Posts by kurtseifried@infosec.exchange
(DIR) Post #AcU2UHIhKgBWI7thYW by kurtseifried@infosec.exchange
2023-12-05T00:46:34Z
0 likes, 0 repeats
How long does it take for your organization to change your username if you want to change your name (e.g. marriage, divorce, legal name change, nickname preference, whatever):
(DIR) Post #AcU61kygJXoDkhBrcW by kurtseifried@infosec.exchange
2023-12-05T01:51:07Z
0 likes, 0 repeats
@smallsees I mean... these are digital systems, not clay tablets, and the fact that "it's too costly/annoying to change your name" flies in any org... shows a lack of IT maturity and a lack of empathy/basic management sanity. I bet there would be a high correlation between glassdoor scores and the answer to this name change question.
(DIR) Post #AckqwBtM28ywSg98dM by kurtseifried@infosec.exchange
2023-12-13T03:28:09Z
0 likes, 0 repeats
Ok, normalizing an email address, assuming basic sanity:lowercase everything (username and domain)remove anything after the + in the usernameremove any dots in the usernameI can't think of anything else, this is it right?
(DIR) Post #AckrNie8MS4nrn9aOu by kurtseifried@infosec.exchange
2023-12-13T03:57:05Z
0 likes, 0 repeats
@smallsees @loke And that's fine, I'm not sending email to these normalized addresses, I'm simply normalizing them to see if I have already, in a mostly reasonable world, encountered them. People who want to do unreasonable things are fine, and a corner case I can mostly ignore.
(DIR) Post #Ad0Mbe0kTWzSbo6tkm by kurtseifried@infosec.exchange
2023-12-18T19:45:33Z
0 likes, 0 repeats
@briankrebs shouldn’t the cashier be checking these things? Although I guess with self check out now…. Wait a sec. I just bought a compost pail at Home Depot and using the self check out when I scanned it it told me to wait for an attendant. The attendant came over, opened up the compost pail, looked inside of it, and then keyed in their pin number on the terminal to allow me to proceed. I feel like they could also do this with gift cards except I guess in this case the store is not eating the loss the customer is.
(DIR) Post #Adahyr6sMLo06L2YCG by kurtseifried@infosec.exchange
2024-01-02T18:39:23Z
0 likes, 2 repeats
@AlisonW @neil I would argue at this point that blocking pasting of passwords, and thus the use of password managers is a vulnerability, and deserves a CVE identifier. It also is really gross from a usability perspective for people who have trouble with passwords, but get along just fine with a password manager (like my one kid).
(DIR) Post #Adc76zStOLdCyCZGwC by kurtseifried@infosec.exchange
2024-01-07T16:15:53Z
1 likes, 0 repeats
Speaking of #enshitification videogamedunkey just summarized it perfectly: https://youtube.com/watch?v=yvhv7bgmz64&si=mm8LZmVw_EH7fOR-
(DIR) Post #AlOVLgJMh4GIEPKFbU by kurtseifried@infosec.exchange
2024-08-27T05:13:29Z
0 likes, 0 repeats
So far this year the Linux Kernel has done 3000 CVEs even. This means we can expect roughly 4500 for this year in total. Bu I have good news: they only started in Feb so we can expect another 10-15% on top of that for 2025, so with any luck that'll be about 5000. In other words 12.5% or so of TOTAL CVE activity.So when @gregkh says run current, you need to listen.You can spend several thousand hours a year trying to triage Linux Kernel vulns, or you can invest that effort into automation (updates, builds, testing, etc.) and stay current and answer "did you fix CVE foo" with either a "yes" or a "that will go out in the next update at future time X".
(DIR) Post #AlOVLhuyihwXDLvns0 by kurtseifried@infosec.exchange
2024-08-27T13:23:26Z
0 likes, 0 repeats
@gregkh actually 3000 is not a lot. I’m looking at the data and there’s some interesting trends with other CNAs. There’s also also two CVE ecosystems now: the open source and the closed source. Most People are used to dealing with the closed source involves applying patches, made available by the vendor products that they have deployed.But now they’re having to deal with the open source, and they have to do their own homework as it were, figuring out if they use this source in anything ( they likely have because of dependency chains), and remediating it on their own.
(DIR) Post #AlOVLigpqmDxbmK1Sq by kurtseifried@infosec.exchange
2024-08-27T13:43:00Z
0 likes, 0 repeats
@gregkh
(DIR) Post #AmGjPl1qzDlhunoCKu by kurtseifried@infosec.exchange
2024-09-22T17:47:48Z
0 likes, 0 repeats
@simplenomad what’s wild to me is that we have the largest sports stadium in Canada here in Edmonton (Commonwealth Stadium with seating capacity of 56,302 https://en.wikipedia.org/wiki/List_of_stadiums_in_Canada), we wouldn’t even place in the top 50 university college stadiums in America (https://en.wikipedia.org/wiki/List_of_NCAA_Division_I_FBS_football_stadiums).
(DIR) Post #AmJ7Q6PQHXedRNRyGu by kurtseifried@infosec.exchange
2024-09-23T21:26:12Z
0 likes, 0 repeats
@simplenomad in fairness a lot of big orgs, govs and emergency services use Twitter to announce things, witness Biden stepping out of the presidential race… the reality is normal people won’t go to places like mastodon because most of what they follow isn’t here, and those orgs won’t come here without the users being here. Chicken say hello to egg.
(DIR) Post #AmJAoYumFXd0f6TFey by kurtseifried@infosec.exchange
2024-09-23T22:04:15Z
0 likes, 0 repeats
@simplenomad in fairness I disabled my account instead of deleting it so nobody can squat my name. Also I still need to login to read the occasional thread (eg @thegrugq links from his newsletter). I think we underestimate the human ability to be boiled alive and putting up with abuse. Even when there’s a better alternative a lot of people’s ego won’t let them switch and admit they should have left ages ago.
(DIR) Post #AoJX9lWXIAkxruS4wa by kurtseifried@infosec.exchange
2024-11-22T21:53:21Z
0 likes, 1 repeats
@jerry Good news: they say they are a public benefit corporation (https://bsky.social/about/blog/7-05-2023-business-plan https://en.wikipedia.org/wiki/Benefit_corporation) and they say they won't do ads, but will do things like custom domains:We believe that there must be better strategies to sustain social networks that don’t require selling user data for ads. Our first step in another direction is paid services, and we’re starting with custom domains. While setting up a custom domain to use with Bluesky and the AT Protocol is fairly straightforward, it does require some familiarity with domain registrars and DNS settings. Yet, over 13,000 users have already either repurposed domains they already owned to use as handles, or purchased a domain solely because of Bluesky. Domains have so much potential as a personalized way to customize identities and as a decentralized way to verify reputation that builds off the existing web. For example, U.S. Senators have used the senate.gov domain to verify their identity on Bluesky without our involvement, and a third-party developer built a web extension that checks if websites are linked to an AT Protocol identity. The possibilities are wide in the domain-as-a-handle space.I don't think selling custom domains will make enough money though.They also took a big pile of money from a crypto company:Building on this momentum, Bluesky closed a $15 million Series A funding round in October 2024, led by Blockchain Capital. (https://techcrunch.com/2024/10/24/bluesky-raises-15m-series-a-plans-to-launch-subscriptions/)TL;DR: my bet is on #enshitification thanks to the investors wanting money. Custom domains and subscriptions are not going to make a lot (heck, if any) money.
(DIR) Post #AoJYkoQVYvoFXXrTdI by kurtseifried@infosec.exchange
2024-11-22T14:17:53Z
0 likes, 0 repeats
@briankrebs when I visit a traditional news site on a non-lockdown system yeah it’s visually difficult to read the news I find because of all the moving crap and ads overlaid. I can’t help but wonder if this ad brinksmanship is a major part of what’s killing readership.
(DIR) Post #AoPBcAQsX8c2SoCNWa by kurtseifried@infosec.exchange
2024-11-25T15:25:41Z
0 likes, 0 repeats
@simplenomad @joshbressers agreed.
(DIR) Post #AoUoEbxbQWrZQBK5OC by kurtseifried@infosec.exchange
2024-11-28T05:34:10Z
0 likes, 1 repeats
I feel like from now on when someone says something like "all bugs are shallow" or "that's just how person X is" I'm going to post al ink to this video:https://www.youtube.com/watch?v=bf_6EVTlZOY
(DIR) Post #ApJqTMKGEeNVOsJq8u by kurtseifried@infosec.exchange
2024-12-22T23:01:30Z
0 likes, 0 repeats
@bagder Once again Cunningham's Law rears its head https://meta.wikimedia.org/wiki/Cunningham%27s_Law
(DIR) Post #AqovM8IW2qAI4BqUlM by kurtseifried@infosec.exchange
2025-01-19T22:00:28Z
0 likes, 0 repeats
So I bought a new garage door opener to replace my old one that’s 40+ years old. It doesn’t come with installation instructions.You have to download an app that has the instructions. This app has instructions for hundreds of things which is nice, but I’m old and I would like to have a printed set of how to wire this thing up in case that app ever goes away (pro tip: print stuff and tape it to the top or back of that piece of equipment, the next person that has to fix it will thank you. And there’s a good chance you’ll be the next person that has to fix it.).Also, there is a sticker sealing the documentation that says if I break it, I’m essentially agreeing to the licensing agreement terms of use and then there’s a URL. @pluralistic this is a really new an interesting way to force people to agree to things.
(DIR) Post #AqovMBvyWaVlLRKYBU by kurtseifried@infosec.exchange
2025-01-19T22:02:00Z
0 likes, 0 repeats
@pluralistic and it wants to track me.