Feeling ambitious? Contemplate how the tightest compartments of your org compare to the long-pole infosec suggestions in https://standard.sl5.org/
searchable
| web | https://n2vi.com/ |
Eric Grosse
- 258 Followers
- 108 Following
- 18 Posts
infosec, husband/father/grandad
searchable
searchable
Google Security has a great Leaving Tradition, which I commend to other orgs aspiring to excellence: https://bughunters.google.com/blog/6355265783201792/the-great-google-password-heist-15-years-of-hacking-passwords-to-test-our-security-and-build-team-culture
(I don't post often, and am not sure whether mastodon or @n2vi.bsky.social is best for it. But their nice blog post deserves the extra pointer.)
Blog: The Great Google Password Heist: 15 years of hacking passwords to test our security (and build team culture!)
The Leaving Tradition in Google's security team, which could be described as a type of small-scale offensive security exercise, is a great (and fun) example of team culture. Curious? See this blog post for details.
Today, June 16, Google tells me Album Archive is going away on July 19 and I need to use Google Takeout before then. Google Takeout then tells me "You have Advanced Protection switched on, which means that it could take days or even weeks for your files to be ready"
Former LastPass users, slowly updating passwords everywhere, are encountering buggy flows even from major services. If you're responsible for auth, now is an especially good time to listen to your help desk staff.
PÄ“teris Caune
@cuu508, thank you for healthchecks.io; that's a great public service you run! I wonder if, in place of "OK" response to pings, it would as easy for your server to reply with my IP address, thus enabling me to trigger rare dynamic DNS updates without burdening any other pro bono servers?
@cuu508, thank you for healthchecks.io; that's a great public service you run! I wonder if, in place of "OK" response to pings, it would as easy for your server to reply with my IP address, thus enabling me to trigger rare dynamic DNS updates without burdening any other pro bono servers?
Wise advice from @n0x08 to "make sure your BMCs are off the internet" but this can be harder than it looks because of NC-SI. For assurance in the past, I've had to leave the motherboard network ports unconnected and add network cards instead.
Anyone know the rationale here for requiring an OTP app 2FA be enabled before allowing Security keys? (That's not unique to Mastodon; just wondering why it is a common design pattern.)