Security Errata

I am verifying that @hexwaxwing's new account is now @0xwxwng. I have authenticated her identity, so as not to cause any doubt or confusion. She locked herself out of her old account in 2021 and wanted her identity to be verified for this account.

Reminder! Anyone can write a blog / article exposing bad actors, be it threat actors or 'infosec' bad actors. Cross your T's, dot your I's, consult your lawyers (seriously). But it isn't as difficult as people think, and the more that do it, the harder it is for the bad ones.

This has long been concern for victims of domestic violence/stalking who risk escalating prob when they discover they're being tracked and disable it. Security people who help victims remove spyware from their phones have to be careful about this risk people.com/man-allegedly-…

Got email this wk from writer who got laid off from job and wanted advice to go freelance. My advice: Never sign 1st contract they give you. Always negotiate better terms or write for pub that will give better terms. They do exist and the editors tend to be nicer, more respectful

Read this thread. Resiliency is the new landscape. One and done "hacks" are not how the world works.

STOP POSTING FAKED STUNT HACKS! Remember the guy "smoking" his power meter with a Flipper? Yet another faked video! The guy (Peter Fairlie) had extra meters setup on the side of his house for this, & these meters can't do what is shown anyway. youtube.com/watch?v=QmNAA2…

“A Survivor’s Guide to Talking About Sexual Assault: The Quick List of Do’s and Don’ts” by Ariel Robinson link.medium.com/HBLBVT1TuAb Hey ⁦@HushCon⁩ ! Here’s a resource

A popular newspaper in Switzerland claims that the rise of successful cyber attacks is because we do not talk about them. This is utter rubbish. They are possible because management doesn’t care and wants to optimize profits. That’s the main reason. Everything else is a lie.

Forbes just created a top 200 list of the most secure companies. This will end badly. H/T @mikepsecuritee forbes.com/lists/most-cyb…

Stunning details in this FTC settlement with Amazon’s Ring security camera company. Employee viewed 1000s of videos from women’s bathrooms & bedrooms. Hackers used two-way functionality to taunt children with racist slurs, sexually proposition owners. Family threatened for ransom

XDR companies trade for billions & we can't protect against "wmic, ntdsutil, netsh, and PowerShell." #weak Test your tools, learn your gaps and fix them. Focus on resiliency not some vendor pitch. If you can't go hunt these TTP's right now you're blind. cisa.gov/news-events/cy…

TL;DR: Skytalks has regretfully decided to not participate in DEF CON 31. For our full statement, read our full blog here: skytalks.info/skytalks-2023-…

@Turbo81 Things more dangerous to the electric sector than cyber:

Kelly's family wishes to prevent rumors on circumstances of her passing from being spread. Kelly did not take her own life, but passed due to progressed critical illness, in a hospitalized setting surrounded by her family.

🔥 take: I take a lot of notes on who in the security industry pops off on the current zeitgeist without _any_ actual knowledge of the situation. Nuance means so much in security… to bloviate by “reading between the lines” is irresponsible.

Much like cDc and them bragging about their lies during the 90's and 00's, gloating at how they deceived the media.

'Ethical hacker' among ransomware suspects cuffed by Dutch cops reg.cx/47zR?utm_sourc…

I don't have a CISSP mostly because I'd be too embarrassed. To pass the test, you have to claim things that are false. For example, from this official study guide, the entire page is complete nonsense -- none of it's true.

I cannot describe the agony of resetting/losing a phone that had your Authentication app on it. I’m four hours in to an absolute disaster of an evening that will stretch so long. 2FA apps NEED to have multi-device access