avuko

@avuko@infosec.exchange

Everybody wants to be a warrior,
nobody wants to be a nurse.
Move slow and make things.
STIX or it didn't happen.
he/him :donor:

#ThreatIntel #BlueTeam #InfoSec #CTI #DFIR #OSCP #OSCE #GCFA #ISO8601 #ActuallyAutistic#SecularBuddhist #ENTJ-A #SolarPunk #Historian #Dutch #PublicServant

Header image: statues of tyrannicides Harmodius and Aristogeiton, photo by Miguel Hermoso Cuesta
Avatar image: screenshot of the braille Unicode for “As” (⠠⠵) which looks like a glider from the Game of Life.

auto-delete >7 days

This profile is from a federated server and may be incomplete. Browse more on the original instance.

pixelbud, to fediverse

Marques Brownlee says Twitter is better than BlueSky and Mastodon because it has PEOPLE.

Mastodon has plenty of PEOPLE. Brands can create instances or accounts. It's better to spread out than have one entity control the conversation.

Plus as you follow folks, it starts to gel back into one giant community.

avuko,

@pixelbud Twitter and Meta don’t have people. They have users. I hope everyone here knows the difference?

avuko, (edited ) to random

doesn’t seem to become available in the EU (and IE) for the foreseeable future:

https://www.independent.ie/business/technology/no-instagram-threads-app-in-the-eu-irish-dpc-says-metas-new-twitter-rival-wont-be-launched-here/a1927220337.html

avuko,

@dominic I know, which makes me think Meta clearly doesn’t give a damn about prior brands.

avuko,

@dominic We’ll see. I’m sure whoever has current “Thread” brands in the same technology space will be laughing all the way to the bank. Or be lawyer-crushed into oblivion.

avuko,

@jtb This one? https://ico.org.uk/about-the-ico/

If so, I’m sorry: “.uk” tells the whole story.

eljefedsecurit, to random

I want to intro a bill that requires reversible encryption for all elected officials and federal agency employees and that explicitly forces it into the CISA Standard Reguirements for critical infra and then watch them explain why not.

avuko,

@eljefedsecurit I want them to have to log and submit for archiving and FIOA requests any and all communications on any device which is or could be related to their work.

(In all fairness I don’t want that for the US necessarily, but it would be great if leaders everywhere would be as transparent, especially here in NL: https://nltimes.nl/2022/05/18/dutch-pm-deleting-text-messages-daily-years-report)

evacide, to random
@evacide@hachyderm.io avatar

I took a brief look at Threads and you know what I don't want? A Twitter clone where I am followed by my relatives and people I went clubbing with 15 years ago.

avuko,

@evacide Context Collapse Galore.

xan, to random
@xan@xantronix.social avatar

Sorry for any people following me for normal tech/normie friend reasons and definitely not attempts at community building for the wayward latex and hypno kinksters—I'm too goddamned lazy to do all this on multiple accounts any more. And besides, I think I've gotten my fill talking about tech in polite circles for an entire lifetime.

avuko,

@xan I’ve found that one of the best ways out of my comfortable bubbles of sameness is going down rabbit holes. And I just realised* I’ve done that a lot more on here than I ever did on Twitter.

*) while googling “hypno kinksters”, fwiw.

Cbc “ok, good to know” underneath a balding guy talking over a display in a supermarket GIF by Kim's Convenience (Searched for “Good to know”)

ravirockks, to random

Fantastic piece on the landscape for SBOMs.

Some key bits:

'The harder criticism, as we see it, come from security industry professionals (vendors and buyers) who seem bearish about SBOM adoption generating value in their business. Vendors we spoke to told us that even though they have heard of SBOMs, they haven’t been required to produce one, or don’t expect to be required to produce one in the next year. Buyers have spoken about the requirement being a formality, with SBOMs not being seen to be adding more than an extra check-box step in vendor onboarding.

'[SBOM sceptics argue that they] don’t give a buyer more visibility over their own use of open source when compared to existing dependency mapping and vulnerability scanning [and] They don’t increase the motivation for vendors to patch security vulnerabilities—if a vulnerability is known and high priority, reputational risks serve as an acute enough motivator

'... the industries that will be affected by the first tranche of SBOM regulation—[CNI] and healthcare/medical devices—are cautious, with buyers (and the vendors that service them) who tend to be conservative:

  • We expect them to await regulatory certainty before pulling any triggers
  • We expect them to be cost-driven, rather than feature-driven

'We believe that the requirement for SBOMs in [CNI] and healthcare and the medical device industries will tend to create a bias in favor of large existing players in the software industry and specialized consultancies, because of the specific contractual and regulatory requirements those industries work with'.
https://p72.vc/perspectives/software-bills-of-material-sboms/

avuko,

@ravirockks “if a vulnerability is known and high priority, reputational risks [to vendors] serve as an acute enough motivator”

(Screams in CVD)

breaking bad “This is bullshit” GIF

avuko,

@ravirockks I’ve been in this business for over 15 years, and outside a very few happy exceptions which were usually smaller/non-traded shops, I’ve never seen this happen. Liability (or broader: responsibility) is a compounding cost everyone involved avoids like the plague*. And shareholders don’t care about reputation, or even about the long-term well-being of businesses they invest in.

Shareholders care about share value, something that (if you can wait it out) is hardly if at all impacted by reputation damage caused by information security incidents.

Citrix still exists, Fortigate still exists, Adobe still exists, Microso… well, you get the point.

*) clearly nobody avoids plagues anymore, so do we have another expression?

avuko,

@ravirockks 😬

avuko,

@ravirockks Sorry, I have an NDA with Oracle. :P

Jokes aside, there are a number of quite dramatic CVD episodes where a security researcher finally got fed up and decided to unilaterally disclose. The lead-time to becoming public is sometimes included in the write-up, which might provide some of the data you could use?

Although I’d advise you to independently verify timelines as there is often a bias: researchers profit from drama (aka visibility), and security researchers having little patience after being threatened and manipulated, usually by multiple vendors they’ve interacted with.

cendyne, to random
@cendyne@furry.engineer avatar

There's a phishing scam spreading like a worm throughout Telegram right now.

One of my friends lost their account and several others nearly fell for it.

Included are instructions to recover your account, how the phishing scam works, and what you can do to combat this threat:

https://cendyne.dev/posts/2023-07-04-help-a-friend-scam-on-telegram.html

avuko,

@cendyne Besides really solid content, the format of this is also

Perfection Chefs Kiss GIF by Yung Gravy

ben, to random
@ben@werd.social avatar

There has to be a search engine for Mastodon. Make it opt-in, make it tightly controlled, however you want it, but there needs to be a way to see news from across the network. That mechanism has powered countless social justice protests, grassroots disaster reports, and mutual aid. Equity requires discoverability. It's not optional.

avuko,

@John @ben @scottjenson IF you wanted this, it would again need to be federated, I’d say tied to the services containing the content.

But the “starting revolutions” use case is already covered: use a clear and unique hashtag.

avuko, to infosec

“300,000+ Fortinet firewalls [still, Ed.] vulnerable to critical FortiOS RCE bug”
https://www.bleepingcomputer.com/news/security/300-000-plus-fortinet-firewalls-vulnerable-to-critical-fortios-rce-bug/

(with compliments from the Dutchies)

avuko,

@jerry Or “missing the train”, as it were.

blacktraffic, to random

If your discourse is on the level of “Java is shit” I’m blocking you.

avuko,

@blacktraffic I’m more a Bali person myself.

ChickenPwny, to random

Robot life will have six fingers

avuko,

@ChickenPwny And three arms.

avuko,

@ChickenPwny

Will Ferrell Anchorman GIF “Boy That escalated quickly”

JessTheUnstill, to random

Among many toxic fediblock behaviors, I think my least favorite is the transitive block. i.e. "Not only do I block instances who do X, but I block any instance that doesn't also fediblock those instances". It gets into some peak Mean Girls bullshit of "You can't sit with us if you dare to ever even talk to THOSE people".

For people who are trying to use the Fediverse for awareness and activism, they're going to need instances that can be seen from as many other instances as possible - so they can get their message out to as many people as possible. They can't afford to be playing games about "only people on good servers are allowed to see my messages".

Are you complaining about Journalist and Public Safety organizations not migrating here? That's EXACTLY why they're nervous about this sort of place. Their JOB is to get their message out to as many people as possible. They can't play games with fediblock, they need as much platform reach as they can get. That's why they keep going back to Twitter.

... and now that Twitter is limiting their reach, we have a unique opportunity to show that this can be a place where their reach isn't going to be limited. But that's not going to work if people are preemptively blocking instances not for the conduct they allow on their own instance, but conduct on other instances that they allow to see their content.

avuko,

@JessTheUnstill This👆🏻

https://infosec.exchange/@avuko/110611410629338997

hacks4pancakes, to random

I have decided to wallpaper my steampunk / Victorian office to make my video background more exciting, but I have unfortunately also now realized that I’m a millennial and have absolutely no idea how wallpaper is installed, and neither do any of my friends or YouTube feeds. What even is a wallpaper that’s not on a computer, anyway?

avuko,

@emag @hacks4pancakes It can be done, but you need two people with a lot of patience and kindness towards each other. 😋

avuko,

@hacks4pancakes Oh, but those walls practically scream wallpaper! I’d probably get a professional to do it so I could sit back and enjoy the effect without having to be reminded exactly where I was a mm off.

Are0h, to random

Silo was... underwhelming. Looked great though.

avuko,

@Loukas @Are0h Working through it, and it is still entertaining. But that suffocating, cabin-fever-at-industrial-scale laced psychological drama with real people experiencing real (enough) things, has been replaced with something more visual and grandiose. Not the angle I was hoping for.

Karoli, to random
@Karoli@crooklyn.social avatar

If by “statesman” he means fascist, then yes.

Barf.

avuko,

@Karoli I was checking the account, because this had to be the NYT pitchbot.

But no.

Chapps, to random

Here's a little experiment in digitally reconstructing ancient bronzes. On the left is a reconstruction of the famous early-mid 1st c. CE statue of Livia from the theater of , as it once might have looked, polished, with stone and glass eyes and bronze eyelashes. On the right is a photo of how it currently looks, with darkened bronze, and no eyes (due to both the heat of Vesuvius and 18th c. meddling). Photo by Dr. Steven Zucker, Smarthistory.org 1/

The bronze statue as it currently looks at the MANN (Naples Archaeological Museum). The metal is very dark, due to both the heat of the eruption of Vesuvius, and the reaction with the volcanic material that buried it for centuries. An artificial patina was also applied in the 18th/19th centuries. The eyes are black pits, their stone/ glass originals lost to time. Photo by Dr. Steven Zucker (art historian and Smarthistory co-founder)

avuko,

@Chapps Have any traces of pigment been found on these statues? I’m seriously doubting the Romans of Herculaneum and Pompeii as I’ve come to know them would leave such a statue fully bronze (besides the details such as the eyes you previously mentioned).

  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • GTA5RPClips
  • thenastyranch
  • khanakhh
  • cisconetworking
  • Durango
  • rosin
  • ngwrru68w68
  • DreamBathrooms
  • magazineikmin
  • Youngstown
  • ethstaker
  • slotface
  • InstantRegret
  • JUstTest
  • kavyap
  • everett
  • Leos
  • tester
  • mdbf
  • osvaldo12
  • tacticalgear
  • cubers
  • modclub
  • provamag3
  • normalnudes
  • anitta
  • lostlight
  • All magazines
    •