lds

@[email protected]
79 Followers
245 Following
109 Posts
CloudSec, ProdSec, Automation, old man yelling at cloud.
Security learner, interested in everything.
Keybasehttps://keybase.io/ldurufle
ldsApr 30
Marcus Hutchins Apr 30
Listening to cybersecurity people freak out over Mythos is so tiring. Like, bro, your local water treatment plant runs Windows XP, your mobile provider's hardware is older than you are, and the protocol that routes internet traffic is secured by everyone just agreeing that hijacking it would be uncool.
ldsAug 6, 2025
David GerardAug 5, 2025
ldsJul 28, 2025
daniel:// stenberg://Jul 27, 2025
starting in the pending #curl 8.16.0, curl will default to TLS 1.2 as a minimum even if the TLS library can do lower versions
ldsJun 4, 2025
nixCraft 🐧Jun 4, 2025
whoami 🤣
ldsNov 11, 2024
Chris Farris Nov 8, 2024

Just signed the papers....

There may be no future, but there will be another fwd:cloudsec.

June 30th - July 1st 2025 in Denver CO

ldsOct 21, 2024
BSidesVienna.atOct 20, 2024
So, we can finally tell you more about tickets! There will be two rounds of tickets with the first round being 23.10@13:37 o'clock. Be quick, historically they got sold out pretty quickly.
ldsOct 2, 2024
Ian Coldwater 👻🌿Oct 1, 2024
Don’t use CSAM as the acronym for Cybersecurity Awareness Month. Just trust me on this one
ldsOct 1, 2024
BrianKrebsSep 30, 2024

Some possible good news for a change: T-Mobile settled with The Federal Communications Commission (FCC) and agreed to pay a paltry $31.5 million over multiple data breaches that compromised the personal info of millions of US consumers.

But that's not the good news: Under the settlement, T-Mobile has agreed to require multifactor authentication for their bajillion employees.

https://www.bleepingcomputer.com/news/security/t-mobile-pays-315-million-fcc-settlement-over-4-data-breaches/

We'll see if and how soon this happens, and if it's decent multifactor. It's still progress. Last year I reported that three different criminal SIM-swapping groups had phished or breached access to T-Mobile employee accounts in more than 100 separate incidents throughout 2022.

https://krebsonsecurity.com/2023/02/hackers-claim-they-breached-t-mobile-more-than-100-times-in-2022/

It's unclear whether T-Mobile's competitors will be held to the same standard.

T-Mobile pays $31.5 million FCC settlement over 4 data breaches

The Federal Communications Commission (FCC) announced a $31.5 million settlement with T-Mobile over multiple data breaches that compromised the personal information of millions of U.S. consumers.

BleepingComputer
ldsSep 26, 2024
Dan GoodinSep 26, 2024

By me:

Chief among them: mandatory resets, required or restricted use of certain characters, and the use of security questions

https://arstechnica.com/security/2024/09/nist-proposes-barring-some-of-the-most-nonsensical-password-rules/

NIST proposes barring some of the most nonsensical password rules

Proposed guidelines aim to inject badly needed common sense into password hygiene.

Ars Technica
ldsSep 19, 2024
Johan BerggrenSep 19, 2024

🚀Introducing OpenRelik: Open-source platform for digital forensic investigations. Modular workflows, collaboration, central artifact repository and easily extendable to support new tools in a clean, easy to use interface.

https://openrelik.org

Community discussion: https://github.com/orgs/openrelik/discussions/1

#DFIR