The best movie ever with an Information Security theme is now available to see and hear at its best.

https://www.blu-ray.com/movies/Sneakers-4K-Blu-ray/343185/

"There's a war out there, old friend - a world war - and it's not about who's got the most bullets. It's about who controls the information: what we see and hear, how we work, what we think. It's all about the information" - Cosmo

#Sneakers #NoMoreSecrets #SetecAstronomy #Movies #InformationSecurity #InfoSec #CyberSecurity #Cryptography #UHDBD #UHD #4K #HDR #DolbyVision #DTSHDMasterAudio

NSA Cybersecurity Collaboration Center

"The CCC works with industry, interagency, and international partners to harden the U.S. Defense Industrial Base, operationalize NSA’s unique insights on nation-state cyber threats, jointly create mitigations guidance for emerging activity and chronic cybersecurity challenges, and secure emerging technologies."

https://nsa.gov/CCC
https://www.youtube.com/watch?v=vHm40_VWJ-g

"make a code for note app on java"

#NationalSecurityAgency #NSA #CybersecurityCollaborationCenter #CyberSecurity #InformationSecurity #InfoSec #USGov #KristinaWalter #MakeACode #OnJava #OpenAI #ChatGPT

"Many things are necessary to lead a full, free life--good health, economic and educational opportunity, and a fair break in the marketplace, to name a few. But none of these is more important than the most basic of all individual rights, the right to privacy. A system that fails to respect its citizens' right to privacy fails to respect the citizens themselves. ... At no time in the past has our Government known so much about so many of its individual citizens.
...
Advanced technology has created new opportunities for America as a nation, but it has also created the possibility for new abuses of the individual American citizen. Adequate safeguards must always stand watch so that man remains the master-and never becomes the victim--of the computer."

Radio Address About the American Right of Privacy - Richard M. Nixon, 23 February 1974

https://www.presidency.ucsb.edu/documents/radio-address-about-the-american-right-privacy

Part of this speech is featured in an excerpt from the 1981 NOVA documentary, "Computers, Spies and Private Lives", restored by the Computer History Archives Project (CHAP).

https://www.youtube.com/watch?v=lvGgeb0RVyY

#Privacy @PrivacyDigest #BigData #USGov #NationalSecurityAgency #NSA #Cryptography #Cryptology #RichardMNixon #RichardNixon #NOVA #CHAP #InformationSecurity #InfoSec

@Emily My password manager.

The listed options seem less well suited to the job.

New Post: “Parental Units–we need to have The Talk.”

I just sat down with several of my family members, and gave them The Talk about how someone might call pretending to be me, and how voice and AI phishing filters work. @deviantollam and I have been getting family onto password managers to handle the more sophisticated attacks that are starting to pop up. Getting everyone onto password managers for everything is important but not urgent. That’s why it’s slipped on my todo list for literally years — and I also figured it would take some time and emotional energy to get family to operate differently. The juice is finally worth the squeeze to protect them all.

https://www.tarah.org/2025/04/08/parental-units-we-need-to-have-the-talk

Happy birthday.

#NoMoreSecrets

Keeping one step ahead of the robots.

#reCAPTCHA #Google #robots #WebDev #WebDesign #HTMLProgrammers

@todb How hard can it be to provide a full indexed SBOM, FBOM [He he he], and HBOM [Also he he he] for every asset detected, distinguishing optional third party platforms and additional software, linked to all the correct "vendor" web pages for the hardware, firmware and running code?

Don't forget to associate each with any relevant advisories and vulnerability reports with notes on the applicability to the item as built, configured and run.

Congratulations, @Tarah

@jerry

Ten messages have been exchanged with H1 Staff (not @Hacker0x01) - half trying to explain the problem to folks seemingly unfamiliar with relevant technology, and half about how the issue has been escalated to engineering team with no response for two weeks.
The problem with 2FA being unavailable has not been addressed and the problem of soliciting and then rejecting all email has been repeatedly ignored.

Assets.

Thank you, @runZeroInc.

#runZero #AssetDiscovery #NetworkDiscovery #NetworkScanning #AttackSurface #CAASM #CyberAssetAttackSurfaceManagement #ExposureManagement #InformationSecurity #InfoSec #CyberSecurity

Coming soon: When you add a linked device (Desktop or iPad), bring your whole chat history + last 45 days of media. The transfer process is end-to-end encrypted & completely optional.

Don't want to leave the past behind? We leave you to your own devices.

https://signal.org/blog/a-synchronized-start-for-linked-devices/

Moments after posting that, email arrived from HackerOne <hackers@hackerone.com> "Welcome to HackerOne!" with links to lots of resources - all at intercom-clicks.com with lots of opaque encoded data.

You will almost certainly guess correctly how soon I received a response to my reply and what it said.

Executive Summary (TL;DR): HackerOne requires SMS, documentation is bad, and support doesn't.

"Please let us know your HackerOne email address", I was asked. Everyone (who matters) knows HackerOne ( @Hacker0x01 ?), so I rush to https://hackerone.com/ to sign up.

Signup was typical, with praiseworthy indication that passwords are limited to the BCrypt hash limit of 72 characters. With email confirmed, the next step was of course to set up 2FA because if we Hackers™ know one thing, it's "2FA good. TOTP good. SMS bad.". On the Account Security page,

Two-factor authentication [ Turn on ]

but that [ Turn on ] button is greyed out. Above is

Account recovery: Disabled [ Set up ]

A bit odd to get recovery codes before setting up TOTP, but seems harmless. I clicked [ Set up ].

Add your phone number

We need to set up a way for you to recover your account in case you lose access to your two-factor
authentication device. We do this by confirming your phone number. We'll send you a numeric code
to this number to verify your account. Message and data rates may apply.

In this year of our Lord twenty twenty-five, that is the only option.

Before bothering anyone, I know to RTFM, so I do. The "Two-Factor Authentication" page described the setup process in full detail with no mention of telephones or short message services. The other (almost identical) "Two-Factor Authentication" page described the same process, but mentions the telephone.

HackerOne uses a (something)Desk platform for support, so I signed up there and opened an issue explaining that I want to use TOTP and don't use SMS, and that there are two pages with instructions of which half are wrong. The automated email acknowledgement arrived promptly.

Early the next day email arrived from H1 Support <support@hackerone.com> with a response I can accurately paraphrase as, "We are sorry to hear that you are incompetent. Please RTFM." with a link to the more accurate of the two pages. Replying to this email, I politely explained that I appreciated the response, but that they seem to have missed both the issue I reported and the documentation problem, then clearly identified each in a more structured fashion.

The reply to my email was almost instant.

#HackerOne #Hacker1 #BugBounty #ResponsibleDisclosure #Authentication #2FA #MFA #TOTP #SMS #InfoSec #InformationSecurity #CyberSecurity #TogetherWeHitHarder

@hdm Eduformative, encational, and intertaining as usual.

We've spent decades telling people "don't click on shit" while at the same time giving them more and more complex workflows that require clicking on all the shit and then we get mad at them when they click on the wrong thing because we told them not to click on shit, but their job literally requires clicking on shit.

We need to do better.

Empathy is the future of security.

@puppygirlhornypost2@transfem.social

@spzb Beat me to it.

I was also going to mention that it seems to lack the header which all .gov sites (must?) have which says how to tell that it's genuine, but checking that header on other sites I see that

"A lock (🔒) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites."

Sigh.

As for requirements for federal websites[1] including content[2] and applicable standards[3], see above.

[1] https://digital.gov/resources/checklist-of-requirements-for-federal-digital-services/
[2] https://digital.gov/resources/required-web-content-and-links/
[3] https://standards.digital.gov/standards/

"Ghost in the Wires" by Kevin Mitnick with William L. Simon - Audiobook read by Ray Porter.

This is the audiobook equivalent of a page-turner, at least partly thanks to an excellent reading by Ray Porter, or a feature-length episode of "Darknet Diaries" (without @jackrhysider). It's odd to hear some of the non-prose read, but funny as one recognises it, though not so funny as having the codes read sounding like backmasked messages opening a reverse shell to the brain.

A lot has changed since Kevin's adventures in the late 1980s and 1990s, but another lot... hasn't and its important lessons remain relevant.

Being read this so soon after Richard Feynman's "Surely You're Joking, Mr. Feynman!" provided a strange insight into the different paths taken by two similar minds in different - but in many ways not so different - places and times.

https://www.mitnicksecurity.com/ghost-in-the-wires

#GhostInTheWires #KevinMitnick #KevinDMitnick #Hacker #Hackers #InfoSec #InformationSecurity #CyberSecurity #Books #Audiobooks #FBI #CIA #NSA #USA #RichardFeynman #FREEKEVIN

@jerry It's not until we're gone can they be sure we won't give them a good reason to not celebrate.