Overwhelmed by randomness of my toots? Protip: you don't need to follow me/people, you can just follow hashtags for interaction. I use several, like:
#InfoSec #Privacy #Venice #Food #Art #F1 #Caturday (yup) & #LazyPip #Education #Security #Photography #Motorbike & #Ducati #theNetherlands #PhotoChallenge
infosec
🚀 The CybersecKyle Community is live! A friendly Discord where security + tech meet: news breakdowns, labs, tools, cloud/automation chats, chill coffee breaks, and so much more! Beginners → pros welcome.
Read more: https://www.kylereddoch.me/blog/the-cyberseckyle-community-is-live-security-and-tech-together/
And this, kids, is why we never ever set up easy-to-guess passwords. Even in testing, even temporarily. Just pwgen it, every time.
> accessing the museum's video surveillance server required typing the all-too-obvious word: LOUVRE
If you're requiring everybody at the company to do training so you can show your auditors that everybody did the training, then you're missing the point.
The point of training is to equip people to do the right thing. If the training doesn't accomplish that, then making sure all the boxes are checked is worthless.
What problem is the training trying to solve? Is the training necessary and sufficient to solve it? If you're not answering these questions, you're doing it wrong.
#infosec #compliance
Fediverse, due to my wife's thyroid cancer returning we are relocating to Seattle (from Illinois) -- where we can receive familial support and she can get treatment.
To that end, I'm looking for #infosec jobs in the area, but I'm looking to step back from what I've been doing so I have a bit more flexibility to help her and our son. So, hybrid or even full remote, but probably not a senior level position.
I've been consulting and that's been good, but it's too unsteady and too much work on unknown schedules to continue while she is undergoing treatment. I'll also be applying through standard channels, but I hope someone here can lend a hand.
No thank you.
Sorry, I won’t even use #FaceID or that #fingerprint shite, #tech knows far too much about me as it is.
#iPhone users can now add #US #passport info to their #digital wallets
#InfoSec #privacy #BigTech #surveillance #law
https://apnews.com/article/apple-iphone-travel-passport-ae7ab15d6a32e6005d9c85def4e39737?utm_source=onesignal&utm_medium=push&utm_campaign=2025-11-13-One+Tech+Tip
Chrome now wants to store and autofill your driver’s license and other ID info.
From a cybersecurity perspective, that is a hard no from me. Info-stealer malware already targets browser autofill, and you cannot rotate a driver’s license number like a password. Putting high value IDs in the most targeted consumer app on the planet is a bad trade for a little convenience.
I wrote up why this feature is such a risky idea and what I recommend instead:
🔗 https://www.kylereddoch.me/blog/chromes-new-drivers-license-autofill-is-a-terrible-idea/
One problem with Mastodon that bothers me is that you can't change your user ID, your nickname, so to speak. To do so, you have to move your account, migrate to another account, which can be on the same instance.This comes with the inconvenience of not being able to move your posts automatically.
I had my first account in late 2016, with Mastodon newly created, shortly after my first Twitter account. I didn't use it much and then switched to this instance (infosec.exchange) to follow people and information related to infosec and bugbounty (bughuntercat).
Then I got tired of that cat and migrated to this account with my real name. I can't seem to get comfortable with this. Maybe it's my habit of hiding and my reluctance to use real personal information online.
I no longer even know who I really am, so I pretend to be someone else.
I have an account that's the oldest I have right now, and I'm tempted to move everything there. In the end, people don't really care who you are or if you even exist. It would have to be something permanent because I'm getting old and my autistic ass doesn't like so many changes at all. I've moved 45 times in my 62 years of life and it seems I have the urge to do the same with my online digital spaces. To read the work of good people who do hacking, programming, and tinkering I really like this instance with the devices, so well managed by Jerry @jerry .
I only have Mastodon and an Instagram account that I share with my wife. I know that I may not have much time left in this world since my health is plummeting like a kamikaze plane and I don't want to continue wasting my time on vain things.
I don't even know why I'm telling you this, which by right might not matter.
I want to have and live an autistic, almost monk-like life, quiet and without looking out the window at that toxic world in which I have lived for many years. Thank you for sharing your cats, memes, jokes, and your work here.
(The photo is of Hakka, my youngest cat, who is 8 years old. A tremendous rooftop fighter whom I admire. A martial artist like his human father.
#mastodon #infosec #actuallyautistic #socialmedia #socialnetwork #cats
Which version best conveys the message "ISO 8601. Every over date/time format is inferior"?
Based on different versions of the original logo I made multiple attempts. One of them will become a sticker. White on red, Blue on White or White on Blue?
#iso8601 #iso8601ultras #stickerart #39c3 #infosec #stickers #bestpractice
Edited 31d ago
Urgent Call for EU Legislative Protection of Core Internet Security Infrastructure
A letter from our General Manager @f0r573r
I read the serious discussions about ‘who eavesdropped on Ushakov and Dmitriev’ and can’t help but chuckle to myself.
All these deliberations about whether it was the NSA or GCHQ are based on the assumption that Ushakov had to use a secure means of communication. Had to… because why exactly?
Because politicians are renowned for their unwavering commitment to adhering to rules, including #OPSEC? But they are not.
Let us recall the US and European leaders who, in #Ukraine Kyiv in 2013, happily chatted on the phone and were recorded (‘Nuland–Pyatt call’).
Shortly afterwards, Sergei Glazyev from the #Russia presidential administration did the same and was recorded… by the new SBU (‘Glazyev tapes’, much less well-known but much more devastating).
In summary, if one can generalise the concept of high-level politics in #infosec matters, it is that those in power do not apply the rules to themselves and do not learn from their mistakes precisely because they are in power.
In short, Hanlon’s razor applies.
It's time for a re- #introduction since this instance has changed a lot since being launched.
This instance was set up for testing and playing with Internationalized Domain Names. That experiment has mostly been a success and I've now migrated away from my once-main instance.
I'm a former software developer of over 20 years, working primarily in #opensource and #telephony. I now do #cybersecurity as a profession, after starting to do cybersecurity research as a hobby about a year ago.
In the last year, I've found and disclosed several dozen #vulnerabilities in #govtech platforms like #court and #voter registration systems, which have gotten a not insignificant amount of press coverage. Those disclosures can all be seen at https://govtech.cc
Beyond my #infosec postings, you'll typically find nonsense that I find funny; sometimes I might even say stuff that other people find amusing.
I once self-published a book that I've never read called The Consequences of Being Right (ISBN 979-8880045068). It was entirely written by ChatGPT and was published because I thought it was stupid and funny. Miraculously, I've managed to sell two copies, neither of which have been returned.
I'm #ActuallyAutistic and #ADHD, which is sometimes apparent.
All of my other links and socials can be found at https://linktr.ee/northantara
Slack's signin procedure is the digital equivalent of boarding an airplane, "security"wise.
One of my favorite "security challenges" is the "verify your email" one. By this point my email has been verified so many times it should have top secret clearance.
#SecurityTheater #cybersecurity #infosec #Slack #tech #dev
One of my favorite "security challenges" is the "verify your email" one. By this point my email has been verified so many times it should have top secret clearance.
#SecurityTheater #cybersecurity #infosec #Slack #tech #dev
If you are a US-based organisation working in support of human rights and/or the environment looking to swiftly migrate your server infrastructure and data to safer soil, get in touch.
We have extensive experience helping frontline at-risk orgs find a safer home for their work, on their terms and under their control, with a particular focus on hosting in jurisdictions with robust data-protection laws.
Pass it on.
Our team at @censys has studied Internet exposure of #ICS for the better part of a year, learning more about the products, protocols, and nuances of this space.
Today I'm excited to share our third annual ✨State of the Internet Report detailing what we've learned! A few highlights:
🛜 Most ICS protocols and HMIs we've observed run on 5G/LTE (e.g., Verizon) or SOHO/business-grade ISPs (e.g., Comcast). We initially observed this in the U.S. and in this most recent research found that it's a global phenomenon. This surprised me initially, but industrial devices often need to run in places where a wired connection might not be available. While great for connectivity, use of such networks makes it often impossible to determine who owns or operates a given service, as the host metadata points back to the telco itself.
💧 Analysis of over 200 C-More human-machine interfaces (HMIs) revealed over a third appear to be related to water and wastewater systems (WWS). WWS has seen increased targeting over the last ~year, and these exposures suggest still more work is needed to adequately protect and defend this sector.
⛔️ We found nearly 200 hosts globally running HMIs alongside products banned by U.S. NDAA Section 889. While this act applies only to a specific set of operators within the U.S. federal government, it's interesting to note what technologies operators implement alongside potentially critical services.
You can find a copy of the report with all the details here! 👇
Colleagues have implemented TOTP as a second authentication factor on the virtual machines in the data center! 👏
But they were almost recommending that people use the Google Authenticator app... 😶🌫️
🇧🇷🇵🇹 Os colegas implantaram TOTP como segundo fator de autenticação nas máquinas virtuais do centro de dados! 👏
Mas estavam quase recomendando que a galera usasse o aplicativo Google Authenticator... ⛈️
#InfoSec #TOTP #security #segurança #BigTech #cloud #nuvem
But they were almost recommending that people use the Google Authenticator app... 😶🌫️
🇧🇷🇵🇹 Os colegas implantaram TOTP como segundo fator de autenticação nas máquinas virtuais do centro de dados! 👏
Mas estavam quase recomendando que a galera usasse o aplicativo Google Authenticator... ⛈️
#InfoSec #TOTP #security #segurança #BigTech #cloud #nuvem
Back on my boring post grind to document my learning.
New #Blog post going through a #TryHackMe challenge. This time detecting two different attack types with snort!
https://ligniform.blog/posts/snort-live-attacks/
💜 🌱
Não basta ter que aceitar executar #JavaScript privativo "simples": você mal consegue abrir a página sem tentarem rodar #WebGL na sua máquina sabe-se lá com que propósito? 🚫 Não, obrigado, vou tentar comprar o sacão de ração pros bichanos nos concorrentes que não chegam a tanto. 💸
Normalmente, é com WebGL que conseguem extrair dados infalíveis de identificação da sua máquina. No mínimo, deve ser essa a ideia, e o #Librewolf até consegue simular alguns dados para evitar a exposição, mas, assim, não dá pra confiar nesse site se já parte pra esse lado: como dizem mais ou menos assim (com eufemismo aqui), mal cumprimentou e já quer me levar pra cama? Nem os bancos que tenho usado são tão abusados! É :ciladaBino: !
#NoScript #Privacidade #InfoSec #Shopee
Normalmente, é com WebGL que conseguem extrair dados infalíveis de identificação da sua máquina. No mínimo, deve ser essa a ideia, e o #Librewolf até consegue simular alguns dados para evitar a exposição, mas, assim, não dá pra confiar nesse site se já parte pra esse lado: como dizem mais ou menos assim (com eufemismo aqui), mal cumprimentou e já quer me levar pra cama? Nem os bancos que tenho usado são tão abusados! É :ciladaBino: !
#NoScript #Privacidade #InfoSec #Shopee
🐦🔥nemo™🐦⬛ 🇺🇦🍉🚨 Beware! Hackers are now sending phishing emails from “no-reply@google.com” by abusing Google’s OAuth apps & notification system. These legit-looking emails can trick even tech-savvy users! 🕵️♂️ Always double-check links & sender details. Stay safe online! 🔐 #CyberSecurity #PhishingAlert #Google #InfoSec #StaySafe #TechRadar
THIS is how Google Maps wants to "calibrate"??
Oh HELL NO!
I'm giving you GPS and I can do the figure 8 sillyness if I need to but give you access to my *camera* to take pics and send them to Google???
Are people really doing this shit?!
AMERICAN PANOPTICON
The #Trump admin is pooling #data on Americans. Experts fear what comes next.
by Ian Bogost & Charlie Warzel
If you were tasked with building a #panopticon, your design might look a lot like the #information stores of the US federal govt—a collection of large, complex agencies, each making use of enormous volumes of data provided by or collected from #citizens.
#law #privacy #InfoSec #AmericanAutocracy #tech #DOGE #Musk #surveillance
https://www.theatlantic.com/technology/archive/2025/04/american-panopticon/682616/?gift=guxsrl_dAdXUP9zqbQPWxc3WqSyzCi3gasJ-au_BC9g&utm_source=copy-link&utm_medium=social&utm_campaign=share
Edited 240d ago
It still seems hard to believe, but in the last #Congress, the #House #Republican majority formally launched an #impeachment inquiry against Joe #Biden. The endeavor never made any sense, but the underlying allegation was that the Democratic president was somehow the beneficiary of a weird #bribery scheme.
#law #Constitution #EmolumentsClause #ForeignAsset #Compromised #NationalSecurity #InfoSec #Trump #crypto #grift
https://www.msnbc.com/rachel-maddow-show/maddowblog/trumps-controversial-meme-coin-contest-proves-predictably-profitable-p-rcna203293
#Whistleblower details how #DOGE may have taken sensitive #NLRB data
In the first days of March, a team of advisers from #Trump's new Department of Government Efficiency initiative arrived at the Southeast Washington, DC, headquarters of the National Labor Relations Board.
The small, independent federal agency investigates & adjudicates complaints about unfair #labor practices.
#law #InfoSec #privacy #NationalSecurity #Musk
https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-musk-spacex-security
Senior #State Department official sought internal communications with #journalists, #European officials, & Trump #critics
#Trump appointee Darren Beattie requested records regarding a large list of high-profile names, organizations, & #RightWing buzzwords for a “#TwitterFiles” style document dump about alleged conservative censorship.
#law #FirstAmendment #FreeSpeech #FreePress #privacy #InfoSec #democracy #RevengePolitics
https://www.technologyreview.com/2025/05/01/1115988/senior-state-department-official-sought-internal-communications-with-journalists-european-officials-and-trump-critics/
This is fucking dystopian and we should all be fucking horrified that this shit is happening.
I've become kind of inured recently to horrifying, dystopian shit, and this still shocks me.
We aren't "at risk" of living in a police state. We _are_ living in a police state.
That's been true for BIPOC forever, and now it's catching up with the rest of us because we let it happen to them.
h/t @josephcox
#infosec #privacy #policeState
https://www.404media.co/license-plate-reader-company-flock-is-building-a-massive-people-lookup-tool-leak-shows/