chetwisniewski

chetwisniewski, 5 months ago to infosec

Idea: A new #InfoSec conference called "The Boring Security Conference". It covers topics and hands-on advice that are what actually keeps organizations secure. No zero-days, no APTs and no "if the criminal does these 39 things in precise order and you're not watching your owned" talks.

chetwisniewski, 5 months ago to infosec

Great! TransUnion, whom I have the pleasure of receiving free credit monitoring from due to the MGM Casino breach in Sept, has a policy of only allowing 15 characters or less. Not like anything important is on the line or anything. Oh, they get bonus points for letting me skip the password with a trivial security question! #InfoSec #NotAFeature @boblord @thorsheim

Security question dialog on account creation. Includes questions like "What was your high school mascot?" and "What city were you born in?"

chetwisniewski, 8 months ago to random

You know what we are long overdue for? A Windows kernel vulnerability due to processing malicious fonts IN THE KERNEL. We used to get one almost once a year... Are we overdue?

chetwisniewski, 6 months ago to infosec

Thank you so much to @zackwhittaker for abandoning Patreon over their privacy invasive insanity and taking the risk of moving to a new platform to respect his newsletter's subscribers. I for one will be increasing my support in gratitude. #InfoSec

chetwisniewski, 9 months ago to random

Do I have any experts from DUO or Okta following me here who would be willing to answer a few quick questions?

chetwisniewski, 3 months ago to infosec

So the "takedown" of Volt Typhoon routers is interesting, but I am curious why it was done.. . To what end? They are all still vulnerable and instantly reinfectable and no patches were supplied (as far as I've heard). So... Sending a signal? #InfoSec #AmIDumb

chetwisniewski, 6 months ago to random

I've been on Mastodon/Fediverse for a few years now, but around this time last year I migrated from mastodon.social to my own instance to help lessen the burden during a time of enormous growth.

While I am disappointed that not many others chose to use my instance or leave Twitter for that matter, I still feel like this was the right choice. I left behind ~14k people who I mostly had positive interactions with, but the quality here is outstanding in comparison. Sometimes less is more.

chetwisniewski, 4 months ago to rant

Can someone explain to me why I have to repeatedly reapply for my US permanent overseas voter ballot (not sure which sea, I live in Canada). They literally lecture you on the page saying you should add yourself to the permanent list to reduce admin burden. Which part of permanent suggests I want to fill it out every 2 years and pay international postage to "renew" my permanentness? #rant

chetwisniewski, 6 days ago to random

@coffeegeek Are your guides still in progress with the site makeover? I was trying to read this one and it seems to only partly be there? https://coffeegeek.com/guides/howtos/americano-how-to/

chetwisniewski, 10 months ago to random

Ok, can one of my new followers today clue me in, how did you find me? I have had a large burst of new followers making me feel pressured to say smart security things, but I am curious as to how they are all finding me.

chetwisniewski, 7 months ago to random

Please tell me why this is a stupid idea: A tax on processors (CPUs, GPUs, AI ASICs, etc) that is proportionate to their power consumption to fund conversion of the grid to clean energy.

chetwisniewski, 6 months ago to random

Jewish sourdough rye loaf fresh from the oven

chetwisniewski, 3 months ago to infosec

I know many of you are #InfoSec experts, but I think I have a slightly different take than most on this whole Lockbit affair. Odds are I am wrong, but that hasn't dissuaded me from expressing my thoughts before, so I hope to publish a blog in the next day or so with my thoughts. Things are never quite what they seem, and I wonder if this is a genuine step change for law enforcement's approach to this intractable dilemma.

chetwisniewski, 4 months ago to infosec

Security questions for health care sites have reached a new low #LifeLabs #InfoSec @thorsheim @boblord

chetwisniewski, 7 months ago to random

Lisboa (Lisbon) Oriente train station from above at night

chetwisniewski, 3 months ago to random

Well folks, especially those who used to like to listen to the Sophos Security Chet Chat podcast will be pleased to hear that @0xBennyV and I are starting a new podcast soon. We've decided to call it "Security Take 2" and will be doing more in-depth analysis of security topics that have made it into the headlines.

Headlines are misleading and often designed for clickbait, we will go deeper on these stories and try to take some lessons from the facts. Our goal is to make each episode 25-30 mins.

chetwisniewski, 9 months ago to random

Hush discloses data breach related to #MOVEIT #InfoSec

"Notice of cyber incident"
Sadly the list of what they will do versus what you should do is a bit lopsided.

CC: @brett

chetwisniewski, 11 months ago to infosec

ALPHV/BlackCat ransomware group claims to have hacked Reddit in Feb and is going to release 80GiB of files
#InfoSec #Ransomware #Reddit @brett

chetwisniewski, 5 months ago to infosec

I've argued for years for organizations to limit the data they collect and store on the premise that they can't steal what you don't have. This is another advantage to this practice, they also can't get a warrant for what you don't have... Long overdue if you ask me. https://www.forbes.com/sites/cyrusfarivar/2023/12/14/google-just-killed-geofence-warrants-police-location-data/ #InfoSec

chetwisniewski, 6 hours ago to random

I am booked to be on BC Today on CBC TV, GEM, Radio 1, and YouTube at noon today (Friday 24 May) for a ~20 minute discussion on London Drugs ransomware leaks and Cybersecurity in general. Join us if you're free and interested!

chetwisniewski, 10 months ago to random

Ahhh, Friday. Always interesting news at the end of the day on Friday, as we apparently aren't paying attention and won't notice whatever horror-show some crappy PR firm tries to slip past us.

chetwisniewski, 2 days ago to random

Moved some stuff today to my storage locker. Got me thinking of @spike @threatresearch and his work at the Media Archaeology Lab. My original Amiga 1000 serial number 700. Price tag shows original $1295 USD price from 1985, $3775 today. 256 KB RAM if I recall. Amazing system at the time.

Amiga 1000 price tag at $1295.00 USD from 1985

chetwisniewski, 4 months ago to vancouver

For those of you in British Columbia, I will be on Global BC News at 6 tonight talking about AI powered scams. #Vancouver #Canada

chetwisniewski, 3 months ago to infosec

I feel like such an underachiever. I have had a Flipper Zero since it launched and I still have the same number of cars I started with. #InfoSec #Canada

chetwisniewski, 14 days ago to random

Before my Canadian followers watch the Vancouver Canucks take it to the Edmonton Oilers at Rogers Arena, you can tune into CTV News and Global BC to hear my thoughts on the British Columbia PSC breach and where it might likely lead us. Expect to be on at 5 and 6 on both networks.