Mastodawn

Salaryman

@ganonmaster@open3dlab.social

74 Followers

467 Following

740 Posts

Part-time creator and maintainer of 3D asset platforms Open3DLab, SmutBase and SFMLab.

Full-time developer at a European cloud conglomerate.

Salaryman Jun 11

Inspirational Skeletor💀Jun 11

Salaryman Jun 7

Bert Hubert NL 🇺🇦🇪🇺🇺🇦Jun 7

Op 14 oktober vervalt de ondersteuning van alle huidige Microsoft Exchange mailserver versies. Voor die tijd moet iedereen die dat nu draait OF over zijn gegaan op een hele nieuwe versie OF migreren naar de cloud. En dat laatste zou, met alle gevolgen van dien, weleens per ongeluk kunnen gebeuren bij de Nederlandse demissionaire overheid. Doe het niet!
https://berthub.eu/articles/posts/demissionair-de-cloud-in-denderen/

Demissionair de cloud in denderen: doe het niet - Bert Hubert's writings

De hele korte versie: De kern van de Nederlandse overheid draait nu op eigen emailservers, in eigen beheer. Op 14 oktober 2025 verloopt de ondersteuning op de gebruikte software. Microsoft stimuleert sterk om dan alle email over te dragen aan de Amerikaanse cloud, met alle gevolgen van dien. Maar het is ook mogelijk (met wat moeite) om een nieuwe versie van de email software aan te schaffen, zoals 9 ministeries van plan zijn.

Bert Hubert's writings

Salaryman Jun 4

Eugen Rochko Jun 4

When we released post editing for #Mastodon, we first released a version that supported processing and displaying edits incoming from other servers, before releasing a version that flipped a switch allowing anyone to make edits. We're taking an identical approach with quote posts, as the upcoming 4.4 version of Mastodon will begin displaying quote posts from other servers and software. Once this is widely deployed on the network, 4.5 will bring the long awaited ability to quote posts.

Salaryman Jun 3

Linkse, en centrumlinkse partijen moeten beloven om sterk te hervormen als het gaat om sociale vraagstukken.

Dat is ook de belofte die Wilders en Omtzigt maakten, en dus ook aanslaat bij kiezers.

We mogen blij zijn dat er zoveel onderlinge onenigheid was, en dat de schade zo enigsinds beperkt is gebleven. Maar dat is dan ook waar de linkse partijen voor moeten oppassen.

We hoeven niet allemaal de internationale te zingen op de dam, maar we moeten wel door één deur.

Salaryman Jun 3

Should probably put content warnings on that one. Sorry, it's just very depressing.

Salaryman Jun 3

Now we just need to wait for the Dutch left-wing political parties to get cold feet, start pandering to the center right and lose another election.

Salaryman Jun 3

Kevin Beaumont Jun 3

This Daily Mail piece about security leaders thinking work-from-home means they will be crippled is horseshit, I'm not linking it.

They've taken a survey about how security people think their businesses couldn't survive ransomware, and linked it to working from home. WFH isn't the problem: business IT and resilience being built on quicksand is the problem.

Salaryman Jun 3

Joris (DWizzy)Jun 3

Dit is een goed moment om er nog eens op te wijzen: Maurice de Hond zuigt zijn peilingen een beetje uit zijn duim.
IK hoop dat we ook in Nederland gewoon een verbod op peilingen de dagen voor de verkiezingen krijgen.

Salaryman Jun 1

Bert Hubert NL 🇺🇦🇪🇺🇺🇦Jun 1

WNL op Zondag, vanaf minuut 53 ongeveer met Jesse Six Dijkstra en iemand van de PVV die denkt dat de Amerikanen onze overheden niet af zouden luisteren. En Rob de Wijk die zegt dat dat wel zo is: https://npo.nl/start/serie/wnl-op-zondag/seizoen-9_2/wnl-op-zondag_435/afspelen

WNL Op Zondag | NPO Start

Opinieprogramma met nieuws, brandende kwesties en prominente gasten. Presentatie: Rick Nieman.

NPO Start

Salaryman Jun 1

Bert Hubert NL 🇺🇦🇪🇺🇺🇦May 31

In 18 uur NOS journaal was ook een item over het onderstaande (met mij), om 20 uur weer. Kijk vooral voor de licht incoherente reactie van Microsoft! https://nos.nl/artikel/2569392-overheid-leunt-veel-meer-op-amerikaanse-clouds-dan-bekend-meelezen-is-makkelijk

Overheid leunt veel meer op Amerikaanse clouds dan bekend: 'Meelezen is makkelijk'

De overheid is een grote klant van Amerikaanse cloudbedrijven. Dat brengt risico's met zich mee, van meelezen tot verstoringen.

×

Kevin Beaumont Jun 3

This Daily Mail piece about security leaders thinking work-from-home means they will be crippled is horseshit, I'm not linking it.

They've taken a survey about how security people think their businesses couldn't survive ransomware, and linked it to working from home. WFH isn't the problem: business IT and resilience being built on quicksand is the problem.

Kevin Beaumont Jun 5

Co-op say they have largely completed recovery, and have removed the cyber attack banner and statement from their website

https://www.retailgazette.co.uk/blog/2025/06/co-op-cyber-attack/

I think they did a great job. They do call it a "highly sophisticated attack", which, frankly.. isn't true and may come out in open court later if the suspects are ever caught.

6 weeks from containment to "near full" recovery, for statto nerds like me who track this stuff.

Co-op nears ‘complete recovery’ from cyber attack - Retail Gazette

Co-op has said it’s in a “much stronger position” as store deliveries return to normal following its cyber attack.

Retail Gazette

Kevin Beaumont Jun 6

M&S had their ransomware incident communicated via internal email - from the account of a staff member who works for TCS.

The way TCS work is you give them accounts on your AD.

https://www.bbc.co.uk/news/articles/cr58pqjlnjlo

M&S hackers sent abuse and ransom demand directly to CEO

The criminals told the retailer's boss he could make things "fast and easy" if he complied with their demands.

BBC News

Kevin Beaumont Jun 10

Marks and Spencer have started partial online shopping again.

For statto nerds, around 7 weeks from containment to partial recovery

https://www.bbc.co.uk/news/articles/c4gevk2x03go

M&S restarts online orders after cyber attack

The return of online shopping marks a key milestone for the retailer, which has struggling to get services back to normal.

BBC News

Kevin Beaumont Jun 20

M&S still have no recruitment system, two months in.

Kevin Beaumont Jun 21

TCS have told shareholders their systems were not compromised in the hack of M&S.

As an explainer here (not in the article): TCS IT systems weren't compromised. Their helpdesk service (they're AD admins at M&S) was used to gain access to M&S. They manage M&S IT systems.
https://www.reuters.com/business/media-telecom/indias-tcs-says-none-its-systems-were-compromised-ms-hack-2025-06-19/

Kevin Beaumont 5d ago

Latest Marks and Spencer update is pretty crazy.

M&S haven't been able to supply sales data - so the British Retail Consortium (BRC) - used by the UK government as as economic indicator - basically made up figures for M&S and didn't tell people they had done this.

https://www.telegraph.co.uk/business/2025/06/24/retail-lobby-group-accused-of-ms-cyber-cover-up/

Retail lobby group accused of M&S cyber cover-up

British Retail Consortium published ‘made-up’ sales figures following attack on high street giant

The Telegraph

Kevin Beaumont 2d ago

Ultra spicy post claiming to be from UK retailer employee (M&S or Co-op) about their experience with TCS on their security incident. https://www.reddit.com/r/cybersecurity/comments/1ll1l6c/scattered_spider_tcs_blame_avoidance/?utm_source=share&utm_medium=mweb3x&utm_name=mweb3xcss&utm_term=1&utm_content=share_button

Estiqaatsi 2d ago

Luna D Dragon 2d ago

@GossiTheDog this doesn't surprise me, in india TCS is seen as a spring board job. You join to gain experience. Stay for a few months maybe a year or two(if you're really desperate). grit your teeth deal with a horrible boss and then move to a better paying job. They have pretty high turnovers so training new staff is probably super low on the priority.

@GossiTheDog Oof!

fuzzyfuzzyfungus 2d ago

@GossiTheDog I'd be very curious to know what the breakdown is between TCS dropping the ball and lying about it and M&S/Co-op not actually insisting on adequate procedure.

It's not terribly uncommon for people to only care about time-to-resolution with some lip service to user satisfaction when it comes to helpdesk metrics; and tacitly discourage things that are slow and unpleasant like hassling people for ID, at least until that becomes a visibly terrible idea.

@GossiTheDog fun that this is the same TCS who are working on the DWP Child Maintenance Scheme and run the Teachers Pension Scheme for the DfE.

Simon Zerafa 2d ago

"M-SThrowaway" might indicate M&S?

Or is that too obvious or deliberate obfuscation? 🙂🤷‍♂️

RootWyrm 🇺🇦

@GossiTheDog as someone who has been subjected to Tata on multiple occasions going back over a decade?

This isn't nearly spicy enough. I don't even describe them as a 'body shop' because they'd gladly route you to a corpse and try to charge extra for '24x7 coverage.'

When one employer did a basic security audit of their helpdesk services, Tata failed so severely that the contract was pulled for cause before the audit was even completed. They moved it all back in-house.

RootWyrm 🇺🇦

@GossiTheDog and lo, I found my notes! And, hooboy, hang onto your hats kiddos. Things they failed at (which caused me work):

- resetting passwords without verifying identities
- removing 2FA from accounts (not allowed period; there was a procedure)
- removing or updating 2FA without verifying identities (so a LOT of 2FAs had to be assumed compromised)
- adding users to groups directly instead of directing them to the appropriate request

Dave 🐶2d ago

@GossiTheDog The root problem here isn't that TCS are shockingly bad (they are, just about everyone knows that).

The root problem is that "management decisions" constantly overrule those that raise concerns about their service and tell any remaining internal IT and security staff to "deal with it as best you can."

I'm very much of the view that, yes, the outsourced provider can be the cause of an incident, they can provide a shockingly bad service, they can cost your business millions of pounds. But the decision to continue to use them when you already know this is a real possibility - that's a decision by senior management within the company. That's on you.

Sten Eikrem 2d ago

@Cyberoutsider @GossiTheDog Totally agree. You can outsource the work but never the accountability.

Here is (yet another) example of risk management failures, the management under cost pressures find affordable solutions, celebrated for cost savings but the implicit risks are not understood nor uncovered during sourcing process.

There are ways to compensate however there is any way a significant risk trade off that needs to be made consciously, rather than implicitly like today.

(Experience from enterprise offshore outsourcing +15 years)

@GossiTheDog ATOS in the past have operated in a similar way (my experience). But if a post mortem investigation finds that the IT contractor was at fault and created an attack vector, as perhaps is being implied here, then I believe that any current business insurance policy might not cover the financial losses. I guess that the affected businesses might need to pursue legal action. What a mess 🤦

@GossiTheDog
This is epically bad for TCS. Good work.

Mark T. Tomczak 2d ago

@GossiTheDog Interesting. I don't have the background on this specific attack, but I'm reminded of the Target credit card theft. An HVAC company near me was the point of entry for the attackers; they had high-access keys to Target's intranet because they install and maintain shopping-mall-grade HVAC and can remote-override it for maintenance and schedule reasons (nation-scale chain stores with giant footprints save not-inconsequential money on things like "Don't power up the HVAC to normal capacity on days nobody is here").

They had the keys on the same machine running their webserver.

(Meanwhile, Target actually did get an SEC slap-on-the-wrist for one specific thing: the HVAC intranet piece wasn't firewalled from the financial transactions and cash register source code pieces).

Andy Davies 2d ago

@GossiTheDog @tdp_org

If it is the case then the leaders of businesses like M&S who outsource these services to the lowest cost providers should also be held to account

It’s typical of British business management to know the cost of technology but not the value of it

Mark Bryant 2d ago

I do not work for either company. Nevertheless, I can corroborate these comments, but not on a public forum. Not much interested in a private forum either. I'll just say that insider threat analysis and mitigation is VERY important when TCS is something you are forced to use.

@Spartan_1986 @GossiTheDog same same, from both the red team side and the incident response side.

Brian Clark 2d ago

Colin Haynes 2d ago

@GossiTheDog I wonder what the liquidated damages cap is in the contract.

@GossiTheDog To be fair, according to the article it was BRC who told its members about the made up first. Though we may argue it was a bit late.

Felipe Grazziotin Jun 21

@GossiTheDog typo on the toot, you wanted to say TCS told their shareholders.

Bert Driehuis Jun 21

@GossiTheDog In other words, their wetware was targeted.

"Our staff is our most valued asset. We depreciate on it."

Adrian Sanabria Jun 21

@GossiTheDog so their systems were not compromised, but their employees’ creds into the M&S environment were?

Michael Weiss Jun 22

@GossiTheDog it's the classic case of telling the literal truth in a way that implies something entirely false.

Dave 🐶Jun 22

@GossiTheDog The term 'user' in "no TCS systems or users compromised" could be more interesting to argue on in a civil liabilities case.

If a TCS staff member falls for social engineering (even if the action they take is within an assigned M&S tenant account...), is that not the same as a TCS user being compromised?

Anyway... I'm sure that statement won't at all be like rubbing salt in M&S's wounds.

CryptoMoose Jun 20

@GossiTheDog could it be that they are unable to recruit anybody to help fix the recruitment system, asking for an unemployed recruitment portal technician....

@GossiTheDog Still didn’t have any Percy Pigs at the last store I checked either. Staff told me they don’t know what they’re going to receive one delivery to the next.

@pete @GossiTheDog isn't that just situation normal (the delivery bit, not the Percy Pigs)?

Martin Seeger Jun 10

@GossiTheDog That counts as "taking a heavy hit".

fuzzyfuzzyfungus Jun 6

@GossiTheDog I'm sure the logic of 'work from home' being an existential threat while extensive exposure to outsourced managed services is just good sense must only baffle me because I'm not the sort of person who deserves a bonus that brings me up to £7 million for the year; not because it's questionable.

Andy Longshaw Jun 6

@fuzzyfuzzyfungus @GossiTheDog 💯 thanks for posting that. Saved me some typing 😀

@GossiTheDog that's really impressive. and have they confirmed no ransom paid?

@GossiTheDog can confirm my local co-op's shelves are mostly full now - and they have earl grey tea, which was the only thing I really missed!

@GossiTheDog I think they could reasonably argue that the common use of the term “sophisticated” when applied to attacks, is merely used to refer to an attack that succeeded.

Craig Stewart Jun 3

@GossiTheDog the daily mail publishing click bait headlines with sensationalist takes that fit the narrative the rich and powerful want to push? Who could have predicted that ahead of time?

SecureWaffle🧇Jun 3

@GossiTheDog
Sounds like their companies rely on a hard outer shell and a squishy inside defense and nearly no layers of security.

@SecureWaffle @GossiTheDog always zero trust, never squishy architecture

@GossiTheDog Daily Mail absurdity aside, there is an argument to be made the WFH does increase risk.... IF the organization does not take basic steps to secure the environment.

Using early 2000s security posture of parameter logic will result in insecurity with WFH. Security leaders need to address the risk appropriately.

The challenges are not huge and can be mitigated with a little thought and care with technology such as Zero Trust, EDR, VPN, basic security hygiene, and user training and awareness.

WFH employees will still get compromised but with basic protections the damage will be isolated and not need to spread through the environment.

Osma A 🇫🇮🇺🇦Jun 3

Using early 2000s security posture, staff working from offices are an incredible risk to the organization. They will be compromised just as fast there, while also being inside a physical perimeter.
@Walker @GossiTheDog

piofthings Jun 3

@GossiTheDog anything to discredit wfh!

Bebadefabo Jun 3

@GossiTheDog bankers are so afraid of WFH destroying the commercial real estate market, they'll pay for all kinds of bogus studies and make sure they get published and repeated far and wide to attempt to stop the wave of progress and modernization that is WFH. WFH is better for EVERYONE except the bankers who own your office. Fuck them. Fuck companies that capitulate to bankers and enact RTO policies to get preferential lending rates. Stay home

fuzzyfuzzyfungus Jun 3

@GossiTheDog Looks like a product of the "a good lie contains as much truth as possible" school.

The connection to WFH is spurious; but only two thirds sounds low for "We don't really understand our problems; but they are probably apocalyptic".

@GossiTheDog only two thirds of security leaders think that if they got successfully ransomwared that it could 'cripple' their business? I guess some people are just really confident in their incident response.

fuzzyfuzzyfungus Jun 3

@GossiTheDog The 'WFH' allegations seem in especially bad faith given the suspected entry point for the M&S compromise: the outsourced helpdesk.

Those guys are even more compliant labor than work-not-from-home employees, so the Daily Heil isn't going to say anything; but lack even the (informal; but in practice often at least reasonably effective) "does the IT person you just poked recognize who is interrupting with a password question?" ID verification step with onsite workers and onsite IT.

Misuse Case Jun 5

@fuzzyfuzzyfungus @GossiTheDog Indeed, the way many organizations get got is through poorly secured third-party service providers. Not employees doing WFH.

VessOnSecurity Jun 3

@GossiTheDog Just about everything Daily Mail publishes is horseshit.

Alun Jones Jun 3

@GossiTheDog I could draft an opposing headline about how ransomware and cyber threats will naturally proliferate faster and more easily within a physical network than it will in a distributed environment.
It wouldn't be the whole story either, but it's just as true.

fuzzyfuzzyfungus Jun 3

@ftp_alun @GossiTheDog There are also the organizations where basically everyone is 'remote' relative to the cloud stuff that is what actually matters and will either be fine or irrecoverably paved depending on how you configured it and whether or not the AWS/Azure admin creds got compromised.

Endpoints are high hassle per unit change; and nobody staffs IT such that they can replace or reimage them all at once; but unless it's really the dark ages just swapping or paving is usually fine.

@GossiTheDog its always so funny bc with current technology there could be really no difference someone break in and use workplace vs break in and use home work station (some could even say properly deployed WFH setups could be even more protected than onsite devices where no one really cares) ^^

Michael Graham Jun 3

@GossiTheDog dammit I read WFH as Waffle House in my head and now I can’t stop

Jamie Dowling Jun 3

@GossiTheDog The Daily Mail is pretty much horse 💩 from cover to cover. As a sketch song about newspapers by comedian Rory Bremner years ago said, "Why don't they print it all in brown? That's the colour crap is!"

@GossiTheDog wasn't there some event, maybe 5 years ago, that meant a lot of WFH? Or did I hallucinate those times.

Is it suddenly a problem now or this is the same RTO bullshit being peddled?

Pino Carafa Jun 3

@GossiTheDog I WFH 100% of the time. I never connect to an office "network". The only way I could spread any form of malicious payload to my colleagues is through shared communications platforms which not only requires ME to fuck up so that my account is used to send that payload to others, but it then requires the recipients to ALSO screw up and make mistakes like open dodgy links or attachments. WFH provises an additional buffer to protect an organisation, in my opinion.