woland @woland@infosec.exchange
Maker, tech enthusiast, prank caller
Joined Dec 2018
Pinned toot
Let's see. When I was younger I liked telephones. A lot. I still do. That included exploring the PSTN and causing general mischief. I have a Western Electric 1D2 payphone in my bedroom. Among other hobbies... I'm an amateur radio operator, Linux user, open source supporter and electronics meddler. I admire any human who has the patience to work in infosec.
I can't really stomach the wallowing echo chamber of Twitter, so maybe this will be better.
woland
boosted
#1984
Google says the built-in microphone it never told Nest users about was 'never supposed to be a secret' https://www.businessinsider.com/nest-microphone-was-never-supposed-to-be-a-secret-2019-2
I'll admit, it's still hard for me to get used to the idea of network virtualization. It's both crazy and awesome to think that you can have an entire topology with client running on the same box with the assistance of a few programs.
🤔 The great Equifax mystery: 17 months later, the stolen data has never been found, and experts are starting to suspect a spy scheme
https://www.cnbc.com/2019/02/13/equifax-mystery-where-is-the-data.html
woland
boosted
Just 24hrs with Pi-hole protecting my home network. That's a lot of DNS activity.
woland
boosted
@SandPaper From a personal side I have asked "What about infosec excites you." I have found that many people are interviewing for entry to mid level positions because infosec is the hot industry to be in now.
If the work does not excite then people will get burned out quickly. This is a very stressful field and one that people need to want to get out of bed in the morning.
You really can't make this stuff up. A private investigation firm likely hired by a spyware vendor tries to lie and social engineer a security researcher at Citizen Lab and hysterically fails at doing so in front of the press. Good read.
"How spyware sleuths Citizen Lab foiled a private spy"
woland
boosted
A collection of bills in Brazil endangering free expression, privacy, and encrypted communications may gain traction with the new Bolsonaro administration. Here are the threats: https://www.eff.org/deeplinks/2019/01/brazil-2019-free-speech-and-privacy-crosshairs-what-are-threats
An interesting note on the ex-NSA mercenaries working for the United Arab Emirates story: the third party software they used to easily root iPhones via iMessage sounds very similar to exploits described by Lookout researchers at #ShmooCon when they recently exposed an unnamed nation state's attempt to purchase spying tools (and named the names of the vendors selling those tools). Point is, these 0-day phone exploits are available to the highest bidder.
https://www.reuters.com/investigates/special-report/usa-spying-karma/
woland
boosted
R10T I've spent like 2 hours on TikTok out of curiosity.
I've seen multiple IDs, credit/ debit cards, weird/ dangerous behavior (at home, at the workplace, "funny" pranks, etc.), army locations, babies, permissive underaged girls and more weird stuff, but the worst part (by far) was the comment section.
I am speechless and have to think about it for a while. But I am sure, that all above mentioned points are not acceptable.
Quite the story today. Summary: naive, former NSA spy with no ethics, empathy, or common sense starts working for the UAE government targeting human rights activists and journalists and is SHOCKED to find out her work was targeting Americans too! (And it seems she still thinks she personally did nothing wrong in all of this.) She was apparently part of an American team of ex-NSA peeps that were happy to do UAE's dirty work for a high fee.
https://www.reuters.com/investigates/special-report/usa-spying-raven/
As part of my 2019 goal to do better #OSINT I've been working a bit with #Maltego, a proprietary program that uses APIs and other data sources to cull information on a target and then graph that data to see relationships. If anyone's interested I found a great intro video going over its uses and basic capabilities on YouTube. https://m.youtube.com/watch?v=46st98FUf8s
woland
boosted
Who would win: A heavily secured datacenter with mantraps, biometric security and armed guards, or one red team bambi?
woland
boosted
Meanwhile, companies continue to be dishonest and condescending about how they collect data, and what controls they offer people to control it. https://www.eff.org/deeplinks/2019/01/wsj-op-ed-mark-zuckerberg-speaks-down-users-and-misses-point
The only way I truly learn anything is by "teaching" it--and by that I mean I have a white board on my wall and I'll pretend that I'm teaching a class on the subject. Except nobody's there.
woland
boosted
Capture The Flag challenges are a great way to expand your cybersecurity and ethical hacking skills. Here's an in-depth walkthrough of the popular PicoCTF challenge (6 hour tutorial): https://www.freecodecamp.org/news/improve-cybersecurity-skills-with-ctfs-picoctf-walkthrough #infosec
Another day, another company leaving sensitive data on a server with no password
woland
boosted
"How sloppy OPSEC gave researchers an inside look at the exploit industry"
https://www.cyberscoop.com/mobile-zero-days-lookout-shmoocon-2019-android-barracuda-ios-stonefish/
woland
boosted
Defensive Security Podcast Episode 232
Welp, looks like I'm going to be studying to pass the CompTIA Network + test over the next few weeks. After reading over the study guide it doesn't seem that bad. It's pretty similar to the CCNA I got more than ten years ago. Basic stuff. I don't have a university degree so I totally understand why an employer would want me to have it at minimum. #certs #infosec
woland
boosted
Who’s Really Behind the World’s Most Popular Free VPNs?
Half of the world’s most popular free VPN apps are run by secretive Chinese companies. Find out what’s really happening to your data.
Who’s Really Behind the World’s Most Popular Free VPNs? https://hackernoon.com/whos-really-behind-the-world-s-most-popular-free-vpns-d74bafc82178
Maker, tech enthusiast, prank caller
Joined Dec 2018
