mttaggart

mttaggart, 5 hours ago to random

I want you to read both of these stories, and watch the video in the first one, then tell me that access to human-created information isn't in absolute peril.

I continue to hope for and predict a #hardfork of the internet that gets those of us who care out of the deluge of generative slurry these advertisers want us to drown in.

arstechnica.com/gadgets/2024/05/google-is-reimagining-search-in-the-gemini-era-with-improved-ai-options/

arstechnica.com/gadgets/2024/05/gmails-ai-powered-email-summaries-can-dig-through-your-inbox-for-you/

mttaggart, 5 hours ago to random

We need a name for the group of us who embrace technology, but not needless generative models. Luddites, but for LLMs.

mttaggart, 9 hours ago to random

I feel like yesterday's Duo outage was a near-miss asteroid.

We can talk up how clear a response process for something might be, but we know that for every org that has this locked in, there are 10 that don't. A point of failure like MFA, especially one that we've been yelling about being critically necessary, creates its own risk.

hrbrmstr, 1 day ago to random

@mttaggart @Viss https://www.lawfaremedia.org/article/software-liability-and-insurance

mttaggart, 1 day ago to random

Tabletop Exercise: The MFA service to which you've hitched your entire enterprise's security experiences a global outage. Remote workers can't log in, the security team can't access tools, and the baddies are just itching for you to flip the switch on MFA.

mttaggart, 1 day ago to random

A Duo outage seems... yeah, just real bad.

downdetector.com/status/duo/

mttaggart, 2 days ago to random

Please drop some real regulatory hammers on this industry. And not just hospitals/networks, but medical device manufacturers. What I can't tell you about would terrify you.

therecord.media/cybersecurity-regulations-healthcare-industry-anne-neuberger-rsa

mttaggart, 2 days ago to rust

Late-night #BlueTeam tool release!

Introducing entropyscan-rs, a #RustLang entropy scanner for analyzing files and directories during incident response. Used carefully, this can quickly identify likely malware when not all stages of an attack have been discovered, such as during a web server compromise without adequate logging. Enjoy!

github.com/mttaggart/entropyscan-rs

#CyberSecurity #InfoSec

mttaggart, 2 days ago to random

Credit where it's due: this is excellent reporting by @BleepingComputer. So many lessons we should already have learned in here.

Menelik told BleepingComputer this morning they were able to steal the data after discovering a portal for partners, resellers, and retailers that could be used to look up order information.

Menelik says he could access the portal by registering multiple accounts under fake company names and had access within two days without verification.

"It is very easy to register as a Partner. You just fill an application form," Menelik told BleepingComputer.

This was someone expecting only intended eyes to look at this application, even though it was discoverable on the internet.> Once they gained access to the portal, Menelik told BleepingComputer they had created a program that generated 7-digit service tags and submitted them to the portal page starting in March to scrape the returned information.

As the portal reportedly did not include any rate limiting, the threat actor claims they could harvest the information of 49 million customer records by generating 5,000 requests per minute for three weeks, without Dell blocking the attempts.

So not only did this API have no rate-limiting, it also had no access control to prevent Partner accounts from viewing each others' data.

This is the way Dell does business. How safe do you feel about all your business partners?

www.bleepingcomputer.com/news/security/dell-api-abused-to-steal-49-million-customer-records-in-data-breach/

mttaggart, 4 days ago to random

CISA now has an alternative to AnyRun/Triage! www.cisa.gov/resources-tools/services/malware-next-generation-analysis

mttaggart, 4 days ago to random

Sigh

Listen carefully. You can deplore the US healthcare system without thinking that hospitals getting ransomwared are getting what they deserve.

No patient deserves to be put in jeopardy because of price gouging from pharma, insurers, etc.

mttaggart, 5 days ago to random

A password is a secret handshake you do with your keyboard.

mttaggart, 5 days ago to random

I'm so freaking sick of Microsoft's garbage QA on patches. They (rightly) claim to have access to the largest userbase sampling set in the world, and yet somehow this crap still makes it through. Repeatedly.

www.bleepingcomputer.com/news/microsoft/microsoft-april-windows-server-updates-also-cause-crashes-reboots/

lauren, 6 days ago to random

Got a USB-C hub with something like 14 ports on it. PD power delivery, 2x4KHDMI, VGA, USB-A 3.0, USB-C, several USB-A 2.0, Gig Ethernet, SDcard readers, audio I/O jack, etc. Aluminum case. Solid build. Works like a charm. Under $14. Ridiculous.

mttaggart, 7 days ago to random

I mean that's good; you want to save it for the boss fights.

mttaggart, 7 days ago to random

If I understand this "TunnelVision" thing correctly, a few things are important to note:

1. We're already inside a Rogue DHCP, so anything else after that feels like details.

2. Option 121 used as described would make a honkin' large DHCPOFFER, which would be a solid network detection.

3. TLS-encrypted traffic is still TLS-encrypted traffic. You'd need an additional AiTM attack to decrypt it, even without the VPN encapsulation.

mttaggart, 7 days ago to random

First you write the code.

Then you write the YAML that deploys the code.

Then you write the PowerPoint that explains the YAML that deploys the code.

Then you write the email asking for the PowerPoint that explains the YAML that deploys the code.

Then you return to the sea.

mttaggart, 9 days ago to random

Living off of GitHub is nothing new. In fact, here's a demo of me using GH Issues and the comments therein as a C2 channel.

mttaggart, 10 days ago to random

Wife's iPhone died so I'm lending her my mobile app testing LineageOS phone. I'm making popcorn, want any?