whoami 🤣

Just signed the papers....

There may be no future, but there will be another fwd:cloudsec.

June 30th - July 1st 2025 in Denver CO

So, we can finally tell you more about tickets! There will be two rounds of tickets with the first round being 23.10@13:37 o'clock. Be quick, historically they got sold out pretty quickly.

Don’t use CSAM as the acronym for Cybersecurity Awareness Month. Just trust me on this one

Some possible good news for a change: T-Mobile settled with The Federal Communications Commission (FCC) and agreed to pay a paltry $31.5 million over multiple data breaches that compromised the personal info of millions of US consumers.

But that's not the good news: Under the settlement, T-Mobile has agreed to require multifactor authentication for their bajillion employees.

https://www.bleepingcomputer.com/news/security/t-mobile-pays-315-million-fcc-settlement-over-4-data-breaches/

We'll see if and how soon this happens, and if it's decent multifactor. It's still progress. Last year I reported that three different criminal SIM-swapping groups had phished or breached access to T-Mobile employee accounts in more than 100 separate incidents throughout 2022.

https://krebsonsecurity.com/2023/02/hackers-claim-they-breached-t-mobile-more-than-100-times-in-2022/

It's unclear whether T-Mobile's competitors will be held to the same standard.

I bought a HTML template for a site I'm making. Typically I just pull the compiled html files out and make a standalone project which I maintain in a text editor. But, this time I figured it's time to learn modern web development so I tried using the toolchain it came with.

The toolchain consists of 3,446 dependencies, runs 15 processes, and uses 3 GB of ram. Unfortunately I can't run for president, but if I could I would run on the platform of making Node.js illegal.

By me:

Chief among them: mandatory resets, required or restricted use of certain characters, and the use of security questions

https://arstechnica.com/security/2024/09/nist-proposes-barring-some-of-the-most-nonsensical-password-rules/

🚀Introducing OpenRelik: Open-source platform for digital forensic investigations. Modular workflows, collaboration, central artifact repository and easily extendable to support new tools in a clean, easy to use interface.

https://openrelik.org

Community discussion: https://github.com/orgs/openrelik/discussions/1

#DFIR

20 dollars pour récupérer la gestion du .MOBI : derrière l’amusement, un réel #danger
https://next.ink/149905/20-dollars-pour-recuperer-la-gestion-du-mobi-derriere-lamusement-un-reel-danger/
#TLD

@ozdreaming You probably have a bike with disc brakes. These are to put between the pads when the wheel is off. If you press the brake handle without something between the pads the liquid will leak and you'll need a service to fix the brakes.

Inventing a totally new format for your cybersecurity incident response plan and lifecycle is like rolling your own encryption, change my mind.

"We'll be less activist if you be less shit"

French elections...

I can’t think of anything funny to say about this, so I’ll just post it as is… 😢

#Pollution

My advice to young folks: don’t believe people (usually techbros) claiming you don't need to attend a university for four years to learn anything valuable. They either did go to a university, thus they are hypocrites, or didn’t, thus they don’t know what they are talking about.

Our commitment to the fediverse is here to stay.

Today, we launched our new Mastodon instance. It will ensure a privacy-focused space to engage with and get the latest from our Commissioners, departments, and the official voices of the Commission.

We want to thank @Mastodon for stewarding us and helping us make this possible.

Fostering European digital players is vital to our strategy for a stronger #DigitalEU.

This is a unique opportunity to grow the community even more. Let's get there!

🚨 If you use Palo-Alto GlobalProtect VPN, there’s an in the wild zero day being used to gain access to organisations.

CVE-2024-3400, patch out now (edit: they haven’t released patches yet) https://security.paloaltonetworks.com/CVE-2024-3400

Thread throughout the day as more info drops. It’s easy to exploit. #threatintel

My take on the xz supply chain attack is that modern software ecosystems are too complex and have too many individual people involved. The solution is obviously to start a small business employing just enough people to implement an ecosystem from scratch. Everyone at the business should be related by blood or marriage. Quitting or betraying it is punished severely. This is a new idea and no one has ever tried to run a business this way before and it will definitely work

Just to be clear: I didn't mean that I didn't do good - I did. I mean that we got unreasonably lucky here, and that we can't just bank on that going forward.

This quote by Carl Sagan hangs in my office. #science