Just replied to someone on slack with hw0dy instead of howdy. I'm obviously tired.

@rysiek I took it for a spin. A nice query editor to be sure, but I find PHP MyAdmin actually has a better UI with completion, double-click-to-edit and a lot of other features.

Paco Hope boosted

I look at incident announcements like this, (blackbaud.com/securityincident) where they had an on-prem environment and 2 different clouds. The on-prem environment was attacked with ransomware and data was disclosed. You don't see anyone saying "see! see! this is why you use the cloud! it's more secure!" Because that would be stupid. But when you see these same articles and the cloud environment is the only one breached, you see the reverse all the time. "See, the cloud is not secure."

OK. Time to vent. I was checking out a MUD toolkit (Evennia, anyone know others?). I went to their demo instance. I am using TELNET. T.E.L.N.E.T! Typing a password in the clear, echoed back to my terminal over an unencrypted connection. And you want to tell me my password is not strong enough!? I'm dead.

@superruserr And I wonder just how much money a site like that takes to maintain. I mean, web sites are practically free. They don't necessarily make a lot of profit. But how much could that infrastructure really cost? I'm surprised they didn't get a buyer.

@superruserr It's sad. I wrote a couple articles there. But it was pretty low-value content. Amusingly the left hand should let the right hand know what's going on.

@TheGibson Cool. I work at AWS. So we only hire, we don't do contract work. If you think AMZN is interesting (and not the devil incarnate, as some do around here :) ) let me know.

@TheGibson You say "gig" so you're looking for contract work, not employment?

I am trying to help my recruiters find places to advertise for infosec roles. They asked me about SecurityWeek. When I looked at the authors of articles there, it's the least possible diversity. The demographics of authorship on that site are Exhibit A in what's wrong with diversity in infosec.

Quick tip. If you're trying to download really old versions of macOS, they're hard to find (e.g., El Capitan, etc.). You can find lots of dodgy sites that you don't want to deal with, but it's hard to find legit Apple web sites. The trick is to search for "enterprise". Then you can find pages like this, which has a legit link to an Apple DMG. support.apple.com/en-us/HT2068

One of the more obscure and least understood principles is "psychological acceptability." Nobody spends any time on it. Just google a phrase and see that everyone plagiarizes everyone else. Search for "principle that aims at maximizing the usage and adoption of the security functionality"

@zenhack I hear ya. Been running my own server since 1996. It gets harder and harder. An SMTP server is a house of cards. One daemon stops or one config is wrong and everything falls apart. I’m still hanging in there. But I hear ya.

Paco Hope boosted

Simply put, #BlackLivesMatter more than #infosec or all the other things I usually toot about. I did a little bit this weekend to help. Trump sent me $2500 I didn't need in the CARES Act. I've given every last cent of it to people he wouldn't have given it to, and who need it more than I do. blog.paco.to/2020/black-lives-

Paco Hope boosted
Paco Hope boosted

RT @scihub_love
The latest Sci-Hub working domain(Last check time:Fri, 17 Apr 2020 17:13:01 GMT)
sci-hub.tw 
sci-hub.se 
sci-hub.im 
lovescihub.wordpress.com 
Please retweet to your friends,help us become stronger!

I have just used "Why is Gamora" to answer a customer question about TLS certificates. That's probably the high point of my week. :)

@nspanti @angristan What's the argument: no one should use CDNs because CDN providers can lie and surveil traffic when they say they don't?

Some people might call this "parody". In my world, it's a bit more like "Tuesday". youtube.com/watch?v=JMOOG7rWTP

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.