@USBTypeSteve That's very practical, but the warnings from security people were about getting hacked.

We tell people other things that have no basis in fact, and that are equally futile. Why did that one die and the others live? Serious question. 🤔

Once hacklore, now forgotten: why did we stop telling people to shut down their computers for safety?

https://medium.com/@boblord/the-hacklore-that-time-forgot-114dd3a51951

"Create an image that summarizes what you know about me."

A 23-page hardening guide. A CVE on CISA’s Known Exploited Vulnerabilities list. And a product that left critical security outcomes in the hands of its customers. I walked through a hardening guide and what I found was a case study in why Secure by Design principle #1 matters. Read the full breakdown:

https://medium.com/@boblord/hardening-guides-vs-secure-by-design-software-4616cdd81b8d

@nelsondev
"What does it say?"
"Ask it"
...
"I thought so"

As someone who spends a portion of my workdays running logging and monitoring systems, it’s amazing to me that this image is NOT more widely used in #cybersecurity #infosec

Looking at your work today, are you using local data to make local decisions that will only have local outcomes?

What could you change to create bigger outcomes?

Is it too soon for enterprise software customers to demand Y2038 testing and resilience? If so, what date should they start demanding it? 📆

@petrillic It took me a while to get to that conclusion but that’s what I’m doing now. Surprisingly, Zotero has the best interface for highlighting PDFs across any platform. It’s a game changer.
Also: Chromebook support! (Mostly)

Happy Twin Peaks Day to all who celebrate!
🗻🗻🦉🌲🪵 🍒🥧☕️🍩 🕵🏼‍♀️ 👍🏻

Pro tip: set your logs to be all UTC. This will save your forensic analyst (who bills by the hour) the trouble of having to convert timestamps (and even figuring out which timestamps are in which TZ).

It also keeps them ordered correctly when forwarded to a SIEM, especially from multiple TZ's.

I re-installed. iCloud Private Relay may be causing some confusion in the tracking of network connections. Need more experimentation.

MacOS security peeps: Given the improvements in MacOS security over the past 5+ years, are you still using Little Snitch? If so, what unexpected or illegitimate activity have you prevented? 🙏

The default is "no security" with Chrome extensions, at least in my recent personal experience. There's no way the average person has the tools or background to assess this type of risk.

We're in the consumer HTTPS endgame. We need to finish the job so I can be certain all my mobile traffic is protected.

Please join me in asking the OS and browser makers to keep pushing and to finish the job in 2025, perhaps by Halloween! 👻 🔐

https://buff.ly/41qPpUM

I want to have Google Docs read my docs aloud to me but there's no good native feature. The extensions I looked at require excessive permissions.
Any recommendations?

If we mean "passwords", can we just say that rather than using the overly broad term "credentials"? Let's all speak a little more plainly.

I'm tired of reading about "sophisticated actors" who just asked for and were given the admin password. Has anyone produced a classification scheme to rate threat actors and the tactics they used?

"Sure it was a Class 1 threat actor, but they just used a Class 4 attack vector".

Links welcome!

#directorytraversalmemes

I'm sensing something... the picture is getting clearer...
AHA!
Was it a 𝙢𝙚𝙢𝙤𝙧𝙮 𝙨𝙖𝙛𝙚𝙩𝙮 defect?
🎩 🪄 ⚡