SwiftOnSecurity

josephcox, 3 months ago to random

New: the Taliban took control of the domain "queer.af" (af being the TLD of Afghanistan). With the Taliban now controlling the country, it is taking back domains. This had the effect of killing the queer.af Mastodon instance https://www.404media.co/taliban-shuts-down-queer-af-domain-breaking-mastodon-instance/

Sysengineer, 3 months ago to random

WHAT DO YOU MEAN CONTACT YOUR SYSTEMS ADMINISTER FOR MORE INFO??????? I AM THE SYSTEMS ADMINISTRATOR

SwiftOnSecurity, 3 months ago to random

The invention of the blue LED, one of the most difficult and important inventions ever – which allowed the white LED – is some of the craziest Chad shit I have ever heard about anything. This guy is pinnacle determination holy crap.

https://youtu.be/AF8d72mA41M

GossiTheDog, 4 months ago to random

If anybody remembers the UK company called DROP TABLES "COMPANIES";-- LTD, I just noticed that this has happened - before and after. https://find-and-update.company-information.service.gov.uk/company/10542519

The back story is the UK government changed the law (lol) to stop it - specifically the Economic Crime and Corporate Transparency Bill 2022.

SwiftOnSecurity, 4 months ago to random

@brettshavers post here

da_667, 4 months ago to random

Its very rare that I take much seriously around here, but... I'd like to extend my support to those of you out there affected by the latest rash of layoffs in what can only be described as continuing to squeeze blood out of turnips.

Usually if I get tapped for a position on LinkedIn or other places, and I think the position isn't terrible, I'll post it here. I also usually repost those who are looking for work.

I would recommend hitting reddit's /r/netsec and checking out the hiring thread there.

Consider Checking the Infosecjobs and GetFediHired hashtags around these parts for more leads.

If your local bsides or security conference has a slack/discord/whatever, get involved. A lot of the times the folks you meet at your local security meetups will become invaluable friends who will help get you hired. For example, the Defcon Blue Team Village Discord has a Jobs channel.

If there is any chance you're looking for something to keep you occupied, and you have some free time, consider trying to establish a home lab. I have a book on this subject (https://leanpub.com/avatar2).

I'm not trying to sell you anything, you can acquire my book for free. See if it helps you out.

Sometimes during interviews, people will ask you what you do in your off time, or if you have any projects or other things you do to tangentially related to IT/Infosec.

You start telling them about your home lab, their eyes glaze over, and that checks a box for them, that shows them you are motivated to learn more.

Write about your lab experiences and/or maybe things you did differently for your environment. Maybe write about why you wanted to make a homelab to begin with. Maybe you want to analyze malware and write IDS or Yara rules. Maybe you saw cool things on attackerkb and want to reproduce vulnerable environments and test exploits. Maybe you want to try out new software. Doesn't matter. share your experiences.

I'm sorry this happened to you. I know it isn't a lot of advice, but hopefully it helps you.

18+ tilde, 4 months ago to random

It is wild to me how many relatively-simple websites just utterly break without cookies or without JavaScript. If you have a straightforward article page nobody should need either to read it. I'm not talking about paywalls here, or about complex interactive webapps. Just simple pages anyone should be able to read where the images don't work if you don't have JS turned on. Or nothing at all loads if they can't set a cookie. I don't know who's writing these frameworks which can't even produce basic text-and-pictures HTML without JS, but it feels negligent.

Whatever happened to progressive enhancement? To writing semantic HTML and using CSS to lay it out how you want, and JS only to do the things CSS can't? Even a friendly, usable CMS can spit out semantic HTML which works with your style sheets. What's the structural incentive I'm missing here?

Quinnypig, 4 months ago to random

Come to find out that there was nothing nefarious about all those Russians falling out of windows, Moscow just awarded all the country’s window installation contracts to Boeing.

GossiTheDog, 4 months ago to random

deleted_by_author

Lee_Holmes, 4 months ago to random

Postman is a security risk and you should pursue other options: https://www.leeholmes.com/security-risks-of-postman/

en4rab, 4 months ago to random

A fantastic job opportunity here, a German train company are looking for a Windows 3.11 Administrator https://www.gulp.de/gulp2/g/projekte/agentur/C00929028

WiseWoman, 4 months ago to ChatGPT

An adjunct professor for computer security found some odd stuff her students turned in:

https://labs.ripe.net/author/kathleen_moriarty/the-llm-misinformation-problem-i-was-not-expecting/

It was not the students' use of a #ChatBot that was the problem, but they were using material found on the internet that itself was created by a hallucinating ChatBot and published without verification!

This is a type of model collapse we will be dealing with not just at universities in the near future.

#AcademicChatter #AcademicIntegrity #ChatGPT

JosephMenn, 4 months ago to random

Russian foreign intelligence has hacked emails from security professionals at both Microsoft and HPE. I have a feeling this is the start of something. https://www.washingtonpost.com/technology/2024/01/24/hpe-hacking-russia-cybersecurity/

SwiftOnSecurity, 4 months ago to random

pancakescon, 4 months ago to random

Call for Volunteers: https://forms.gle/UU5e3pWkb5um4C3s6
Call for Villages: https://forms.gle/D5Q4hiKmuJMyDgxbA
CFP: https://forms.gle/1XYY9RmiY6U3KVza7

#PancakesCon 5 will be on 3/24/2024 from 9AM-7PM Central US
CFP closes Sunday, February 18, 2024 at 8:30PM US Central Time

GossiTheDog, 4 months ago to random

If you use GoAnywhere MFT, a widely abused FTP program by Cl0p recently, you might want to upgrade as they seem to have forgot to mention something important from over a month ago.

Now CVE-2024-0204

#threatintel

SwiftOnSecurity, 4 months ago to random

Me, being brought into a multi-vendor multi-day P1 incident because I’m good at Windows:

“Has anyone looked at the Windows logs?”

Narrator: They had not looked at the Windows logs.

Post-credits scene: The error was in the Windows logs.

ravirockks, 4 months ago to random

Fundamental points by Prof Ciaran Martin about the British Library incident and its aftermath.

= Why resilience matters.

https://ciaranmartin.substack.com/p/on-the-matter-of-the-british-library

SecurityWriter, 4 months ago (edited 4 months ago) to random

deleted_by_author

GossiTheDog, 4 months ago to random

Microsoft filing with the SEC to say Russia SVR hacked the email accounts of its own cyber staff in November, they discovered this week: https://www.sec.gov/Archives/edgar/data/789019/000119312524011295/d708866dex991.htm

jtk, 4 months ago (edited 4 months ago) to random

David Mills, a true Internet pioneer, passed away on January 17, 2024. Probably best known for having led the development and maintenance of #NTP for decades, he was also involved in a great deal of early Internet protocol development.

https://elists.isoc.org/pipermail/internet-history/2024-January/009265.html

SwiftOnSecurity, 4 months ago to random

Imagine being in NATO Command controlling all your drones with AI and a random input makes it generate a catgirl on the big main screen and crash all the bombs on friendly territory and generals are angrily demanding you explain how AI works and why this happened but you can’t.

You look through the input and it’s like “CATEGORY: GROUND RAPID RESPONSE” which some coder last month had shortened to “CAT:GRR” and passed the user interface element to the AI instead of the full text.

And years later they recover a full corpus of the lost AI training material and there was a blog in 2003 that posted a new catgirl going rawr every day for like 11 years all tagged with “cat” and “grr!”

Welcome to the future of war.

brianvastag, 4 months ago to google

Did an interview today with a reporter at The Verge about the scourge of fake machine-generated obituaries that killed me off a few weeks ago, leading several people to think I really was dead, and how #Google rewarded the shit-merchants with high #SEO placement. Hopeful the article brings some changes.