David Krause

David Krause is an information security professional specializing in threat intelligence.
Views expressed are my own and not those of my employer.

2025-05-14

@damien @GossiTheDog I would say most breach and ransomware victims hire a professional crisis comms vendor. It's another whole sub-industry of the ransomware industry. And those vendors do the opposite of what most cyber people would want. Mostly doing minimal statements, trying to kill stories, and less communication.

2025-05-01

@JesseSkinner It depends on the mirror. There are some mirrors that have really old versions around. You can technically skip versions on upgrades, but it's not recommended and may not work correctly.

2025-02-25

@da_667 Maybe look into an at home sleep study instead. There are some online, but no idea how great they are. You are just getting started, just wait until you learn about the scam of durable medical equipment (DME) vendors for sleep supplies. There's a bunch of CPAP forums online with people raging about the CPAP industry.

2025-01-15

@GossiTheDog Are you sure about that? This subdomain seems pretty important according to the docs and it still is resolving to an Edgecast IP.

bgp.he.net/dns/iecvlist.micros

"This network traffic is related to the Microsoft Edge browser. The Microsoft Edge browser requires this endpoint to contact external websites."
learn.microsoft.com/en-us/wind

2025-01-06

@GossiTheDog Arsenal FC website is still running on Edgio

2024-11-19

@solenepercent @solene
File system definitely could be better. Also, I was getting a lot of random crashes and I found that if I disabled xcompmgr they went away, so it may be issues with GPU acceleration.

2024-11-12

@joel I wrote a shell script to automatically cycle between 4 states similar to how Microsoft Windows does, extend, second, duplicate, laptop. I have it mapped to a hotkey and also just apm powerup/powerdown rather than hotplug since I use a dock. I thought about trying to share but I may need to clean it up and tweak it some to be usable in other setups.

2024-10-01

@GossiTheDog that’s ok, Qualys will be happy to tell you about their acronym year round, it’s even on the third version of it…

2024-09-30

Here we go, more posturing that ultimately doesn't fix the problem. :(

therecord.media/counter-ransom

2024-09-30

I saw a great comment on Reddit in response to "Why do some people prefer Unix to Linux": reddit.com/r/freebsd/comments/

#FreeBSD #NetBSD #OpenBSD

Why do some people prefer Unix to Linux? stability in my interactions
2024-09-28

@joel I was experimenting with this recently on a 10 year old laptop. First check trac.ffmpeg.org/wiki/Hardware/ to see what your hardware supports. Your on recent hardware so should be good there. As you posted in your screenshot hwdec=auto is needed for mpv. I think you also are good there. Put that into ~/.config/mpv/mpv.conf if it works. For Firefox go to about:support and check the table listed in Codec Support Information. On my older hardware only H264 is supported in hardware, but you should have support for VP8 and VP9 which is needed for YouTube. I had to install the enhanced-h264ify Firefox extension which allows downgrading to H264 for my hardware. From my own testing, I didn't notice much difference with H264 hardware decoding than without, but that may be due to the older hardware for me.
#OpenBSD

2024-09-13

@PogoWasRight @eff It's quite possible that someone with the city never saw the email. Email is definitely not a sure way to reach someone considering most orgs have various blocklists, phishing, spam, and email policy rules.

2024-09-11

@prx @solene I believe you also have to use a different control socket for each instance, at least that's what I am doing. The other thing I ran into is that I ended up having to disable resolvd because it can only detect unwind on rdomain 0 and not others..

2024-09-11

@florian can you remove the strcasecmp for the .cat, .pro, .jobs, .mobi, and .museum from whois.c. Currently .pro and .jobs whois is broken on OpenBSD because NXDOMAIN, and .cat, .mobi, and .museum don't need fallback to whois-servers.

2024-09-11

@florian it’s related research here: labs.watchtowr.com/we-spent-20 I was looking earlier and we need fix whois.c to remove the .mobi TLD exception because right now it’s doing the wrong thing. I’m going to check if other TLD checks can be removed as well.

2024-09-11

@livinginsyn My own opinion is that VPNs, tunnels, and other things aren't true RMMs. I still think they need to be detected and blocked, but I count them in another category.

2024-09-10

@wdormann @Viss anyone could just make up their own CVE number to prove a point and if it also has a logo and name and gets enough press, would be pretty funny if it had to be retroactively assigned that number, if enough people ask their vulns vendors about a non-existent number.

2024-09-06

@morgant hmm, what is your permissions on /etc/doas.conf. I always thought the permissions were supposed to be 600 which matches the permissions on /etc/examples/doas.conf. You'll need to catch the case where a user can't read /etc/doas.conf to run the config check.

2024-09-05

@piepants @GossiTheDog no one will find my super secret RDP on port 3388, oh wait…

Client Info

Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst