Let they who are without unpatched vulnerabilities cast the first stone.

When we say "Patch your gear" - we especially mean patch the hard to patch gear - and the inconvenient to patch....and the "introduces operational risk" to patch...

@SwiftOnSecurity @greynoise Just got mine and loved the title.

@xabean Tableau is the glorious land between Excel spreadsheets and truly big data. I will check out superset.

@DefectiveWings Is worse than that, she didn't know. I had to find them myself and it literally took weeks.

Found my pants. Now I am good to go to fancy breakfast in D.C. tomorrow.

OMG! It is even better than I had hoped!! I'm so stoked!

OK, seriously this time, stop plugging strange USBs into your computers. Our telemetry is showing WAY TOO MUCH stuff linked back to USBs.

Settling in here, I'm starting to get a feel for the vibe difference between this and that other place. It's not that there are no jerks here. But the scale is more manageable, and that's everything.

It's like the difference between rolling your eyes at your racist uncle at a holiday dinner and discovering you booked the same hotel that's hosting a Klan rally.

There’s been a lot of discussion about a rule we recently instituted regarding security testing on the infosec.exchange instance. I understand the value or pen testing as much or more than most people, and I’m fully cognizant that pen tests are happening all the time and I’m not getting the report. I get it. But there are now 28,000 people using this service to communicate. I know there are vulnerabilities waiting to be discovered. Finding blog post fodder by fuzzing instances that are already running hot due to explosive growth is not super helpful. But at the same time, I WANT that testing to happen.

As a result, I am going to set up two instances tomorrow that only federate with each other. This is where I’d prefer legitimate security testing be performed. I’ll also be using it as the QA environment to test new updates and settings prior to deploying to the production instance. I’ll moderate signups because I don’t want it accidentally becoming fediverse 2.0 in the ongoing rush for the doors at twitter, but will accept anyone who wants to join, with clear indications that it’s a sandbox and should not be considered safe.

Thanks for patience as we continue to find out way.

UX pet peeve: "sign up" button much larger and more prominent than "sign in" button. I get that you want to attract new users, but it's a great way to annoy me incessantly once I've become a user.

@ChocolateCoat @chrisdfir @xabean @kpyke @infosec_nick @apalson @__3ve @ReckedExe @PierreAHobbit 👋​

@C0redump I mean, I'll take questions 😀​

#introduction
Howdy! I'm Pierre Cadieux and I am located in Los Angeles CA. I am a leader of the global Talos IR team and have been working in Infosec in various capacities for many years now.

I like to mentor others and help to share knowledge to people looking to join InfoSec as a career.

Travel, live music, video games, and RPGs are my distractions from work, and I also do a certain amount of hobby gardening.

#DFIR #infosec #cybersecurity #rpg

#introduction
My name is Matthew Olney and I'm the Direcctor of Threat Intelligence & Interdiction at Cisco, as part of Talos. I'm also one of the hosts of Beers With Talos. I'm also a Washington Capitals fan, and let me tell you, that's a pain all of its own right now.
#ThreatIntel #Infosec

OK - that was a stellar recording session - some really good exploit dev discussion in the upcoming Beers With Talos episode we release (#128) on the OpenSSL vuln. Keep an eye out for it, I think it's a good listen.