re: Black Hat 2022 Wednesday (All day) 

I'm also not sure how as an industry can be the leaders it is called to be without a shared understanding of what the "problems" are.

Is the problem ransomware? Is it extremism? These things are all connected, but I don't think everyone is always talking about the same thing.

Perhaps the "industry" doesn't need to figure it out, and we just need to be explicit about the problems we're looking at.

Show thread

re: Black Hat 2022 Wednesday (All day) 

I always appreciate that Moss, Krebs, and most keynote speakers focus on a higher calling or authority for the industry. That people are called to do more out of principal.

But I'm not sure it's working.

Show thread

If your company has a ridiculous name and you pitch me, you MUST include your ridiculous logo. Those are just the rules.

I never did an !

Hi, I'm Max. I live in and do at PCMag where I cover , , and . I also write reviews of and professionally complain about . I'm the Unit Chair of the ZDCG and moonlight as a organizer. If you want to learn about how to unionize your workplace, plz DM me. I play badly and think about literature. I'm spending too much money on .

Black Hat, DEF CON, COVID, mention of sexual harassment. 

A disheartening look at masking compliance at Black Hat and DEF CON.

The author rightly brings up a critical point: if masking is not effectively enforced, what does that mean about other policies at these events?

Content warning: there is a mention of sexual harassment toward the end of the article.

I genuinely do not have an answer for this. I went back and forth on it for days.

I'd love to know y'alls thoughts!

Show thread

Election security, COVID adjacent 

I'm working on a feature about election security in 2020, and COVID has made everything I've ever written about election security mostly obsolete. For example, pretty much all the conclusions from this:

I'm updating a 2017 story on how to secure your phone for a protest. If anyone has any suggestions, I am all ears.

"A web server containing records of about 76,000 unique fingerprints was left exposed on the internet, researchers said Wednesday. The unsecured fingerprint data, as well as employee email addresses and telephone numbers, had been collected by Brazilian company Antheus Tecnologia."

The CIA literally owned Crypto AG from 1970 on, pushing out weakened crypto systems and allowing them to read messages sent around the world.

Follow up my colleague Michael Kan's excellent reporting: Avast will end browser data harvesting.

"Avast CEO Ondrej Vlcek announced his company plans to shut down operations at Jumpshot, the subsidiary in charge of selling the browser history data. "As CEO of Avast, I feel personally responsible and I would like to apologize to all concerned," he said in a statement."

There's a very cool exhibit at the Met right now that includes two 16-17th C encryption devices. The book-like device is surprisingly complex, the second uses a simple substitution system that translates letters into distances.

VPNs have two major problems: They're black boxes to consumers and they're actively trying to destroy each other. For a while, I've been saying that a consortium of VPNs could set standards , improve transparency, and generally clean up the industry.
Such an organization now exists. Will it work? Who knows.

We wanted to know how secure commercial IOT devices are, so we asked Bitdefender to look at the Ring doorbell. It had some issues, which have now been patched.

Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.