@briankrebs As OWASP Executive Director, I have reached out to MITRE to see how we can help. We have a European Foundation in the process of being set up, and hundreds of thousands of worldwide volunteers. I'm sure that if we can preserve the records, we can help stabilize the issue and hopefully, fix some of the issues with resources at MITRE to maintain the backlog of CVEs.

If you are an #OWASP member and you are attending the OWASP Global AppSec Lisbon Conference don't forget to collect the OWASP Challenge Coin from the Members Lounge! (Room:5B-CCL)

Not a member yet? Go to the OWASP website and click "Join" 👉owasp.org/membership/

Time to go to DC

Watching @nielstanis talk on WASM security at OWASP #GlobalAppsec2023

We’re now in the find out stage of mandatory return to office.

Unispace found that nearly half (42%) of companies with return-to-office mandates witnessed a higher level of employee attrition than they had anticipated. And almost a third (29%) of companies enforcing office returns are struggling with recruitment. In other words, employers knew the mandates would cause some attrition, but they weren’t ready for the serious problems that would result.

https://fortune.com/2023/08/01/research-damaging-results-mandated-return-to-office-worse-than-we-thought-rto-remote-work-careers-leadership-gleb-tsipursky/

@cyb_detective @InfoSecSherpa @Jhaddix @adamshostack @osint_research @febrezo @jengolbeck @OSINTgeek @jomo @soxoj @shellsharks @Xnl_h4ck3r @dcuthbert @xabean @Foss @vanderaj @agent0x0 @SteveD3 @securestep9 @CurtWilson @nerdpr0f @misfir3 @thepacketrat @myosinttraining @osint_cyn @binarypool @navlys_ @webbreacher @C3n7ral051nt4g3ncy @SEINT @gonzo @tek @n0kovo @noneprivacy @Edent @irohsint @pruvisto @CommanderRoot @nixintel @hatless1der @OSINTtechniques @osintessentials @sin @defcon @tradecraft @cyb_detective@0sint.social @secou @osintunleashed @osinttechnical @cybersecstu @ivre @caffix @zaproxy @metasploit @podalirius @evilsocket @droe @schweikert @autumnalbee @frozen @robertswiecki @epi @tomnomnom @webtonull @kozmic @r00t0v3rr1d3 @alobbs @gregcastle @ChristinaLekati @IntelScott @ActoTiger I fit nicely into the “very narrow circle of people” category. 🤣

Great to see #OWASP Booth 2416D at #BlackHat - and catch up with both current and previous Board members @bilcorry @infosecvandana @vanderaj.

the great things about orms is that, as complexity of the query increases, there's this magic line where they go from being 20% easier to use than sql to 500% more difficult, and you never know where that line is until you hit it.

@cyb_detective @InfoSecSherpa @Jhaddix @adamshostack @osint_research @febrezo @jengolbeck @OSINTgeek @jomo @soxoj @shellsharks @Xnl_h4ck3r @dcuthbert @xabean @p0lr @vanderaj @agent0x0 @SteveD3 @securestep9 @CurtWilson @nerdpr0f @misfir3 @thepacketrat @myosinttraining @osint_cyn @binarypool @navlys_ @webbreacher @C3n7ral051nt4g3ncy @SEINT @gonzo @tek @n0kovo @noneprivacy @Edent @irohsint @pruvisto @CommanderRoot @nixintel @hatless1der @OSINTtechniques @osintessentials @sin @defcon @tradecraft @cyb_detective@0sint.social @secou @osintunleashed @osinttechnical @cybersecstu @ivre @caffix @zaproxy @metasploit @podalirius @evilsocket @droe @schweikert @autumnalbee @frozen @robertswiecki @epi @tomnomnom @webtonull @kozmic @r00t0v3rr1d3 @alobbs @gregcastle @ChristinaLekati @IntelScott @ActoTiger oh wow - honored to be listed alongside so many people I admire in the industry. 🙏

List of #osint/#cybersecurity Mastodon accounts continues to grow. There are legends like @InfoSecSherpa, @Jhaddix and @adamshostack as well as accounts known to a very narrow circle of people.

Feel free to add to the list yourself and whoever you like
https://github.com/cipher387/OSINT-and-Cybersecurity-accounts-in-Mastodon

@binarypool
@navlys_
@webbreacher
@C3n7ral051nt4g3ncy
@SEINT
@gonzo
@tek
@n0kovo
@noneprivacy
@Edent
@irohsint
@pruvisto
@CommanderRoot
@InfoSecSherpa
@nixintel
@hatless1der
@osint_research
@OSINTtechniques
@osintessentials
@sin
@defcon
@tradecraft
@cyb_detective@0sint.social
@secou
@osintunleashed
@osinttechnical
@cybersecstu
@ivre
@caffix
@zaproxy
@metasploit
@podalirius
@evilsocket
@droe
@schweikert
@autumnalbee
@frozen
@robertswiecki
@epi
@tomnomnom
@webtonull
@kozmic
@r00t0v3rr1d3
@alobbs
@gregcastle
@ChristinaLekati
f@iete@mastodon.social
@IntelScott
@ActoTiger
@febrezo
@jengolbeck
@OSINTgeek
@jomo
@cyb_detective
@soxoj
@shellsharks
@Jhaddix
@Xnl_h4ck3r
@dcuthbert
@xabean
@adamshostack
@p0lr
@xabean
@Foss
@vanderaj
@agent0x0
@SteveD3
@securestep9
@CurtWilson
@nerdpr0f
@misfir3
@thepacketrat
@myosinttraining
@osint_cyn

PSA. Computers are not typewriters. Please stop double tapping space after full stops. kthxbye.

Fixed the OWASP Top 10 2021 - it no longer uses ' or '1'='1, but a MySQL sleep(). This is safer instead of selecting all records, and in many cases more accurate as a SQL injection locator.

The aliens who keep sending all these peace delegations might be getting concerned by now

@zak Fedora 38 is about to get unfiltered Flatpaks, so a lot of the software compat issues that have never really been an issue for me (I use it primarily for hobby development), should go away in April.

https://fedoraproject.org/wiki/Changes/UnfilteredFlathub

~this week in security~ just went out:

• VMware ESXi servers hit by ransomware
• Russian ransomware actors sanctioned
• FBI's surveillance powers under threat
• EFF infiltrates Dark Caracal APT
• U.K. wants to ban 'bespoke' encrypted phones
• Reddit hacked

Sign up: https://this.weekinsecurity.com

Read more: https://mailchi.mp/zackwhittaker/this-week-in-security-february-12-edition

@zak I've been a RH / Fedora user since the 1990's. I like the bleeding edge nature of Fedora, and it's got a nice stable KDE spin. Ubuntu had a unique selling point with Unity, but since they went to Gnome desktop, there's basically no difference between Ubuntu and any other Debian based distro with Gnome. And if you don't use CLIs often, Fedora offers basically the same but a more modern Gnome desktop. The only downside to Fedora is if you don't like upgrading (the equivalent of dist-upgrade) every six months, then Fedora may not be for you. However, it's not a big deal, and 10-20 minutes later, it's ready to rock again for another six months, and you have the absolute latest pretty much everything.

@mainframed767 Of these, only the last one makes sense, but then only for those who actively seek out encounters. RTO makes no sense for the majority of organizations. I've been to so many offices where everyone has noise cancelling headphones on. What's the point?

@securingdev I use VMs for that type of work, and my go to remains Firefox under Fedora or Kali.

@ceresbzns No more or less than any other browser. You have to assume that modern browsers have telemetry. Firefox is at least honest about it, not sure of Edge or Chrome.

@edbro It's not my research, it's here: https://www.youtube.com/watch?v=MAu2KYrNgY0