@0x00string I need a how to guide for the butt sprayer.

@microsoft I feel this post in my bones.

🫠

@merill Looking forward to this one! It's been a huge default gap.

Woop.

@cR0w People I have not heard from today: Anyone at M-Files.

I literally had an argument about putting this on a public IP last week.

Oh great another "incident" caused by marketing sending some SEO person EPP transfer codes. Can we please get like a CISA alert on this so it becomes an actual issue?

@rrwo Hashcat can brute force MD5, and if you know it's a small enough string you could write an appropriate mask.

CVSS scores are like penis sizes: Situational, often lied about, used for irrelevant comparisons by weirdos, and generally more interesting to observers than those actually involved.

When Microsoft require a .HAR capture from a browser session for a credit card billing issue.

@deepthoughts10 @SwiftOnSecurity @threatinsight There were stories floating around for ages arguing that you could make yourself immune by adding the Russian keyboard and there's a lot of stories of orgs trying this out. But any actual ransomware break down anyone did showing any check, would check the default keyboard, making this common advise pointless.

@RedwoodSec Well that breaks my DJI drone, which works perfectly but is run from an App that DJI has not put in the store.

A lot of websites right now aren't slow because of a lack of bandwidth or limited server resources, but because they are built on top of some of the worst software that I have ever seen (case in point, Elementor), by people who have no idea what they are doing or how basic things like image sizes work.

#Webdev #WordPress

@malwaretech XXTEA is disliked by cryptographers for valid reasons, but it's been very useful as something EDR products have never seen.

https://en.wikipedia.org/wiki/XXTEA

It is now substantively easier to find the source of memes via AI than the crippled Google Images search.

@nyanbinary Me, who inherited a legitimate business app written with Cyrillic characters in variable and function names.

@jerry The drama-lama now of course will be whether Google and Microsoft maintain that spreadsheet in Sharepoint or Google Workspaces, Excel or Google Sheets?

Why would a security vulnerability take more than two years to fix?

@SteveSyfuhs talks on RunAs Radio at https://runasradio.com/Shows/Show/987 about the process of responding to KB5015754 dealing with on-premises certificate authority for Active Directory!

@hacks4pancakes If social media has taught me anything it's that what you just said is terrible and only people with no freedom ever experience it.