simplenomad, 1 month ago to security

My employer #GitLab is hiring, specifically in the Security division. Security Identity Management is the area, so if you're into #Security and #IAM and you're qualified, apply. If not, a few other positions are available, feel free to poke around. Fully remote. I'm not shopping for a referral, I'm shopping for a work colleague, so apply!

#FediHire #infosec

https://boards.greenhouse.io/gitlab/jobs/7294564002

Viss, 1 month ago to random

i impulse bought a doodad.
its a teeny usbc enclosure for m2 nvme 2230 size drives.

it goes 930 megs a second!
not bits, bytes!
and its little fan whirrs!
I got a 2tb usb stick now that will work on every os!

neat!
con organizers: make this a speaker gift or something. this is genuinely cool

image/jpeg
image/jpeg
image/jpeg

simplenomad, 1 month ago to random

Maybe a decade ago, a "friend" from the Meta/Facebook world proudly proclaimed he was a genius per an online quiz. I questioned the quiz, and in the ensuing angry convo in DMs I asked him if he was in Mensa, to which he replied "guys don't get periods, stop being a sexist asshole" and then unfriended me.

I strongly suspect he was in fact NOT a genius.

So he recently hit me up, asking if I could get him a job. Do you think suggesting he apply at Apple to work at the genius bar as being too harsh of a reply?

simplenomad, 2 months ago to solar

So. That was impressive. Here’s a quick sample from the backyard. Of note: temperature drop from 79.3 to 74.8, #solar production from the panels dropped to 0 and the house draw from the grid was the usual constant 420 watts, once the sun started coming back out the panels ramped back up, the temperature continued to drop for a few minutes to 74.5 but finally started edging up, and the dog could give a shit and just wandered around sniffing like usual.

Wow. The pictures don’t do it justice. Jupiter was visible to the left and Venus to the right (not in picture).

#eclipse #totality #texas #eclipse2024

Solar eclipse under way, minor experimenting with lens selection from iPhone 15 Pro Max. Held an ISO 12302-12 eclipse glasses lens in front of the camera.
Solar eclipse under way, minor experimenting with lens selection from iPhone 15 Pro Max. No eclipse glasses lens this time.

simplenomad, 2 months ago to Texas

2024 meaningless #eclipse update 3: Sadly, most of the locals in the neighborhood (a working class neighborhood btw) left for work, and all of the out-of-town relatives have headed out to wherever (local park, some nearby event) so the neighborhood is empty. At least the sky is just partly cloudy for now, let's hope the big cloud cover holds off until later.

#totality #texas

simplenomad, 2 months ago to infosec

Hmm. People are speculating on the nation state that’s behind the #xzbackdoor and seem to be taking a decidedly Western perspective on this. The suspected threat actors they’re naming are typically Russia, China, Iran, and North Korea.

Folks, I just want to point out that you shouldn’t exclude UK, Israel, France, USA, and many others who are more than capable of this as well. And yes, this could have also been some black hat or even a commercial spyware shop doing this to later sell to the highest bidder.

#infosec #xz #HackerLife #threatintel

simplenomad, 2 months ago to Texas

2024 meaningless #eclipse update 2: While the next total eclipse in North Texas will be in 2317, I am guessing that by then I'll probably have moved to my Idaho beach house that overlooks the Pacific. You know, after the "big one" finally hits the west coast. My bionic body will enjoy warming up its flesh-covered metal parts in the sun.

#totality #texas

simplenomad, 2 months ago to Texas

2024 meaningless #eclipse update 1: Every neighbor at the holidays typically has no cars in their driveway or extra cars in their driveway, a random mix. Today most of the neighbors have cars with out-of-state plates, and more than a few out-of-country plates (Mexico). And traffic was much heavier than usual this weekend - not just because of the Rangers games last night and tonight.

#totality #texas

simplenomad, 2 months ago to solar

Today would have been a great day for the #eclipse as there is not a single cloud in the sky. The #solar panels have been covering the house load since 8am, batteries (to cover the load this evening after sunset) were fully charged at 11:30am, and it has been nothing but excess to the grid ($$) since then.

But odds are great there will be no worship of Horus, the forecast says clouds and later storms in the area on Monday. I had originally planned on lying down on my roof with a cool drink and my tinted special eclipse lens on, while Horus crossed his eyes so to speak. You know, like any sane Texan. But alas, likely not to be.

Oh well, around 1:40pm it will get dark for 3 minutes, so there's that.

simplenomad, 2 months ago to random

This earthquake talk reminds me of one of my old (possibly chemical/alcoholic influenced) theories from my youth that when the Big Quake happens that it will not result in the western half of California falling into the Pacific, but everything east of the San Andreas falling into the Atlantic. So northeastern USA, according to my youthful giggling slightly-altered-state self, you just dodged a bullet.

simplenomad, 2 months ago to earthquake

I'm going to guess I was not the only person who thought it was cool that I heard all about the east coast #earthquake from Mastodon instead of some other social media outlet. I mean, I hope there was no damage and everyone is okay, but other than that, cool! Heard it here first.

FYI, I did NOT feel it here in Texas, and if I had I would have assumed it was fracking....

simplenomad, 2 months ago to Weather

Ah the glory of the month's first Wednesday and the testing of the emergency sirens aka the "tornado sirens". They are slightly staggered for easier monitoring purposes (I assume that's why) so it's interesting to hear nearby ones power down and ones that are further away ramp up. As a person who grew up in Oklahoma this was a rather feared sound, so there is a nostalgic familiarity coupled with remembered fright whenever I hear them.

#weather #OldManYellsAtSirens

lzg, 2 months ago to random

deleted_by_author

simplenomad, 2 months ago to infosec

The panic over all this is interesting.

Okay, let's say the #xz backdoor made its way into the mainstream distros. If the attacker was careful, the first commands they'd be executing as system would possibly involve looking for EDR etc and if found either cease operations or slyly disable said security measures. Second, maybe a second stage exploit/backdoor is installed so if the machine is discovered to be backdoored via its activity, this second backdoor would be "blamed" and the initial backdoor remains. Obvs one would rotate through new second backdoors. Third, carry out the main objective - be it data exfil, further source code backdooring and so on.

Bear in mind this is dependent on the target system exposing the SSH port in a way the attacker can get to it. This could happen any number of ways - direct Internet access, trusted insider, compromised account that has the network access, third party vendor, etc but you get the idea. Fun stuff.

#infosec #security

simplenomad, 2 months ago to infosec

The latest episode of the #osspodcast appropriately named "XZ Bonus Spectacular Episode" was informative, and while they made it abundantly clear there is not currently (possibly never in the current state of "things") a fix-all be-all solution, it is always fun to hear my fave #infosec old married couple bicker about OSS. And I am not just saying this because of the shout-outs (including the cell phone story), but because it helped emphasize an important thing I didn't realize - Debian's response to this was absolutely spectacular. I dare any commercially sponsored distro to do the same.

Debian seriously just when up in my book, and if you know me, that's something.

Anyway... check out https://opensourcesecurity.io/

simplenomad, 2 months ago to random

I am really enjoying the arm chair speculation on which nation is the state sponsor of the xz backdoor. So far I've seen the main three - China, Russia, USA - and plenty of others - Israel, France, the rest of Five Eyes - being thrown out there. Good stuff.

Just bear in mind that the major players would go out of their way to make you think it was someone else. Or that they'd make it look like for example China making it look like Russia when it's really USA.

And while unlikely, this could have been the long game of someone coming up with a backdoor they could sell for 7-8 figures, who probably is already doing this professionally and has who knows how many similar (or not similar at all) projects currently in the works.

We don't know. That said, please keep up the guesswork. 🍿

simplenomad, 2 months ago to security

I remember when buffer overflows became a thing, and how since it was being discussed on the open Internet in #security circles that it got a lot of attention. Seemed so bleeding edge and exciting back then, now it's just a thing we deal with.

I wonder if this whole #xz thing is similar - in that an attacker has embedded a payload that triggers via a specific key pair. It's so clever and exciting, I mean all the calls are already inside of ssh for the key pair processing, I mean what a perfect way to implement it. Yes it is scary, but from an attacker perspective I think every #hacker on the planet is slightly envious and wishes they had thought of it first.

Now imagine a day when this is the new normal. What a time to be alive.

#infosec #backdoor

simplenomad, 2 months ago to infosec

This xz backdoor thing reminds me of a story I heard from friends that worked at a tech company that made cell phones. They had a great coder that worked on the project, he had put in work as a contractor for a few months, and due to the quality of his work he was hired in full time. After two months he simply stopped showing up to the office.

An investigation turned up the following interesting items. His account had accessed all files including source code to all cellular projects - in that he had apparently downloaded a copy of everything. He had committed a large amount of contributions to the project he was assigned to. None of his paychecks were ever cashed. A wellness check to the house he had rented was performed and the house was completely empty. Per the landlord he'd paid for 6 months rent in advance in cash. Apparently he never physically moved in. No record for him nor his social security number seemed to check out. The guy was a ghost.

I was asked about recommendations on future prevention by friends who worked there - no idea how far they got in their investigation, if backdoors were ever found or even existed, or if the Feds were ever involved. The punch line? This was probably a couple of decades ago.

This shit is real, and it has been going on for a long time.

#infosec

simplenomad, 2 months ago to random

I live in Texas, and you're not going to believe this, but Texas is so big that Texas fits inside of it. Yes. It's that big.

Fine, I may have had too much caffeine.

simplenomad, 2 months ago to random

As I sit here drinking my morning #EarlGrey (and looking forward to #chai later as it is #FridayChaiDay ) I remember back as a young kid in Sunday School at church asking the class teacher what was good about #GoodFriday, mainly because the whole crucifixion process seemed pretty much the opposite of "good". Naturally I got in trouble for being disruptive (again) as I was insistent on an answer and didn't get a snack.

simplenomad, 2 months ago to random

SBF sentenced to 25 years, not surprised. Good. https://www.reuters.com/technology/sam-bankman-fried-be-sentenced-multi-billion-dollar-ftx-fraud-2024-03-28/