Andy Carroll

I've just started playing around with my new @Vaonis_fr #VesperaPro and am amazed at the shots it can take - still getting the hang of post processing, but should only get better from here, never the less v happy with early results.

@goTechfluencer Everyone's saying iPhone, but it's a stylized image of an AirTag. So my money is a new range of AirTags and maybe the 'family' pun is that it you can stick it to your kids :-)

Newest Member of the Apple Family?

Nobody has ever had as much fun at a party as these two are having at this party

@elonmusk The push back against solar is absurd. Utility companies need to be invest in sequestering capacity, esp in places where consumers push excess solar back to the grid. Fighting against the future is ridiculous. No sympathy for utilities who push back & then are behind the times

Once you understand Kardashev Scale, it becomes utterly obvious that essentially all energy generation will be solar. Also, just do the math on solar on Earth and you soon figure out that a relatively small corner of Texas or New Mexico can easily serve all US electricity.

Having so much fun with my #Seestar

In 1968, Sidney Poitier was at a press conference at the height of his career. He made it very clear how he felt about the press. Funny that I had to find this on a discarded film reel with 1000s of books, Microfiche and films. Now you can see it.

My siblings gave me a #SeeStar S50 for my birthday. Having so much fun with it.

Shots of nebula from the backyard

This is the best thing i've seen today!!

At #LAX at end of long layover and very pleasantly surprised by the quality of the food at #BGrillToGo - legitinately good food at an airport

Happy 4th of July, everyone!

Hey @diegoppp @dr_ichards @hansmire I’m visiting Boston from Sydney - ping me if your around for a beer next week

@JimGaffigan @RagAndBone Jim, @MarkHamill couldn't be here right now, so "like"

The Pope told me I was his favorite comedian. Such an incredible experience. This followed the Pope addressing a room of 200 comedians from throughout the world. It felt like a meeting of everyone who couldn’t behave in church. Thanks to @ragandbone for the fancy suit, shirt and shoes!

@andrewhoyer @OrwellNGoode Just an FYI "Americas" is the name of the land mass that encompasses the two continents "North America" & "South America". "Americas" is not the name of a continent. Regardless joke is hilarious, just doesn't matter that it's not strictly accurate

@OrwellNGoode Responses to this post prove that: 1. Some people don't actually know the names of the continents, and 2. America isn't the name of the USA, it's the name of the continents. Whether you add North or South is irrelevant. If you still don't believe it: en.wikipedia.org/wiki/Americas

@TaraBull808 muskrat? Similar to beaver but sleeker tail

Can anyone help identify what this is?

@Beska just an FYI, but goldfish die very easily if the water isn't perfect. you may need to temporarily house it in an existing tank, with correctly balanced water till your water is perfect

Much happier in an actual and hastily bought tank. Anyway I have a fish now. 👍

🐟 So today I found a goldfish just on the grass in my back garden. It was alive, I think, and have absolutely no idea where it came from. There’s no ponds anywhere near. So I took it inside….

@diegoppp @bostonmarathon Hey Diego, wishing you the best of luck for Monday.

Last training run on #heartbreakhill. Next time it's the real thing @bostonmarathon . Track me here: track.rtrt.me/e/BOSTON-2024#…

@blackroomsec Nice analysis

"Thus, as illustrated in Figure 1, the stolen 2016 MSA key in combination with the flaw in the token validation system permitted the threat actor to gain full access to essentially any Exchange Online account." - is a helluva way to start this weekend's reading material. 😯 What a mystery Microsoft has to solve here with trying to figure out where the APT got the key. I feel for those working on this. This would be driving me insane, seriously. Lots at stake here and not knowing the full scope of the compromise is very troubling but these things take time. I understand the public's rush to assign blame here but the manual rotation of the keys was necessary as when they tried to change the process, it resulted in a multi-day outage where the public was screaming on all the socials for MS to get it up and running. It looks like (I could be wrong) they started to move toward automation rotation but they stopped when the outage transpired and were proceeding with caution from there. I'd probably make the same call. You can't just continue to do the thing that caused the outage and updating all of their systems overnight is just not possible. They're huge. It just so happened that this particular 2016 key was one of the ones not retired. Luck of the draw. Bad luck at that. I know there's a little more to this as the APT then figured out that due to certain conditions being in place they could then forge new tokens with it. One thing I will say is that perhaps MS can reevaluate the enhanced logging capabilities only being available to specific license tiers as is mentioned in the third paragraph on page 1 of the Overview? These token attacks which MS even highlighted in their PHENOMENAL November 16, 2023 article "Token Tactics", are increasing in frequency. Perhaps the ability to create one's own custom rule shouldn't be top-tier paid content? It reminds me of the constant complaints I see from normies over on Reddit about their MS personal accounts being hacked to death and MS not giving them the ability to block the attacks. It's so prevalent there's this one dude over there copying the same advice over and over (he starts every reply with "This will stop it cold" and proceeds to say Create Alias, Make Primary, Make former primary Secondary but no login, change pw, MFA, create app pw, etc etc) because MS doesn't have solid documentation for users which outlines this process. And, it does, stop it cold. He posts this at least twenty times a day, for months now. A real hero this dude is. They're getting in via Exchange ActiveSync which is pre-MFA tech. The app pw mitigates that and the Alias mitigates them not knowing the proper login email address whereas the old email no longer has login rights but it doesn't specifically SAY THAT in the docs. At least, it hasn't every time I've looked. If I'm wrong, I'll apologize. Let's move on. On pg 9 under "How State Dept Discovered the Intrusion" the report mentions that "Just purchasing the additional logging alone would not have been enough; in fact, the Board heard that few orgs analyzed the voluminous MailItemsAccessed log in detail, and such in-depth analysis would be difficult for smaller orgs" OK. The new SCF came out today mapped to NIST CSF 2.0. NOW is the time to issue guidance to smaller orgs on what to do IN LIEU OF not having the type of account which grants enhanced logging abilities. The CSET app literally shows, step by step, how to update registry locations and GPOs to comply with controls. There should be similar advice issued for smaller orgs, asap, especially since in every major cybersec report from all standard orgs which issue these sorts of reports they have named token theft as being in the Top 5 of emerging/evolving threats. Don't leave people without any options! This is an educational opportunity, wasted. I have to pause reading this here otherwise I'm not going to sleep tonight. I'm already upset. 🙁 If you're not reading the CISA report, you should be. cisa.gov/resources-tool…