Jan Hertsens

Moved to : bsky.app/profile/obijan… See y'all over there!

@CalebCox23 @BernieSanders Yeah, he may be an apartheid funded Nazi, but at least he is blatantly clear about what he is doing with his unelected presidency!

@BernieSanders Bezos and Zuck don’t have the kind of power Elon has. Elon has proven unapologetic beliefs that have been in plain sight his whole career. The other two are way more secretive

When I started talking about Oligarchy, many people didn't understand what I meant. Well, that's changed. When the 3 wealthiest men in America sit behind Trump at his inauguration, everyone understands that the billionaire class now controls our government. We must fight back.

@johoshua @SGgrc I've never seen a government cry of "THINK OF THE CHILDREN!!!" that wasn't a blatant power grab. Not even going to debate here. If you are a listener of the podcast, or even moderately fluent in infosec, you can easily come with 8 different ways in which this law is bad/stupid

Steve I'm not quite sure what you're trying to promote saying that minors need encryption so predators can contact them secretly and the whole thing about they haven't done it in the past you apparently missed the whole Senate hearing on meta and Instagram and Facebook being huge centers of child trafficking but hey I guess it's more important for your encryption push right? #disgusting

“Web Portal? Yes Please!” Security Now #963 show notes: grc.com/sn/sn-963-note… Nevada wants to ban E2EE for minors, IT pros have a tough job, Chrome gets an Edge, online services selling our info, LockBitten, another horrible web portal mistake, SpinRite 6.1 released & feedback

@SGgrc @SGgrc : Regarding password policies codified: It already exists: developer.1password.com/docs/web/compa… #password-rules" target="_blank" rel="nofollow noopener">github.com/apple/password…

Dear @PayPal @AskPayPal : Why are passkeys not supported on Chrome? And before you blame my setup: Why is the FAQ missing? #infosec #passkeys

@Travis_in_Flint I heard that Elon was going to pay for anybody that got sued because of what they posted on twitter. So.... He's going to be paying for both sides then?

@B0risR @Jitokeze @elonmusk Meanwhile, here in reality C-137, we have disposable and virtual credit cards and APIs that circumvent all that in seconds. The "Internet Research Agency" has budget for a bunch of $7 purchases.

Starting April 15th, only verified accounts will be eligible to be in For You recommendations. The is the only realistic way to address advanced AI bot swarms taking over. It is otherwise a hopeless losing battle. Voting in polls will require verification for same reason.

@Barryspar @jakesyma @LastPass @WIRED @lilyhnewman It's HEX. github.com/cfbao/lastpass…

@jakesyma @LastPass @WIRED @lilyhnewman The proprietary format was probably pit latin. Upersay ecuresay!

We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate GoTo. Customer passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture. More info: bit.ly/3gLH2i0

@jakesyma @LastPass @WIRED @lilyhnewman As for 3: The "proprietary binary format" for the "unencrypted vault data" is.... HEX. So the hackers can focus password cracking on vaults that have coinbase or the like accounts. It's super effective.

@LastPass @WIRED @lilyhnewman I feel like #2 has *probably* already been answered (at least roughly), but... perhaps not quite to everyone's satisfaction.

@jakesyma @LastPass @WIRED @lilyhnewman Reference please? It matters, because people change passwords and iteration counts, and I want to know my exposure.

@LastPass When are we getting ANY more details? Whose vaults were stolen? What was the age of the backups? Anything?

@RickRun @Abraham09870588 @LastPass No. In this case, the attackers got the customers vaults already and can start cracking directly. BTW: All the website URLs are in plaintext, so you better not have anything "embarrassing" in there! 🤬🤬🤬

@ImJosefRakich @TheRobKennedy @LastPass 2FA is totally irrelevant because the attackers stole the actual vault files. They don't need to download them again. Also note that LP never updates the iteration count for old customers. The more loyal you were, the more danger you have.

@TheRobKennedy @LastPass So how exactly did the hackers get your master pass though? Also did you not have 2FA turned on?

Just noticed: @1Password just upped their PBKDF2 rounds to 650K, probably in response to @LastPass fiasco. @SGgrc

Wow @Starbucks, seems like your only innovations these years are "Lets make loyal customers pay 25 to 50% more stars!". Make sure to give the marketing team a great bonus!

@polmesegue @Namecheap Has it EVER been associated to a whois? There's plenty of places that scraped whois data who's data ended up on the dark web.

Hey @Namecheap, I suspect of a data breach on your side. I am receiving spam in the email address I have associated with my account. This is an alias email, only used in Namecheap. I don't have any domain with you, so my email can't be found on a WhoIs.

Dear @Fidelity : Why do you go out of your way to make your password security horrible? #infosec #shaming

@angularlicious @TanmayT26210511 @maxlynch Lastpass can autofill those fields directly for you, in most cases.

@TanmayT26210511 @maxlynch I’m usually pasting from LastPass…should be OK, right???

@TanmayT26210511 @lukeisandberg @maxlynch FTR: Do you think this is a good idea? Sabotaging user experience and ineptly trying to disable password managers makes you part of the problem set in my book.

@lukeisandberg @maxlynch It's just so that user enters id and password again manually so there is less chance of making a mistake you can write a small typo and then again paste it so think of like your id and password will be wrongly generated typing twice a much less chance if making a mistake

@maxlynch Tip: Devs stupid enough to stop paste usually are too stupid to disable drag and drop of text as well. Put text in a different field, select it, Ctrl-Drag it to the other field to copy it.