Skip to main content

Search

Items tagged with: infosec

Am I the only one irritated by the military jargonization of #InfoSec? The PayPal cred stuffers aren't actors. They are criminals, thugs, thieves, opportunists, scammers and fraudsters. They are not actors.
#infosec

There's been a huge increase in malicious ads on Google lately. In some cases the first 4-5 search results for certain pieces of software have all been malicious ads leading to info stealers.

More details:
https://updatedsecurity.com/topic/291-huge-increase-in-malicious-advertising-on-google/?a=1
#infosec #cybersecurity #malware

Huge Increase in Malicious Advertising on Google

It seems like after Microsoft moved to limit Office Macros, there has been a resurgence in other techniques such as malvertising and iso attachments.
MalwareTech (UpdatedSecurity)
#cybersecurity #infosec #malware

💡 Idea: we need a privilege similar to attorney-client privilege, but between techies and people they support.

Journalists, refugees, people at-risk and from marginalized groups, and we all, really, need to *know* that tech people supporting them cannot be legally forced to disclose the (often very personal or sensitive) data they gain access to while providing tech support.

Data that is shared with them in confidence, and which is often necessary to render tech help at all.

#InfoSec #Legal
#infosec #legal

🤔 It's shocking to me the number of #infosec professionals that perpetuate the myth that a company is required in order to use a password manager.

#OpenSource #passwordManager #LastPass

cc @keepassxc
#opensource #infosec #lastpass #passwordmanager @keepassxc

I'm seeing a lot of hot takes on #LastPass, from people in #infosec coming to the conclusion that LastPass transparently disclosing breaches, or near breaches, or any incidents, is a sign of something terrible.

I think those people have not been at this long.

All companies eventually get hacked. All companies eventually will be breached, and it's not if; it's when.

And if you are a company storing millions of passwords, you better believe you are being attacked constantly.

Given that world, I want a company that:
  • is transparent and lets their users know immediately when something is up and gives as many details as they can.
  • can actually detect incidents and has a solid process to follow in dealing with them and communicating about them
If you think a company that never says, "hey, we had an incident," is more secure. .. oh boy.

It merely means they either a) can't detect incidents or b) are hiding them from you

If you are using a password manager that is silent about breaches, near misses, incidents, etc., That should be cause for concern.
#infosec #lastpass

Content warning: birdsite, threat actors, reputation

#cybersecurity #infosec

It looks like we have in our usual argumentative and verbose way agreed at least on using #ThreatIntel to tag informational CTI posts accordingly. #cybersecurity #infosec
#cybersecurity #infosec #threatintel

With almost 6k instances of #mastodon I'm pretty sure some #scam is already free in the wild. Choose your instance wisely, be aware of the e-mail account you use and - as always - use a unique password.
#infosec #newtoots #password
#mastodon #infosec #Scam #password #newtoots

Why can't we have nice things?

Microsoft. Microsoft is why we can't have nice things.

Michael Downey 🧢

2022-06-29 06:19:45


⚠️ TIL

:microsoft: If you use #Microsoft #Outlook, it scans all of your arriving #email and sends the URLs to #Bing for indexing.

😬 #infosec

https://scribe.rip/@ryanbadger/magic-links-can-end-up-in-bing-search-results-rendering-them-useless-37def0fae994


#microsoft #infosec #Bing #email #outlook

Be safe out there, folks. #Pride #LGBTQ #InfoSec

Pridefall Discord Attack 2022 | How To Recover From Scams?

Pridefall Discord Attack is a cyber-attack event that takes place on all social media platforms to harass and target the LGBTQ+ community. Read along with this page and you will learn detailed information about the Pridefall Discord Attack 2022. 
Shivangi Gupta (Pathofex)
#infosec #pride #LGBTQ

In light of the latest data breach at T-Mobile in US, may I remind everyone and their dog of this little gem from 2018:
https://web.archive.org/web/20180429220059if_/https://twitter.com/tmobileat/status/982187919061303296

#InfoSec #TMobile
screenshot of the thread linked to in the toot tl;dr: a security researcher points out to T-Mobile Austria that storing cleartext passwords in their database is a no-no, T-Mobile Austria responds in a very cocky way

T-Mobile Austria on Twitter

“@Korni22 @c_pellegrino @PWTooStrong @Telekom_hilft @Korni22 What if this doesn't happen because our security is amazingly good? ^Käthe”
Twitter
#infosec #tmobile

If you're in the EU and #Facebook leaked your data, you're eligible to join Digital Rights Ireland in suing the fuckers. DRI have a phone-number checker for you to see if you were affected:
https://www.digitalrights.ie/facebook/
#privacy #security #infosec
#security #facebook #privacy #infosec

I realized today that some applications out there still use #BBCode for non-legacy reasons. I really have no idea why anybody would do that in year 2020. It’s a very questionable decision security-wise, and it has no usability benefits either. #infosec #security #XSS
#security #infosec #BBCode #XSS

Fancy, finally an alternative to Let's encrypt!

https://scotthelme.co.uk/introducing-another-free-ca-as-an-alternative-to-lets-encrypt/

It's always good to have alternatives around. ZeroSSL appears to be a European company that now provides free TLS certificates using the ACME protocol.

#TLS #SSL #CA #infosec #letsencrypt
#SSL #infosec #letsencrypt #ca #tls

On the privacy of online login forms inputs

A Twitter poll started by @MrPetovan asks in the context of online web forms whether login and password should be considered private or just the password. The three people who responded chose login and password.

I'm surprised but not shocked by this result. It seems to me that many people are confused about why online login forms have two fields but only one of them hides the input.

On one hand, if all the credentials are meant to be private, why not add a third or a fourth input field with more private stuff? This would be more secure, right? On the other hand, if someone is using a weak password, what is the likelihood their login is easily guessable as well?

I personally believe online login forms have two fields for two different kind of data: an identifier that shouldn't be considered private, because the password/phrase field is already there for that specific purpose. As a result, I fully support letting users fill the login field with as many different identifiers they can have, including email addresses and public usernames, because it is massively more convenient without compromising on security since there is a password.

#infosec #security

#security #infosec

I'm surprised but not shocked by this result. It seems to me that many people are confused about why online login forms have two fields but only one of them hides the input.
#infosec #security

Hypolite Petovan

2020-10-09 15:46:12


#infosec #security question: When it comes to online credentials, which piece(s) of information should be private according to you:
#security #infosec

38percentsure

2020-04-01 18:27:42


Friends, enemies, I bought this a couple of months ago and have really enjoyed the content so far - highly recommended if you're interested in #infosec
#infosec