Mastodawn

David Longenecker Feb 17, 2023

I love it when a headhunter or placement specialist sends someone skilled in OSINT, a resume they think they have suitably redacted to obscure the candidate😂

David Longenecker Jan 24, 2023

#Movie recommendation: "Missing." A quite well-done #osint tale, masquerading behind a compelling plot.

I might even put it up there with War Games.

David Longenecker Jan 13, 2023

AMD Information Security is #hiring! I have two positions open on my team. Both are mid-senior level analyst roles with some leadership potential:

DLP investigations lead, US https://careers.amd.com/careers-home/jobs/24631

SOC Senior Analyst, India https://careers.amd.com/careers-home/jobs/24474

#infosecjobs #workforamd

Staff Information Security in CALIFORNIA, California | Advanced Micro Devices, Inc

AMD | Careers Home is hiring a Staff Information Security in CALIFORNIA, California. Review all of the job details and apply today!

Staff Information Security in CALIFORNIA, California | Advanced Micro Devices, Inc

David Longenecker Jan 12, 2023

O'Reilly published a book a while back, on software engineering at Google; that book is now available free online. Lots of good content - on #change #management, building scalable and supportable systems, and managing people and teams - lots that is applicable far beyond traditional software engineering. Sticking this in the #infosec #toolbox for my own future reference.

https://abseil.io/resources/swe-book/html/toc.html

Software Engineering at Google

David Longenecker Jan 11, 2023

Any other time of year I would wonder if the "smoke" out my window were a wildfire in the woods across the street, but nope, it's just pollen billowing out of the ashe juniper (aka cedar) trees in the breeze. #atxweather #allergies 🤧

David Longenecker Jan 11, 2023

I am having a hard time comprehending how a "security feature bypass vulnerability" in SharePoint Server (CVE-2023-21743) can affect #integrity without also affecting #confidentiality. What am I missing? What on earth does "The attacker is able to bypass the expected user access as an unauthenticated user" mean? Has anyone seen further details on this #vulnerability?

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21743

Security Update Guide - Microsoft Security Response Center

David Longenecker Jan 2, 2023

yetzt Jan 2, 2023

oh no, someone forgot to water the wind turbine.

David Longenecker Jan 2, 2023

Interesting. This may be old news to folks that deal with telephony, but it's new to me. There is a "Class 0" SMS - a form of SMS that is by design displayed as a full screen overlay, as might be appropriate for an emergency notification (...or abused for SMS spam).

https://blog.richpollock.com/2014/06/class-0-sms-messages/

Class 0 SMS messages

Yesterday, I received a Wi-Fi password by means of a class 0 or “flash” SMS message. In iOS 7, class 0 messages are presented as a grey, full-screen overlay that includes the horizontal…

Bit Wrangling

David Longenecker Dec 22, 2022

Lovely news for the Thursday before Christmas: password vault provider LastPass disclosed that customer vaults were stolen by intruders in an incident earlier this year.

Password vaults make it practical to use unique and strong passwords for every account - but the vault itself becomes a target.

Using a unique, long, and unguessable password as the encryption key for that vault is precisely the right defense against the risk that the vault itself is stolen.

Be wary of phishing attempts impersonating lastpass now. The vault may be encrypted, but that's not much help if an attacker can phish for the key.

https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/amp/

Security Incident December 2022 Update - LastPass

We are working diligently to understand the scope of the incident and identify what specific information has been accessed.

The LastPass Blog

David Longenecker Dec 19, 2022

Yikes... That's a serious swing in the #weather #forecast. 54° differential from afternoon high to overnight low on Thursday 🌬️🥶 #txwx