tweedge

tweedge, 9 days ago to random

I'm getting ready to move my family away from Chrome because of the Manifest V3 rollout - my grandparents especially need always-on and enhanced-filtering-by-default adblocking for safety reasons. I'm a little worried about moving to Firefox because they're marketing a lot of new unrelated features (VPN? come on) that are likely to confuse my grandparents. Do y'all have suggestions for simple, family-friendly browsers? I'm looking at Vivaldi as a possibility here but open to anything, really.

tweedge, 13 days ago to random

There's a little bit of electromagnetic interference that my sound card picks up from how much power my GPU is drawing. I'm supervising an embed/classify run right now for my Scam Assassin project (trying to tackle some of that last 0.06% FP rate!) and in my headphones I hear a slight click when the embedding stops if it comes across something that needs feedback. It's actually really helpful as a subtle audio cue lolol

tweedge, 20 days ago to random

Welcome to cybersecurity.theater @abhishekwebcode !

This is a small and privately-run instance, so we don't have 24/7 moderation. If there's ever a problem w/ rule-violating content, please report it and I'll investigate when I can. Feel free to ping me anytime if you have questions/concerns!

Here's an excellent guide to getting started on InfoSec Mastodon (and Masto in general!) - hope it helps! https://shellsharks.com/notes/2023/10/20/infosec-mastodon-starter-pack

tweedge, 1 month ago to random

Now that my class is wrapping up, time to try out some Seagate MACH.2 (read: dual actuator!) HDDs. The performance from these has been crazy - over 500 MB/s sustained sequential reads per drive. Comes with more power consumption, heat, and I assume failure rate... But looking forward to seeing how these perform in the real world.

tweedge, 2 months ago to random

If your company or marketing team or whatever sends me spam emails, I'm "that guy" that jumps through all the spam report/abuse report/etc. hoops to get you booted off whatever email service you're using. Fuck spam and fuck you. 😘

tweedge, 2 months ago to random

Deleted buckets are showing up in my IDrive E2 account, including the file tree of all objects at the time that the bucket was deleted. When you attempt to download something, it fails. The buckets cannot be deleted and appear to be contributing to my storage quota (?)

No, I have no concerns about their system integrity right now, what would possibly compel you to ask? 🙃

Any folks using them for your object storage, be aware ...

tweedge, 2 months ago to random

In case any of yin see the "AI programmer Devyn!!!" hype, here's how I popped that hype balloon ...

The same marketing site that claims "Devyn can not just solve coding problems, but create entire applications on its own from prompts" lists its most impressive performance on SWE bench - the ability to solve code problems from a GitHub issue - at 13%.

And that's super impressive compared to other LLMs.

But if I couldn't solve 87% of documented bugs, I'd be out of a fucking job, y'all.

tweedge, 3 months ago (edited 3 months ago) to random

Anti-advertising flywheel:

• The less ads I see
• The more I'm frustrated by the ads I do see
• The more drastic action I will take to avoid ads
• Repeat from top :)

I'm only a degree off "anti-advertising radical" at this point. Over the past two years, I've found that I enjoy being online much more.

tweedge, 3 months ago to random

@jerry Howdy! I'm refreshing my media cache on cybersecurity.theater as I didn't realize lowering the media cache settings has no exception for favorites (ugh. aaand now I'm subscribed to https://github.com/mastodon/mastodon/discussions/19260) - during, I noticed that infosec.exchange links are 403ing when my server tries to re-cache them.

"Error processing 110231093662385392: https://media.infosec[.]exchange/infosecmedia/media_attachments/files/110/231/093/070/987/876/original/2d5fca99ebc73c20.jpeg returned code 403"

cont~

tweedge, 3 months ago to random

About the vibrator that allegedly had malware on it 2wks ago... I found a seller and bought one. Say hi!

The people on the thread who pointed out that there wasn't any evidence tying the vibrator to the Redditor's malware download were - of course - downvoted.

And ... so far there are no signs of malware. It doesn't register as a HID or present any storage (therefore it has no autorun.inf). I'll be doing some more setup so I can plug it in and monitor it for an extended period of time.

tweedge, 3 months ago to random

Reddit invited my moderation bot to buy shares in their company... fantastic work as always

tweedge, 3 months ago (edited 3 months ago) to random

I can't quit Reddit, where else am I going to learn what vibrator I need to buy to get a free infostealer sample? https://www.reddit.com/r/Malware/comments/1asn02v/malware_from_a_vibrator/

Edit - jokes aside, I did actually buy the vibrator, and did not find evidence which links it to this infostealer payload https://cybersecurity.theater/@tweedge/112028170219395768

tweedge, 3 months ago to random

Security team does not use an eye, spy, shield, sword, or lock in their logo challenge 2024 (impossible)

tweedge, 3 months ago to random

A friend sent this to me and y'all might enjoy

tweedge, 4 months ago to random

Last call to get authentic devoops stickers from @kefimochi !! https://kefimochi.etsy.com (yes I did just buy a stack for my team)

tweedge, 4 months ago to random

The whole "you must buy a new phone every 3-4 years" thing has created some interesting authentication flows.

For example: scanning a QR code on my old device was enough to

• Log in a new device to my account without prompting 2FA
• That new device, using only my password (no 2FA again) was able to port over my phone number from my carrier by issuing itself an eSIM tied to my account
• I was not notified via email, text, etc. about either the new device sign-in or number transfer

tweedge, 4 months ago to random

tweedge, 4 months ago (edited 4 months ago) to random

I've been pruning through Academic Torrents and looking for neat cybersecurity-adjacent data, papers, etc. for a while. I started pulling together a themed collection tonight - calling it The Cybersecurity Academic's Seedbox: https://academictorrents.com/collection/the-cybersecurity-academics-seedbox

Slowly building up the creative fuel in there - even despite its small size it already has: malware, machine learning papers, spam emails, internet census data, scraped data, etc. Fun stuff!

I'll keep adding to this as time goes on :)

tweedge, 4 months ago to random

I'm teaching an intro to cybersecurity course starting next week, and I'm looking for ~challenging extra credit ideas that get students real-world experience they could put on a resume (mostly IT/security folks). Any fun thoughts and suggestions? Some ideas I've been mulling:

• Dump a malware sample into an (instructor provided) interactive sandbox, write up the behavior
• Review an existing writeup, write Suricata rules for the traffic, contribute signatures to Emerging Threats

...cont'd

tweedge, 5 months ago to random

Super random, if anyone is looking to modify a GitHub social card using GIMP for a joke: I got "pretty close" using FreeSans Semi Bold, sizes 31pt and 25pt, colors 2f363d and 6e7681.

Only real problem is the font is a ever so slightly too heavy - it's not pixel-perfect but it'll do.

tweedge, 5 months ago to random

Finally opening up a new category on my website, "data!"

I was looking for dead mailservers so I could register high-email-traffic domains before an opportunistic account-takeover-hungry attacker does, so I parsed terabytes of breach compilations to find the most common domains in use.

If that'd be interesting to you - or you want to see how many typos people make, or if you want to see what might be some popular mailservers, etc. - now you can get a copy! https://chris.partridge.tech/data/most-popular-email-domains-collections-1-5-etc/

tweedge, 5 months ago to random

Well, that's certainly one reason to reject a talk :(

tweedge, 5 months ago to random

Hit ctrl+c on the wrong window and killed a long running script, fUCK

tweedge, 6 months ago to random

Oh your company is right-sizing? Why aren't you laying off any of the upper management who wrong-sized it? 👀

tweedge, 6 months ago to random

A relative's computer is old and slow, and I had suspicions that it might have malware on it. Defender and Malwarebytes picked up nothing despite scanning their entire C: drive - whatever. Backed up their files to a share on my NAS (access heavily limited, just in case), I'm reinstalling OS and programs from good sources, the works to get everything back to normal...

ClamAV on my NAS found malware in my copy of their cluttered Downloads folder! Wat. Is ClamAV good now??