Posts by siliconshecky@infosec.exchange
 (DIR) Post #9uoGC0Drkj1KQ72gJU by siliconshecky@infosec.exchange
       2020-05-07T15:40:29Z
       
       0 likes, 0 repeats
       
       @rysiek Microsoft also had a bad Security track record, and turned it around. Cisco jsut released a ton of advisories for ASA, FTD and FMC that are pretty bad and tend to hide their issues until they can't.Apple does not disclose the security issues they fix very easily if at all.Zoom starts to take steps by getting people like Katie Mussouris and her company to help and actually has responded to the security findings at least. Shows intent to get better at it.
       
 (DIR) Post #9uoGcswouOt5fyt6gK by siliconshecky@infosec.exchange
       2020-05-07T17:11:57Z
       
       0 likes, 0 repeats
       
       @msh @rysiek So Zoom has hires Luta Security to now handle its bug bounty program. Brought on Alex Stamos to help build/fix its security program, has been working with other security consultants to help with the security issues, put a 90 day  feature freeze on its product to solely work on security issues, has released numerous updates to fix the issues at hand, made Passwords the default, New easier to access area for security settings...Sounds like they have done nothing to me.
       
 (DIR) Post #9uofMpUqTDElC2FASe by siliconshecky@infosec.exchange
       2020-05-07T18:59:57Z
       
       0 likes, 0 repeats
       
       @rysiek @msh I have used Kitsi, and I applaud some of these. Have you taught a non-tech person how toi set them up? Just curious.And yeah there was pressure of a ton of people auditing and fuzzing Zoom as it ballooned for 10 Million to 200 million users in a few weeks time. Also issues were brought straight into the public, no responsible disclosure at all.Yes Zoom has problems, but they are working on fixing them.Just remember, Open source has issues also, and some take years to show.
       
 (DIR) Post #9uofMpvmr2muXaqgSG by siliconshecky@infosec.exchange
       2020-05-07T19:17:30Z
       
       0 likes, 0 repeats
       
       @rysiek @msh Also, you obviously did not see that they have started up a new bug bounty program with a reputable company.I could not explain to my son's grandmother how to set up a jitsi setup. I'm talking the everyday person, which is where Zoom ballooned.Listen, I get it, you love open source and that is fine. You probably do not use commercial unless you have to, that is fine. But if you do not allow for change and adjustments, you are not allowing for solutions.
       
 (DIR) Post #9uofMqZUTQXyWjQOLA by siliconshecky@infosec.exchange
       2020-05-07T19:22:09Z
       
       0 likes, 0 repeats
       
       @rysiek @msh Now we get to the core of it, and that is monetization which promotes said developer behaviour. That said, Hitsi or BBB could have, but are not ready for a grandmother at this time. Not enough people willing to spend time working on them without getting paid? That could be, but then you run into the return on investment issue again.
       
 (DIR) Post #9vJ3mRent0x3P0HMbQ by siliconshecky@infosec.exchange
       2020-05-22T13:44:07Z
       
       0 likes, 0 repeats
       
       @leip4Ier I think one thing is the COVID tracking system is in it, plus there is supposed to be a fix for that last big Vuln in the mail app that goes back years.
       
 (DIR) Post #9vJMxtYGPiIqEKORv6 by siliconshecky@infosec.exchange
       2020-05-22T17:19:04Z
       
       0 likes, 0 repeats
       
       @leip4Ier I doubt it. Apple hates posting the security notes as it is. Hide it better by releasing them late today or over the holiday weekend just to keep eyes off it.
       
 (DIR) Post #A11UlLBUIis4e7Rha4 by siliconshecky@infosec.exchange
       2020-11-09T13:34:15Z
       
       0 likes, 0 repeats
       
       @PhoneBoy The Republicans spent 8 years resisting Obama and he still cooperated on the transition to Trump.Think about that.
       
 (DIR) Post #A11jTETjzZlfwto5po by siliconshecky@infosec.exchange
       2020-11-09T16:19:03Z
       
       0 likes, 0 repeats
       
       @PhoneBoy Did the question whether he was legally allowed ot be President? Did they have the Birther movement. We can go at this all day.Trump is a scumbag salesman, always has been, always will be. when you lose, lose with dignity. That is the sign of a true leader and a real winner.
       
 (DIR) Post #A3EpWVOsnJWMgpNRei by siliconshecky@infosec.exchange
       2021-01-14T14:55:14Z
       
       0 likes, 1 repeats
       
       The holiday season is over, and so are the competition portions of the Holiday CTFs. This year I did @RealTryHackMe Advent of Cyber and @KringleCon. Here is a brief overview and rating of both.https://www.siliconshecky.com/holiday-ctf-review/
       
 (DIR) Post #AIrSbE0JUClTSUIn2m by siliconshecky@infosec.exchange
       2022-04-26T20:37:51Z
       
       0 likes, 0 repeats
       
       My one concern with Mastodon and the fedi-verse is having to log into separate instances. If I can find a way to show specific instances or log into them with just one login, that would be optimum. Otherwise I can see communities separating apart way more than they need to.
       
 (DIR) Post #AIrSbHYSHirETFIbB2 by siliconshecky@infosec.exchange
       2022-04-27T01:50:13Z
       
       0 likes, 0 repeats
       
       @jerry gotcha. Heck I would love to just be able to make individual lists/columns based on the instance name, just so I can cut out federated instances I have no interest in.
       
 (DIR) Post #AP1xCIQJadSuTb2rZI by siliconshecky@infosec.exchange
       2022-10-28T15:27:09Z
       
       0 likes, 0 repeats
       
       Small suuggestion to remember. use hashtags here. Following hashtags works nicely as long as people use them. #mastadonhacks
       
 (DIR) Post #APSmHaeskhcglaXCCG by siliconshecky@infosec.exchange
       2022-11-10T14:11:30Z
       
       1 likes, 1 repeats
       
       
       
 (DIR) Post #AQjyAkpJ3tOm8Ya4C8 by siliconshecky@infosec.exchange
       2022-12-18T19:04:47Z
       
       0 likes, 1 repeats
       
       To my fellow Jews and everyone else..Happy #Hanukkah!
       
 (DIR) Post #ASpPkGTkn4sN4OuEeO by siliconshecky@infosec.exchange
       2023-02-19T06:00:13Z
       
       0 likes, 0 repeats
       
       @textfiles @TheGibson I was on the Ripco BBS back in the 80s.Nice to see the archiving of the tucked away stuff.
       
 (DIR) Post #AUz2uB8HFF44LjqlFI by siliconshecky@infosec.exchange
       2023-04-24T17:15:00Z
       
       0 likes, 0 repeats
       
       @lauren Nah, he breaks Kayfabe too much.
       
 (DIR) Post #AbP3w82fAwRKPaTGKm by siliconshecky@infosec.exchange
       2023-11-02T17:41:54Z
       
       1 likes, 0 repeats
       
       @mttaggart Cause we all know that Beta is Alpha and Finished is Beta.
       
 (DIR) Post #AbXFKcNkg0J6DitWCm by siliconshecky@infosec.exchange
       2023-11-06T16:25:13Z
       
       1 likes, 0 repeats
       
       Doesn't mean crap if they don't agree with bugs/vulns found. Also doesn't mean crap if they don't come up with proper fixes in a timely fashion.https://www.bleepingcomputer.com/news/microsoft/microsoft-pledges-to-bolster-security-as-part-of-secure-future-initiative/
       
 (DIR) Post #AbXFT5Q2bN5Gar0GA4 by siliconshecky@infosec.exchange
       2023-11-06T16:28:43Z
       
       1 likes, 0 repeats
       
       @mttaggart I gave up on MSRC a long time ago. ;)