Would all staff please note the new #password policy. Employees' mothers' must change their maiden names every 90 days.
So Marcus Hutchins, of #WannaCry fame and who had been arrested in the US has pleaded guilty to writing banking #trojan software. Over on the birdsite there's lots of strong opinions. I blogged my opinion that it's a big world out there and trying to dismiss him as a criminal or pardon him because he's a hero are fundamentally misguided. https://blog.paco.to/2019/marcus-hutchins-infosec-soul-searching/
“The media reports of our security incident were wrong on several points.”
“Hi, this is Brian Krebs, the reporter who handed your ass to you. (This is your ass, isn’t it?) Which points were incorrect?”
Hilarity and sadness ensue.
?? This is awesome!
"Build up professional development experience by contributing to open source projects with the help of a mentor. RubyMe pairs early-career developers from under-represented backgrounds with seasoned Rubyists.
Choose specific areas to focus on. Get paid for 8 hours per month, learning best practices from experienced developers and contributing to Ruby open source."
My #blackHole humour is getting substantial attn in that other place. It just seemed to tasty to not share…
This is such a powerful poem. Very apropos at this junction in world history. http://theamericanjournalofpoetry.com/v2-constantine.html
The only thing I am”legendary” at in #ApexLegends is dying early.
Americans are at such risk of identity theft. The fact that there are DOZENS of companies, each with its own opt-out hoops to jump through. There are no laws to protect people. So invasive of #privacy. https://www.reputationdefender.com/blog/privacy/how-remove-yourself-top-peoplesearch-sites
I just spent the day in Dundee, Scotland at #Securitay2019. If you are looking for the best #infosec talent coming out of UK universities, this is the con to go to. They’re such great kids, incredibly clever, and the conference is a great time. https://securi-tay.co.uk/
After the con I always pull out a box of cigars and we have “cigar-itay”.
OK. Just saw someone posting "8 Character Passwords are Dead"
To support this they say how a 2080Ti GPU has passed 100 Billion guesses per second and how that means in 2.5 hours they can try every single possible password.
That's in the case of NTLM hash. A notoriously bad hash that has *no* *salt*. Even more ridiculous, because the NTLM hash is just as good as having the password. You don't need to crack the hash.
Yes, 8 character passwords should be dead, but this is bogus.
Super cool and simultaneously creepy. It’s now an arms race between things like fingerprint scanners and facial recognisers and GANs. https://www.inverse.com/article/53280-this-person-does-not-exist-gans-website
I'm running a pi-hole in the house now to block ads and trackers. It's absurdly easy to setup and very effective. Plus the stats are so interesting to see all the ads blocked. The best thing is that because it works at the DNS level, it affects things like TVs, mobile apps, game consoles, and other embedded devices. https://pi-hole.net/
If you have a #mac and you want to forget the open #wifi access points that your mac has joined, this handly little python script does the trick. It leaves alone any wifi that has a password. Only deletes the WiFi networks that have no password. If you use #iCloud keychain, this will have the lovely side-effect of deleting them from your #iPhone/#iPad at the same time. https://github.com/mubix/osx-wificleaner
You might also want to disable the captive network assistant on your mac: