ceresbzns

@ceresbzns@infosec.exchange

always hopeful, rarely optimistic

This profile is from a federated server and may be incomplete. Browse more on the original instance.

TheVoyageur, to random

I am glad I don't use a ledger and instead chose the open source one!

ceresbzns,

@TheVoyageur
@gulovsen

It's nice when the principled decision pays off

hakan_geijer, to random
@hakan_geijer@kolektiva.social avatar

Hell yeah, Bruce. You fuckin' tell 'em.

"Kids are natural hackers. They do it instinctively, because they don’t fully understand the rules and their intent. (So are artificial intelligence systems—we’ll get to that at the end of the book.) But so are the wealthy. Unlike children or artificial intelligences, they understand the rules and their context. But, like children, many wealthy individuals don’t accept that the rules apply to them. Or, at least, they believe that their own self-interest takes precedence. The result is that they hack systems all the time."

From: A Hacker's Mind: How the Powerful Bend Society's Rules, and How to Bend them Back

ceresbzns,

@hakan_geijer

I feel like "abusing systems in a way that's unintended by outside actors" ie hacking, is meaningfully different than "abusing systems in a way that was more or less intended by actors who are an ongoing party in creating those systems" ie liberal democracy in a capitalist society

It's hard for me to take Bruce's political takes seriously when his proposed solutions are always Better Regulation and More Cops

misc, to random
@misc@mastodon.social avatar

When people say that Mastodon the company isn't doing enough to encourage decentralization, they aren't factoring in all the downtime.

ceresbzns,

@misc
lmao

ceresbzns, to infosec

Incredible supply chain attack. Someone faked a hardware wallet that looks and behaves like the genuine article and shipped to purchasers, complete with packaging and holographic seals.

https://www.kaspersky.com/blog/fake-trezor-hardware-crypto-wallet/48155/

The lesson here is NEVER buy your security hardware from anyone except the original seller!

ceresbzns,

@troed
What is the Secure Element and how does it prevent this kind of attack?

ceresbzns,

@troed
Ah, I understand - thank you for sharing.

What's your take on the Ledger Recover service?

ceresbzns,

@troed

Welp. At least it allows authenticity verification, I suppose.

briankrebs, to random

Countless smartphones seized in arrests and searches by police forces across the United States are being auctioned online without first having the data on them erased, a practice that can lead to crime victims being re-victimized, a new study found. In response, the largest online marketplace for items seized in U.S. law enforcement investigations says it now ensures that all phones sold through its platform will be data-wiped prior to auction.

https://krebsonsecurity.com/2023/05/re-victimization-from-police-auctioned-cell-phones/

ceresbzns,

@briankrebs
Wait, let me get this straight. The cops can just steal your shit and then... sell it? (?!)

hacks4pancakes, to random

Rob, just fire me now.

ceresbzns,

@hacks4pancakes
Is it multi-factor authentication when you have to verbally confirm "I do" and also produce a ring

pluralistic, to ai
@pluralistic@mamot.fr avatar

's Circle: We have to do because everyone else is doing ; everyone else is doing AI because we're doing Bard.

https://doctorow.medium.com/googles-ai-hype-circle-6158804d1299

ceresbzns,

@wa7iut
@ukuku @pluralistic @lispi314

I don't think I ever knew this. Incredible!

riotmuffin, to random
@riotmuffin@ni.hil.ist avatar

Some people say anarchist gatherings can be chaotic. And how do anarchists get anything done without a set of rules to adhere to, anyway? Well, let's check in on the Minneapolis Democratic Party endorsing conventions today...

Ward 5: Literally was cancelled because one candidate made up zillions of false delegates and nobody knew what to do

Ward 10: One candidate's supporters rushed the stage as another candidate was about to speak, leading to fights and the entire building being cleared by police...

...ok let's not check in on this any more actually ¯_(ツ)_/¯

ceresbzns,

@blkstarseed
@julieofthespirits @riotmuffin

What I've learned in the past few years in high-bureaucracy environments is that:

Bureaucracy is supposed to be a way of standardizing processes and roles.

The way bureaucracy actually operates is by providing an array of convenient excuses for the people who hold power in the hierarchy to do what they want.

Seems like this goes for government offices and DemSoc model UN meetings alike

ceresbzns, to random

O bella ciao, motherfuckers

ceresbzns, to random

Increasingly convinced that the job mobility of US workers found in the past 30-50 years (shoddy promotion pathing, zero formal in-house training, consistently hiring outside, essentially random layoffs) is less a product of a mercenary labor force, or even a product of managerial incompetence, than it is a deliberate strategy by enterprise owners.

Consistently losing and re-hiring workers is expensive, in both dollar and productivity terms, but you know what constantly job-hopping workers don't do? Organize.

If you're not going to be somewhere longer than 2-3 years, there's very weak incentives to build the kind of relationships that unionization efforts require. If the workplace sucks, you just leave instead of fighting for improvements with your friends.

ceresbzns,

This is a lens @sarahtaber and
@KevinCarson1 have applied to other contexts, but it seems very relevant to the US technology sector today (and others)

ceresbzns,

@freakazoid
I hadn't heard that before. What's different about Golang vs other languages that would enable that?

ceresbzns,

@freakazoid
Strongly agree. Deeply challenging in an environment where Taft-Hartley is still in effect and the existing labor orgs are full of cops (literally and figuratively)

ceresbzns,

@freakazoid
That's very interesting - thanks for explaining

PogoWasRight, to infosec

"On November 7, 2021, DUSD detected unusual activity within its digital environment." blahblahblahsteps.... "That process was completed on April 5, 2023, after which DUSD worked quickly to
notify you of this incident." (on May 3, 2023)

So 543 days later, they notify.

And they think this is just fine?

https://oag.ca.gov/system/files/Delano%20Union%20School%20District%20Sample%20Notice.pdf

@douglevin @brett @funnymonkey @mkeierleber

ceresbzns,

@PogoWasRight
@douglevin @brett @funnymonkey @mkeierleber

molly0xfff, to random
@molly0xfff@hachyderm.io avatar

coming out with a .zip TLD seems like a real chaos move

ceresbzns,

@0xabad1dea
@molly0xfff

It is a beautiful day and you are a horrible TLD

ceresbzns, to random

@InfoSecSherpa fire talk at today!

airbrycki, to random

Anyone got a good ice cream place in the area? And I’m not talkin like fancy ice cream. I mean like giant, cheap soft-serve sundae kind of ice cream. I could name so many of these places along the Great Lakes and can’t seem to find them out here!

ceresbzns,

@airbrycki
@crschmidt

Dribbles!

ceresbzns,

@airbrycki
@crschmidt

Very welcome

pierogipowered, to random

Youngest caught a stomach bug 3 nights ago. Looks like it was very successful at lateral movement. Oldest developed indicators last night. Attacking stomach bug successfully pivoted to us adults, it now got me.

ceresbzns,

@pierogipowered
Solidarity

elfin, to infosec
@elfin@mstdn.social avatar

"Another way of thinking about this is that if a company can only stay in business by externalizing the cost of security, maybe it shouldn’t stay in business."
-- Bruce Schneier : Click Here To Kill Everybody

ceresbzns,

@elfin

I haven't let you forget.

I was reminded by the latest newsletter, where Schneier mentions his new schtick, which is highlighting how "rich people hack systems for their benefit." Which is just an incredible example of brilliant people roaming outside their zone of expertise and, once again, completely missing the point. Like, holy shit bro, read some Graeber.

elliasdev, to random

Trezor vs Ledger?
Storage security, transactions security, ease of use.
Solely for Bitcoin, Monero & zCash.

@Trezor @Ledger

ceresbzns,

@elliasdev
Trezor is open source. Ledger is not. That makes it an easy choice for me

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • GTA5RPClips
  • DreamBathrooms
  • InstantRegret
  • magazineikmin
  • everett
  • Youngstown
  • mdbf
  • Durango
  • slotface
  • rosin
  • thenastyranch
  • kavyap
  • modclub
  • anitta
  • cubers
  • tester
  • osvaldo12
  • tacticalgear
  • ethstaker
  • ngwrru68w68
  • khanakhh
  • Leos
  • normalnudes
  • cisconetworking
  • provamag3
  • megavids
  • lostlight
  • All magazines
    •