Sabitlenmiş Tweet
Registered on Bluesky, if I know you and you're posting over there give me a follow and I'll follow you back again.
English
Carl Johnstone
6.7K posts
Getting the Xmas ham ready while prepping the fish for today’s dinner.
English
Carl Johnstone retweetledi
@OrwellNGoode We I.T. folks have manual door locks, no appliances on the WIFI, no ring cameras, no Alexa or Google Home to listen in all the time. We use VPN's, nothing with windoze on it, and custom firmware on the router. If we, the experts, do this; ask yourself why that is.
English
Carl Johnstone retweetledi
Dit dus.
Is parodie. Maar wel verdomd serieus.
Jonathan Pie@JonathanPieNews
Trump wins the White House. Again. The Democrats blew it. Again. A depressing yet predictable result.
Nederlands
English
@JonathanPieNews What if a Republican elector ends up not electing Trump?...
English
@WigglePig @synx508 @devnetsecops @alexbloor Those policies are designed to appeal to specific voters, who believe that education was better back in the good old days, when it was all exams. They're not based on any evidence of what works better from an educational point of view.
English
I mean this is undesirable but hardly new.
A Minister for Education who has never been a teacher and reports to a a Prime Minister who has never been a teacher and is advised by civil servants who have never been teachers - is about to advise teachers how to teach.
Alan Smith@AlanJLSmith
A chancellor who has never run a business and reports to a prime minister who has never run a business and is advised by civil servants who have never run a business - is about to advise business owners how to run a business.
English
Carl Johnstone retweetledi
@PBulteel @_chrisdunne @Scott_Helme Yes waiting for the software to be updated to incorporate an Acme client is the fix. The post I replied too suggested you could magically fix it by moving your software to the cloud.
English
@carljohnstone @_chrisdunne @Scott_Helme By asking the vendor to implement an Acme client. I have started to see this on some enterprise applications. My hope is they don't "lock it down" to only public CAs like let's encrypt, but allow you to use Acme with your internal CA (like step-ca or hashicorp vault.)
English
After stalling out on our progress in recent years, we finally have the first signs of movement to continue the reduction in certificate lifetime!
scotthelme.co.uk/are-shorter-ce…
English
@Scott_Helme @_chrisdunne @PBulteel I'm not saying that any of this is bad, will personally be really happy when we are at 45 days and it's all fully automated. Just pointing out that the change here will impact orgs with lots of Enterprise IT solutions faster than the software will adapt.
English
@Scott_Helme @_chrisdunne @PBulteel It's not really a public web site problem, that stuff is easily automated. However most Enterprise IT is web based these days, and because of the changes in the browser UX, you have to use TLS for everything internally these days to avoid the warnings etc.
English
@Scott_Helme @_chrisdunne @PBulteel These are certs so that business users can access the non-admin functions of the software via a browser. It's basically a web app, but comes as a packaged piece of software. I've seen products that don't provide a key, just generate a CSR for you to take to your CA.
English
@carljohnstone @_chrisdunne @PBulteel But if the certificate is in there, then the private key is in there too, right? Are these your own keys and certs you’re installing for some TLS function, or provided by the vendor?
English
@_chrisdunne @PBulteel @Scott_Helme How does a cloud provider update the cert inside a proprietary piece of software?
English
English
@PBulteel @_chrisdunne @Scott_Helme My concern is the software that's been designed in a way that makes it near impossible to automate cert rotation. Given typical software release/upgrade cycles, IT teams are going to be stuck picking up the burden with those systems in the short term.
English
@_chrisdunne @Scott_Helme I'm not. It means companies have to figure out how to automate (even if we already have tons of clients that do it) and those that sell certs will have to change their pricing because who's going to pay £100 for a cert every 45 days (or less since they should renew before then)
English
English
@Geddonz Possibly by studying the cone cells in their eyes?
English
Carl Johnstone retweetledi
Dyson abandons libel claim against Channel 4 News report
English
Carl Johnstone retweetledi
In April, @samwcyo and I discovered a way to bypass airport security via SQL injection in a database of crewmembers. Unfortunately, DHS ghosted us after we disclosed the issue, and the TSA attempted to cover up what we found.
Here is our writeup:
ian.sh/tsa
English
@stebets @Scott_Helme @troyhunt @reporturi We've actually moved to one-off credit cards, that are generated explicitly for the thing you want to buy.
English
English
Credit cards are easy. They're ubiquitous, work in-person, online, from your phone or your wrist and instantly assure the receiving party will be paid and can thus exchange a product. SO WHY IS THIS SO DAMN HARD?! On procurement, resellers and Stripe: troyhunt.com/the-trouble-wi…
English
@Scott_Helme @stebets @troyhunt @reporturi You're both talking to somebody who has to live with it, rather than someone who writes the policy. Amusingly, the parallels with IT security are massive. Having to request permission before being able to gain privs, because there's a risk, so somebody wrote a policy.
English
@stebets @carljohnstone @troyhunt @reporturi You can get approval before spending on a card, no?
“Hey boss, can I use the card to spend x on y?”
English