Ever wondered how the first ever Open Security Conference was? 
Wonder no more!
Check out our past conferences for impressions: https://opensecurityconference.org/about/past-conferences/ and read our recap of #osco24: https://2024.opensecurityconference.org/conference/schedule
Enjoy and see you this year at #osco25! 
#Cybersecurity #Security #InfoSec #AppSec #OTsecurity #OpenSpace [lisi]
Your Data Is Under Siege—Act Now!
https://air-academy.org/digital-privacy-in-crisis-why-your-data-protection-cant-wait/
Data breaches, surveillance, and hacking are rampant. Learn why digital privacy is more crucial than ever and how to safeguard your information.
#data #infosec #surveillance #hacking #cybersecurity #tech
Just 2 more weeks to submit your talk at The Diana Initiative! https://cfptime.org/cfps/1949/ #cfp #infosec
Tip: Test Azure backups & region failover. There is a known issue —> after an Azure region failover, the backups can become corrupted. That means in the event of a disaster affecting an Azure region, you may have no usable backup, putting you in a doubly bad situation. Azure Backup doesn't show this — it keeps reporting that the backups are "green" or healthy. It's only when you try to restore them that it fails (error). (1/2)
This dumb password rule is from American Airlines.
- Between 6 and 16 characters
Today I received email from Avast with the subject "Attention! Password leak detected." It lists several old breaches containing my email address which of course I already know about. At the bottom it says, "You received this email because [my email address redacted] was entered into Avast Hack Check to see if there were any leaked passwords associated with that email address."
Reader, I assure you that I did not enter my email address into Avast Hack Check.
1/2
#infosec #Avast #scam
![Screenshot of the footer of the email which shows this message: "You received this email because [redacted] was entered into Avast Hack Check to see if there were any leaked passwords associated with that email address."](https://cdn.masto.host/federatesocial/media_attachments/files/114/452/724/339/119/210/original/d6f9827682ea4515.png "Screenshot of the footer of the email which shows this message: \"You received this email because [redacted] was entered into Avast Hack Check to see if there were any leaked passwords associated with that email address.\"")
Fresh new instance, fresh new #introduction time.
I'm Erin, yet another autistic transgender anarchist from so-called Portland, Oregon. I used to have fancy tech jobs with titles like "Lead Full-Stack Software Engineer" until I burnt out, got laid off, and discovered that the tech industry was done with me. Nowadays I survive on a very part-time gig as a general technologist and some freelance tech work when I can find it. My part-time gig is unionized through the IWW, of which I am a proud member. I've been on fedi under various names and handles since GNU Social was the cool new thing.
My special interests include Cybersecurity, Casio watches, Dungeons & Dragons, Final Fantasy XIV, the Indieweb, Linux, old ThinkPads, XMPP, Yuri Anime and Manga, and stuffed sharks.
formerly @kvuzet
Here's a big list of tags:
#ActuallyAutistic #Anarchism #Blahaj #CyberSecurity #DnD #FFXIV #F91W #Frontend #Indieweb #InfoSec #IWW #Linux #Queer #RSS #SDF #ThinkPad #Tech #Trans #WebDev #XMPP #Yuri
This didn't take long at all: "A hacker has breached and stolen customer data from TeleMessage, an obscure Israeli company that sells modified versions of Signal and other messaging apps to the U.S. government to archive messages." #infosec via @404mediaco https://www.404media.co/the-signal-clone-the-trump-admin-uses-was-hacked/
Mastodon #infosec , I am trying to maintain a list of threat intel platforms that have passive DNS, historical whois, malware analysis, threat databases here https://gist.github.com/Te-k/2a5a1885249cfd07f417b47d291c4b98
Am I missing any important platform in that list?
Worth a listen: This Week in Machine Learning podcast’s most recent episode is on CTIBench, a benchmark framework for LLMs in cyber threat intelligence. Interesting conversation, have not dived into the paper yet.
https://twimlai.com/podcast/twimlai/ctibench-evaluating-llms-in-cyber-threat-intelligence/
So you said it couldn’t get any worse? 
https://micahflee.com/heres-the-source-code-for-the-unofficial-signal-app-used-by-trump-officials/
"Here's the source code for the unofficial Signal app used by Trump officials"
"The source code contains hardcoded credentials and other vulnerabilities."
Practice what you preach. There have been many a #infosec professionals that I've come across (myself included) that are "educating" #developers how to code securely. They usually do this by leveraging the all powerful blanket statements such as "You need input validation", or "stored procedures".
Most of the time, we have absolutely no fucking clue what we're asking of the developer... and yes, I've probably been on that side as well and it pains me to admit.
But now I'm on both sides, because I'm also doing a fair amount of #programming in my spare time. And it was during the "simple" process of validating a name of a person this became quite evident to me... that input validation is bloody hard 
And... no, it's not just a regular fucking expression with a-zA-Z... there are like tons of weird characters people have in their non English names. Like us Northmen, åäö for instance.
Anyways... this was just meant as an appreciation Toot for all developers that have suffered people like me, #cybersecurity professionals. People like us that for some reason believe we know more about programming than you do.
At least I will do better from now on.
Today's the day. May 4, 2000 the ILOVEYOU worm took the world by storm. @0xBennyV and @chetwisniewski have all the gory details of this milestone event in computer security history 25 years on.
https://securitytaketwo.com/iloveyou/
#InfoSec #Podcast #ILOVEYOU
See above linked article. Required reading about how NOT to handle healthcare -- technologically and otherwise.
~~~~~~~~~~~~~
#infosec #itsecurity #healthitsecurity #medicine #health #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords #telehealth #netneutrality #socialengineering
Android Police: How to stop Android apps from tracking your location https://www.androidpolice.com/stop-apps-from-tracking-location-android-tutorial/ @androidpolice #Google #cybersecurity #infosec #privacy #Android
This dumb password rule is from Copyright.gov.
I wonder if they cooperate with NSA to enforce the password rules.
here's the source code for the Israeli Signal fork that the fascists are using: https://micahflee.com/heres-the-source-code-for-the-unofficial-signal-app-used-by-trump-officials/
not seeing this posted on fedi, probably because I don't follow a ton of #infosec people, but this seems important
Is it time to say goodbye to passwords?
"Last year, we observed a staggering 7,000 password attacks per second (more than double the rate from 2023)."
