Simply put, #BlackLivesMatter more than #infosec or all the other things I usually toot about. I did a little bit this weekend to help. Trump sent me $2500 I didn't need in the CARES Act. I've given every last cent of it to people he wouldn't have given it to, and who need it more than I do. https://blog.paco.to/2020/black-lives-matter/
Some people might call this "parody". In my world, it's a bit more like "Tuesday". https://www.youtube.com/watch?v=JMOOG7rWTPg
I had a non-delivery notification from my personal mail server to outlook.com. It said "your ISP's network is on our block list.' My ISP is AWS and the network is a /14. It's bonkers.
It's like living in a 500-unit apartment complex and a company says "unit 402 didn't pay for their purchases last month, so we're not selling anything to anyone in that complex any more."
#spam #isp #email #smtp
If you have some spare compute cycles and you want to donate them to fighting #covid19, there's a medical research programme called "Folding@Home" which is similar to SETI@Home, but for medical research: https://foldingathome.org/2020/03/15/coronavirus-what-were-doing-and-how-you-can-help-in-simple-terms/
This is a fascinating C2 vector. But I gotta admit: it's hard to take it seriously with this diagram. https://news.sophos.com/en-us/2020/02/25/cloud-snooper-attack-bypasses-firewall-security-measures/
Not mine. But absolutely appropriate for this forum. :) #infosec
That’s big news. #OpenSSH adds support for Fido/U2F tokens. https://www.zdnet.com/article/openssh-adds-support-for-fidou2f-security-keys/
I wrote a blog post on how to use KMS key policies to act as a separate access control for data in Amazon S3. https://aws.amazon.com/blogs/security/how-to-use-kms-and-iam-to-enable-independent-security-controls-for-encrypted-data-in-s3/
I see a lot of articles say things like "They now run this service in the cloud—which brings its own set of security challenges." I wish they would equivalently write "They run their IT in their own data centres—which brings its own set of security challenges."
DIY infrastructure? Oh that's obviously secure. Professionally-run commercial clouds? Whoa, they're risky.
The physical affects the virtual affects the physical. Performance artist creates virtual traffic jams by pulling a wagon full of second-hand phones all using Google maps app. http://www.simonweckert.com/googlemapshacks.html
Why do #infosec people go around insulting everyone? Everyone who uses the cloud "blindly trust the cloud providers"? Nobody is doing due diligence? Nobody has a long list of security risks they track and controls and mitigations, huh? And they want to "disprove the assumption that cloud infrastructures are secure". Because the existence of one bug means what? It's "insecure"? The research is legit, but the preamble is garbage from an out-of-touch techie. https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-i/
Is it really better that FB has three incompatible msging apps they now have to wrangle into one new proprietary protocol? In the 20 year fight to own the market, all we have to show for it are mountains of abandoned proprietary code, dead networks, wasted efforts.