So tomorrow is going to suck I need upgrade my PfSense firewall and apparently there is a bug that requires a reinstall to get it fixed as the partition was too small. Then I can get around to setting up @protonprivacy and @bitwarden but I am keeping @keepassxc for the TOTP MFA, because I don’t want to store those in the same password manager. Also rotating all passwords and setting up new Yubikeys then migrating from Ledger to Trezor #infosec
I see posts calling for folks to write/email/call/smoke signal/wire/semaphore their representatives about the security fuckery of Windows Recall.
I'm more of an "act locally" guy. Email your place of employment's heads of legal and IT stating your concerns, and send them this article. Hell, throw in your local schoolboards and universities to boot.
#infosec
A large western Washington municipality that rhymes with "free cattle" is going to post an opportunity for a new OT #cybersecurity manager in a few weeks.
For a variety of reasons, I am very invested in this position even though I'm just lowly water engineer.
Please stay tuned. I will post a link here when I have it myself.
Please spread the word wherever infosec folks gather.
My hope is that this will be an opportunity for some culture change.
Question for crypto (as in cryptographic) nerds, I am looking for an automated solution for on-prem backups that encrypts said backup. The plan is to take said encrypted backup and store it off sight. Prefer open source, and for further context consider this "home lab" although it does involve multiple servers with public IPs etc. I do not want to have the encryption key easily reachable like in plaintext in a config file.
Right now this is all happening manually, but automated would make this so much easier. It does not have to be a full end-to-end solution, even just the encrypting part being able to be automated would be fine as I could simply script around it. Thoughts and recommendations?
NIST turns to IT consultants to clear National Vulnerability Database backlog
🤔
"According to the agency's statement last week, it hopes to reach its pre-February processing rate of CVEs within the next few months. NIST predicted it should be caught up and back to processing current CVEs by the end of the fiscal year."
I don't recall which #infosec person inspired me to create a security/cyber policy page on our company website, and security.txt files on our apps, but I am glad we did.
We received our first vulnerability notification email last night and it was fixed today. Grateful for the white hats out there. 🙌
#Infosec#Twitter is dead, why do people still insist on being on that platform? It's lost its relevance, and all the best people in Infosec have moved here to #Mastodon or another #Fediverse app.
I feel like most of those still on Twitter are more worried about appearances and keeping their follower numbers than keeping and growing a great community.
I just received a moderately interesting #scam call.
The phone rings.
It's a New York Number (I'm in NYC) with "New York NY" as its CID.
I answer and say hello, and hear a couple seconds of silence and then the blip sound indicating I've been transferred from the bulk dialer to a live person.
The person who says hello has a strong Indian accent and I can hear other people talking in the background. #infosec#privacy#telemarketing
1/4
I'll try and setup my @mullvadnet on @QubesOS tonight on #Twitch. I will be on #Tiktok as well, but I don't have a stream key yet so I can't properly simulcast. But I will be on Tiktok as well. I will also see about setting dark mode on all of my things. Probably do the #Monero wallet later this week
I am loving the new GUI in the latest QubesOS, I just wish they made it easier to set dark mode everywhere, or at least out of the box have an option to set as default. #Cybersecurity#Infosec
This summer I am hoping to sit down after #DEFCON and spin up my RTMP restreamer probably using AWS so I can get around to finding someplace to setup an Owncast account, not sure if I want to run my own server as that's a lot of work.
I plan to simulcast to Owncast, Twitch, Youtube, and Tiktok at the same time. And then merge all the chats on the same screen on my Linux box so I can see all of the chat on one screen. #Infosec#Cybersecurity#Gaming#GamingonLinux