I really wish there were a reasonable way to audit the endpoint security configs of the personal machines of anyone who routinely calls people/orgs "stupid" for not locking a general purpose computer down so much it's borderline unusable
My small, uncontrolled data set suggests such folks don't follow their own advice, like, at all
The #ANU was breached in November 2018 and the attack was first detected in April 2019 as part of a baseline threat hunting exercise. Here is a very well written incident report that has been published report including in the appendix a few phishing emails http://imagedepot.anu.edu.au/scapa/Website/SCAPA190209_Public_report_web_2.pdf #infosec
Former #Yahoo employee admits #hacking into over 6000 users' accounts, mostly of younger women, to find sexual images & videos. He then also hacked into their #icloud, #Gmail, #Facebook & other email-connected accounts in search of more private content.
How do you train for the technical aspects of IT incident response?
Diagnosing issues seems to be a mix of recognizing know patterns, and where that fails, methods of deduction.
Are there effective ways to teach these things without throwing someone into a real incident? If not, what’s the ideal balance between handing someone the solution, and allowing them to fail catastrophically?
I want that door
The maker of this door should put this video on their website
are there documents similar to ios security guide for samsung's phones with knox and google's phones with titan? is there a comparison chart or something that isn't paywalled?
all i could find with a quick web search is a google's blog post without much detail and a samsung knox whitepaper focused on enterprise integrations, although i didn't read it yet.
I wrote a short blog with some tips and resources about how to start an #infosec career.
A decent overview of modern, secure DNS technologies that makes some of the same problematic claims as other articles of its type. There are now a growing number of secure DNS providers, any of whom are better than relying on insecure ISP defaults.
Technitium Blog: Analyzing DNS-over-HTTPS And DNS-over-TLS Privacy and Security Claims
There is an incredibly disconcerting trend of associating with “nazism” apparently anything on the fediverse that is not completely in line with one’s own views, whether it makes sense or not. I am sure it is an attempt to co-opt the zero tolerance for nazis sweeping the fediverse to purge divergent different opinions. Certainly, actual racists, sexists, and the like should be deplatformed, but forming a mono-culture where legitimate, non-hate opinions are filtered based on politics is dangerous