Cybersecurity author, inventor, educator & researcher | EC-Council Honorary Governing Board | InfoSec author, inventor, blogger, educator, speaker | Loves to travel and hates to travel | 2021 Top Cybersecurity Leader | Opinions are my own | https://www.ckd3.com | https://www.linkedin.com/in/chuckdavis/
Friendly #DEFCON33 online reg update:
The #earlybird discount rate of $540 ends May 23. The regular price of $560 kicks inat 9pm EST 5/23/25 and runs until July 18.
Register at shop.defcon.org before the 23rd for the best online price.
#DEFCON is closer than you think - lock down your spot now!
@betweenthehacks If “The Spy Who Applied to Code” grabbed your attention, check out @smashingsecurity Ep. 407. It covers human trafficking behind tech scams in Myanmar. Dark stuff—important to know. https://www.smashingsecurity.com/407-hps-hold-music-and-human-trafficking/ #Cybersecurity #HumanRights
@betweenthehacks If “The Spy Who Applied to Code” grabbed your attention, check out @smashingsecurity Ep. 407. It covers human trafficking behind tech scams in Myanmar. Dark stuff—important to know. https://www.smashingsecurity.com/407-hps-hold-music-and-human-trafficking/ #Cybersecurity #HumanRights
North Korea is using fake IT workers to infiltrate remote companies.
One of them applied at Kraken. The interview did not go well.
Full story here:
👉 https://www.betweenthehacks.com/blog/the-spy-who-applied-to-code
It’s World Password Day! 🎉
If you’re still using the same login for everything, it’s time to change that.
Check out the new blog on Between The Hacks:
🔗 https://betweenthehacks.com/blog/worldpasswordday2025
#WorldPasswordDay #Passwords #Infosec
Your laptop is your command center. Don’t make it an easy target.
Here are 10 smart, simple ways to lock it down in 2025. 🔒
👉 https://betweenthehacks.com/blog/secure-your-laptop
Classic Internet ProTip:
Rather than buy a weather station, just find one of the 250,000 near you run by consumers with a cloud-connected one. The closest is 1200 feet away, I just have a homescreen bookmark to it.
https://www.wunderground.com/pws/overview
@SwiftOnSecurity Smart! I bought one about a year ago. After I set it up I found dozens in my area! HAHA They're great for super localized weather though.
🚨 New blog post: Quishing: Phishing Got a Glow-Up
QR codes are convenient — which is exactly why attackers are using them to steal logins.
Learn how quishing works and how to scan smarter.
bth.news/quishing
#Cybersecurity #Phishing #Quishing #Infosec #QRcodes
Just submitted a talk to DEF CON 33:
What SBOMs Forgot About the Network
NetBOM is a community-driven framework to declare where a device or app should connect so your network can block the rest.
Enforceable trust at the network layer.
netbom.net
#NetBOM #Cybersecurity #IoTSecurity #DEFCON33
I was given this #CISA rubix cube by then director Easterly and it was all orderly and nice. Unfortunately this is the approximate current situation:
All the AI companies scraping the Internet Archive for its unique content should pay a fee that would be used to help defend the IA from legal threats for hosting abandoned content.
AI companies preserve a wellspring, and the public gets a place to preserve old materials.
@eliotlear perfect!
@eliotlear Hi Eliot!
Thanks for the reply. It’s nice to connect with you here! I recently published a white paper introducing the concept of a Network Bill of Materials (NetBOM), which extends SBOM principles to network behavior. Several folks mentioned that our work may align, especially given your leadership on MUD and IoT standards.
I’d love to get your thoughts if you have a moment to check it out. Thanks!!
All kinds of second and 3rd order effects from the U.S. tariffs: Made in USA (China) edition:
“An online firestorm is erupting on Chinese social media platforms as creators and influencers expose luxury American brands that claim “Made in USA” while quietly mass-producing goods in Chinese factories — all in response to Donald Trump’s latest tariff hikes.”
@cpswan @eliotlear Thank you Chris! After I wrote the first draft in 2021, I was told about MUD and BRSKI. There was definitely overlap but NetBOM went a few steps further. I address them both in the latest white paper and think NetBOM can work along side them. I’ll reach out to Eliot too! Thanks and have a great day!
Reminds me that Apples HomeKit secured routers were not that economically successful.
Very much hope we get Matter compatible routers that push in the same direction security wise. Leading to solid NetBOM and IoT devices flawlessly working even when cloud access is restricted
🔐 I ran an experiment on my smart thermostats:
➤ Blocked all Internet traffic
➤ Asked support for needed IPs/domains
➤ They said: “Just put it in the DMZ”
That’s not Zero Trust. That’s zero security.
So I built NetBOM—a network bill of materials.
Like SBOM, but for the Internet access devices actually need.
🔗 https://www.betweenthehacks.com/thermostat
📄 https://netbom.net
#CyberSecurity #IoT #Privacy #Infosec #SmartHome #NetBOM #ZeroTrust
New OpenSSL 3.5 is out, it will be the new LTS replacing 3.0. It supports PQE and QUIC (At last!) but I haven’t tested those features yet.
Back in my day PC chassis were more than just cases, they were furniture!
