Jerry Bell @jerry@infosec.exchange
Cyber security Executive
Podcast: https://defensivesecurity.org
Blog: https://infosec.engineering
Mastodon: https://infosec.exchange
Twitter: @maliciouslink
I Was Wrong About Worms Making A Comeback
https://infosec.engineering/i-was-wrong-about-worms-making-a-comeback/
Seven Critical Things To Protect Your Infrastructure and Data
https://infosec.engineering/seven-critical-things-to-protect-your-infrastructure-and-data/
if you identify a box somewhere in the interwebz as a command & control server, is there an acknowledge place to report to the #infosec community to contribute to banlists/defense/research?
How do people feel about WireGuard? I was reading up on it yesterday and thinking about messing around with it as a OpenVPN replacement when I get back home.
I really like Bose products, but why do they need my location to change the profile of my headphones through their app? No thanks Bose.
Let it be known that mansplaining can apparently happen to anyone. I was mansplained today on a large conference call. Was awkward.
A summer clerk and I are writing a weekly GDPR update, and this week's is on unintended security consequences. We've written about the so-called GDPR ransomhacks ("give me the $ or I'll expose this data"), but what other attacks have you guys been seeing? I'd think it presents at least two good spearphishing opportunities: "hi, I want my personal data from you, here's some totally benign document proving my identity" and "hi, I'm grandma. Please give me my info so I can phish myself."
Defensive Security Podcast Episode 220
https://defensivesecurity.org/defensive-security-podcast-episode-220/
#exploitkit #OPMBreach
#infosec
Watched a pentest demo by our appsec gang at work yesterday. They recommended HackerOne to work on skills. Anyone interested in the occasional pair-pentest? I can do an evening or two during the week and some time on weekends. Let me know.
Need to keep the brain engaged. This scrum stuff is making my noggin mushy.
i just threw out my fucking e-cigarette. made it a week and a half without vaping, decided to just cross the fucking rubicon
Hardware Messes As An Opportunity
https://infosec.engineering/hardware-messes-as-an-opportunity/
Been thinking... Now that we also have #TLBleed, on top of Metdown, Spectre, and on and on, it seems increasingly attractive to move infrastructure to the cloud, to make sorting that mess out someone else's problem.
if anybody is in NW AR / SW MO I'll be in town for a couple weeks in mid July, dm me. I'm trying to get some informational meetings in Security to move back to the area. <As well I'll be at BSides Springfield again (this time with Sunny Wear & Bryan Brake) is going to be ..interesting...^^>
your books, you do give them away, right?
give people you care about books you care about, as often as you can.
Of course, I’m sure there are discussions happening in the US congress with big content companies and other political groups saying “look, we ought to be doing that here!”
@jerry this is really surprising to me - I always assumed it would be the US that decided Force internet traffic through corporate copyright minders.
The EU seems to be having a “hold my beer” moment in trying to outdo the US in wrecking the internet. As I was reminded many times before, we should not fear because the internet was designed to route around such breakage.
Encrypted remote backups using SSHFS and LUKS: https://ruderich.org/simon/notes/encrypted-remote-backups
I've been using this technique for years and can confirm it's robust and reliable.
I am usually very supportive of the Humble Bundle stuff but their latest "Cyber Security" bundle is pretty laughable. It seems like they got suckered into peddling some dubious software.
Does anyone else have an pinion about this?
@jerry what seems a bit dystopic to me is the thought that humans are generally no longer optimal to do any given task. Humanity is not going to progress to a Star Trek like society where all humans benefit from technology. I do not know what the world looks like at that point for humans. We aren’t even good as a power source.
