yo, I may no longer have thousands of followers, but to those of you who still see my posts - please take a moment to help support @jerry for all he does to give us a safe place which does not sell our information, pit us against one another, or otherwise manipulate our perceptions, thoughts, and actions

Thank you @jerry!!! 🖤

you can help support him and infosec.exchange here:

Ko-Fi: https://ko-fi.com/infosecexchange
Buy Me A Coffee: https://buymeacoffee.com/infosecexchange
Patreon: https://www.patreon.com/infosecexchange
Liberapay: https://liberapay.com/Infosec.exchange/
PayPal: [email protected]

and thank you for helping support him and our little platform - free speech is not only important, it's our right!

I'm going to say something that's been festering in my mind for a while now. In my two decades of practice in information security, I have yet to see responsible disclosure result in measurably better security posture.

Code quality hasn't improved, patch management hasn't improved, minimum viable product hasn't improved, automated security updates, especially for IoT devices... Jesus Fucking Christ haven't improved. The cost of failure for organizations losing your data due to gross negligence has in no way improved, why should responsibility be the domain of the security researcher when nobody else is willing to share in that responsibility?

I'm half-tempted to say if you have 0-days you might as well get paid for them than be responsible. Because even with a tilted playing field, nothing has measurably improved since I've been here and I would argue with "vibe coding" and the tech industry's view of "Let the AI handle it" that software quality is the worst it has been since the 90s. I lived through windows millennium edition. I've seen shit you wouldn't believe.

"Hardware's fucked because we can't buy any, software is fucked because the LLMs trained by reddit and stack overflow are in charge now. You might as well fucking guess at this point."

yo, to any and all of you who have either bought typewriters from, or had them serviced by me, I'm always happy to hear about how your lil machines are doing, and how your writing is coming along - please share whatever you feel comfortable with, either publicly, or privately

to those of you who are yet my customers, I have more machines ready for my workbench and will put them up for sale on my website once complete

https://typewriterlady.com

This Thursday the 7th, I’ll be speaking about how “Identity Security Just Exploded” at the one, the only, @BSidesLuxembourg! It’s one of the few European countries I haven’t visited, so I’m thrilled. Many thanks to @claushoumann and the team for their kind invitation.

https://bsides.lu/

⚡ Fresh Workshop Alert for BSides Luxembourg 2026!

“Threat Modeling in DevOps and Cloud using Card Games” – Christoph Niehof

How do you make threat modeling accessible, practical, and actually engaging for developers? This hands-on workshop explores lightweight threat modeling approaches tailored for modern DevOps and cloud-native environments — with a unique twist: gamification.

Participants will learn the fundamentals of threat modeling using STRIDE, discover how card-game based approaches can lower the barrier to security adoption, and get hands-on experience with OWASP Cumulus in a cloud-native scenario. The workshop also covers how to integrate threat modeling into real DevOps workflows and extend it into broader risk and process discussions.

Christoph Niehof is a Senior Consultant at TNG Technology Consulting and the project lead of the OWASP Cumulus threat modeling card game. As a full-stack developer working across the entire DevOps lifecycle, he focuses on building secure software and making security practices approachable for development teams.

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule: https://hackertracker.app/schedule?conf=BSIDESLUX2026

#BSidesLuxembourg2026 #ThreatModeling #DevOps #CloudSecurity #OWASP #CyberSecurity #Workshops

@volatility New Release: #volatility3 v2.28.0 - visit https://github.com/volatilityfoundation/volatility3/releases for details and downloads.

#memoryforensics #dfir