fsebugoutzone.org:9999

       Post 3273873 by belghast@mmorpg.social
 (DIR) More posts by belghast@mmorpg.social
 (DIR) Post #3270594 by sophia@glitterkitten.co.uk
       2019-01-23T00:47:26Z
       
       3 likes, 3 repeats
       
       In saying #infosec there&#39;s two types of people that immediately spring to mindThose who want to lock everything down, secure everything, then secure it more, then encrypt that shit. 15 methods of security when 13 are entirely surplus to requirements.The other are people who talk about how secure everything they work on is, all the precautions they take even in their personal life, but oh yes they have every home appliance hooked up to the internet including the sink and alexa in every room.
       
 (DIR) Post #3270718 by kaniini@pleroma.site
       2019-01-23T00:51:08.471693Z
       
       0 likes, 0 repeats
       
       @sophia the #infosec people are so weird.i mean, yeah, my security stance as an individual is atrocious (largely because i haven&#39;t had time to move to self-hosted services), and my roommate has two of those spy microphones (actually i did not like this very much), but infosec &quot;pros&quot; think in terms of abstract threat models and throw practical threat models and countermeasures out the window.it&#39;s the practical threat models and mitigations that actually save people&#39;s asses.
       
 (DIR) Post #3270825 by ben@mastodon.lubar.me
       2019-01-23T00:48:23Z
       
       1 likes, 1 repeats
       
       @sophiaThere&#39;s a third category which involves rolling their own algorithms that are less secure than a Caesar cipher.
       
 (DIR) Post #3270826 by mmu_man@m.g3l.org
       2019-01-23T00:59:21Z
       
       0 likes, 0 repeats
       
       @ben @sophia from Caesar I prefer the salad anyway.
       
 (DIR) Post #3270842 by sophia@glitterkitten.co.uk
       2019-01-23T01:00:20Z
       
       0 likes, 1 repeats
       
       @mmu_man @ben lettuce that&#39;s been stabbed in the back repeatedly?
       
 (DIR) Post #3270861 by ben@mastodon.lubar.me
       2019-01-23T01:01:04Z
       
       0 likes, 1 repeats
       
       @sophia @mmu_manA salad where you replace lettuce with other lettuce based on some table of lettuce.
       
 (DIR) Post #3273872 by sophia@glitterkitten.co.uk
       2019-01-23T01:40:50Z
       
       0 likes, 1 repeats
       
       @kaniini I&#39;m probably more lax than I should be but definitely beyond the average user. Agree entirely on pro failures but not nearly enough is done for the individual level to make it understandable and accessible to people, making them the massive weak link. People laugh about &#39;end user errors&#39; a lot but quietly don&#39;t actually address it and instead keep everything ambiguous.
       
 (DIR) Post #3273873 by belghast@mmorpg.social
       2019-01-23T01:43:21Z
       
       0 likes, 0 repeats
       
       @sophia @kaniini It doesn&#39;t help that the general response of most security folks is to chide and/or publicly humiliate people rather than take the time to design education that the most basic users can wrap their heads around
       
 (DIR) Post #3273874 by sophia@glitterkitten.co.uk
       2019-01-23T01:47:11Z
       
       0 likes, 1 repeats
       
       @belghast @kaniini exactly. It&#39;s &quot;haha your password is bad you fool, you imbecile&quot; and so rarely &quot;here&#39;s why your password is insecure, the reason we suggest you jump through these hoops, and what it could mean for you if something is compromised&quot;I use my in-laws as an example of how these things are done. The former is incredibly insulting and at times infantalising, but too the latter is almost always phrased in a jargony way they wouldn&#39;t understand at all.
       
 (DIR) Post #3279611 by belghast@mmorpg.social
       2019-01-23T01:49:00Z
       
       0 likes, 0 repeats
       
       @sophia @kaniini and too often it is treated as punishment...  like there is a class that &quot;repeat offenders&quot; have to take at work...  where they are made to feel like bad people for accidentally clicking a link
       
 (DIR) Post #3279612 by qwazix@mastodon.social
       2019-01-23T07:37:41Z
       
       1 likes, 1 repeats
       
       @belghast @sophia @kaniini I think the whole system is rigged to blame the user. They write popup after popup explaining how they will never ask you your PIN and then they go ask you your pin (verified by visa)They say beware of fishing and then they go use an alt domain for their ecommerce platform, which, when you call them on the phone to ask whether they control, they don&#39;t know shit about. The rep actually told me &quot;if it says secure it&#39;s ok&quot;
       
 (DIR) Post #3279613 by kaniini@pleroma.site
       2019-01-23T07:38:36.126368Z
       
       0 likes, 0 repeats
       
       @qwazix @sophia @belghast and they wonder why i just start screaming when infosec people start suggesting things to me
       
 (DIR) Post #3287017 by belghast@mmorpg.social
       2019-01-23T12:18:52Z
       
       1 likes, 0 repeats
       
       @kaniini @sophia @qwazix I think one of the biggest challenges in IT work in general is realizing that everything you do... should be for the customer/client/citizen&#39;s benefit.  If your actions are not creating a scenario where they can succeed at using your services, then nothing much else matters.
       
 (DIR) Post #3287018 by kaniini@pleroma.site
       2019-01-23T12:31:37.145281Z
       
       0 likes, 0 repeats
       
       @belghast @qwazix @sophia absolutely agreed on that.
       
 (DIR) Post #3290024 by Skryking@mastodon.skryking.com
       2019-01-23T14:06:02Z
       
       0 likes, 0 repeats
       
       @kaniiniIt saddens me that these are the types of people you have interacted with in infosec. I want to say not all of us are assholes, but I think there is a maturity problem in the industry.  If anyone needs security advice let me know as I try to be nice.@sophia @qwazix @belghast
       
 (DIR) Post #3290025 by kaniini@pleroma.site
       2019-01-23T14:13:28.026232Z
       
       0 likes, 0 repeats
       
       @Skryking @belghast @qwazix @sophia oh, don&#39;t get me wrong, there&#39;s tons of great people doing great work around infosec.  there&#39;s just a lot of people with bad takes like &quot;TLS is a magical internet condom so who cares about fixing bugs&quot;, and overconfidence.  infosec has the strongest &quot;tech bro&quot; concentration for a reason.  charlatanism is tolerated in the industry, because companies will pay anything and anybody who claims they can solve their security issues.
       
 (DIR) Post #3290374 by Skryking@mastodon.skryking.com
       2019-01-23T14:21:43Z
       
       0 likes, 0 repeats
       
       @kaniini @sophia @qwazix @belghast Security seems to be portrayed as being flashy in the media which seems to attract a lot of young &quot;guns&quot;.  like a sharp stone it takes a while to wear off the edges.    I once read an interesting argument that went along the lines of since the Development and Security workforce is doubling every 5 years that means that at any given time at least half of the people doing it have less than 5 years experience.  That thought keeps me awake at night.
       
 (DIR) Post #3290375 by kaniini@pleroma.site
       2019-01-23T14:23:38.893230Z
       
       0 likes, 0 repeats
       
       @Skryking @belghast @qwazix @sophia yeah well doesn&#39;t change the fact that I read takes so awful that I want to literally just start muting infosec folks enmasse to avoid reading those takes ;)