avuko

@avuko@infosec.exchange

Everybody wants to be a warrior,
nobody wants to be a nurse.
Move slow and make things.
STIX or it didn't happen.
he/him :donor:

#ThreatIntel #BlueTeam #InfoSec #CTI #DFIR #OSCP #OSCE #GCFA #ISO8601 #ActuallyAutistic#SecularBuddhist #ENTJ-A #SolarPunk #Historian #Dutch #PublicServant

Header image: statues of tyrannicides Harmodius and Aristogeiton, photo by Miguel Hermoso Cuesta
Avatar image: screenshot of the braille Unicode for “As” (⠠⠵) which looks like a glider from the Game of Life.

auto-delete >7 days

This profile is from a federated server and may be incomplete. Browse more on the original instance.

avuko, to animals

touaregtweet, to random Dutch
@touaregtweet@mastodon.social avatar

Dat onderhandelen over de rechtsstaat gaat nog eens heel groot worden.

https://www.volkskrant.nl/politiek/formerende-partijen-eisen-harder-optreden-politie-en-justitie-tegen-extinction-rebellion~b1d967150/

avuko,

@touaregtweet

“Historici hebben een woord voor Duitsers die zich bij de Nazi-partij aansloten, niet omdat ze joden haatten, maar uit hoop op hersteld patriottisme, of uit een gevoel van economische angst, of uit de hoop hun religieuze waarden te behouden, of uit afkeer van hun tegenstanders, of rauw politiek opportunisme, of gemak, of onwetendheid, of hebzucht.

Dat woord is ‘Nazi’. Niemand geeft meer om hun motieven.”

A.R. Moxon
https://armoxon.substack.com/p/sky

avuko, (edited ) to random

I just followed a link onto Twitter because it was added to a news story, and ooooh boy.

Best not go there people. Here’s a nice picture of a cat instead.

avuko, to infosec

If data was comprised, but there were no logs to show it, would there be a Data Breach Notification?

For most companies which could plausibly deny knowledge, there probably wouldn’t.

https://www.ftc.gov/business-guidance/resources/data-breach-response-guide-business

https://commission.europa.eu/law/law-topic/data-protection/reform/rules-business-and-organisations/obligations/what-data-breach-and-what-do-we-have-do-case-data-breach_en

Frederik_Borgesius, to privacy
@Frederik_Borgesius@akademienl.social avatar

‘Europe’s largest parking app operator has reported itself to information regulators in the EU and UK after hackers stole customer data. EasyPark Group, the owner of brands including RingGo and ParkMobile, said customer names, phone numbers, addresses, email addresses and parts of credit card numbers had been taken but said parking data had not been compromised in the cyber-attack.’ https://www.theguardian.com/technology/2023/dec/26/hackers-steal-customer-data-europe-parking-app-easypark-ringgo-parkmobile

avuko,

@Frederik_Borgesius EasyPark went from HWYPI* to HWYPI**

*) Home’s Where You Park It

**) How Would You Prove It

stux, to random
@stux@mstdn.social avatar

Hm, I love Mastodon... ❤️

It scared the shit out of me when there where toots not from me but I right away knew where to look for the issue!

Since Masto has a perfect account access log plus 2FA it was quickly clear the posts came from a 3rd party app so revoking and done!

Still, a goooood reminder to clean access tokens, perhaps even for apps not used for a bit 🤷

avuko,

@stux for those looking for it, in the web app:

Settings > Account > Authorized Apps.

https://<your_instance>/oauth/authorized_applications

tinker, to random

I'm in a deep funk right now. Can't move. Just staring at the wall. (Using the fediverse to post a diary note and then going back into depression naps). I'm not going to accomplish any of the plans I set out to do today.

But I can work on some of them tomorrow maybe.

My hydroponics can be neglected and still be okay. I'll build just a tiny bit more tomorrow which will add to the whole.

It'll be fine. Tomorrow will take care of itself.

avuko,

@tinker well, if nothing else, you created a beautiful credo:

“Do what you can when you can and be chill with yourself the rest of the time”

avuko,

@scarletfi @tinker the final words of the mediation guide I use are [extremely relaxed monk’s voice]:: “letting go… into nibbana”.

Elsa was most def onto something.

webklex, to random

An e-mail I receive every few weeks. The domain in question isn't active and was cancelled over a year ago. And yes it's a genuine email - guess that's their marketing strategy?

avuko,

@webklex TIL: Zero-width non-joiner.

avuko, (edited ) to random

The end of Dutch politics, in two images.

avuko,

@asmodai this

avuko, to random

I’m just going to say the quiet part out loud, feel free to chime in:

HOUSEKEEPING SUCKS

krypt3ia, to random

SCOTUS fucks us again

avuko,

@krypt3ia “[…] and there were no noted dissents.”? I don’t get it.

lcamtuf, to random

deleted_by_author

    •
    avuko,

    @lcamtuf how about we do it the other way around?

    If you go over 10.000, they’ll have to delete your account.

    <panic ensues>

    avuko, to random

    Dear @EU_Commission,
    Could you maybe put a clean HTML version of the NIS2 directive online, for us to easily parse and have read by a machine or process?

    Because I’m sorry, but this ain’t it:

    https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX%3A32022L2555

    avuko,

    @BigMcLargeHuge @EU_Commission that seriously wouldn’t surprise me :/

    goatsarah, to random en-gb

    Does anyone EVER have any reaction other than muttering, "oh, for fuck's sake" to the following?

    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
    avuko,

    @goatsarah also, because the next step to remove the offending key is always the same (and usually the command to do so is right there on the screen, maybe make that part of the workflow with a simple y/n?

    avuko,

    @goatsarah This!

    Apparently my mantra for this weekend will be: “in my suffering, I am not unique.”

    avuko, to random

    Slowly working my way through her body of work, this week I found this.
    – Stop Your Tears

    https://youtu.be/naNmJ-ft4Ig

    gwynnion, to random
    @gwynnion@mastodon.social avatar

    I want organizations like Substack to be known as Nazi collaborators and to contemplate what that will eventually mean for them.

    avuko,

    @gwynnion My family has some familiarity with both collaborateurs and resistance (yes, it’s a complicated and sad story).

    I’m afraid the days of social exclusion, scorn, shame and sometimes even generational consequences for collaboration and plain fascism are long gone.

    I don’t see the “costs” of and limits to behaviour to sufficiently exist in an urbanised (post-)industrial society where people can physically escape or virtually distance themselves.

    I am genuinly afraid all that remains will be violence, because recreating all those destroyed communities will take too long. But I sincerely hope I’m wrong.

    PacificNic, to ADHD
    @PacificNic@zeroes.ca avatar

    Huh... Damn.

    "Be aware that a subset of people with autism are highly adept at noticing micro expressions, the very quick expressions that flit across someone’s face before they “rearrange” into a socially acceptable reaction. The people able to perceive this, however, are often unaware that they are supposed to ignore those expressions and respond to the “public face” instead. This can lead to social awkwardness."

    https://theconversation.com/how-to-conduct-job-interviews-with-candidates-who-have-autism-123152

    🤯

    Sometimes I wonder...

    On another note, that's such fucking patronizing language. Maybe it's not that people with autism are unaware they're not supposed to respond to the microexpressions, but that the microexpressions are impossible to ignore and it doesn't feel right to perform a conversation instead of have a conversation.

    avuko,

    @PacificNic I have the same with “sensory processing issues”.

    These folks be like: “People with autism can be highly adept at noticing micro-expressions, which we’ll label as “processing issues” because people seeing us for how we really feel makes us feel uncomfortable.”

    briankrebs, (edited ) to random

    deleted_by_author

    •
    avuko,

    @briankrebs @GossiTheDog Any legal eagles who can tell us how this would play out if a victim like this would fall under the (upcoming) NIS2?

    avuko, to infosec

    That’s quite an … avalanche.🥁🐒

    PS: is there an advent calendar I don’t know about? Looking at my timeline, I’m starting to suspect there is.
    https://www.bleepingcomputer.com/news/security/ivanti-releases-patches-for-13-critical-avalanche-rce-flaws/

    jetton, to random
    @jetton@mastodon.online avatar

    There is this misconception that people in the Middle Ages only lived to their thirties.

    This is of course misleading, since this is the mean age at death.

    About half died as infants.

    Using the median instead gives a clearer picture of lifespan.

    Median age at death was 1.

    avuko,

    @jesusmargar @mike805 @jetton I researched this (but for Ancient Rome), and this is afaik the right answer. If you wonder about life expectancies etc. there is https://www.un.org/development/desa/pd/data/model-life-tables, at least for those who enjoy the deepest of rabbit holes.

    uplinc, to random

    Since this worked last year, I’ll send my year-end request up again:

    Hey vulnerability researchers. You're awesome, truly and thanks for helping to make the world more secure. We truly couldn't do it without you.
    But I have a request: If you find something theoretically bad this month, think about holding onto it until January. Please.

    Love,
    Everyone who lost the 2021 holidays to Log4j

    avuko,

    @e38383 @uplinc The problematic part for me is “when it seems to fit”. Fit who? Not having either a vendor or a researcher setting the timelines is why we have coordinated vulnerability disclosure in the first place.

    PS: For those not on a Western (Christian) calendar, the days between Christmas and new year are historically a favourite time to strike, FIN and APT alike. Helping them by dumping 0days at that exact time isn’t the way to make the world a better place. To me, the same would go for things like Chinese new year.

    So again: let’s coordinate.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • cisconetworking
  • thenastyranch
  • GTA5RPClips
  • everett
  • Durango
  • rosin
  • InstantRegret
  • DreamBathrooms
  • magazineikmin
  • Youngstown
  • mdbf
  • slotface
  • ethstaker
  • megavids
  • kavyap
  • normalnudes
  • modclub
  • cubers
  • ngwrru68w68
  • khanakhh
  • tacticalgear
  • tester
  • provamag3
  • Leos
  • osvaldo12
  • anitta
  • lostlight
  • All magazines
    •