Jerry 🦙💝🦙Sep 2, 2025
FYI - because of what I saw happening over on mastodon. Social and a few other instances, I am resetting all the password of infosec.exchange users that haven't logged in during the previous 3 months. There's a lot of password stuffing and whatnot going on and I don't want to contribute to the problem of spam/phishing on the fediverse, and this was the best option I could come up with. Each of the accounts whose password is reset will get an email, so if you are here wondering "wtf, dude?", that's why.
Show threadVissSep 2, 2025
@jerry smart
Show threadVissSep 2, 2025
@jerry i know you probably also do not want anybody telling you 'how to do your job', but there was a thing i tried to do at twitter that bob lord outright refused to let me do "because he thought it was stupid" (he actually said that to me directly in person) - going through every single auth failure and mapping every iota of detail possible from every available log to extract patterns. you may expose whole botnets, or new threat actors.
Show threadSeanie Byrne 🦡Sep 4, 2025
@Viss @jerry
Not stupid. We did this at Dropbox. We mapped botnet ls and could identify the source of the breached passwords, in a few cases the services didn’t know they were breached yet.
Show threadViss
@seanie @jerry see, thats cool. and im jealous. consider yourself lucky you didnt work under a boss who would tell you to your face you were dumb
Sep 4, 2025 at 9:35pmWeb
Show threadSeanie Byrne 🦡Sep 4, 2025
@Viss @jerry It was cool. We copied a bunch of stuff FB were doing with their Tao realtime detection system too. The thing is, we didn’t have the team or the tools to implement this system when I moved to Patreon. Instead we opted to just send magic links to non-2fa’d users logging in from a new browser or if they were in a new city, state or country ( in addition to basic rate limiting/captcha stuff), it only fired for less than 1% of logins and cut down on account takeovers via password stuffing by a truly massive amount. No fancy stats or machine learning, just you’re logging in from a new place… click the link in the email to prove it’s you.
Show threadVissSep 4, 2025

@seanie @jerry yeah, dude thats fucking badass. congrats on that, thats seriously some shit you should pat yourself on the back for.

a handful of people with functional working brains and strong linux fundamentals will fuckin squash any bullshit 'infosec in a box' or 'ai' solution 100% of the time.

assuming you have the oomph in systems land to grapple with like, a couple TBs of logs you can do some fucking rad shit