I’m very close to finishing my personal laptop which is using @QubesOS on my @purism Librem 14. I just have to rotate passwords and setup my @bitwarden and @protonprivacy email and password manager. I even have @yubico for most of my TOTP. Need to sync Monero, login to various account and move my passwords from KeePassXC and I plan to keep my work, personal, and TOTP in separate systems.
We're looking for a junior web developer in Rust or Python. This opening is ideal for mid-career folks transitioning to infosec (including bootcamp grads), someone looking for an entry-level role, or as an internship.
We make a B2B SaaS security/compliance tool which helps managed service providers protect & support their small business clients.
Remote, US-only. Equal-opportunity employer. Please read the job description carefully. No robots: humans only. www.redqueendynamics.com/careers
let's smash the brittle glass that is windows boot security again!
Introducing dubious disk (CVE-2022-30203, CVE-2023-21560, CVE-2023-28269, CVE-2023-28249, and more...), the Porygon-Z that's super effective against Secure Boot!
Writeup with exploitro is linked above (came third in Field-FX 2024 Wild compo!).
Exploiting this bug leads to code execution in the context of a boot application, which defeats Secure Boot, BitLocker on the OS partition (code execution is obtained either at a point where the payload can still derive keys via TPM, or when the derived keys are in memory), and measured boot (code execution is obtained before the running boot application really measures much of anything to TPM PCRs).
Microsoft has to this point taken over two years and five attempts to fix this issue.
So tomorrow is going to suck I need upgrade my PfSense firewall and apparently there is a bug that requires a reinstall to get it fixed as the partition was too small. Then I can get around to setting up @protonprivacy and @bitwarden but I am keeping @keepassxc for the TOTP MFA, because I don’t want to store those in the same password manager. Also rotating all passwords and setting up new Yubikeys then migrating from Ledger to Trezor #infosec
It’s #NewstodonFriday! It’s been another busy week for the many newsrooms who have an active presence in the #fediverse, and we’re highlighting their work in the thread below. If you like what you see, follow the profiles and boost their stories.
If you’re a journo or newsroom that we don’t know about or if there’s a newsroom you’d love to put on our radar, please let us know in the comments.
⤵️
@josephcox has written a book, “Dark Wire,” about an encrypted messaging service app called Anom, which is used by drug traffickers but was infiltrated by the FBI and Australian Federal Police (AFP). @404mediaco has published this extract about how a kidnapping was both planned and foiled on Anom.
It took some tinkering but got @QubesOS reinstalled during my #Twitch stream on my @purism Librem 14. Had to rework some of the steps based off documentation to get the #Monero with wallet isolation going. Basically grabbed the tar ball and extracted it to a folder in the template Qube and then had the systemd run that. VPN is setup with @mullvadnet and I am loving the GUI updates to Qubes now marking Dark mode easier except for a few places. #infosec
The new wave of LLM-based AI is very much like Viagra. Originally invented to treat high blood pressure and angina, it was discovered that Viagra could help with reluctant boners. I'll let you work out whether this analogy is good or bad, but I'll just say I'm seeing a lot of dick waving when it comes to AI....
Just because Rishi and Keir were talking about the nation's security this week on their election campaigns it doesn't mean either of them will acknowledge the MAJOR cybersecurity incident effecting the NHS right now.
It's just words, they don't intend to live up to them, just say them and hope that we believe them
Seen on the MailOp list. A putative joke from Tobias Fiebig.
I’m not sure that I’d put BGP before mail in this hierarchy, but that's mostly because others around me handle it as well as can be expected in a world with the likes of Cogent and Tata swinging their dicks at each other.
While our politicians are prancing about on stage making performances some serious shit is going down with the NHS and the Nation's cybersecurity, not that anyone in charge seems to care.
I don't work in Infosec, but there are paragraphs in this article which will horrify them because of the mess the hack has revealed.
As a patient in the effected area, this is MY data that's flying around thanks to Russia 😡