oscarsclaws 

@[email protected]
125 Followers
666 Following
23 Posts
IT leader at a major Australian public library. On Yuggera/Turrbal land. Always was, always will be. Views my own unless the kids get my phone. Learning infosec, teenagers and life. Posts autodelete after three months.
oscarsclaws 15h ago
kauer17h ago

Need a job as a Head Barista? The Eddy in Merimbula (NSW, Australia) is hiring. Seems like a together crew. No relation, just a customer :-)

Details in alt text. Boost maybe?

oscarsclaws 6d ago
Brian Bilston6d ago
Today is World Refugee Day. Here’s a poem called ‘Refugees’.
oscarsclaws 6d ago
Amy Remeikis6d ago
Hugely important story from Queensland where Indigenous people are being dropped from any positions of influence. This is just the start. www.abc.net.au/news/2026-06...

Qld minister tight-lipped abou...
Qld minister tight-lipped about 'Project Invisibility' Indigenous sackings

Under the direction of Arts Minister John-Paul Langbroek, eight Indigenous directors have disappeared from the boards of south-east Queensland's cultural institutions.

Show threadoscarsclaws Jun 19
@jpm They grow up so quickly.
oscarsclaws Jun 7
Cupid StuntJun 7
James Doohan (“Scotty”) stormed the beaches of Normandy on this day.
Show threadoscarsclaws Jun 6
@jpm Excellent question.
Show threadoscarsclaws Jun 5
@mysk
oscarsclaws May 23
Show threadBrianKrebsMay 22

There's a tendency for organizations to react to inadvertently exposing secrets in public code repositories by disabling the repo in question on GitHub, but then taking their time to rotate the exposed credentials. I guess the thinking is that well, maybe nobody noticed. And that's pure folly. From today's story:

"Ayrey said his company Truffle Security monitors GitHub and a number of other code platforms for exposed keys, and attempts to alert affected accounts to the sensitive data exposure(s). They can do easily on GitHub because the platform publishes a live feed which includes a record of all commits and changes to public code repositories. But he said cybercriminal actors also monitor these public feeds, and are often quick to pounce on API or SSH keys that get inadvertently published in code commits."

"In practical terms, it is likely that cybercrime groups or foreign adversaries also noticed the publication of these CISA secrets, the most egregious of which appears to have happened in late April 2025, Ayrey said.

“We monitor that firehose of data for keys, and we have tools to try to figure out whose they are,” he said. “We have evidence attackers monitor that firehose as well. Anyone monitoring GitHub events could be sitting on this information.”"

Show threadoscarsclaws May 17
@daedalus @jpm Just tell them all revenue was earned extracting and exporting gas. Post it note should do.
oscarsclaws May 17
s0 Is Not A SysadminMay 14

My bank just emailed me to say that because I haven’t used my two factor auth recently (they only require it for specific actions), they’re disabling it on my account.

What kind of a batshit security posture is that?!!