He/him/his
Sometimes I write about my infosec research and projects: https://medium.com/@gerrygosselin
I’m a Healthcare technology geek by trade and security researcher by night. I spent a decade as a web developer, systems integration hack, and network management systems engineer coding in: Perl, python, Java, javascript and CSS. I then spent a decade in healthcare tech working with IT infrastructure. I love software-defined networking and storage, and promote infrastructure-as-code. I stand on a tiny soapbox pushing an agenda of patching, network segmentation, and Active Directory segmentation in vulnerable environments. I'm also a business analytics geek. Recently, I’ve taken an interest in software-defined radio, Ghidra, and programming in C and assembly (x86-64, ARM, 8051) to further a passion for IoT reverse engineering and hardware hacking. I write about my findings on Medium to help others and to force myself to think through what I’ve learned and question what I truly know.
Don't tie your identity to your job. Jobs are temporary, often ending unpredictably. When your identity is your work, your mental health is impacted horribly when your job security is at risk or you get let go.
I've seen multiple folks in cyber suffer from this, some barely surviving the ordeal.
Happy National Scare the Shit out of Neighborhood Pets Night :/
A key part of the New York City mayoral races was Ranked Choice Voting.
I'm not seeing many news articles mention this yet (correct me if I'm wrong though!).
Ranked choice let's us vote first for who we actually want.... and then put in backup votes for "good enough" candidates and allows us to compromise and find common ground.
It destroys the concepts of "lesser of two evils" and "throwing away your vote".
I hope we see Ranked Choice voting everywhere.
In my career, I’ve seen threat actors social engineer customer service agents into password and MFA resets with relative ease. They literally have all of the victim’s private details to properly authenticate themselves. But please, tell me more about how AI can handle low hanging fruit like password resets. I’m aware of security teams literally taking MFA reset abilities away from customer service agents and preferring to themselves handle the authentication by video call with the customer. They are doing the literal opposite of automation to control this problem, not charging headfirst into AI.
#AI #RANT
@jerry same problem here. I have several doppelgängers in Canada apparently. Sensitive real estate documents get mailed my way. If it looks legally binding or filled with PII, I try to reach out to the emailer and let them know. Often I get radio silence but a few times I’ve had a heartfelt thank you for identifying the problem. That makes it worth it for being a good human.
HOWEVER, usually I mark them as spam because I get suspicious if it’s done on purpose to create some kind of engagement, trust, or to identify active accounts.
https://www.nytimes.com/2025/05/24/nyregion/crypto-investor-torture-italian-tourist.html
Holy shit XKCD 538 irl
Detecting malicious Unicode in #curl
https://daniel.haxx.se/blog/2025/05/16/detecting-malicious-unicode/
New from 404 Media: Flock, the license plate reader company that has cameras all across the U.S., is now building a massive people lookup tool using hacked data. The plan is to "jump from LPR to person." Won't require a warrant. This is according to leak we obtained.
Since CISA killed it's RSS feed[1], If anyone is interested, I created an account here that will allow anyone to subscribe both via the fediverse and via RSS using the mastodon RSS feed for that account. The account is @cisareflector
Our cat family, past and present. Biscuit, Noodle, Oscar, and the late Carmen. #caturday
Linda McMahon wrote Harvard a letter to which they responded by noting areas that are in need of corrections and then posted it on social media.
Great job Harvard!👏👏👏
Enjoyed this post from Malwarebytes about how AI is getting creepy good at guessing the geo-location of photos/videos by analyzing the tiniest of clues.
When analyzing videos with audio, e.g., apparently just having a few birds chirping in the background can be enough to make a strong guess about where the video was recorded.
@WooShell hah. Point taken.
@aem I found your post super interesting. I hadn’t heard of iSh. It’s super cool and I love the author’s snarky GitHub README. Very cool stuff. Thanks! Good luck with hunting down the mitm!
Organizations that accept donations should give the option: “$20 more and we won’t share your email address with our marketing team.”
@SecurityWriter when we do our annual anti-harassment HR training at work, I like to bring these terms up to the whole management team for awareness. When I suggest simple fixes like replacing blacklisting and whitelisting with blocklisting and allowlisting, people perk up and acknowledge they never thought of how racially charged that was and with such a simple fix. As others said in this post, just because we grew up with them and never thought to challenge them, doesn’t mean we shouldn’t do better. Next time we all have to do a mandatory HR training (if you do that at your place of work) why not bring some of these examples up? Might open up a few minds. 🤷
Now is the time to stand up against the Trump administration as it tries to bully the cybersecurity community by targeting Chris Krebs. Sign on to our open letter:
