Don’t let other people stomp on your happiness. If it’s not hurting anybody, do the things that make you happy, even when others belittle them or say they’re uncool.

Being true to yourself is cool. Having a passion is cool. Finding joy is cool.

I did some reversing/exploring on a widely used IoT product for fun this week, and here’s what I found:

- embedded Linux on an SD card
- SD card not encrypted
- developed by a third party on behalf of the end customer who makes the actual device this thing is connected too
- runs the code in docker containers from a private container repo
- docker credentials for private repo stored locally
- can use docker credentials to access containers for all of third parties customers, not just the one who makes the device
- GitHub creds in bash history
- can access source code for all customer projects using said creds

So things are going well over there.

Psychological Safety: Why Security is Digging a Hole

Looking forward to giving a brand new talk at BSides Basingstoke today on Psychological Safety: Why Security is Digging a Hole. Because it is. Security professionals frequently fail to make 'security' something that isn't scary and out to yell at you or blame you or call you nasty words. No one wants to connect or work with an area like that.

http://infobex.co.uk/2024/07/19/psychological-safety-why-security-is-digging-a-hole/