Sphere fishing, infosec 

People currently worry about spear phishing, but what they should worry about is sphere phishing. That's where the attacker poses as an omniscient vendor who is going to protect the organization from all threats. The CISO then forms a sphere of false confidence around them, leaving them vulnerable to attack.

Keep the conversation going. What's the next threat you're worried about?

This is a question for people who use air conditioning: what temperature do you keep your place during the summer?

30°C seems too hot to me. I have difficulty concentrating. I'm curious to hear if you set it lower, if you can work just fine at 30°C, or you set it even higher?

Boosts welcome

DEF CON got their TLS cert from whom???!

Screenshot is from Google Chrome, fully patched.

Fun facts:

"Solarpunk" was coined in 2008 by an anonymous author writing for "Republic of the Bees".
republicofthebees.wordpress.co

Later Matt Staggs wrote the "GreenPunk Manifesto", which I can't find... but only people talking about it.
gizmodo.com/could-greenpunk-be

peeps, know your 😁

You know how some fast food restaurants are whining about being shirt staffed? Chipotle is just dealing with it instead of crying about it. Maybe they always had these benefits, I'm not sure, but this is the first time I have seen them advertise them.

We are powerful spirits defending our island from invaders.

If you want to talk about environmental impact with friends & family, Bloomberg has an excellent piece about the right to repair.

bloomberg.com/news/articles/20

"people holding onto their smartphones for an extra year would be the emissions equivalent of taking 636,000 cars off the road."

If you live in Illinois, you can tell your representative what you think about the right to repair electronics here with this site: illinois.repair.org/

Not in Illinois? Check here: repair.org/stand-up

Information security 

I'm considering making some contributions to the intrusion detection scene. Not detecting specific payloads, but detecting the compromise itself.

I'll probably start with detecting payloads that were not previously known, but the real goal is to detect the attack itself, so detection will still work no matter what payload is swapped in.

Actually, I'll start with a review of the state of the art to see what I can build upon.

90 minutes before going on a worldwide live stream: now seems like a good time to redeploy the server we are going to use for the stream.

The redeploy did not go as expected.

US politics, cybersecurity executive order 

I am so glad the US president signed an executive order to improving the nation's cybersecurity. I have been waiting for this before I start making anything more secure. /s

whitehouse.gov/briefing-room/s

I saw one of these signs first hand. This isn't something I saw on TikTok. Also, I am pretty sure the local McDonalds is not corporate owned. I think I remember seeing the signs saying it was a franchise. I have to wonder where people are getting the PDF or whatever that they're printing out.

If I were a restaurant owner, where would I even go to find this sign? Is there like a website people go to instead of just posting "short staffed, please be patient, we're doing the best we can"?

Show thread

A couple weeks ago I saw the local McDonald's drive thru had a sign that said "We are short staffed. Please be patient with the staff that did show up. No one wants to work anymore." After that, there was another sign saying the drive thru was closed.

I thought: what? What's going on? Why are they saying no one wants to work anymore?

Apparently this exact same text is showing up on other restaurants as well. It's interesting that they are choosing the exact same 20 words, in the same order...

California announced they have a $75.7 billion surplus. No, it's not an article from the onion, it's legit. They're going to be mailing out stimulus checks. Presumably they'll also start paying down their $579 billion debt (at least one can hope).
politico.com/states/california

This is a call for help. I want to publish a Debian package for djbdns, but I am having trouble with debconf. Specifically, it is not picking up my template from ./debian/templates

When I manually load templates with debconf-loadtemplate, the config script runs fine as a standalone script, so I think my templates syntax is correct.

Everything is here gitlab.com/adam949/djbdns

If I could even have someone just attempt to build it to see if you can repro the issue, that'd be helpful.

Show older
hax0rbana.social

Mostly hackers, mostly in Urbana, IL, talking to each other & our friends on like-minded servers without giving our personal data to the marketing machine.