Show more

I really wish there were a reasonable way to audit the endpoint security configs of the personal machines of anyone who routinely calls people/orgs "stupid" for not locking a general purpose computer down so much it's borderline unusable

My small, uncontrolled data set suggests such folks don't follow their own advice, like, at all

Upgrading infosec.exchange to mastodon v3.0.0 and applying some other OS patches. Back in a few. I hope.

The was breached in November 2018 and the attack was first detected in April 2019 as part of a baseline threat hunting exercise. Here is a very well written incident report that has been published report including in the appendix a few phishing emails imagedepot.anu.edu.au/scapa/We

Former employee admits into over 6000 users' accounts, mostly of younger women, to find sexual images & videos. He then also hacked into their , , & other email-connected accounts in search of more private content.
thehackernews.com/2019/10/yaho

How do you train for the technical aspects of IT incident response?

Diagnosing issues seems to be a mix of recognizing know patterns, and where that fails, methods of deduction.

Are there effective ways to teach these things without throwing someone into a real incident? If not, what’s the ideal balance between handing someone the solution, and allowing them to fail catastrophically?

Travel week 2 of 5 coming to an end. I love working face to face with co-workers, but I really do not enjoy audits.

If I make it through the next 3 weeks, I am going to Hawaii to hide in a lava tube or something for a week or so.

Has anyone in the verse heard of or developed on Voiceflow before?

Monday night. Time for another iOS update as we haven't had one for a few days now..

"Help us keep DigitalOcean secure

To get full access to DO, we need to verify your identity. You will need to provide a government-issued ID, a phone number and a selfie."

What the fuck is this bullshit.

I would appreciate recommendations for VPS provider. Just for small projects for now.

Does anyone have any recommendations for some good beginner-mid level digital forensics training? I am having trouble finding courses or courseware in between SANS and bigger courses and some self directed or Udemy courses.

I want that door

RT @The_UnSilent_@twitter.com

The maker of this door should put this video on their website

🐦🔗: twitter.com/The_UnSilent_/stat

are there documents similar to ios security guide for samsung's phones with knox and google's phones with titan? is there a comparison chart or something that isn't paywalled?

all i could find with a quick web search is a google's blog post without much detail and a samsung knox whitepaper focused on enterprise integrations, although i didn't read it yet.

A decent overview of modern, secure DNS technologies that makes some of the same problematic claims as other articles of its type. There are now a growing number of secure DNS providers, any of whom are better than relying on insecure ISP defaults.

Technitium Blog: Analyzing DNS-over-HTTPS And DNS-over-TLS Privacy and Security Claims

blog.technitium.com/2019/09/an

Even if you think those politics are “objectively right”.

As such, neither actual nazis nor those falsely claiming others are nazis are welcome here.

Seriously, people. Grow up.

There is an incredibly disconcerting trend of associating with “nazism” apparently anything on the fediverse that is not completely in line with one’s own views, whether it makes sense or not. I am sure it is an attempt to co-opt the zero tolerance for nazis sweeping the fediverse to purge divergent different opinions. Certainly, actual racists, sexists, and the like should be deplatformed, but forming a mono-culture where legitimate, non-hate opinions are filtered based on politics is dangerous

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.