SwiftOnSecurity

@SwiftOnSecurity@infosec.exchange

Official: https://twitter.com/swiftonsecurity/status/1588670921489125377
Bio:
computer security person at a place. former helpdesk. they/them/tay. Microsoft MVP, Client Security

This profile is from a federated server and may be incomplete. Browse more on the original instance.

SwiftOnSecurity, to random
da_667, to random

"we can't feed our patented bullshit machine without copywritten data."

SwiftOnSecurity,

@da_667

SwiftOnSecurity, to random

Microsoft got whacked and slurped 😔

https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/

SwiftOnSecurity, to random

NONE of my homies sleep. They are ALL consciousmaxxing. You can’t CREATE VALUE when your BRAIN IS OFF.

SwiftOnSecurity, to random

https://techcommunity.microsoft.com/t5/word/ok-if-clippy-was-pregnant-i-think-it-would-look-like-this/td-p/2062701

SwiftOnSecurity, to random

“Having the U.S. Navy engaging many targets for hours on end using much of what it has in its quiver allows for adversaries to watch and especially listen across the electromagnetic spectrum” https://www.thedrive.com/the-war-zone/red-sea-shoot-downs-offer-key-lessons-for-navy-intel-for-adversaries

SwiftOnSecurity, to random

Imagine you publishing in the newspaper you were mad Abe Lincoln got elected president last week, and your great-grandkids come across it.
Yours are going to be like “Why is she making fun of Zuckerberg, the guy who made humans immortal?”
You’re going to look so dumb. Delete your posts.

SwiftOnSecurity,

Zuck is going to be like the guy who invented artificial fertilizer and fed billions of people increasing the carrying capacity of Earth, but also did some chemical weapons on the side. Nobody is going to care.

SwiftOnSecurity, to random

The most senior person on a call always the one saying “okay tell me I’m an idiot, but”

SwiftOnSecurity, to random

Imagine being in NATO Command controlling all your drones with AI and a random input makes it generate a catgirl on the big main screen and crash all the bombs on friendly territory and generals are angrily demanding you explain how AI works and why this happened but you can’t.

You look through the input and it’s like “CATEGORY: GROUND RAPID RESPONSE” which some coder last month had shortened to “CAT:GRR” and passed the user interface element to the AI instead of the full text.

And years later they recover a full corpus of the lost AI training material and there was a blog in 2003 that posted a new catgirl going rawr every day for like 11 years all tagged with “cat” and “grr!”

Welcome to the future of war.

SwiftOnSecurity,

@mekki Feel free to use however you want. Credit me if you think someone might ask, but I don’t care personally at all. Thanks!

SwiftOnSecurity, to random

There’s something I notice in myself and try to fight I call the Dearth Spiral. Where you increasingly circle around scolding and statements and negative stuff as primary content. Instead of cool things and sharing knowledge and general enthusiasm.
A dearth of joy.

SwiftOnSecurity,

Pessimism is so easily confused for sophistication.
And drowning yourself in misery as martyrdom.

SwiftOnSecurity, to random

🎶 They made building housing illegal and put up a parking lot 🎶

SwiftOnSecurity, to random

A good way to tell if someone on Twitter is a bot is if they’re not fucking crazy.

SwiftOnSecurity, to random

“Other people said they were going mad with isolation. But I sat in my apartment and felt nothing," Erin observed, connected to a Zoom with the therapy service.

"I think...

... I died a long time ago."

Erin looked back at the monitor. Her WiFi had disconnected.

She was alone.

SwiftOnSecurity, (edited ) to random

PUBLIC SERVICE ANNOUNCEMENT:

There is an increase of account takeovers due to insiders at telco firms simply giving control to people paying them/compromised support staff accounts. Do a check on systems where this single factor would permit an account compromise. And change the configuration. These are opportunistic trawling attacks. This is becoming more common as attackers replicate the success.

The attacker uses other channels (like people search websites) to enumerate and guess the phone number attached to an online account and then checks against the telco they have control over.

The insider only briefly temporarily forwards the victim number to a 3rd party then switches it back to normal once they’re in. This is how they stay quiet since most victims will not have leverage or telemetry to understand how they got hacked.

It was their cell phone provider.

Make it so account recovery systems require multiple factors and remove telephony-based recovery for VIP accounts entirely.
Go check your systems now. Go try to access all your stuff like you forgot your password.

I am very serious. This is based on private knowledge but is compelled by the compromise of the SEC. This is common now.

SwiftOnSecurity,

AS DEFENSES INCREASE, other avenues of attack are unlocked as being cost-effective and needed. Suddenly your uniquely strong defense is the norm and defeating it is too.

The point is staying ahead of the curve. We are now at the stage where attackers invest in durable telco compromise to allow attackers in.

You MUST respond.

SwiftOnSecurity,

There was a time you could defeat almost all email account compromise by just… turning off legacy authentication in Exchange. You became a ghost. That’s how all attacker tools worked.
Now they have upgraded to account for modern authentication.
YOU CANNOT STOP improving. You are aging quickly.

SwiftOnSecurity,

@mjf_pro No. Agents can ignore the PIN.

SwiftOnSecurity, (edited ) to random

Jim quietly smiled in response while looking away from the young software engineer, “You know what I did before this? Before coding?”
“No.”
“I was a chemical plant operator. You can’t just restart one of those. The fire, the spark, the pressurization, the catalyzation, it has to keep running. Has to be tended at all times. You walk the jungles of process lines at 4AM and feel their swirling and vibration and heat. They are a physical thing. An obligation. They are more a child than the thing back there will ever be, John. You drop them and they break forever. You talk about your fear of machines. But I know someone killed by a machine.”
John started to talk, but was gently preempted in a rumbly voice.
“A human decided that. Not the braided stainless steel hose rotting away. A human decided it could last longer, to save money. That machine was just a messenger for the choice of a man.”

SwiftOnSecurity,

You can read the (same) story and subscribe to rare email delivery of my flash fiction here:

https://universalshards.com/p/locus

SwiftOnSecurity, to random

In 1988, two men sit in a room. One of them is cryptographer Bob Morris, the father of Robert Morris, who had just released the first Internet worm.

"We were both aware a line had been crossed and the world we inhabited had changed."

(John McCumber, Assessing&Managing Security Risk in IT Systems)

neurovagrant, to random
@neurovagrant@masto.deoan.org avatar

deleted_by_author

    •
    SwiftOnSecurity,

    @neurovagrant yep that’s mine

    SwiftOnSecurity, to random

    (This did not happen)

  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • thenastyranch
  • rosin
  • GTA5RPClips
  • osvaldo12
  • love
  • Youngstown
  • slotface
  • khanakhh
  • everett
  • kavyap
  • mdbf
  • DreamBathrooms
  • ngwrru68w68
  • provamag3
  • magazineikmin
  • InstantRegret
  • normalnudes
  • tacticalgear
  • cubers
  • ethstaker
  • modclub
  • cisconetworking
  • Durango
  • anitta
  • Leos
  • tester
  • JUstTest
  • All magazines
    •