OK. Time to vent. I was checking out a MUD toolkit (Evennia, anyone know others?). I went to their demo instance. I am using TELNET. T.E.L.N.E.T! Typing a password in the clear, echoed back to my terminal over an unencrypted connection. And you want to tell me my password is not strong enough!? I'm dead.

I am trying to help my recruiters find places to advertise for infosec roles. They asked me about SecurityWeek. When I looked at the authors of articles there, it's the least possible diversity. The demographics of authorship on that site are Exhibit A in what's wrong with diversity in infosec.

Quick tip. If you're trying to download really old versions of macOS, they're hard to find (e.g., El Capitan, etc.). You can find lots of dodgy sites that you don't want to deal with, but it's hard to find legit Apple web sites. The trick is to search for "enterprise". Then you can find pages like this, which has a legit link to an Apple DMG. support.apple.com/en-us/HT2068

One of the more obscure and least understood principles is "psychological acceptability." Nobody spends any time on it. Just google a phrase and see that everyone plagiarizes everyone else. Search for "principle that aims at maximizing the usage and adoption of the security functionality"

Paco Hope boosted

Simply put, #BlackLivesMatter more than #infosec or all the other things I usually toot about. I did a little bit this weekend to help. Trump sent me $2500 I didn't need in the CARES Act. I've given every last cent of it to people he wouldn't have given it to, and who need it more than I do. blog.paco.to/2020/black-lives-

Paco Hope boosted
Paco Hope boosted

RT @scihub_love
The latest Sci-Hub working domain(Last check time:Fri, 17 Apr 2020 17:13:01 GMT)
sci-hub.tw 
sci-hub.se 
sci-hub.im 
lovescihub.wordpress.com 
Please retweet to your friends,help us become stronger!

I have just used "Why is Gamora" to answer a customer question about TLS certificates. That's probably the high point of my week. :)

Some people might call this "parody". In my world, it's a bit more like "Tuesday". youtube.com/watch?v=JMOOG7rWTP

I had a non-delivery notification from my personal mail server to outlook.com. It said "your ISP's network is on our block list.' My ISP is AWS and the network is a /14. It's bonkers.

It's like living in a 500-unit apartment complex and a company says "unit 402 didn't pay for their purchases last month, so we're not selling anything to anyone in that complex any more."

Green text, meet red text. Red text, meet green text. Now that you guys are acquainted, would you like to go off, have a little chat, and come back to me with a USEFUL error message?

If you have some spare compute cycles and you want to donate them to fighting , there's a medical research programme called "Folding@Home" which is similar to SETI@Home, but for medical research: foldingathome.org/2020/03/15/c

I see a lot of articles say things like "They now run this service in the cloud—which brings its own set of security challenges." I wish they would equivalently write "They run their IT in their own data centres—which brings its own set of security challenges."

DIY infrastructure? Oh that's obviously secure. Professionally-run commercial clouds? Whoa, they're risky.

The physical affects the virtual affects the physical. Performance artist creates virtual traffic jams by pulling a wagon full of second-hand phones all using Google maps app. simonweckert.com/googlemapshac

Why do people go around insulting everyone? Everyone who uses the cloud "blindly trust the cloud providers"? Nobody is doing due diligence? Nobody has a long list of security risks they track and controls and mitigations, huh? And they want to "disprove the assumption that cloud infrastructures are secure". Because the existence of one bug means what? It's "insecure"? The research is legit, but the preamble is garbage from an out-of-touch techie. research.checkpoint.com/2020/r

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.