Overwhelmed by randomness of my toots? Protip: you don't need to follow me/people, you can just follow hashtags for interaction. I use several, like:
#InfoSec #Privacy #Venice #Food #Art #F1 #Caturday (yup) & #LazyPip #Education #Security #Photography #Motorbike & #Ducati #theNetherlands #PhotoChallenge
infosec
🚀 The CybersecKyle Community is live! A friendly Discord where security + tech meet: news breakdowns, labs, tools, cloud/automation chats, chill coffee breaks, and so much more! Beginners → pros welcome.
Read more: https://www.kylereddoch.me/blog/the-cyberseckyle-community-is-live-security-and-tech-together/
And this, kids, is why we never ever set up easy-to-guess passwords. Even in testing, even temporarily. Just pwgen it, every time.
> accessing the museum's video surveillance server required typing the all-too-obvious word: LOUVRE
If you're requiring everybody at the company to do training so you can show your auditors that everybody did the training, then you're missing the point.
The point of training is to equip people to do the right thing. If the training doesn't accomplish that, then making sure all the boxes are checked is worthless.
What problem is the training trying to solve? Is the training necessary and sufficient to solve it? If you're not answering these questions, you're doing it wrong.
#infosec #compliance
Fediverse, due to my wife's thyroid cancer returning we are relocating to Seattle (from Illinois) -- where we can receive familial support and she can get treatment.
To that end, I'm looking for #infosec jobs in the area, but I'm looking to step back from what I've been doing so I have a bit more flexibility to help her and our son. So, hybrid or even full remote, but probably not a senior level position.
I've been consulting and that's been good, but it's too unsteady and too much work on unknown schedules to continue while she is undergoing treatment. I'll also be applying through standard channels, but I hope someone here can lend a hand.
It's time for a re- #introduction since this instance has changed a lot since being launched.
This instance was set up for testing and playing with Internationalized Domain Names. That experiment has mostly been a success and I've now migrated away from my once-main instance.
I'm a former software developer of over 20 years, working primarily in #opensource and #telephony. I now do #cybersecurity as a profession, after starting to do cybersecurity research as a hobby about a year ago.
In the last year, I've found and disclosed several dozen #vulnerabilities in #govtech platforms like #court and #voter registration systems, which have gotten a not insignificant amount of press coverage. Those disclosures can all be seen at https://govtech.cc
Beyond my #infosec postings, you'll typically find nonsense that I find funny; sometimes I might even say stuff that other people find amusing.
I once self-published a book that I've never read called The Consequences of Being Right (ISBN 979-8880045068). It was entirely written by ChatGPT and was published because I thought it was stupid and funny. Miraculously, I've managed to sell two copies, neither of which have been returned.
I'm #ActuallyAutistic and #ADHD, which is sometimes apparent.
All of my other links and socials can be found at https://linktr.ee/northantara
If you are a US-based organisation working in support of human rights and/or the environment looking to swiftly migrate your server infrastructure and data to safer soil, get in touch.
We have extensive experience helping frontline at-risk orgs find a safer home for their work, on their terms and under their control, with a particular focus on hosting in jurisdictions with robust data-protection laws.
Pass it on.
Our team at @censys has studied Internet exposure of #ICS for the better part of a year, learning more about the products, protocols, and nuances of this space.
Today I'm excited to share our third annual ✨State of the Internet Report detailing what we've learned! A few highlights:
🛜 Most ICS protocols and HMIs we've observed run on 5G/LTE (e.g., Verizon) or SOHO/business-grade ISPs (e.g., Comcast). We initially observed this in the U.S. and in this most recent research found that it's a global phenomenon. This surprised me initially, but industrial devices often need to run in places where a wired connection might not be available. While great for connectivity, use of such networks makes it often impossible to determine who owns or operates a given service, as the host metadata points back to the telco itself.
💧 Analysis of over 200 C-More human-machine interfaces (HMIs) revealed over a third appear to be related to water and wastewater systems (WWS). WWS has seen increased targeting over the last ~year, and these exposures suggest still more work is needed to adequately protect and defend this sector.
⛔️ We found nearly 200 hosts globally running HMIs alongside products banned by U.S. NDAA Section 889. While this act applies only to a specific set of operators within the U.S. federal government, it's interesting to note what technologies operators implement alongside potentially critical services.
You can find a copy of the report with all the details here! 👇
Colleagues have implemented TOTP as a second authentication factor on the virtual machines in the data center! 👏
But they were almost recommending that people use the Google Authenticator app... 😶🌫️
🇧🇷🇵🇹 Os colegas implantaram TOTP como segundo fator de autenticação nas máquinas virtuais do centro de dados! 👏
Mas estavam quase recomendando que a galera usasse o aplicativo Google Authenticator... ⛈️
#InfoSec #TOTP #security #segurança #BigTech #cloud #nuvem
But they were almost recommending that people use the Google Authenticator app... 😶🌫️
🇧🇷🇵🇹 Os colegas implantaram TOTP como segundo fator de autenticação nas máquinas virtuais do centro de dados! 👏
Mas estavam quase recomendando que a galera usasse o aplicativo Google Authenticator... ⛈️
#InfoSec #TOTP #security #segurança #BigTech #cloud #nuvem
Back on my boring post grind to document my learning.
New #Blog post going through a #TryHackMe challenge. This time detecting two different attack types with snort!
https://ligniform.blog/posts/snort-live-attacks/
💜 🌱
Não basta ter que aceitar executar #JavaScript privativo "simples": você mal consegue abrir a página sem tentarem rodar #WebGL na sua máquina sabe-se lá com que propósito? 🚫 Não, obrigado, vou tentar comprar o sacão de ração pros bichanos nos concorrentes que não chegam a tanto. 💸
Normalmente, é com WebGL que conseguem extrair dados infalíveis de identificação da sua máquina. No mínimo, deve ser essa a ideia, e o #Librewolf até consegue simular alguns dados para evitar a exposição, mas, assim, não dá pra confiar nesse site se já parte pra esse lado: como dizem mais ou menos assim (com eufemismo aqui), mal cumprimentou e já quer me levar pra cama? Nem os bancos que tenho usado são tão abusados! É :ciladaBino: !
#NoScript #Privacidade #InfoSec #Shopee
Normalmente, é com WebGL que conseguem extrair dados infalíveis de identificação da sua máquina. No mínimo, deve ser essa a ideia, e o #Librewolf até consegue simular alguns dados para evitar a exposição, mas, assim, não dá pra confiar nesse site se já parte pra esse lado: como dizem mais ou menos assim (com eufemismo aqui), mal cumprimentou e já quer me levar pra cama? Nem os bancos que tenho usado são tão abusados! É :ciladaBino: !
#NoScript #Privacidade #InfoSec #Shopee
🐦🔥nemo™🐦⬛ 🇺🇦🍉🚨 Beware! Hackers are now sending phishing emails from “no-reply@google.com” by abusing Google’s OAuth apps & notification system. These legit-looking emails can trick even tech-savvy users! 🕵️♂️ Always double-check links & sender details. Stay safe online! 🔐 #CyberSecurity #PhishingAlert #Google #InfoSec #StaySafe #TechRadar
THIS is how Google Maps wants to "calibrate"??
Oh HELL NO!
I'm giving you GPS and I can do the figure 8 sillyness if I need to but give you access to my *camera* to take pics and send them to Google???
Are people really doing this shit?!
AMERICAN PANOPTICON
The #Trump admin is pooling #data on Americans. Experts fear what comes next.
by Ian Bogost & Charlie Warzel
If you were tasked with building a #panopticon, your design might look a lot like the #information stores of the US federal govt—a collection of large, complex agencies, each making use of enormous volumes of data provided by or collected from #citizens.
#law #privacy #InfoSec #AmericanAutocracy #tech #DOGE #Musk #surveillance
https://www.theatlantic.com/technology/archive/2025/04/american-panopticon/682616/?gift=guxsrl_dAdXUP9zqbQPWxc3WqSyzCi3gasJ-au_BC9g&utm_source=copy-link&utm_medium=social&utm_campaign=share
Edited 200d ago
It still seems hard to believe, but in the last #Congress, the #House #Republican majority formally launched an #impeachment inquiry against Joe #Biden. The endeavor never made any sense, but the underlying allegation was that the Democratic president was somehow the beneficiary of a weird #bribery scheme.
#law #Constitution #EmolumentsClause #ForeignAsset #Compromised #NationalSecurity #InfoSec #Trump #crypto #grift
https://www.msnbc.com/rachel-maddow-show/maddowblog/trumps-controversial-meme-coin-contest-proves-predictably-profitable-p-rcna203293
#Whistleblower details how #DOGE may have taken sensitive #NLRB data
In the first days of March, a team of advisers from #Trump's new Department of Government Efficiency initiative arrived at the Southeast Washington, DC, headquarters of the National Labor Relations Board.
The small, independent federal agency investigates & adjudicates complaints about unfair #labor practices.
#law #InfoSec #privacy #NationalSecurity #Musk
https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-musk-spacex-security
Senior #State Department official sought internal communications with #journalists, #European officials, & Trump #critics
#Trump appointee Darren Beattie requested records regarding a large list of high-profile names, organizations, & #RightWing buzzwords for a “#TwitterFiles” style document dump about alleged conservative censorship.
#law #FirstAmendment #FreeSpeech #FreePress #privacy #InfoSec #democracy #RevengePolitics
https://www.technologyreview.com/2025/05/01/1115988/senior-state-department-official-sought-internal-communications-with-journalists-european-officials-and-trump-critics/
This is fucking dystopian and we should all be fucking horrified that this shit is happening.
I've become kind of inured recently to horrifying, dystopian shit, and this still shocks me.
We aren't "at risk" of living in a police state. We _are_ living in a police state.
That's been true for BIPOC forever, and now it's catching up with the rest of us because we let it happen to them.
h/t @josephcox
#infosec #privacy #policeState
https://www.404media.co/license-plate-reader-company-flock-is-building-a-massive-people-lookup-tool-leak-shows/
A centralized intelligence database on all Americans is not inherently legal.
It likely breaks the Privacy Act of 1974, the Foreign Intelligence Surveillance Act (FISA), the 1st, 4th and 5th Amendments.
This must be stopped. Contact your Senators and Representative and ask them to stop it. I use @5calls to call mine.
https://newrepublic.com/post/195904/trump-palantir-data-americans
The Russians aren't coming, they are already here. Without most anyone realizing, they've created an entire malicious adtech industry whose story is just as complex as the Chinese organized crime we're now realizing from their ventures into pig butchering.
VexTrio is just one Russian organized crime group in the malicious adtech world, but they are a critical one. They have a very "special" relationship with website hackers that defies logic. I'd put my money on a contractual one. all your bases belong to russian adtech hackers.
Today we've released the first piece of research that may eventually prove whether I am right. This paper is hard. i've been told. I know. We've condensed thousands of hours of research into about 30 pages. @briankrebs tried to make the main points a lot more consumable -- and wrote a fabulous complimentary article : read both!
There's so much more to say... but at the same time, between ourselves and Brian, we've released a lot of lead material ... and there's more to come. I've emphasized the Russian (technically Eastern European) crime here, but as Brian's article points out there is a whole Italian side too. and more.
We've given SURBL, Spamhaus, Cloudflare, Domain Tools, several registrars, and many security companies over 100k domains. They are also posted on our open github.
Super thanks to our collaborators at Qurium, GoDaddy Sucuri Security, and elsewhere.
#threatintel #scam #tds #vextrio #cybercrime #cybersecurity #infosec #dns #infoblox #InfobloxThreatIntel #malware #phishing #spam
https://krebsonsecurity.com/2025/06/inside-a-dark-adtech-empire-fed-by-fake-captchas/
My previous intro post was a few years old, so behold, new intro post:
Mike. Live in the Seattle area having grown up in the UK as a full blown British. Have a wife (incredible), child (boy), and three dogs (golden retriver/cream retriver/fuck knows).
I work in information security, something I have done for about 20 years. By day I run corporate security, enterprise IT and various other bits and pieces for an EV charging startup. I am big into EV's and currently drive one that is not a Tesla. I want an electric motorbike, so if anyone has a spare one please send it.
I also have a company of my own, Secure Being (https://securebeing.com), which does pen testing and digital forensic work - it's my way of staying super hands on while still doing the management bits on the career path.
I have written books about information security things. Five of them. Two are non-fiction textbooks, and three are fiction based on real world #infosec things. Check out https://infosecdiaries.com and your local bookstore to find them, just search for my name. I have been trying to write more stuff, but always seem to find myself distracted by other things, such as work. linktr.ee/secureowl has some mini stories I've written.
I love radio and everything RF. I have lots of antennas and various scanners and radios on my desk. I love intercepting and decoding things, like digital radio protocols.
I am a big aviation nerd. I always wanted to be a commercial pilot. I gained my private pilots license in the UK at 17, all self funded by my employment at the local Safeway/Morrisons store. I did the sim test and commercial assessments, but for some reason, at 18, I was unable to find the £100k needed to complete the commercial training, so I did computers. But do not worry, because those computers and love of aviation and radio/RF combined, and I run a project called ACARS Drama. https://acarsdrama.com has all the details.
I play guitar and am a big guitar/audio nerd as well. I record music under the moniker Operation: Anxiety, https://operationanxiety.com - the music is on all the normal places.
Finally, I am a massive fan of motorsport. I believe I have watched every F1 race for the last 30 years, maybe 25. I also follow F2, FE, Indycar and MotoGP closely. I average around 18 hours of Le Mans 24 hour racing watching per year.
So there you have it. If you are looking for a thought leader on the topics mentioned above, you've come to the wrong place - because this is where I shitpost, and shitposting is cheap therapy.
#infosec #dfir #pentesting #acars #vdlm2 #sdr #rf #f1 #seattle #introduction
Apparently there exists a system for deep dredging of public Internet data about specific people, called #Hermes, and it was bought by the Polish national prosecutor's office in 2021.
Seems like it was sold by the #NSOGroup, but they were only a reseller for another, unnamed Israeli company.
There's been quite the brouhaha about it in Polish media, but it's kinda difficult to find any mentions of it anywhere outside Poland.
Weird.
Does anyone have any info on this?
Edited 168d ago
Ummmm…
Not okay.
The #USArmy has announced that it is swearing in 4 #tech execs from #Palantir, #Meta, #OpenAl, & #ThinkingMachinesLab — as #ArmyReserve lieutenant colonels.
🎞️ A developer managed to reverse pixelation in video using FFmpeg, GIMP and edge detection - no AI involved.
By analyzing motion and edges across frames, they could reconstruct original content from blurred areas.
It’s a reminder: pixelation is visual, not secure.
🛠️ Code & demo: https://github.com/KoKuToru/de-pixelate_gaV-O6NPWrI
#infosec #opensource #ffmpeg #linux #osint #devtools #technews
... Se rodassem o sistema da cilada na AWS, seria mais verossímil! 😹