sean 🔒 @sean@mastodon.cloud
i think i now prefer reading and answering email on mobile rather on web. that’s new!
it’s wild how persistent old security advice is https://www.reddit.com/r/hacking/comments/zz1ugn/what_precautions_should_i_take_to_not_get_hacked/
sean 🔒
boosted
I do NOT recommend Keeper for password management. Their posture towards security researchers has been anathema to accepted industry standards of vulnerability disclosure, to the point of litigation threats to journalists & security experts reporting on their products' bugs.
sean 🔒
boosted
sean 🔒
boosted
Actually cannot believe this. After 13 years, Sony/BMG have decided to take down Rick Astley's "Never gunna give you up" due to a dispute with Youtube over ad royalties.
It's completely blocked globally. Actual end of an era.
adding view counts has got to be the final nail in twitter’s coffin. proof that the low engagement on twitter is actually because very few people are actually using it versus some other reason
they instructed me to use their PGP key, and then they seemed unable to decrypt my message. they then asked me to submit to bugcrowd months afterwards and paid me a very low bounty.
this exact same issue happened when I reported a vulnerability in LastPass in 2016! https://furry.engineer/@soatok/109560736140669727
has anyone written a detailed history of all of LastPass’s security failures?
sean 🔒
boosted
if you run into anyone trying to discount the severity of the lastpass breach by saying the master keys are impossible to crack, ask them how lastpass' key derivation works, what a credential stuffing attack is, and how well PBKDF2 scales on GPUs.
given the details, it looks like anyone whose data was in the breach and who also reused their master password elsewhere is in imminent danger of having all their passwords compromised, as is anyone who used a relatively common password.
sean 🔒
boosted
For anyone that is looking to switch to 1Password, slickdeals has a link available that gives you 50% off of the first year for a family subscription. #cybersecurity #LastPassHack
sean 🔒
boosted
LastPass has such a bad security record someone has to take the keyscaway from them… like grandma you can’t drive anymore because you’ve got cataracts …. and you mowed two people down at church last Sunday.
I’d add to this: or where the person in charge of making the decision is not actually making the decision.
A good definition of organizational politics I heard yesterday at NBT: when decisions are made where the known optimal choice is not chosen.
you know what i want? a mailing list or substack for deep dives into breaches and lessons learned
sean 🔒
boosted
Sophos has observed more IcedID infections from #Malvertising
🔎 Google search for "webex download"
↪️ aerrkaler[.]online (redirect)
↪️ wwwebex[.]top/downloads/
⬇️ Download of malware from Firebase (.zip containing .iso)
"Setup_Win_19-12-2022_18-42-12.iso"
💥 rundll32.exe" \donoil.dat,init"
#IcedID C2: trbiriumpa[.]com
#IOCs
🔗 https://www.virustotal.com/gui/file/65e509ba0ec10d28c4183dbb7910374e4ec664bdd276e37d9c0ca2ce479772bf/relations
🔗 https[:]//firebasestorage.googleapis[.]com/v0/b/vocal-capsule-371714.appspot.com/o/MYajpfOrLR%2FSetup_Win_19-12-2022_18-42-12.zip?alt=media&token=0cd8f15a-bf31-4c40-aebd-e7a84229ca34
when is there going to be a Mastodon-instance-as-a-service for brands and companies? would be a valuable service!
sean 🔒
boosted
Bird site
Even if Musk leaves, unless there's a huge reverse exodus, I'm probably not going back. I kind of like not being a product to be sold to being manipulated by an algorithm designed to keep my eyeballs seeing ads at all costs.
sean 🔒
boosted
Unredacter: Shows you why y should never ever ever use pixelation as a redaction technique ..
