lippard

@lippard@infosec.exchange

infosec career @ financial services, healthcare, and telecoms; threat intel, cyber exercises, secops, et al. fan of history and philosophy of science, epistemology, law, logic, critical thinking. Worked on two Ph.D. programs w/o completing; former Multician.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

lippard, to random

Two Stanford scholars spend 85 pages debunking false election claims about the 2020 election promoted by Trump. https://www.dropbox.com/scl/fi/qfvavvua3g6dksnzl9ils/TrumpClaims.pdf?rlkey=rnig91049e5js1hprelig4ij9&dl=0

lippard, to random

Latest Microsoft response to me about one of my numerous complaints of big brand impersonation phishing from their servers is to ask me to please send a copy of the full message with particular headers they are looking for -- I always send the message with full message headers, and I sent them in the complaint they are responding to.

lippard, to random

Got a response back from Microsoft telling me that a Costco-impersonating email from 40.107.94.115 "did not originate from a mailbox associated with a Microsoft account" and "Unfortunately, we are unable to take action against e-mail accounts that are not within the Microsoft network." WTF?

lippard,

I responded with raw logs, IP registration information, and routing information showing that yes, that email came from Microsoft's ASN 8075 and asking why they are making this so difficult and aren't addressing their ongoing problem.

lippard,

@sfunk1x I used to interact a lot with them when I worked at an ISP but I have not -- that's a good suggestion.

lippard, to random

In my experience, one of the best indicators of a source reliability is a willingness to admit errors and evidence against a position being advanced as well as evidence for it. You just have to watch out for the simulation of these characteristics by those who only very selectively apply it, or only do so when there is no other option. The rules are clearly different in some contexts -- e.g., lawyers in court and politicians know that juries and the general public neither use nor understand this heuristic, and so using it is typically detrimental rather than helpful.

MrMeritology, to random

I need a consultant referral.

Do I have any followers who are expert in APT malware removal + recovery? Pegasus to be specific. Apple devices, incl external hard drives.

To help a friend who has been victimized and still not fully recovered. I believe friend can pay reasonable rates for professional services. Friend is a solo operator.

lippard,

@MrMeritology Perhaps Citizen Lab can make a referral?

lippard, to random

StartEngine hyping a startup with this 1990s extropian throwback language: "If nootropics aren’t on your radar yet, they really should be. These natural brain boosters are shown to improve cognition and comprise a $29 billion market, growing at an est. 15% CAGR."

lippard, to random

Most annoying current bug in Google Play is that when it finishes downloading and changes the status of a download to "installing," it briefly shows an open selection checkbox next to the filename again. If you click it, it causes an error message. A sign of bad QA.

jackrhysider, to random

New episode!
Ep 141: The Pig Butcher
Come along, we're going to take a look at the weird and wild world of pig butchering and BEC scams.

https://darknetdiaries.com/episode/141/

lippard,

@jackrhysider Nice episode. The Pandemic Unemployment Assistance program ran from March 2020 (with retroactive assistance to January 2020) to September 2021 and was administered by the states; authorized by the CARES Act. A number of states ended the program earlier (June-July 2021).

lippard, to random

Tired of getting mail admin impersonation emails from OVH VPSs, so I've broadened my blocking from individual hosts to all of 51.81.0.0/16.

lippard,

@chort I met Octave at a FrNOG in 2005, when I gave a talk on botnets and spam. He was not happy about the policy I instituted of giving our downstreams 24 hours notice to remove botnet C2s or we'd null route them.

vaurora, to random
@vaurora@wandering.shop avatar

Wow. Any tips on image searches that DON’T return computer generated art? I’m getting like 90% generated garbage from google images for anything involving “woman”

lippard,

@clive @landley @vaurora This is not a general purpose site, but this just happened: https://infosec.exchange/@lippard/111575104692587664

lippard, to random

In my childhood we had "lawn darts," which were pretty crazy, but not as crazy as "water beads." https://www.cnn.com/2023/12/12/business/amazon-walmart-target-water-beads/index.html

lippard, to random

After about a decade of neglect, I've pruned and repaired the bad links from my very old school Skeptical Information Links website. https://www.discord.org/skeptical/

lippard, to random

nice headline, I feel seen https://techcrunch.com/2023/12/05/used-by-only-a-few-nerds-facebook-kills-pgp-encrypted-emails/

lippard, to random

GlasgowGPT answers a question.

lippard, to random

Adventures with passkeys: LinkedIn instructions don't seem to correspond to the options I have--I don't see passkeys. Amazon: iCloud Keychain passkey simple, but the Android app says to use a different browser. Setup works in Chrome on Android, but I likely have to use the password for the app. 2FA settings treat passkeys same as passwords (2FA token code also required). Github: Add a passkey as simply as a security key; it replaces username, password, and security keys -- sign in with just a passkey.

lippard, to random

A mandatory undisclosed $800 Christian worldview class doesn't seem like a reasonable requirement of a nursing program. https://www.azfamily.com/2023/11/21/gcu-graduate-shares-experience-nursing-program-amid-allegations-against-university/

lippard, to random

Kinda weird that the CEOs of Chick-fil-A and Nando's have homophonic last names.

lippard, to random

Facebook sent me what might be the last PGP-encrypted email they will send me yesterday: "Encrypted notification emails are going away soon

Hi Jim,

Encrypted notification emails are going away on December 5. This means that, soon, emails you receive from Facebook will no longer be encrypted.

If you have previously set up a public key, you can still view it under settings on Facebook (or in the Accounts Center under Password and security) until December 5.

Thanks,
The Facebook Security team"

Sad. It was another layer of defense against password reset attacks -- the confirmation code was sent encrypted. (Though I don't know why it doesn't just insist on me using my registered security keys for confirming a reset instead of creating a loophole for security key bypass.)

gvwilson, to random
@gvwilson@mastodon.social avatar

OK: I have one hour (which really means 50 minutes) to talk to a bunch of researchers in biology and related sciences about staying safe online, because if what you study is mental health or addiction or anything to do with immunology or women's reproductive rights, you're now a target. What I have so far is https://third-bit.com/talks/safety/ - what's wrong, what's missing, and what should I take out to make room for anything more important that I should add?

lippard,

@gvwilson What would you say if asked about passkeys? (I'm not sure what I'd say except better than passwords but tied to vendor ecosystem, password managers are starting to support.)

lippard, to random

InfoSec people should read the latest Money Stuff column on the SEC action against the SolarWinds CISO: https://newsletterhunt.com/emails/41081

lippard,

@ashar This is really bad if it creates disincentives or a chilling effect for honest reporting upward of security issues; that's entirely counter to the intent, which is to raise overall security posture of SEC-regulated companies.

lippard, to random

@riskybusiness FYI, Matt Levine's newsletter is free online at https://newsletterhunt.com/newsletters/money-stuff-by-matt-levine

  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • mdbf
  • ngwrru68w68
  • tester
  • magazineikmin
  • thenastyranch
  • rosin
  • khanakhh
  • InstantRegret
  • Youngstown
  • slotface
  • Durango
  • kavyap
  • DreamBathrooms
  • JUstTest
  • tacticalgear
  • osvaldo12
  • normalnudes
  • cubers
  • cisconetworking
  • everett
  • GTA5RPClips
  • ethstaker
  • Leos
  • provamag3
  • anitta
  • modclub
  • lostlight
  • All magazines
    •