Pinned toot

Let's see. When I was younger I liked telephones. A lot. I still do. That included exploring the PSTN and causing general mischief. I have a Western Electric 1D2 payphone in my bedroom. Among other hobbies... I'm an amateur radio operator, Linux user, open source supporter and electronics meddler. I admire any human who has the patience to work in infosec.

I can't really stomach the wallowing echo chamber of Twitter, so maybe this will be better.

woland boosted

I'll admit, it's still hard for me to get used to the idea of network virtualization. It's both crazy and awesome to think that you can have an entire topology with client running on the same box with the assistance of a few programs.

🤔 The great Equifax mystery: 17 months later, the stolen data has never been found, and experts are starting to suspect a spy scheme

cnbc.com/2019/02/13/equifax-my

woland boosted

Just 24hrs with Pi-hole protecting my home network. That's a lot of DNS activity.

woland boosted

@SandPaper From a personal side I have asked "What about infosec excites you." I have found that many people are interviewing for entry to mid level positions because infosec is the hot industry to be in now.

If the work does not excite then people will get burned out quickly. This is a very stressful field and one that people need to want to get out of bed in the morning.

You really can't make this stuff up. A private investigation firm likely hired by a spyware vendor tries to lie and social engineer a security researcher at Citizen Lab and hysterically fails at doing so in front of the press. Good read.

"How spyware sleuths Citizen Lab foiled a private spy"

fastcompany.com/90298293/how-s

woland boosted

A collection of bills in Brazil endangering free expression, privacy, and encrypted communications may gain traction with the new Bolsonaro administration. Here are the threats: eff.org/deeplinks/2019/01/braz

An interesting note on the ex-NSA mercenaries working for the United Arab Emirates story: the third party software they used to easily root iPhones via iMessage sounds very similar to exploits described by Lookout researchers at when they recently exposed an unnamed nation state's attempt to purchase spying tools (and named the names of the vendors selling those tools). Point is, these 0-day phone exploits are available to the highest bidder.

reuters.com/investigates/speci

woland boosted

I've spent like 2 hours on TikTok out of curiosity.

I've seen multiple IDs, credit/ debit cards, weird/ dangerous behavior (at home, at the workplace, "funny" pranks, etc.), army locations, babies, permissive underaged girls and more weird stuff, but the worst part (by far) was the comment section.

I am speechless and have to think about it for a while. But I am sure, that all above mentioned points are not acceptable.

Quite the story today. Summary: naive, former NSA spy with no ethics, empathy, or common sense starts working for the UAE government targeting human rights activists and journalists and is SHOCKED to find out her work was targeting Americans too! (And it seems she still thinks she personally did nothing wrong in all of this.) She was apparently part of an American team of ex-NSA peeps that were happy to do UAE's dirty work for a high fee.

reuters.com/investigates/speci

As part of my 2019 goal to do better I've been working a bit with , a proprietary program that uses APIs and other data sources to cull information on a target and then graph that data to see relationships. If anyone's interested I found a great intro video going over its uses and basic capabilities on YouTube. m.youtube.com/watch?v=46st98FU

woland boosted

Who would win: A heavily secured datacenter with mantraps, biometric security and armed guards, or one red team bambi?

imgur.com/gallery/N8Q5jcd

woland boosted

Meanwhile, companies continue to be dishonest and condescending about how they collect data, and what controls they offer people to control it. eff.org/deeplinks/2019/01/wsj-

The only way I truly learn anything is by "teaching" it--and by that I mean I have a white board on my wall and I'll pretend that I'm teaching a class on the subject. Except nobody's there.

woland boosted

Capture The Flag challenges are a great way to expand your cybersecurity and ethical hacking skills. Here's an in-depth walkthrough of the popular PicoCTF challenge (6 hour tutorial): freecodecamp.org/news/improve-

Another day, another company leaving sensitive data on a server with no password

techcrunch.com/2019/01/23/fina

woland boosted
woland boosted

Welp, looks like I'm going to be studying to pass the CompTIA Network + test over the next few weeks. After reading over the study guide it doesn't seem that bad. It's pretty similar to the CCNA I got more than ten years ago. Basic stuff. I don't have a university degree so I totally understand why an employer would want me to have it at minimum.

woland boosted

Who’s Really Behind the World’s Most Popular Free VPNs?

Half of the world’s most popular free VPN apps are run by secretive Chinese companies. Find out what’s really happening to your data.

Who’s Really Behind the World’s Most Popular Free VPNs? hackernoon.com/whos-really-beh

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.