Sphere fishing, infosec
People currently worry about spear phishing, but what they should worry about is sphere phishing. That's where the attacker poses as an omniscient vendor who is going to protect the organization from all threats. The CISO then forms a sphere of false confidence around them, leaving them vulnerable to attack.
Keep the conversation going. What's the next threat you're worried about?
What a heartwarming story, sort of
"Child Worker's Spirits Really Lifted By All The Pride Merch He's Making For Major Corporations"
"Solarpunk" was coined in 2008 by an anonymous author writing for "Republic of the Bees".
Later Matt Staggs wrote the "GreenPunk Manifesto", which I can't find... but only people talking about it.
Ransomware is now getting a similar priority to terrorism! https://mobile.reuters.com/article/amp/idUSL2N2NC1SD?
If you want to talk about environmental impact with friends & family, Bloomberg has an excellent piece about the right to repair.
"people holding onto their smartphones for an extra year would be the emissions equivalent of taking 636,000 cars off the road."
If you live in Illinois, you can tell your representative what you think about the right to repair electronics here with this site: https://illinois.repair.org/
Not in Illinois? Check here: https://www.repair.org/stand-up
I'm considering making some contributions to the intrusion detection scene. Not detecting specific payloads, but detecting the compromise itself.
I'll probably start with detecting payloads that were not previously known, but the real goal is to detect the attack itself, so detection will still work no matter what payload is swapped in.
Actually, I'll start with a review of the state of the art to see what I can build upon.
This is fun. A cloud based camera company accidentally gave everyone access to all cameras.
All better. 😁
US politics, cybersecurity executive order
I am so glad the US president signed an executive order to improving the nation's cybersecurity. I have been waiting for this before I start making anything more secure. /s
I saw one of these signs first hand. This isn't something I saw on TikTok. Also, I am pretty sure the local McDonalds is not corporate owned. I think I remember seeing the signs saying it was a franchise. I have to wonder where people are getting the PDF or whatever that they're printing out.
If I were a restaurant owner, where would I even go to find this sign? Is there like a website people go to instead of just posting "short staffed, please be patient, we're doing the best we can"?
A couple weeks ago I saw the local McDonald's drive thru had a sign that said "We are short staffed. Please be patient with the staff that did show up. No one wants to work anymore." After that, there was another sign saying the drive thru was closed.
I thought: what? What's going on? Why are they saying no one wants to work anymore?
Apparently this exact same text is showing up on other restaurants as well. It's interesting that they are choosing the exact same 20 words, in the same order...
California announced they have a $75.7 billion surplus. No, it's not an article from the onion, it's legit. They're going to be mailing out stimulus checks. Presumably they'll also start paying down their $579 billion debt (at least one can hope).
This is a call for help. I want to publish a Debian package for djbdns, but I am having trouble with debconf. Specifically, it is not picking up my template from ./debian/templates
When I manually load templates with debconf-loadtemplate, the config script runs fine as a standalone script, so I think my templates syntax is correct.
Everything is here https://gitlab.com/adam949/djbdns
If I could even have someone just attempt to build it to see if you can repro the issue, that'd be helpful.
TIL: The root cause of all our cyber security problems is Bitcoin.
Mostly hackers, mostly in Urbana, IL, talking to each other & our friends on like-minded servers without giving our personal data to the marketing machine.