chetwisniewski

arstechnica, 4 days ago to random

Microsoft’s new “Recall” feature will record everything you do on your PC

Recall uses Copilot+ PC features "to take images of your active screen every few seconds."

https://arstechnica.com/gadgets/2024/05/microsofts-new-recall-feature-will-record-everything-you-do-on-your-pc/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

chetwisniewski, 3 months ago to infosec

I feel like such an underachiever. I have had a Flipper Zero since it launched and I still have the same number of cars I started with. #InfoSec #Canada

chetwisniewski, 8 months ago (edited 8 months ago) to infosec

I guess I shouldn't be surprised, but I am certainly disappointed that the closed captions on the Black Hat videos, which I paid $2500 for, are widely inaccurate and have not been proofread. I feel bad for deaf people who rely on these, as the machine generated ones are questionable at best. For free content I understand relying on it, or even for real-time content, but for recorded video that you pay a premium for this is unacceptable. #InfoSec #AI #Accessibility

chetwisniewski, 4 months ago (edited 4 months ago) to infosec

Hi #InfoSec friends. I am about to start a new security/privacy/tech podcast with my friend @0xBennyV . We are thinking of doing a deeper dive on a topic or two per episode. More of a behind the scenes of the story/topic rather than a lighter view or news-like feed. I would be interested in people's thoughts and a few polls over the next couple of weeks. Please boost for reach!

What is an ideal target length to learn something, but not take up too much time in your busy lives?

chetwisniewski, 5 months ago to infosec

Idea: A new #InfoSec conference called "The Boring Security Conference". It covers topics and hands-on advice that are what actually keeps organizations secure. No zero-days, no APTs and no "if the criminal does these 39 things in precise order and you're not watching your owned" talks.

chetwisniewski, 3 months ago to random

Well folks, especially those who used to like to listen to the Sophos Security Chet Chat podcast will be pleased to hear that @0xBennyV and I are starting a new podcast soon. We've decided to call it "Security Take 2" and will be doing more in-depth analysis of security topics that have made it into the headlines.

Headlines are misleading and often designed for clickbait, we will go deeper on these stories and try to take some lessons from the facts. Our goal is to make each episode 25-30 mins.

chetwisniewski, 3 months ago to random

I ordered a beautiful new leather desk mat on Etsy from a small shop in Ukraine (Mureli https://www.etsy.com/ca/listing/917432262/large-leather-mouse-pad-personalized). It's great and they even sent me a video of them making it. Best part is the postage. Slava Ukraini! #SlavaUkraini

chetwisniewski, 4 months ago to random

For those of you who wish to monitor the weather situation in Vancouver my skycam and street cams are available:
Sky: https://mym7.com/I9NMI85pZox/Patio-skycam

Street: https://mym7.com/Qds5kJU1MAJ/Hamilton-Street-Yaletown-Vancouver-Canada

#BCStorm

chetwisniewski, 5 months ago to infosec

Great! TransUnion, whom I have the pleasure of receiving free credit monitoring from due to the MGM Casino breach in Sept, has a policy of only allowing 15 characters or less. Not like anything important is on the line or anything. Oh, they get bonus points for letting me skip the password with a trivial security question! #InfoSec #NotAFeature @boblord @thorsheim

Security question dialog on account creation. Includes questions like "What was your high school mascot?" and "What city were you born in?"

chetwisniewski, 5 months ago to infosec

I've argued for years for organizations to limit the data they collect and store on the premise that they can't steal what you don't have. This is another advantage to this practice, they also can't get a warrant for what you don't have... Long overdue if you ask me. https://www.forbes.com/sites/cyrusfarivar/2023/12/14/google-just-killed-geofence-warrants-police-location-data/ #InfoSec

chetwisniewski, 4 months ago to random

Love having a new tradition of watching the #PWHL on CBC on Saturday afternoon #HockeyAfternooninCanada

chetwisniewski, 4 months ago to random

For anyone interested in my Consumer Matters TV interview on AI scams you can find the clip on Global BC here https://globalnews.ca/video/rd/19fdc34a-b418-11ee-aeb3-0242ac110004/?jwsource=cl

chetwisniewski, 6 months ago to random

A conversation on the non-technical options we have to rein in ransomware operators from Virus Bulletin in October #vb2023 with Paul Ducklin (Ind), Samir Mody (K7), Kathi Whitbey (Palo Alto) and Kathryn Sherman (FBI) and moderated by moi. #InfoSec #Ransomware https://www.youtube.com/watch?v=qQu9Pwh1ABc

chetwisniewski, 4 months ago to rant

Can someone explain to me why I have to repeatedly reapply for my US permanent overseas voter ballot (not sure which sea, I live in Canada). They literally lecture you on the page saying you should add yourself to the permanent list to reduce admin burden. Which part of permanent suggests I want to fill it out every 2 years and pay international postage to "renew" my permanentness? #rant

chetwisniewski, 3 months ago to random

Looks like Lush Cosmetics were victims of Akira as they have appeared on their leak site. Akira has exploited unpatched Cisco ASA VPNs in the past, wondering if the same here? They use them according to Shodan data.

chetwisniewski, 4 months ago to random

Reminder for folks in the lower mainland of British Columbia. Roads are a mess. Stay home. If you must go out SLOW DOWN. #BCStorm

chetwisniewski, 23 days ago to random

My piece from Global BC on the London Drugs cyber attack is now on their site: https://globalnews.ca/news/10459821/london-drugs-closed-tuesday-western-canada-cybersecurity-breach/

chetwisniewski, 3 months ago to infosec

I'm excited to see my BSides London talk "Breaking Bad Multifactor" is now posted on YouTube. Originally scheduled for PasswordsCon at BSides Vegas (COVID cancellation).https://yewtu.be/watch?v=s7l6Ump6eqQ #BSides #InfoSec @boblord @thorsheim

chetwisniewski, 4 months ago to vancouver

For those of you in British Columbia, I will be on Global BC News at 6 tonight talking about AI powered scams. #Vancouver #Canada

chetwisniewski, 3 months ago to random

I was delighted to see my talk "Building defensive playbooks from others misfortune" from RootCon 2022 was just surprise posted to YewTube. Check it out, still relevant after 18 months. https://yewtu.be/watch?v=V_UrmsnOBbg

chetwisniewski, 3 months ago to infosec

My "big picture" take on the LockBit disruption this week is now live. We are seeing more frequent law enforcement action against all sorts of cybercrime groups and I think we need to step back and take stock of what is working and what isn't so we put our energies where they are likely to achieve the best outcomes.

Come for my .02 cents and stay for the snark. #InfoSec #LockBit https://news.sophos.com/en-us/2024/02/21/lockbit-lessons-learned-on-winning-the-war-on-cybercrime/

chetwisniewski, 1 month ago to random

I said something yesterday at the Vancouver Cloud Summit that I will repeat here:

"Logs are cheaper than lawyers".

When deploying to the cloud, especially "cloud native" applications you must ensure you are collecting logs for analysis, threat hunting, and forensics. Platforms have logging off and often charge for it. Turn them on, protect them and USE THEM.

chetwisniewski, 25 days ago to random

For my followers in Western Canada I will be on CBC Radio's The Calgary Eyeopener Apr 30 at 8:10AM MDT (7:10 PDT) and on Global BC Morning News (TV) at 6:10AM PDT talking about the London Drugs cybersecurity incident.

alberniweather, 4 months ago to random

Snow happening in Vancouver? #BCStorm Anyone? Bueller? :D #bcsnow