Publidave

@DakotaInDC Ah great to hear!

I made my phone a dumbphone with this Apple Configurator and my life is immeasurably more enjoyable.

@UK_Daniel_Card @FuzzySec ncsc.gov.uk/blog-post/pres…

@FuzzySec That’s a great point. We need to be able to sign content don’t we……

Very impressive honestly. We urgently need cryptographic guarantees that prove authenticity of images and A/V. I don’t understand how this isn’t a huge topic except that social media platforms probably don’t want to implement his.

@DakotaInDC @Apple This person is using Apple Configurator to achieve that stopa.io/post/297

Please, @Apple. I will pay $1K for a mostly dumb phone. You don’t make money on the attention economy. Help free the people from brain rot.

@vxunderground @Oddvarmoe Where’s Waldo but with looking for a woman

@Oddvarmoe like, 60 white dudes on a boat*

A pirate ship full of hackers. What could possibly go wrong?

@j0hn__f @jukelennings No, but at some point they need an incentive to crack down on it as they still get paid for malvertising clicks

@jukelennings This one is entirely on Google IMO. Looking at our timelines, we saw this infra born at midnight, the domain itself was purchased a couple of hours earlier from namecheap and, as you highlight, the advertiser is unverified. Let's be blunt, did google need any more red flags?

Someone is using Evilginx to target customers of Onfido, part of Entrust, with a malicious Google advert that comes above the legitimate Onfido advert 🤯 Yes that us[.]com domain is actually an evilginx server - guess which advert is the malicious one

@dinodaizovi *if you have a local h100

🤯*context window of 10M tokens* that you can run locally...

@peterwildeford I’d argue SSI have slightly missed the threat model: faraday stops the phone communicating at that time, typically used to prevent wipe commands arriving. If there is malware on the phone the important bit is leaving it outside the room so it can’t record meeting.

"Candidates who secure an in-person interview are instructed to leave their phone in a Faraday cage before entering SSI’s offices" wow

@JackRhysider @fir3d0g @HackingDave I made a custom GPT that estimates from a photo the macros and outputs it in a strict json formula, then I long touch and copy it, a triple tap on my iPhone triggers the shortcut to grab json out of clipboard and parse it all into apple health

@fir3d0g @HackingDave i'm gonna train a chatgpt agent to just nag me every couple hours "whatcha eatin?" and have it track it for me

Still got 500 cals remaining. This cut is easy when you’ve gained so much muscle mass 😂. 2800 calories a day, dropping 3lbs a week.

@UK_Daniel_Card Cracks me up how many students leave hacking/it courses and have never heard of a change request

I honestly think people need to understand more about how 'business systems' work....

@DaveShapi My dude it is a superpower, when it comes to negotiation just leverage the tism. I told them I only cared about total price, if he can help me pay a lower total price by me taking additions that give him commission I’m in, got a great deal, way lower than sticker

Either I'm too autistic for car dealerships and salesmen, or these institutions are just intrinsically not autistic friendly. Like, do neurotypical people really not understand how fake, manipulative, and exploitative car dealerships are? Clearly an autistic person was not involved in the design of such a pointless, exhausting, artificial experience.

@MalwareJake Genuinely saw one phishing test a couple years back where the lure was financial and mental health support for troubles during covid, someone absolutely should have sued

PSA: nobody is checking your phish-testing lures for built-in biases, etc. If you're punishing/shaming/etc. employees failing these tests, then you're setting yourself up for employment lawsuits - and honestly, they're suits you'll probably lose.

@spoofyroot What sort of features stayed useful after the novelty period? Can see having fun for a few days but wasn’t sure I’d keep using them

A friend at Meta gave me some of the Ray-Ban Meta glasses. I've used them for a bit now and I have to say I'm quite impressed. There are some genuinely useful AI features which (sadly) is rare to see these days.

@TracketPacer Can you use hubs to beat 802.1x if you have physical access to cable going into an authenticated device or have I been hanging onto my 20yr old hub for nothin? 😅 not actually tried it. If not you’re welcome to it!

@halvarflake Biltong is pretty good protein grams per calorie

... Or 700g of skirt steak a day, and I haven't found any real food that has more than 25-30g of protein per 100g. How do people get to these numbers? It seems insane. I can comfortably do half that, but ...

@GoddenThomas “Java”

Today I learned that SIM cards have a decently powerful MCU on them and run Java.

@blackroomsec @UK_Daniel_Card I genuinely find Twitter is amazing for surfacing the stuff I need to care about, have managed to curate my follows such that good blogs, write ups etc tend to hit my feed and so I don’t need to worry about keeping on top of raw reports

My friend @UK_Daniel_Card mentioned managing threat intel feeds the other day and I would like to apologize to him for flippantly responding in a manner which suggested I had it under control. At the time I sincerely thought I did but having not checked my email in a day and now having 85 pieces of mail (which are AGGREGATED from a multitude of sources, btw), I realize this was a premature comment to make. I'm sorry, fren. I'm a dummy. ❤️ With this in mind, assuming the hacker (read: me and I'll include Dan in this and many of you, too) has tapped into every available feed out there, how is this best managed? Meaning, have any of you found a free way to get all of them in one place without repetition and for the outcome to actually be meaningful? If so, would you mind sharing please? If nothing I said is making any sense to you, that's OK, what I'm referring to is all the current news du jour about new threats, viruses, breaches, generalized cybersecurity news, generalized tech news etc. I use Mail Brew but as I'm pulling from so many sources there are so many duplicates. I'd like it to be more streamlined. Thank you for reading.

@__invictus_ And quadruple their budget? In a recession?

Does the NCA get the $10mill bounty? Seems only fair to me

@pinstripedline @NavyLookout @UKDefJournal @EngageStrategy1 @fightingsailor @IBallantyn @SSN14CO @CovertShores @SubBrief @Saturnax1 @USN_Submariner @DaveGOwen @GaskarthJamie @MarkUrban01 @gordoncorera @RoryCormac @TCHisTree maybe too

The blog may be of interest to @NavyLookout @UKDefJournal @EngageStrategy1 @fightingsailor @IBallantyn @SSN14CO @CovertShores @SubBrief @Saturnax1 @USN_Submariner @DaveGOwen @GaskarthJamie @MarkUrban01 @gordoncorera @RoryCormac among others!

Between 1980 and 1994 the Royal Navy submarine service conducted over 130 highly classified missions to gather intelligence or covert operations. Even though the files are closed, it is still possible to draw some significant conclusions from the archives. /1

@__invictus_ What’s sad/amusing is this was the original definition of zero trust by forrester, but now the term means the exact opposite

I'm going to take this a step further and say segmentation has the biggest impact on early detection of an attack. Adversaries are generally lazy in the sense that they will take the path of least resistance. 1/n

@ajMSFT @Laughing_Mantis Wiz did some great work on this wiz.io/blog/wiz-and-h…

@Laughing_Mantis Your post makes my mind race on what new r/e and forensic capabilities that’ll probably be required and the new attack surfaces. “Hey, check out this new model I downloaded. Never mind it's called FREE_CANDY. I’m sure it's fine.”

I have spent the last few weeks looking over AI startups and their historical hiring pages and what I discovered was sadly not too surprising: Out of the 42 AI startups I went thru - only 6 had ever publicly posted open direct infosec roles ever. It's gonna be a bloodbath