@particles So before #LastPass increased the iteration count to 100,100 they had 5,000. Before they increased the iteration count to 5,000 they had 500. And before they increased the iteration count to 500 they had 1.

And apparently they failed at updating people’s security settings at each and every step. So your mom is the “lucky” one who has her account configured with 1 PBKDF2 iteration. Which offers close to zero protection today.

That’s the company people trust with their passwords. And keep defending because “it’s all encrypted.”

The older I get, the more aware I am that being critical rather than enjoying things is not a sign of intelligence or wisdom. Not loving things - movies, art, music, people, situations - because of their weaknesses doesn't make you better than them, it means you're unable to see past imperfections. Sure, some things absolutely are bad & should be left behind - but being hypercritical denies you joy. I need reminded of this every day. Too many things are legit bad to throw out good ones too.

@mainframed767 love that game

We normally promote the conference Tech Intersections: Women of Color in Computing on #Twitter but won't this year for obvious reasons.

Please help us spread the word about this #bipoc conference in #Oakland #California.

We're offering 20% off with promo code MASTODON. #BlackMastodon #BlackFriday

We are giving free tickets to people who have been laid off with promo code LAIDOFF.
https://techintersections.org

The event includes an #ally skills workshop for supporters of #woc.

@SheHacksPurple Awh, thanks 🖤 we appreciate you! And yes, haha, I am the other voice 😂

Just listened to Episode 2 of the '404: Security Not Found' podcast with Clint Gibler, Leif Dreizler, Travis McPeak and more cool people who's voices I couldn't recognize. They chat Uber CISO Trial, Twitter Apocalypse, "Hot Goss", and ....all sorts of breach-y goodness.

https://www.resourcely.io/podcast/2

We're expanding our Detection Engineering team at Netflix. If you, or someone you know, are looking for opportunities in the detection space - feel free to reach out if you have any questions, or apply directly via the jobs site.
https://jobs.netflix.com/jobs/239078160
❤️

The Enigma conference is coming! Jan 24-26 in Santa Clara, CA
a) you should definitely go (I'm speaking, but the program is amazing)

https://www.usenix.org/conference/enigma2023/program

b) the deadline for grants is *tomorrow*. Folks who identify as female or who are members of groups underrepresented in tech are encouraged to apply now.

https://www.usenix.org/grant-programs

Today's adventure
#photography #forest #woods #snow

@sarahyo Awh! Such FOMO - hope @fr said many smart things 😌

@malwareunicorn exquisite ✨

🐸

Astonishing.
---
RT @fasc1nate
A demonstration for how silently owls fly vs. other birds.
https://twitter.com/fasc1nate/status/1595158635138940928

@coleens_ yes, and I’ve also appreciated “Sapphic” as inclusive of wlw and wlnb 🖤

Tailscale has recently been notified of security vulnerabilities in the Tailscale Windows client which allow a malicious website visited by a device running Tailscale to change the Tailscale daemon configuration and access information in the Tailscale local and peer APIs.

To patch these vulnerabilities, upgrade Tailscale on your Windows machines to Tailscale v1.32.3 or later, or v1.33.257 or later (unstable).

https://tailscale.com/blog/windows-security-vulnerabilities/

Oh dear. I've just been informed that collecting the names of every person on the planet for my naughty and nice lists is, and I quote, “a significant and wholly irresponsible breach of #GDPR “.
I'm going to hand out about 8 billion consent forms soon. If you could all get them back to me ASAP that would be appreciated.

Thanks 1% to my complaining and 99% to the people who actually did it, certutil -DeleteHelloContainer is now officially documented.
Useful for a complete reset of Windows Hello biometrics/FIDO/WebAuthN and associated metadata. Must be run in user context. @markmorow
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/certutil#-deletehellocontainer

Them: Faving posts on Mastodon is useless, only the OP sees it.

Me, when a post gets faved: awwww, little internet hug ✨

@andrewkrug had such a good time! So nice to hang out :)

Great time this week at #appsecusa by #owasp hearing from folx like @bubblewire about paved road and highways!
@Datadog@twitter.com 's Ellen Wang released an open source tool called #GuardDog from #securitylabs that helps detect malicious python packages using #semgrep.