Mvee007

@Mvee007@infosec.exchange

Pro Identity, Pro Privacy. A perfect message is where you can trust you are communicating with the intended recipient, and the message is not altered, whether encrypted or not.

I live in the real world, where people can be imperfect and that needs to be ok too!

This profile is from a federated server and may be incomplete. Browse more on the original instance.

SwiftOnSecurity, to random
Mvee007,

Token forgery hacks are still going strong.

malwaretech, to random

FML. My apartment management just showed up to install the new internet package, which sounded pretty good (Symmetrical Gbit). Dude comes in to set it up and is trying to install a wifi access point behind my couch. I told him I don't need an access point because I have my own mesh network, I just need to connect the new modem to my network rack. He starts trying to explain that the internet doesn't require a modem, so I'm like confused af.

After like 10 minutes of trying to figure out wtf this guy is talking about, I realized they've installed an apartment complex wide wifi mesh network, so there is no individual internet packages anymore. Everyone in the entire apartment complex is just connected to one big wifi network. They claim all the users are segmented by VLAN, but I genuinely don't think I've ever wanted something less in my life.

Mvee007,

@malwaretech started off my technical life on a non segmented apartment network. No bueno.

SwiftOnSecurity, to random
Mvee007,

@SwiftOnSecurity so you are one of the problem children I see, sonny.

malwaretech, to random

I genuinely don’t think there’s a single thing Elon could do at this point that’d make the people still active on Twitter leave. Individual self interest always trumps public good.

Mvee007,

@malwaretech Nope, ask any family member of an activist.

georgetakei, to random

It’s now clear that Leonard Leo, Ginni Thomas and Harlan Crow conspired in the wake of Citizens United, where Justice Clarence Thomas cast a decisive vote, to unleash over a billion dollars to reshape the judiciary in the mold of the Federalist Society.

The result is now an extreme right-wing Supreme Court that has overturned abortion rights, environmental law, and affirmative action. And they are far from done.

Mvee007,

@georgetakei A fact that cannot be changed, it is a power position. Help your neighbors protect themselves from pregnancy, recycle, make affordable green energy choices, and learn to love people different from themselves.

seachanger, to random
@seachanger@alaskan.social avatar

we spill a lot of pixels on fedi worrying about twitter. i think facebook is a larger threat. remember 3.5 billion use meta, 455 million use twitter.

meta has infiltrated and unified spheres of participatory society that formerly were distributed across a diversity of organizational structures, including small businesses, public institutions, private communications, nonprofits, etc

imo this is essentially the most consequential and pervasive privatization of social life in planetary history.

Mvee007,

@seachanger had same problem with LinkedIn long wild ride where I couldn't get someone w analytics access to leave me alone.

flexghost, (edited ) to random
@flexghost@mastodon.social avatar

Reminder: Elon Musk intentionally shut down Starlink operations near Crimea last year to undermine Ukrainian naval drones

His decision came from calls with Putin

Why are my tax dollars making this man a billionaire?

Why is he allowed to openly collude with war criminals without the gov’t nationalizing starlink / SpaceX?

Why is he still receiving DoD contracts?

And why are wine mommies with 🇺🇦 🏳️‍⚧️ in their bio on Twitter?

Mvee007,

The sheer amount of thankless effort going into Signal clients for free becomes obvious when trying to find a Mobian solution.

Mvee007, to random

I am not sure if I ever took an IQ test as a child. I can tell you my attention span was nil until I was 23, as an unsolved mystery. Any test was irrelevant.

Reading the book titled "Outliers" by Malcolm Gladwell today, and still not convinced it matters.

malwaretech, to random

This is absolutely crazy stuff. Chinese hackers were able to get into a bunch of government email accounts by forging Microsoft access tokens, but how it happened is wild.

Apparently an internal Microsoft system responsible for signing consumer access tokens crashed, then a bug in the crash dump generator caused the secret key to be written to the crash dump. Microsoft's secondary system for detecting sensitive data in crash dumps also failed, allowing the crash dump to be moved from an isolated network to the corporate one. The Chinese hackers compromised a Microsoft engineer's account and were able to get a hold of the crash dump. They were not only able to find the key and figure out that it's responsible for signing consumer access tokens, but were also able to exploit a software bug to use it to sign enterprise access tokens too, basically giving them the keys to the kingdom.

So many security system had to fail for this to happen. Either the hackers were very lucky or extremely patient.

https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/

Mvee007,

Or buddies with testers.

hacks4pancakes, to random

I feel so soap-boxy lately, maybe because I’m teaching a class, but here’s another kernel of truth I’ll throw at y’all about communities:

If you are trying to get new people,especially diverse people and young people into your hobby, and your first reaction is to show off your really expensive kit and say how much it cost, you are gatekeeping mega mode, even if you’re just trying to share your interest. Nobody wants to hear there is a $1500 (or $5000) barrier to entry to their new hobby. It’s demoralizing, not educational, and they’re just gonna leave.

Happens in bicycles, drones, photography, astronomy, gaming, marksmanship… you name it, there’s a rich older white dude ready to show off his six grand investment in a hobby to a college student with a three digit bank account.

Mvee007,

@hacks4pancakes I had a pattern of telling people I saved $5000 of my salary per year for training because companies had stopped investing in training for outsourcing. I loved security and felt it was worth investing in. A typical SANS or ISACA course was 5k.

You had to be exceptionally crafty to figure out how to both hold a job and stay in a rapidly evolving field.

Also, no one saw the value in tech skills over soft skills. In hindsight however I can see how that would demoralize someone.

georgetakei, to random

It was DeSantis who refused to meet Biden to tour areas damaged by Idalia. Yet the NYT reported it this way (first image) then had it up all night and morning before finallly correcting it to a less misleading headline (second image). Wording matters! Get it together, NYT...

h/t Chris D. Jackson for spotting and highlighting.

image/png

Mvee007,

@georgetakei wow, mistakes like that do not seem typical. Wonder if they had a compromise in the production process.

Mvee007, to random

Stalked me by application analytics to begin with, followed up with heavy threats and intimidation. No one did a thing while some man discussed ejaculating on my sister and held my alarm code hostage while having an offender chase me around committing a number of criminal acts using phi. Still repulsed by everyone who helped them.

briankrebs, to random

We're big supporters of the EFF, but I can't get on board with the idea that somehow it's wrong or a slippery slope for Tier 1 ISPs to be blocking Kiwifarms.

https://www.eff.org/deeplinks/2023/08/isps-should-not-police-online-speech-no-matter-how-awful-it

Mvee007,

Take DNS BGP governance away from ISP's and under a global democratic voting body. Problem solved. Will take 50 years, might be worth it.

Mvee007,

@GossiTheDog called police yesterday for a welfare check on my father from some similar shady characters. They don't have a way to look up addresses to take action.

GossiTheDog, to random
@GossiTheDog@cyberplace.social avatar

Microsoft quietly snuck out a blog yesterday to say that Office 365 got compromised by China and used to steal emails. Thread follows. https://msrc.microsoft.com/blog/2023/07/microsoft-mitigates-china-based-threat-actor-storm-0558-targeting-of-customer-email/

Mvee007,

@GossiTheDog add 1

mastodonmigration, (edited ) to Futurology
@mastodonmigration@mastodon.online avatar

Meta Specific Data Rights Limitation Notice

Notice is hereby given to Corp. by this account, and all signatories, that all data rights are reserved. No license is granted other than those limited rights as per the account's instance Privacy Policy (eg. https://mastodon.online/privacy-policy).

Specifically no authorization is given for: 1) Monetization in any way, 2) Profiling for targeted advertising or other purpose, 3) AI, LLM or algorithm training.

Simply reply, boost, or favourite to sign

Mvee007,

@mastodonmigration

In other words, nothing has changed between legal, data and tech since 1995 in a lot of businesses. The first ones who did make a "little bit" of change are typically in the EU.

jerry, to random

There’s been a lot of discussion about a rule we recently instituted regarding security testing on the infosec.exchange instance. I understand the value or pen testing as much or more than most people, and I’m fully cognizant that pen tests are happening all the time and I’m not getting the report. I get it. But there are now 28,000 people using this service to communicate. I know there are vulnerabilities waiting to be discovered. Finding blog post fodder by fuzzing instances that are already running hot due to explosive growth is not super helpful. But at the same time, I WANT that testing to happen.

As a result, I am going to set up two instances tomorrow that only federate with each other. This is where I’d prefer legitimate security testing be performed. I’ll also be using it as the QA environment to test new updates and settings prior to deploying to the production instance. I’ll moderate signups because I don’t want it accidentally becoming fediverse 2.0 in the ongoing rush for the doors at twitter, but will accept anyone who wants to join, with clear indications that it’s a sandbox and should not be considered safe.

Thanks for patience as we continue to find out way.

Mvee007,

@jerry that is the most practical thing I have heard in social media, ever.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • provamag3
  • InstantRegret
  • mdbf
  • ethstaker
  • magazineikmin
  • GTA5RPClips
  • rosin
  • thenastyranch
  • Youngstown
  • osvaldo12
  • slotface
  • khanakhh
  • kavyap
  • DreamBathrooms
  • JUstTest
  • Durango
  • everett
  • cisconetworking
  • Leos
  • normalnudes
  • cubers
  • modclub
  • ngwrru68w68
  • tacticalgear
  • megavids
  • anitta
  • tester
  • lostlight
  • All magazines
    •