Just terrible. https://www.bbc.com/news/articles/cp3ly4v2kp2o
| Blog | https://johnopdenakker.com |
| Bluesky | https://bsky.app/profile/j-opdenakker.bsky.social |
| https://twitter.com/j_opdenakker |
John Opdenakker
@j_opdenakker@infosec.exchange
- 2.2K Followers
- 133 Following
- 1.1K Posts
Infosec blogger & tooter | Cycling | Running | Enjoy life | Toots might contain traces of bad humor, sarcasm or irony | Takes your security seriously! Inquiries? -> contact me, more info at https://johnopdenakker.com/contact
I'm my own worst critic. It's tiring. Very tiring...
No matter how much I try to convince myself that "good enough" is okay, I still don't act like it most of times.
I guess it's a long-time learning process.
Recognizable?
Dear network, I'm currently building out my side gig. If you are looking for some information security expertise or you know a company who does, please let me know.
I provide consultancy services, offering strategic and practical security advise tailored to your needs. Alternatively, we can target specific areas of your security posture, for example enhancing password and authentication security.
I've experience with creating and managing an ISO 27001 ISMS (including audits and certification) and all its corresponding clauses and controls. I lead a security champion and awareness program and and I am involved in appsec security programs and the corresponding security activities.
In any case, don't hesitate to reach out,we'll find out if there's a match!
Contact me via DM or johnopdenakker.com/contact/
Reposts appreciated!
People still alive and kickin on this platform? Just let me know 
A sad state of affairs if you ask me. There's a lot of work to be done and job security for those in the application security field and information security in general.
And like in the article, poor tooling is often a reason that things don't improve like they should. Developer alert fatigue is real.
A lot of tools are really crappy. And often, instead of looking which tool can be best integrated to support developers in secure coding, it's the other way round. Security tools become the goal instead of the means.
https://decrypt.lol/posts/2024/11/21/increase-in-leaked-secrets-reported-by-gitguardian-in-2023/
Nowadays mostly active on Bluesky. Feel free to follow me there: https://bsky.app/profile/j-opdenakker.bsky.social
This is interesting.
NIST released three self-guided online introductory courses on the NIST Special Publication (SP) 800-53 security and privacy control catalog, the SP 800-53A control assessment procedures, and SP 800-53B control baselines.
https://csrc.nist.gov/News/2024/online-intro-courses-for-nist-sp-800-53
Yesterday I had an interview at IKEA.
The manager greeted me and said
"come in, make a seat."
Facebook account takeover via "Send code via Facebook notification" password reset option.
6-digit code sent to user valid for way too long (≈ 2h) and no brute force protection in place in the request pushing the notification.
https://infosecwriteups.com/0-click-account-takeover-on-facebook-e4120651e23e
