worse than they are now - my desktop background was never black. And I make pauses while typing. So I'm not *that* type of engineer.

twitter.com/skirani/status/114

One day I will give a talk titled „you do not want to appear on TechCrunch“. Without irony and not specific to security incidents.

I remember them reporting about a feature I worked on for a quarter basically getting everything wrong telling our customers we would now have a certain feature we didn’t even plan to build because it made no sense at the time,...

@tinker

The solution? Make all of your passwords sound like innocuous messages you'd send to slack anyway.

Email password: Hey, who's going to be in on Monday?

Laptop password: Does anyone have that pricing sheet?

Etc.

New blog post: One week with iPadOS - used it as my daily driver for a whole week and I have to admit I am very satisfied. If Apple continues putting work into it I can see it as an alternative to Chromebooks and viable option for non engineering departments.
timo-zimmermann.de/2019/07/one

Just posted „security 101 - know your threats“ - things a startup should be worried about and what to consider in a threat model
timo-zimmermann.de/2019/06/sec

Made it to ComicCon Germany and got an early check in in our regular hotel :) one weekend off the grid.

It’s so stupidly hard to find a good computer case for a gaming machine. Proper cooling and enough space is key.

It feels like a market where you can enter with a block of aluminium and a CNC machine mixed with some common sense.

Even cases explicitly build for air cooling don’t fit an be quite! or Noctua CPU cooler properly.

Just posted “Startup Security 101 - Introduction” - my attempt to collect a series of articles explaining easy wins for startups which are time, money and engineering constraint (so,… all of them) timo-zimmermann.de/2019/06/sta

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.