All four seasons now on Netflix and Tubi.

https://www.justwatch.com/us/tv-show/mr-robot
https://www.usanetwork.com/mrrobot

"A bug is never just a mistake. It represents something bigger - an error of thinking that makes you who you are." - Eliot Alderson

#MrRobot #Hacker #Hackers #FSociety #ECorp #EvilCorp #InformationSecurity #InfoSec #CyberSecurity #TV #USANetwork #Netflix #Tubi

The best movie ever with an Information Security theme is now available to see and hear at its best.

https://www.blu-ray.com/movies/Sneakers-4K-Blu-ray/343185/

"There's a war out there, old friend - a world war - and it's not about who's got the most bullets. It's about who controls the information: what we see and hear, how we work, what we think. It's all about the information" - Cosmo

#Sneakers #NoMoreSecrets #SetecAstronomy #Movies #InformationSecurity #InfoSec #CyberSecurity #Cryptography #UHDBD #UHD #4K #HDR #DolbyVision #DTSHDMasterAudio

NSA Cybersecurity Collaboration Center

"The CCC works with industry, interagency, and international partners to harden the U.S. Defense Industrial Base, operationalize NSA’s unique insights on nation-state cyber threats, jointly create mitigations guidance for emerging activity and chronic cybersecurity challenges, and secure emerging technologies."

https://nsa.gov/CCC
https://www.youtube.com/watch?v=vHm40_VWJ-g

"make a code for note app on java"

#NationalSecurityAgency #NSA #CybersecurityCollaborationCenter #CyberSecurity #InformationSecurity #InfoSec #USGov #KristinaWalter #MakeACode #OnJava #OpenAI #ChatGPT

"Many things are necessary to lead a full, free life--good health, economic and educational opportunity, and a fair break in the marketplace, to name a few. But none of these is more important than the most basic of all individual rights, the right to privacy. A system that fails to respect its citizens' right to privacy fails to respect the citizens themselves. ... At no time in the past has our Government known so much about so many of its individual citizens.
...
Advanced technology has created new opportunities for America as a nation, but it has also created the possibility for new abuses of the individual American citizen. Adequate safeguards must always stand watch so that man remains the master-and never becomes the victim--of the computer."

Radio Address About the American Right of Privacy - Richard M. Nixon, 23 February 1974

https://www.presidency.ucsb.edu/documents/radio-address-about-the-american-right-privacy

Part of this speech is featured in an excerpt from the 1981 NOVA documentary, "Computers, Spies and Private Lives", restored by the Computer History Archives Project (CHAP).

https://www.youtube.com/watch?v=lvGgeb0RVyY

#Privacy @PrivacyDigest #BigData #USGov #NationalSecurityAgency #NSA #Cryptography #Cryptology #RichardMNixon #RichardNixon #NOVA #CHAP #InformationSecurity #InfoSec

Assets.

Thank you, @runZeroInc.

#runZero #AssetDiscovery #NetworkDiscovery #NetworkScanning #AttackSurface #CAASM #CyberAssetAttackSurfaceManagement #ExposureManagement #InformationSecurity #InfoSec #CyberSecurity

Executive Summary (TL;DR): HackerOne requires SMS, documentation is bad, and support doesn't.

"Please let us know your HackerOne email address", I was asked. Everyone (who matters) knows HackerOne ( @Hacker0x01 ?), so I rush to https://hackerone.com/ to sign up.

Signup was typical, with praiseworthy indication that passwords are limited to the BCrypt hash limit of 72 characters. With email confirmed, the next step was of course to set up 2FA because if we Hackers™ know one thing, it's "2FA good. TOTP good. SMS bad.". On the Account Security page,

Two-factor authentication [ Turn on ]

but that [ Turn on ] button is greyed out. Above is

Account recovery: Disabled [ Set up ]

A bit odd to get recovery codes before setting up TOTP, but seems harmless. I clicked [ Set up ].

Add your phone number

We need to set up a way for you to recover your account in case you lose access to your two-factor
authentication device. We do this by confirming your phone number. We'll send you a numeric code
to this number to verify your account. Message and data rates may apply.

In this year of our Lord twenty twenty-five, that is the only option.

Before bothering anyone, I know to RTFM, so I do. The "Two-Factor Authentication" page described the setup process in full detail with no mention of telephones or short message services. The other (almost identical) "Two-Factor Authentication" page described the same process, but mentions the telephone.

HackerOne uses a (something)Desk platform for support, so I signed up there and opened an issue explaining that I want to use TOTP and don't use SMS, and that there are two pages with instructions of which half are wrong. The automated email acknowledgement arrived promptly.

Early the next day email arrived from H1 Support <support@hackerone.com> with a response I can accurately paraphrase as, "We are sorry to hear that you are incompetent. Please RTFM." with a link to the more accurate of the two pages. Replying to this email, I politely explained that I appreciated the response, but that they seem to have missed both the issue I reported and the documentation problem, then clearly identified each in a more structured fashion.

The reply to my email was almost instant.

#HackerOne #Hacker1 #BugBounty #ResponsibleDisclosure #Authentication #2FA #MFA #TOTP #SMS #InfoSec #InformationSecurity #CyberSecurity #TogetherWeHitHarder

"Ghost in the Wires" by Kevin Mitnick with William L. Simon - Audiobook read by Ray Porter.

This is the audiobook equivalent of a page-turner, at least partly thanks to an excellent reading by Ray Porter, or a feature-length episode of "Darknet Diaries" (without @jackrhysider). It's odd to hear some of the non-prose read, but funny as one recognises it, though not so funny as having the codes read sounding like backmasked messages opening a reverse shell to the brain.

A lot has changed since Kevin's adventures in the late 1980s and 1990s, but another lot... hasn't and its important lessons remain relevant.

Being read this so soon after Richard Feynman's "Surely You're Joking, Mr. Feynman!" provided a strange insight into the different paths taken by two similar minds in different - but in many ways not so different - places and times.

https://www.mitnicksecurity.com/ghost-in-the-wires

#GhostInTheWires #KevinMitnick #KevinDMitnick #Hacker #Hackers #InfoSec #InformationSecurity #CyberSecurity #Books #Audiobooks #FBI #CIA #NSA #USA #RichardFeynman #FREEKEVIN

How average folks don't stand a chance against phishing, example #79,144,823: Citi Wealth / Salesforce

• Email from Citi Wealth <CPWM@personalwealthmanagement.citi.com>
• Multiple links in HTML email including "Read More", "Unsubscribe", and "Read additional Important Information" to click.personalwealthmanagement.citi.com are all insecure (http://)
• There is no secure connection for the site

According to Wikipedia, "Citigroup is the third-largest banking institution in the United States by assets" with 2023 revenue of US$78.46 billion and US$2.412 trillion in assets.
I'd joke about how this isn't enough to afford a free certificate or training on how to not teach customers to click on insecure links, but the site is operated by a little under-resourced company with limited technical expertise: Salesforce.

#Phishing #Citi #CitiGroup #CitiWealth #Salesforce #InfoSec #InformationSecurity #CyberSecurity

That is Zero Trust Security.

Nice work, @1password

https://www.youtube.com/watch?v=WqZtIE7FLhg

#ZeroTrust #ZeroTrustSecurity #YouTube #NeverReadTheComments #InfoSec #InformationSecurity #CyberSecurity

Become governable.

https://www.nist.gov/cyberframework
https://youtu.be/pPPiaGU12Og

#NIST #Cybersecurity #Framework #CSF 2.0