jbaggs

@jbaggs@infosec.exchange
235 Followers
172 Following
106 Posts

I've been in and out of information security professionally, but somehow always have related projects. Mainly working with zeek and network level detection at the moment. SDR, cycling, and climbing enthusiast.

I boost a lot. Topics range far and wide from security and "the cybers" and may include politics, food, humor, science, law, nature, art, and other sundry unsavories. I occasionally post my own projects and thoughts.

Pronounshe / him
Githubhttps://github.com/jbaggs
AgeSomewhere between Bianchi green and Soekris green
@NilaJones @MLE_online Maybe not, but I don't think it's a generational issue. It could be, but I really don't want to presuppose that.
@NilaJones @MLE_online Well that was just fucking rude.

@MLE_online Oh sorry. I just assumed you'd know:

https://en.wikipedia.org/wiki/ELIZA

(Maybe you were making a recursive joke there as well. I'm tired.)

ELIZA - Wikipedia

@gsuberland Sphere is incredibly spherical.
@MLE_online It's also sad we're going through some of the lessons learned from ELIZA over half a century later, but with more cost and spend to get there.

The Witch Lights have achieved their final and best physical form! Last week the magical and very slightly cursed will-o-wisps invaded a small town on a hill in Vermont.

The installation was a huge success, and happily validated a new hardware design that radically simplifies installation and breakdown. And which also incorporates forged, cold steel stake hardware. Because the Fair Folk are attracted to loose magic. Like ants.

#portfolioday #sculpture #LEDArt

My daughter just asked me "Why would they call it 'sweet n low' and use a treble clef instead of bass?"

🤯

Decades. I've ignored this glaring #marketing fail for decades.

Bellingcat: Masked, Armed and Forceful: Finding Patterns in Los Angeles Immigration Raids

https://www.bellingcat.com/news/2025/07/08/masked-armed-and-forceful-finding-patterns-in-los-angeles-immigration-raids/

#ice #fear #fascism

Masked, Armed and Forceful: Finding Patterns in Los Angeles Immigration Raids - bellingcat

Bellingcat collected videos and images from recent immigration raids in Los Angeles, analysing trends and apparent tactics used by law enforcement.

bellingcat
The most important thing to understand about the huge federal layoffs—which the Supreme Court just cleared the way to continue—is that they are a strategic attack on equality in *all* workplaces: https://unbreaking.org/issues/equality-at-work-decimating-the-federal-workforce/
Equality at Work — Unbreaking

How the administration is breaking the government, and what that means for all of us.

In this episode of “I cannot believe they did exactly what they said they would do” we will be looking at today’s Grok screenshots
×

2 and a bit days in and Ingram Micro still haven’t admitted what is happening, instead saying “Maintenance”

They’re both a large MSP and MSSP who sell anti-ransomware services.

#threatintel #ransomware

There's also several hundred gigabytes of data out of Ingram Micro's network. I suspect they'll have a long running, uhm, maintenance.

Three days in, Ingram Micro have updated their website to say they’re having a cybersecurity incident. They’ve also linked their press release, calling it ransomware. https://www.ingrammicro.com/

It’s a smart play as it makes them the owner of the narrative.

Ingram Micro have filed an 8-K for ransomware.

Some incredible wordsmithing here - rather than say when the incident began, they say when they issued a press release. Which was days later than when the incident began. I think this is because they missed SEC reporting deadlines.

https://www.sec.gov/ix?doc=/Archives/edgar/data/1897762/000162828025034372/ingm-20250705.htm

#ransomware

@GossiTheDog
Item 8.01. Other Events.

On July 5, 2025, Ingram Micro Holding Corporation (the “Company”) issued a press release stating the Company identified ransomware on certain of its internal systems. Promptly after learning of the issue, the Company took steps to secure the relevant environment, including proactively taking certain systems offline and implementing other mitigation measures. The Company also launched an investigation with the assistance of leading cybersecurity experts and notified law enforcement.

A copy of the press release is attached hereto as Exhibit 99.1, noting that the Company is working diligently to restore the affected systems so that it can process and ship orders.
#AltText #Alt4You

@GossiTheDog live shot of Ingram Micro issuing its press release in the middle of a ransomware attack
@zackwhittaker @GossiTheDog it's just as glorious as enron's shredder evolution

@GossiTheDog It's always "we found ransomware", and never "we couldn't bother to secure our shit and got pwned"

It's as if ransomware is a mythical act of the gods...

@GossiTheDog
German translatio of 8-K
= Ad-Hoc Meldung
https://www.deltavalue.de/form-8-k-sec-filing/
Form 8-K SEC Filing - Definition & Erklärung

Form 8-K Filing (SEC) ✅ Anleitung, Bedeutung & Interpretation ✅ So investierst und handelst du erfolgreich ✅ Jetzt mehr erfahren ➤

DeltaValue.de
@GossiTheDog refreshingly honest, in comparison to M&S at least.

@greem @GossiTheDog

“refreshing honest” would have been wighin the first two hours…

@GossiTheDog because you wouldn’t want Palo Alto Networks to take over.
@GossiTheDog how/where do you observe global network flow like this, fwiw?
@GossiTheDog Is this one of those irregular verbs? I am maintaining / you are restoring / she is pwned.
@GossiTheDog Whenever you exfiltrate that much from across an enterprise, there are bound to be tons of technical docs on network layout and control and some spreadsheet somewhere where some dufus is writing down passwords. They'll be playing whack-a-mole with these same guys forever unless they rebuild their network from scratch with all knew credentials.
@GossiTheDog They need to un-event the Event.
@GossiTheDog Tabletop Exercise? 😁
@GossiTheDog their main line of business is as a distributor of IT equipment. Lots of smaller IT equipment resellers depend on Ingram Micro to fulfill their orders as Ingram does the warehousing and shipping of the products for them. One example: they are one of Cisco’s largest distributors. Same for thousands of computer accessory makers like Logitech, Belkin, etc.

@deepthoughts10 @GossiTheDog this is a fundamental misunderstanding.

Ingram Micro is a *TIER 1*. There are only three of them; IM, TD Synnex, and AVNET. They do not do business with 'small.' I just happen to be a grandfathered customer in good standing from the 90's.

All the low tier MSPs are dealing with an entirely different arm. The minimums for a REAL customer is an insurable LoC of at least $10M last I looked.

@rootwyrm @GossiTheDog so I should have clarified what I meant by small. Some would call $10 million small, others would say medium. Regardless, there are thousands of resellers who rely on Ingram who will be hurting come Monday.

@GossiTheDog and iirc it's not possible to eject a reseller partner (even one that isn't currently placing licences in your tenant) from your MS365 tenant, either - the reseller has to delete the relationship (or maybe, if you can figure out a way to contact them, MS can do it for you).

Can't reseller partners create new global admins to do tenant recovery even if they have no role assigned?