!hannah (@infosec.exchange) is a user on infosec.exchange. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

!hannah (@infosec.exchange) @superruserr@infosec.exchange

My stats for the day.

Global Layer B.V. Still the lead by around 3 million requests a day, mostly spam mails trying to tunnel over ssh, all ending up in my smtp blackhole.

A ton of WannaCry samples on SMB as usual as well as a fun little Perl IRC bot (gonna pick that apart tomorrow)

From the "dare to ask dept": how do you handle it when a customer *demands* an insecure solution? We're talking plain-text, EOL software with proven vulnerabilities, unsupported runtime (like, PHP 5.3) and all of that combined to form one platform. Is it okay to say no?

Any other compliance publications/guidelines of interest and relevance specifically for around data security at rest/in motion similar to UK's GPG13/PMO, NIST or US' HIPAA? I have 's Privacy Act and Australian Signals Directorate - Information Security Manual to start with. Currently doing research on compliance requirements in Australia around data security.

Issue with purchasing my exam voucher for this cert: I have to choose a country location but I won't be here when I'm ready to take it.

So, it looks like I'll be taking the exam in France, instead of my home country.

It's kind of demoralizing to see all of the twitterfamous #infosec people talking about how they got into the field, it seems like it's all "taught myself C at 5; hacked the gibson at 8".
Meanwhile my family wasn't wealthy enough for me to have a computer and I was too geographically to get a lot of the cultural experiences that others have.
I'm extremely lucky and privileged that I am where I am, I just can't help but compare my journey to others. :(

Hello #infosec!
I'm researching the topic in light of a "leak" of the Luxembourgish parliament (documents not meant for the public were public if you knew the url, as all documents were sequentially numbered, somebody stumbled onto it by using an automated downloader and later told the press about it)

some questions:
-is there a big difference between people stumbling onto vulnerabilities vs. "ethical hackers"/security reseachers searching for them?
-should both groups being treated equally?

Writing an article on data loss prevention systems and strategies.

Hey #InfoSec, I am starting to look for a new phone and am considering #Copperhead:

Any thoughts? Is it worth its salt?

@superruserr I didn't use any specific resources to study, I just looked up topics ad hoc, starting with their course PDF and then moving onto Google/StackOverflow/etc.

I didn't look at any other certs/courses, but AFAIK there's nothing really comparable out there.

I paid out of pocket and now that I've passed my employer will reimburse it.

Working full time with few other commitments. I spent maybe 4 hours/night on it then took ~2 months off between lab time and the exam (not smart!)

@superruserr I'm in an infosec role already, but more on the development side of things. I had some familiarity with almost all of the topics in the course, at least conceptually. I was already very comfortable with buffer overflows, so that part was no problem.

The closest thing to a CTF I had done beforehand was Microcorruption a few years ago, and I did the Kioptrix series of vulnhub VMs right before starting the course.

Tapping my #sysadmin and #infosec friends: can anyone share articles on introductory B2B vetting and how / where to shop around for business solutions?

I feel like this is glossed over or fully skipped during ops training 🤔 🏢 🖨

Work just agreed on funding an certification.

Edit: Which is good news, I've been considering doing more continuing education anyway even if it meant self-funding..

Behind the scenes of a Windows speed dating event.

Has anyone taken the Comptia PenTest+ Beta exam yet?

So, in the fediverse, we clearly see the furries, the trans community, the infosec/hackers, the witches, and the writers.

Something that I realized last summer, that was very missing before this platform... all the classical goth types from to 80's-90's....

Almost all of my tribe had gone extinct it had seemed.

I have rediscovered many of the surviving coterie here in the fediverse. For that,I am truly thankful.

I see you quiet, grim-faced friends.

I recognize you.

Happy you're here.

If you're in need of the most affordable/least administrative overhead configuration management system... let me know.

Two posters from my favorite illustrators (Joy of Tech) came through!

I support them on Patreon (patreon.com/joyoftech) and was meant to receive the poster early last year but never got it due to change of addresses. But it finally arrived!

how do you all store malware sourcecode you want to study? simply in virtual machines with no shared disk with the host?
Curiosity's a driving force.