Great days, happy to be involved in some new projects! It will involve, amongst many things, a lot of work with various #SIEM products. Hope you are all having a nice day and week yourselves.
I attended the last one which featured talk on car hacking including gear. See https://infosec.exchange/@superruserr/100641119321377110 and attached photo of an RF Explorer
work Show more
@superruserr Mmmmhm, syslog... Unstructured data galore.
Good thing we now have Splunk and logstash and Greylog and the commercial variants of syslog-ng to choose from to consume syslog (among others) - though personally I've been with Splunk ever since I happened to get into contact with Raffy Marty via DAVIX and the secviz.org project over 10 years ago (who, as far as I remember, was working for Splunk for some time after he finished his Applied Security Visualization book).
I just launched my website! BountyGraph helps secure free and open source software through crowdfunded bug bounties and security audits. I hope you'll check it out!
In particular, I think it is a security anti-pattern to have application build pipelines pull fresh downloads of packages from upstream servers on every build if the packages are not expected to change. If for some reason you have to do this, you should pin dependencies using a cryptographically secure hash function.
Do you have any resources / advice for those getting started on security training?
I wrote a 'security wiki' for the company manual at my work, but we are remote workers so it was a bit tricky with the remote work setup, different devices used, etc.
Hi Folks. 👋 I train global activists and civil society organizations on how to use tech for social good. I also volunteer for RagTag, and next week I'll be conducting security training. (How to set up 2FA, etc.) It'll be my first time training on security. I'm glad to join this community and expand my knowledge of infosec.
Checking out RIPE76 videos - ie https://ripe76.ripe.net/archives/video/60/ "A Survey on DNS Privacy" and more at https://ripe76.ripe.net/presentations/presentation-archive/
Any conference videos you are catching up on this week?
Todd Mortimer has made significant headway toward reducing the amount of useful ROP gadgets on x86 too. But made especially difficult by polymorphic instructions, x86 being a variable length ISA. ARM64, by comparison, being fixed-length.
I'd highly recommend reading his mailing list post, and commit messages. He's also giving a talk at #EuroBSDCon 2018!
I wonder if there would be any interest in an Infosec/Hacker "fall camp" that was actually camping, in the spirit of the old "Linuxbierwanderung"
A few days of camping and hiking combined with an unconference and an emphasis on making…
Would someone want to help organize an ActivityPub room at FOSDEM 2019? https://fosdem.org/2019/news/2018-08-10-call-for-participation/
Anyone interested in participating in the organization is invited to join the dedicated forum:
I replied that it was possible. I didn't say that I was doing it, or that I had plans to do it. If you read the parent toot, it's obvious it wasn't a nefarious conversation.
It is indisputable fact that it's possible to scrape public accounts and toots. You should lock your account and hide posts from the public timeline if that's a concern.
waxing nostalgic for the near future by way of the near past - 2000 chars, involves feels Show more
I remember showing up over here by following the jetsam  of the first infosec migration across the tumultuous seas of microblogging, slightly disoriented but little worse for wear.
There was a lot of space back then. You could swing a raccoon in a circle around your head  without having to worry about giving someone a faceful of frenetic fur.  Fewer than twenty-five thousand souls inhabited this archipelago  at that point, gathering on a handful of islands.
I was pretty sure I was destined to be consumed  by those who had arrived before my cohort.
In a way, I was. I am no longer the person I was when I arrived here. I have been changed by this place. I have been changed by this ever-changing group of groups of people. I have been changed by you. 
Fierce storms will batter these little islands. Battles will arise. Pain and grief are by-products of interaction.
But so are laughter and cheer and warmth and contentedness.
My neighbors, the very least that I wish for each and every one of you is to find days so filled with love that there's no time for hate and nights so restful that you rise burning with the force of the sun within you.
Mend what is broken. Build shelters you need. Make mistakes and make them count. This is your world and mine and it will be exactly what we make it, but the sky is the limit if we keep looking up instead of bringing ourselves down.
Thanks for being here, thanks for being you, and thanks for listening to the rambling of a silly old dog.
 unbeknownst to many, stale infosec memes are extremely buoyant
 assuming the raccoon consented to be swung such
 assuming someone wasn't throwing their face at the nearest bit of fur
 h/t to @priryo for https://linernotes.club/@priryo/100565446740959131 and @sydneyfalk for https://mst3k.interlinked.me/users/sydneyfalk/updates/85279
 assuming I consented to be changed such 
 I did
A Mastodon instance for info/cyber security-minded people.