Adam @adam@hax0rbana.social
Sphere fishing, infosec
People currently worry about spear phishing, but what they should worry about is sphere phishing. That's where the attacker poses as an omniscient vendor who is going to protect the organization from all threats. The CISO then forms a sphere of false confidence around them, leaving them vulnerable to attack.
Keep the conversation going. What's the next threat you're worried about?
This is a question for people who use air conditioning: what temperature do you keep your place during the summer?
30°C seems too hot to me. I have difficulty concentrating. I'm curious to hear if you set it lower, if you can work just fine at 30°C, or you set it even higher?
Boosts welcome
What a heartwarming story, sort of
"Child Worker's Spirits Really Lifted By All The Pride Merch He's Making For Major Corporations"
https://babylonbee.com/news/child-workers-spirits-really-lifted-by-all-the-pride-merch-shes-making-for-major-corporations
Source: https://twitter.com/TheBabylonBee/status/1404495097836748801?s=20
DEF CON got their TLS cert from whom???!
Screenshot is from Google Chrome, fully patched.
Fun facts:
"Solarpunk" was coined in 2008 by an anonymous author writing for "Republic of the Bees".
https://republicofthebees.wordpress.com/2008/05/27/from-steampunk-to-solarpunk/
Later Matt Staggs wrote the "GreenPunk Manifesto", which I can't find... but only people talking about it.
https://gizmodo.com/could-greenpunk-be-the-new-steampunk-5340958
#solarpunk peeps, know your #history 😁
You know how some fast food restaurants are whining about being shirt staffed? Chipotle is just dealing with it instead of crying about it. Maybe they always had these benefits, I'm not sure, but this is the first time I have seen them advertise them.
Ransomware is now getting a similar priority to terrorism! https://mobile.reuters.com/article/amp/idUSL2N2NC1SD?
We are powerful spirits defending our island from invaders. #nocontext
If you want to talk about environmental impact with friends & family, Bloomberg has an excellent piece about the right to repair.
"people holding onto their smartphones for an extra year would be the emissions equivalent of taking 636,000 cars off the road."
If you live in Illinois, you can tell your representative what you think about the right to repair electronics here with this site: https://illinois.repair.org/
Not in Illinois? Check here: https://www.repair.org/stand-up
Information security
I'm considering making some contributions to the intrusion detection scene. Not detecting specific payloads, but detecting the compromise itself.
I'll probably start with detecting payloads that were not previously known, but the real goal is to detect the attack itself, so detection will still work no matter what payload is swapped in.
Actually, I'll start with a review of the state of the art to see what I can build upon.
IRC died today. The original IRC.
https://mastodon.social/@volt4ire/106263648500724680
This is fun. A cloud based camera company accidentally gave everyone access to all cameras.
90 minutes before going on a worldwide live stream: now seems like a good time to redeploy the server we are going to use for the stream.
The redeploy did not go as expected.
US politics, cybersecurity executive order
I am so glad the US president signed an executive order to improving the nation's cybersecurity. I have been waiting for this before I start making anything more secure. /s
I saw one of these signs first hand. This isn't something I saw on TikTok. Also, I am pretty sure the local McDonalds is not corporate owned. I think I remember seeing the signs saying it was a franchise. I have to wonder where people are getting the PDF or whatever that they're printing out.
If I were a restaurant owner, where would I even go to find this sign? Is there like a website people go to instead of just posting "short staffed, please be patient, we're doing the best we can"?
A couple weeks ago I saw the local McDonald's drive thru had a sign that said "We are short staffed. Please be patient with the staff that did show up. No one wants to work anymore." After that, there was another sign saying the drive thru was closed.
I thought: what? What's going on? Why are they saying no one wants to work anymore?
Apparently this exact same text is showing up on other restaurants as well. It's interesting that they are choosing the exact same 20 words, in the same order...
California announced they have a $75.7 billion surplus. No, it's not an article from the onion, it's legit. They're going to be mailing out stimulus checks. Presumably they'll also start paying down their $579 billion debt (at least one can hope).
https://www.politico.com/states/california/story/2021/05/10/california-has-a-staggering-757b-budget-surplus-1381195
This is a call for help. I want to publish a Debian package for djbdns, but I am having trouble with debconf. Specifically, it is not picking up my template from ./debian/templates
When I manually load templates with debconf-loadtemplate, the config script runs fine as a standalone script, so I think my templates syntax is correct.
Everything is here https://gitlab.com/adam949/djbdns
If I could even have someone just attempt to build it to see if you can repro the issue, that'd be helpful.
TIL: The root cause of all our cyber security problems is Bitcoin.
https://amp.economist.com/international/2021/05/06/new-technology-has-enabled-cyber-crime-on-an-industrial-scale?
