Allan Friedman

@[email protected]
876 Followers
374 Following
850 Posts
#SBOM Champion. Paranoid about supply chains of all kinds. Former full-service technocrat at CISA, NTIA. Lapsed{engineer, academic, author}. Now wandering the world doing acts of infosec-goodness, and occasionally getting paid for it. Poster of food pics.
Allan Friedman2d ago

I don’t always go for AI images, but a recent signal group discussion inspired me.

AI Snake Oil - Don’t bolt on security without it!

Allan FriedmanJun 4
Esther SchindlerJun 4
"If teachers could indoctrinate students, more people would use apostrophes correctly."--Adam Rothman
Allan FriedmanMay 30
Some leftover crabs from Memorial Day crab feasts —> crab roe angel hair pasta. So rich and delicious.
Allan FriedmanMay 26
Sitting in the rheumatologist waiting room, and caught both myself and another middle aged white guy bobbing our heads along to “Hypnotize.”
Allan FriedmanMay 20
New unified conspiracy theory:
DB Cooper is Satoshi and also Jia Tan. They invented a new way of hiding the money, and then to start hacking to cover their tracks.
Allan FriedmanMay 9
Tarah WheelerMay 8
@letsencrypt is in the middle of an active incident. Issuance of new certs has ceased. Heads up. https://letsencrypt.status.io/
Let's Encrypt Status

Support for Let's Encrypt services is community-based and information on current status and outages can be found at: https://community.letsencrypt.org

Allan FriedmanMay 6
Julian OliverMay 5

A very good article by @ggpsv (& Tunnel and Fortress graduate) surveying the state of container security in light of the recent #copyfail vuln. He makes a strongly-argued case for rootless Podman, with a defence-in-depth and isolationist strategy limiting damage in the event of privilege escalation in containerised deployment contexts.

https://garrido.io/notes/podman-rootless-containers-copy-fail/

#infosec #sysadmin

Podman rootless containers and the Copy Fail exploit

Gabriel Garrido
Allan FriedmanMay 6

Friends: in light of recent news, may I encourage you to get the Shingles Vaccine if you are eligible (over 50 or have immune system issues) and encourage others in your life to get it.

Shingles took me out for two whole months last year and was incredibly painful. I still have intermittent nerve pain in my face that wakes me up in the middle of the night.

Allan FriedmanApr 30

The great cyber reporter Shaun Waterman follows up on something a lot of us noted: OT companies don't appear to be involved in early access to the newer exploit-focused capabilities from frontier labs.

What I find telling is that the labs do understand that not all software is the same. Their approach to Open Source Software reflects that realities of that space and seems to be aimed at meeting the community on its own terms. It would be great to see that approach with (non-IT) critical infrastructure!

https://www.ot.today/ot-cybersecurity-frozen-out-by-frontier-labs-a-31536

Allan FriedmanApr 30
Hooked onto spring produce this year. In addition to fun with ramps, I managed to find some fiddleheads for sale. So we get some tasty pickles.