SecurityWriter

SecurityWriter, 5 months ago to random

Your yearly reminder that ‘layoff season’ is an American invention that infected the rest of the world.

Layoffs cost a company 35% more than retaining a core staff over 3 years.

The only purpose is for inflating investor reports.

Layoffs in tech immediately degrade the product, reduce security, create safeguarding issues, and inevitably destabilise the future of a given product.

SecurityWriter, 8 months ago to random

My cat is great at catching spiders. There are however a few caveats:

1. Spiders must be sufficiently enormous to be fun. Somewhere between “Oh lawd he coming” and Shelob.

2. Spider catching only happens at night, and only in the bedroom.

3. Cat will make a few chirping noises to alert us that a spider is being hunted.

4. All spiders must be delivered as gifts onto the chest or face of one of us.

5. Note I only said great at ‘catching’. Delivered spiders are very much alive and very fucking irate about the current state of affairs.

SecurityWriter, 1 year ago (edited 1 year ago) to random

I had a lot of people engaging about #Eurovision last night, and for those of you that follow me for security and tech wondering if my account had been hijacked. It hadn’t, and this will probably be my last post about Eurovision Song Contest this year.

But I’d like to go into some of the minutiae and nuance of the contest, and explain why not everything is as it seems from the outside.

A THREAD 🧵

SecurityWriter, 1 year ago to random

Using websites in 2023 without an Ad blocker is like wrestling an octopus. Entirely unusable.

From an accessibility standpoint I fail to see how it’s not illegal. So many things steal focus from assistive technologies.

I challenge you to spend a day trying to use the web without seeing what’s on the screen, with only what your OS provides. And no ad blocker.

Or with only voice controls, or any other assistive tech. If more organisations did this, they’d soon see how actively hostile they’re being to those with accessibility needs.

Accessibility should be part of the design, testing, QA, and UAT for your website or product.

And don’t give me “but how do smaller organisations manage that?” - if this were law, within 6 months you could get off the shelf themes for WordPress or Wix or Bootstrap that manage it all for you.

It’s not a technical problem. It’s political will.

SecurityWriter, 1 year ago to random

C/O @miriamrobern

SecurityWriter, 1 year ago to random

Just a reminder that most remote access software has access to your clipboard. Even with the window out of focus. Bidirectional, too.

You don’t want to know the reason I’m posting this, but lets just say that in the age of password managers you probably want to copy something else afterwards and hope the endpoint doesn’t have clipboard history enabled.

My friends, its a horror show out there.

SecurityWriter, 1 year ago to random

Say it with me again:

Layoffs aren’t ‘efficiency savings’

They’re peoples lives - and a failure of management.

SecurityWriter, 1 year ago (edited 1 year ago) to random

Requiring website visitors to disable 500 categories of cookies to use your site without being tracked (where your choices actually work) shouldn’t be any more legal than automatically opting them in. Pass it on.

THEN after selection, using dark patterns, weasel wording, and button colouring/positioning to get users to accidentally undo those settings, should also illegal.

If you’re using those plug-ins or went to the effort of making your own do this, I’m just not going to use your site - but my browser doesn’t save cookies anyway.

jerry, 4 months ago to random

I am happy to announce my new cloud-based, AI enabled XDR offering for toothbrushes. Please form an orderly line to deposit your investment capital.

SecurityWriter, 1 year ago to random

Two more notifications about my data being compromised from different sources in the Capita breach. No free AV offer this time, that’s a shame.

The clusterfuck singularity gets worse. It’s a good job these jokers don’t run 90% public service interface in the UK. Oh wait, yes. Yes they do.

“They only got enough information to apply for any credit agreement or contract on your behalf without your knowledge” - is now the official line it seems.

SecurityWriter, 11 months ago to random

“Are you enjoying Outlook? Would you recommend it to a friend?”

Not if I actually like them.

SecurityWriter, 1 year ago to fediverse

Good morning, you beautiful people.

I see we’ve had a new bump in new users again.

If you’re new here, perhaps from the Reddit exodus, welcome!

Things are a little different here, so follow people and hashtags you find interesting. There’s no ‘algorithm’ so the more people you follow that you find interesting… the more interesting things and people you’ll find!

Check out the awesome https://fedi.tips/ by the wonderful @feditips before you get stuck in to get the most out of the platform and stay safe.

Love and peace, my new friends!

#mastodon #newuser #reddit #api #apollo

SecurityWriter, 11 months ago to random

I’m going to be totally honest, I expected that with Threads arriving, the Mastodon sign-up numbers would have dropped significantly, not the opposite. And I was totally fine with the former.

And I just want to clarify my stance on it.

You can’t bird-cage people on a platform because you don’t like the alternatives, and you can’t dictate terms to celebrities and brands who will flock to monetised platforms.

You also can’t expect everyone to be here because it’s your preference.

People will use what works for them. It just so happens that here works for me, and I love the people I’ve met here.

SecurityWriter, 1 year ago to random

It’s deeply concerning that UK unions have begun to parrot Stop the War’s talking points regarding the invasion of Ukraine.

Of course, unions have always been priority targets for far left and far right agitators, but Stop the War is a known, Kremlin-linked organisation pushing for the secession of the UK from NATO and the appeasement of Russia.

Given their sway within the Labour Party, I’m not sure on the best way to contain this.

SecurityWriter, 1 year ago to random

‘Fail-fast’ is the mantra of management and execs who are too shortsighted, too lazy, or too incompetent to have a plan. There, I said it.

Before you take offence, let me explain.

I’ve been doing this job quite a while, and I’ve seen “fail fast” as the driving mindset in innumerable technical departments. Not projects… but departments.

SecurityWriter, 1 year ago to random

Wishing you a very not-flooded-data centre this Monday morning. Because reasons.

SecurityWriter, 11 months ago to random

As clichéd as it sounds, technology is more about networks of people than it is networks of machines.

Sometimes it’s easy to lose sight of that when you’re working on the front lines.

Further to this, when designing systems and applications, remember who you’re making them for.

People are flawed and fallible, they do inexplicable things, they make mistakes, and they’re all different.

SecurityWriter, 11 months ago to random

Do you route your internal traffic through your firewall rules and policies?

If not, you are assuming a LOT of things about a LOT of things :)

SecurityWriter, 11 months ago to random

Oh wow. There are a lot of LLM generated text > text to speech video game reviews on YouTube.

While waiting for the Rain Code embargo to lift, and the more reputable sources having not released yet, there’s hundreds of them going up and getting taken down.

Just reeling off marketing nonsense with some forum/comments hype, and some nonsensical AI speculation. Peppered with Ads.

SecurityWriter, 11 months ago to random

Hilarious client WEEE disposal and data destruction tale for the day.

Turns out that the devices are just turning up in various places in Africa. Still AAD joined.

This is an expensive service too. Check your suppliers, it’s likely those data destruction certificates mean sweet FA.

From TWO different suppliers. Do they all go to the same place??

SecurityWriter, 1 year ago to random

Don’t forget to carbohydrate. That is to say, eat carbs and hydrate.

SecurityWriter, 11 months ago to random

Mmmm. I love the smell of technical debt in the morning.

SecurityWriter, 11 months ago to random

Today is interview day. No matter how many boards I sit on or multinational corporations I pitch to, the most nerve wracking thing to me is being interviewed for a job.

I think it’s because my own standards are so high that I worry about being judged by them.

Thankfully, I’ve applied for 8 jobs and been invited to interview for 3.

One has been withdrawn (internal hire) and the others haven’t closed yet. So fingers crossed.

SecurityWriter, 4 months ago to random

Not to be the “what are they teaching kids at school these days” guy. But I have two digital forensics/cyber security post grads on my team, and I had to give them the birds and the bees talk (networking and DNS).

I’m happy to of course, you don’t learn by not asking, but it was a revelation to them.

Both are more ‘qualified’ than me, but had no clue further than what an IP address does.

SecurityWriter, 5 months ago to random

Getting a “DNS is too old and not fit for purpose” vibe from the ad-hawking giants at the moment.

Countdown to ‘XNS’ (no not you Xerox, sit the fuck down) or some shit in the coming years on Chrome, ChromeOS, and Android. Probably partnered with Meta.

Some shit indeed.

DNS is old and needs a replacement, but not so you can abuse internet goers more effectively, and it’s hardly a burning issue.