Thanks everyone who joined our in last night! If you didn't make it but would like to hear about future events, join the Shanghai Infosec Exchange at and subscribe to our mailinglist:

Thanks to everyone who joined our "Smart " training in today! If you couldn't make it but are interested to attend a workshop in the future, join our mailing list! frontierintel.us20.list-manage

More than 90% of all hacks start with a malicious email. Learn how to better protect yourself and your company against attacks: Free in next week!

Looking for recommendations on an #ios #2FA app like Google Authenticator but with a way to search for entries. I spend a lot of time scrolling through entries to find the right one when logging in. #Opensource strongly preferred. Thanks!

The Surprising Tricks That Will Deceive Your Best Staff: Why social engineering has never been so easy, and the need for better habits in your company never so urgent --

While global spending on is expected to reach an incredible $124 billion this year, there’s still a 60% risk that your company will get hacked. And it won’t come cheap: The average cost of a single successful attack is a whopping $2.4 million. Considering the amount of money thrown at this problem, how is it possible that this cybersecurity crisis remains unsolved? The devil is in the details, but so are the answers.

How URL previews in many chat apps are leaking the website you are discussing, even if your chats are encrypted (#signal is safe): #privacy

Looking for a self-hosted #opensource newsletter #software similar to #Mailchimp’s — any suggestions?

The fediverse apparently adds a dimension that was missing from twitter: the ability to argue about implementation details of the underlying code and protocols and why I will affectionately call “rage forks” (though I haven’t seen any come to fruition yet).

Anyone aware of past successful attacks using codes against mobile devices? Looking for resources and background information.

I’ve never understood why #Twitter still doesn’t support 2FA mobile apps instead of text message verification. It’s a vulnerability - not just in #China.

Show thread

WeChat has become everyone’s everything-tool for busy life in China: We use it to pay for coffee, share photos with friends, broker deals, and discuss business with colleagues. This is where things get dangerous. #security #china #wechat #weixin

So is supposed to be installed on a smartphone before you can use it on desktop? Unofficially, the desktop version is perfectly capable of creating new accounts. All you need is a number to receive an SMS or voice mail. Here is how.

Infosec Exchange

A Mastodon instance for info/cyber security-minded people.