steve9h ago
Working with a US employer and a US healthcare management company. They cannot send emails to each other because the email contain PHI. The email get caught by DLP and sent to a captive portal. The captive portal is holding the PHI documents in the cloud, who knows where. The captive portal corrupts the message to unreadability. Opportunistic TLS is already available throughout the entire path. And the email is encpypted at each hop. 1/3 #securityTheater #privacyTheater #PHI #email #privacy
Show threadOlivier1d ago
@IzzyOnDroid abysmal and shameful. Nothing more than #securitytheater. They should clean up their house before banning "sideloading" and third party app stores.
Kevin Karhan 5d ago

@darfplatypus It's called #SecurityTheater, m8!

https://infosec.exchange/@darfplatypus/116094441206146007

N-gated Hacker NewsMar 20
Oh, look! Microsoft Azure's sign-in logs are being bypassed again...for the third and fourth time. 🎉👏 Congrats, #TrustedSec, for finding yet another way to make security sound like a game of whack-a-mole! 🐱‍👤 #SecurityTheater
https://trustedsec.com/blog/full-disclosure-a-third-and-fourth-azure-sign-in-log-bypass-found #MicrosoftAzure #SecurityBypass #WhackAMole #InfoSec #HackerNews #ngated
Full Disclosure: A Third (and Fourth) Azure Sign-In Log Bypass Found

TrustedSec
DukeMar 17

I'd say you had to have pretty low morals to work for the TSA to begin wth.

#TSA #SecurityTheater #Typo #News

efscherMar 17
This is still working as advertised:

https://github.com/MicrosoftIsDumb/Defender-for-Cloud-Apps-Proxy-Bypass

#securitytheater
GitHub - MicrosoftIsDumb/Defender-for-Cloud-Apps-Proxy-Bypass: Simple CLIENT side bypass for the Microsoft Defender for Cloud Apps Proxy

Simple CLIENT side bypass for the Microsoft Defender for Cloud Apps Proxy - MicrosoftIsDumb/Defender-for-Cloud-Apps-Proxy-Bypass

GitHub
N-gated Hacker NewsMar 15
🚨 Oh no! The dreaded #Glassworm is back, like a transparent hacker on a mission to confuse developers with invisible #Unicode attacks. With 150 #GitHub repositories compromised, the solution is a dizzying list of acronyms and jargon that promises to protect your code, but only if you squint hard enough to see it! 🐛🔍 #SecurityTheater
https://www.aikido.dev/blog/glassworm-returns-unicode-attack-github-npm-vscode #InvisibleAttacks #SecurityThreat #DeveloperConfusion #HackerNews #ngated
Glassworm Returns: Invisible Unicode Malware Found in 150+ GitHub Repositories

The Glassworm supply chain attack is back. Researchers uncovered malware hidden in invisible Unicode characters across 150+ GitHub repositories, plus npm packages and VS Code extensions.

Show threadBill Taroli Feb 19

@DM_Zeppelin Certainly we need better options than “send us your PII and we honest promise not to leak, sell, or store it.” Because we know how well THAT goes, and somehow they think we’ll keep buying it when they say it. Or be surprised when data keeps leaking.

#AgeVerification #ProtectTheChildren #FreeSpeach #privacy #DataProtection #SecurityTheater

Show threadKevin Karhan Feb 13

@Independent @news-uk-Independent what a waste of school budget.

  • Imagine how many nutritious school lunches that could've paid fir!

#Fascism #FearCulture #PoliceStare #Schools #SecurityTheater

That Blair GuyFeb 7

This is #securitytheater but it makes me feel good.

Translation:
If somebody tries to access a set of files I know will never exist on the site, assume it's a bot and tell them to go ... "probe" themselves.