Posts by amuse@infosec.exchange
(DIR) Post #ASOdrfaVr5gqvvgRQe by amuse@infosec.exchange
2023-02-06T08:00:55Z
0 likes, 0 repeats
@lauren Inside the balloon is a SD card, presumptively holding the juicy secret intelligence they were gathering. But actually, it's a container-escape rootkit. The analyst gets owned. Lateral movement happens. Eventually, they get the intelligence they REALLY wanted... access to a big ol' forensic database.It's the world's highest profile "Found USB stick" gambit.
(DIR) Post #ATQAuZU5LuEOflI9ZY by amuse@infosec.exchange
2023-03-08T23:38:01Z
0 likes, 0 repeats
@lauren Why do they suspect that?I've seen a few 4am "Car crashes into fire truck / cop car with its lights on" cases in my time and that was all before self-driving was invented. The article leaves no clue as to any particular reason to suspect that automated driving was engaged.
(DIR) Post #ATUhw0ivdWX8YzMtuq by amuse@infosec.exchange
2023-03-11T03:58:06Z
0 likes, 0 repeats
OK fine, I admit it. I like the toffee-tastic gluten-free girl scout cookies.
(DIR) Post #AUKBUg0bDcOEcls4vY by amuse@infosec.exchange
2023-04-04T23:31:31Z
0 likes, 0 repeats
People have been thinking all day that I'm using a virtual background but I'm not, this is just what the view from the office is like. RTO ain't all bad!
(DIR) Post #AUKCBRUN4wNm2nBmsq by amuse@infosec.exchange
2023-04-05T00:16:11Z
0 likes, 0 repeats
@lauren Change is the only constant I know 🪷
(DIR) Post #AVtXVTaxnrTYcGSVwO by amuse@infosec.exchange
2023-05-21T23:22:03Z
0 likes, 0 repeats
@lauren There's a third missing option: "Regularly back up my data using takeout; highly annoyed but not actually damaged"
(DIR) Post #AVtdgPDT1XlHwg3zX6 by amuse@infosec.exchange
2023-05-22T00:31:17Z
0 likes, 0 repeats
@lauren yeah I filed the internal ticket to ask for incremental exports (likely a very hard problem).In the meantime I backup 1.3TB every 3 months!!
(DIR) Post #AVti7JAG22ROoNe5pY by amuse@infosec.exchange
2023-05-22T01:20:59Z
0 likes, 0 repeats
@lauren i filled it well before today :DBut yeah I think it's probably a very complicated thing to build so it's not like, a quick patch
(DIR) Post #AX8F2Dpdf9qlvCfjXs by amuse@infosec.exchange
2023-06-27T23:12:15Z
0 likes, 1 repeats
Happy with how my new water feature is turning out.
(DIR) Post #Aak2I8mCWDE7I6ZPBg by amuse@infosec.exchange
2023-10-13T22:32:20Z
0 likes, 1 repeats
Remember kids eating healthy and eating vegetarian are two different things, God bless America!
(DIR) Post #AcEppfxcd3Pe4yVtI0 by amuse@infosec.exchange
2023-11-27T17:07:49Z
1 likes, 0 repeats
Today I’m excited to be at USC to give a lecture on cybersecurity to a class of upcoming legal experts.OK, I’m not exactly headlining Black Hat or Defcon today - but it’s always really special to me when I get a chance to speak at good universities, for a very personal reason: Due to a combination of bullying and my genetics, I did not do well in school and it makes me feel great to be setting foot in academia on my own terms!Everyone walks a different path the best they can. For many people that’s studying hard, getting into college, graduating with a degree, and applying those lifelong learning skills in their chosen field. For me it was stubbornly walking my own path, repeatedly focusing on what I love to do and growing my skills on the job and as the industry emerged in front of me. I’m so thankful that the two things I most love to do (Hacking and Helping) ended up being a lifelong career and I’m grateful to everyone along the way who taught me, challenged me, and accepted me on the basis of what I can do and not what the paperwork says.That list of folks is too numerous to call out one by one in a thread, but you know who you are! :)
(DIR) Post #AcRrge9OiOPsp3K47E by amuse@infosec.exchange
2023-12-03T20:54:44Z
0 likes, 1 repeats
Leaving the USA at SFO, I tested out "Opting out of facial recognition scans before boarding" procedure to see if it indeed exists and will be followed.It didn't go very well.The gate agent argued saying I couldn't opt out. I insisted that I'm allowed to, and they pointed to a sign on the wall explaining the "Biometric verification privacy policy". The sign says "Customers wishing to opt out may speak to a gate agent or CBP officer for a manual verification" clearly at the bottom.The agent then told me I have to opt-out *in advance with CBP*. I pointed out that the sign says "or gate agent" and asked if she was a gate agent. She insisted again that I can't opt-out but by that point another agent heard the discussion, came over, and showed the first agent how to place my passport on the scanner and sent me through. I overheard her telling the first agent as I walked away, "If it's a US passport, it's OK."A flight of probably 300 people, I'm definitely the only one who opted-out today and by the gate agent's confusion, I suspect I'm the only one who has opted out in a long time.I'm in every system there is (and China already has my entire SF-86) so it's not that I'm some off-the-grid paranoid who doesn't want to be in "the system" - but for privacy rights to exist at all, it's important to use them when you don't need to and keep them available for people who DO need privacy.
(DIR) Post #Aq9zRrZyL5UtfDGIaG by amuse@infosec.exchange
2025-01-14T04:54:06Z
1 likes, 0 repeats
I'm aware that there are very deep politics at the heart of this iceberg, but headlines like this always make me grimace. What hope is there for government cyber security, if agencies still need to be *told* to patch critical vulnerabilities?
(DIR) Post #Aq9zRvV9kw1PpR2VdI by amuse@infosec.exchange
2025-01-14T04:54:11Z
1 likes, 0 repeats
If there was a Hippocratic oath for sysadmins and software engineers, it would say to patch exploitable vulnerabilities without needing to be told to do so.
(DIR) Post #AtX3U660fMfN82UZKi by amuse@infosec.exchange
2025-04-27T23:42:49Z
1 likes, 0 repeats
Oh, dear. Nooo. Bless your heart, no.
(DIR) Post #Aulf34m8k1CoUW8cnA by amuse@infosec.exchange
2025-06-03T21:11:21Z
0 likes, 1 repeats
I can't be the only one who thinks it's NUTS that cops are all routinely covering their faces now, right?Everyone talks about the split-second decisions police have to make, but what about citizens having a split second decide whether to struggle against a masked assailant?
(DIR) Post #AulousOxrVCLL71iwy by amuse@infosec.exchange
2025-06-04T00:42:21Z
0 likes, 0 repeats
@monarchist they're Taxpayer-Funded employees who are on the job with a Monopoly on the use of force. This isn't a "tit for tat" situation.As citizens, we have a right and responsibility to define how the police will behave, including whether or not there is a social expectation that police officers should be identifiable as such.
(DIR) Post #Aulwd8OWSfXnMSs3zU by amuse@infosec.exchange
2025-06-04T02:08:47Z
0 likes, 0 repeats
@monarchist I know exactly why they're doing it and never indicated otherwise. What's unacceptable is that we are *allowing* them to do this.
(DIR) Post #AuvpFKeIUY9mJrYH5c by amuse@infosec.exchange
2025-06-08T18:22:58Z
0 likes, 0 repeats
Whenever a big company tells me my complex and long password "has expired and needs to be changed" and there was never any hint of password expiration periods before - I will automatically assume they have been breached and aren't admitting it.
(DIR) Post #Aw30fiEJSyRzLMJhtQ by amuse@infosec.exchange
2025-05-31T19:52:39Z
1 likes, 0 repeats
RIP To that amazing time in history when camera phones became ubiquitous and high quality enough for us all to see amazing rare things captured by lucky people, but before AI video became ubiquitous enough that everything amazing captured on video must be assumed to be faked. ðŸ˜