i think i now prefer reading and answering email on mobile rather on web. that’s new!

sean 🔒 boosted

I do NOT recommend Keeper for password management. Their posture towards security researchers has been anathema to accepted industry standards of vulnerability disclosure, to the point of litigation threats to journalists & security experts reporting on their products' bugs.

infosec.exchange/@KeeperSecuri

sean 🔒 boosted
sean 🔒 boosted

Actually cannot believe this. After 13 years, Sony/BMG have decided to take down Rick Astley's "Never gunna give you up" due to a dispute with Youtube over ad royalties.

It's completely blocked globally. Actual end of an era.

youtu.be/dQw4w9WgXcQ

adding view counts has got to be the final nail in twitter’s coffin. proof that the low engagement on twitter is actually because very few people are actually using it versus some other reason

they instructed me to use their PGP key, and then they seemed unable to decrypt my message. they then asked me to submit to bugcrowd months afterwards and paid me a very low bounty.

Show thread

this exact same issue happened when I reported a vulnerability in LastPass in 2016! furry.engineer/@soatok/1095607

has anyone written a detailed history of all of LastPass’s security failures?

sean 🔒 boosted

if you run into anyone trying to discount the severity of the lastpass breach by saying the master keys are impossible to crack, ask them how lastpass' key derivation works, what a credential stuffing attack is, and how well PBKDF2 scales on GPUs.

given the details, it looks like anyone whose data was in the breach and who also reused their master password elsewhere is in imminent danger of having all their passwords compromised, as is anyone who used a relatively common password.

sean 🔒 boosted

For anyone that is looking to switch to 1Password, slickdeals has a link available that gives you 50% off of the first year for a family subscription. #cybersecurity #LastPassHack

sean 🔒 boosted

LastPass has such a bad security record someone has to take the keyscaway from them… like grandma you can’t drive anymore because you’ve got cataracts …. and you mowed two people down at church last Sunday.

I’d add to this: or where the person in charge of making the decision is not actually making the decision.

Show thread

A good definition of organizational politics I heard yesterday at NBT: when decisions are made where the known optimal choice is not chosen.

you know what i want? a mailing list or substack for deep dives into breaches and lessons learned

sean 🔒 boosted

Sophos has observed more IcedID infections from #Malvertising

🔎​ Google search for "webex download"
↪️​ aerrkaler[.]online (redirect)
↪️​ wwwebex[.]top/downloads/
⬇️​ Download of malware from Firebase (.zip containing .iso)
"Setup_Win_19-12-2022_18-42-12.iso"
💥​ rundll32.exe" \donoil.dat,init"

#IcedID C2: trbiriumpa[.]com

#IOCs
🔗​ virustotal.com/gui/file/65e509
🔗​ https[:]//firebasestorage.googleapis[.]com/v0/b/vocal-capsule-371714.appspot.com/o/MYajpfOrLR%2FSetup_Win_19-12-2022_18-42-12.zip?alt=media&token=0cd8f15a-bf31-4c40-aebd-e7a84229ca34

when is there going to be a Mastodon-instance-as-a-service for brands and companies? would be a valuable service!

sean 🔒 boosted

Bird site 

Even if Musk leaves, unless there's a huge reverse exodus, I'm probably not going back. I kind of like not being a product to be sold to being manipulated by an algorithm designed to keep my eyeballs seeing ads at all costs.

sean 🔒 boosted

Unredacter: Shows you why y should never ever ever use pixelation as a redaction technique ..

👉🏻 github.com/BishopFox/unredacte

Show older
mastodon.cloud

Everyone is welcome as long as you follow our code of conduct! Thank you. Mastodon.cloud is maintained by Sujitech, LLC.