PJ Sliney

@[email protected]
2 Followers
169 Following
109 Posts
Security aficionado. USAF COMSEC veteran (2E351).CyberPatriot team coach. Civil Air Patrol. Pre-Sales Engineer for HPE Cloud, Storage and Backup.
PJ SlineyDec 22, 2022
Kenn WhiteDec 22, 2022

LastPass: "We got hacked (again), and pretty sure they got encrypted customer vaults, metadata, phone numbers and our source code & network maps. But it would take *millions* of years to crack. Also, they're likely brute-forcing your vaults with any previous leaked creds."

Reporters: Is that true? "Millions" of years??

Cryptographers: AHAHAHAHAHAHAHAHAHAHAHA
*inhales deeply, holds ribcage that are aching from exertion* AHAHAHAHAHAHAHA. No.

https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/

Security Incident December 2022 Update - LastPass

We are working diligently to understand the scope of the incident and identify what specific information has been accessed.

The LastPass Blog
PJ SlineyDec 19, 2022
greg (._.)Dec 18, 2022
🚨🚨🚨
PJ SlineyDec 16, 2022
Effin' BirdsDec 15, 2022

Remember that time I had to shut down the Effin' Birds text message service because it was costing $5000 a month?

Well, I finally figured out how to get it going again without losing my shirt.

Introducing 1-845-EAT-FART, where three measly bucks a month will get you daily Effin' Birds in your text messages at whatever time you choose.

Visit http://845eatf.art to get started.

Daily Wisdom Texts

Daily Wisdom Texts is a subscription service that texts you readings from Epictetus, St Benedict, sayings of Gautama Buddha (Dhammapada), Epicurus, Pierkei Avot, Rumi, Friedrich Nietzsche, Evagrius, Heraclitus, Edna St. Vincent Millay, NezahualcoyĹŤtl, Lal Ded, Rabindranath Tagore, Omar Khayyam, Ecclesiastes, poems, or the Tao Te Ching (more to come!)

Daily Wisdom Texts
PJ SlineyDec 11, 2022
With the conclusion of CyberPatriot XV, my team of cadets wants to do the Advent of Cyber as a fun break, then pick up on personal security. I think we’ll start with Password managers and MFA. Does anyone have a reason I *shouldn’t* suggest they start with google authenticator? They all have gmail accounts already. Would something like a yubikey be overkill for a bunch of high school students?
PJ SlineyNov 27, 2022
Lesley Carhart Nov 27, 2022
@charlesdardaman this is the bad boy you’re looking for https://docs.google.com/spreadsheets/d/13No4yxY-oFrN8PigC2jBWXreFCHWwVRTftwP6HcREtA/edit
Journalists on Mastodon and Fediverse (Responses)

Google Docs
PJ SlineyNov 27, 2022
VissNov 26, 2022

htop | lolcat

try it :D

(apt-get install lolcat or brew install lolcat)

PJ SlineyNov 26, 2022
Show threadSwiftOnSecurityNov 26, 2022

A great example of this is browser adblocking through deployment of uBlock Origin.

Adblocking has innumerable benefits. Better employee experience. Reduced network usage. Reduced proxy noise. Dramatically reduced malicious download prompts. Huge decline in security alerts for detected JavaScript.

But whose job is deploying it?

Someone who owns success. Who has a vision and sets a path. Not an individual group whose mission is avoiding blame for diligent deployment and operational maintenance.

A free massive security uplift enabled by integrated responsibilities and command of the endpoint.

PJ SlineyNov 26, 2022
SwiftOnSecurityNov 26, 2022

Here is my thesis on Security:

The diligent and reliable existence of locks, matters a lot more than their strength.

In trying to find how often lockpicking is a factor in burglaries, a huge number/majority of thefts were from behind no locks at all. Lockpicking is almost nonexistent.
Thieves simply try doors for being left open. Or just break a window.

This matched with my experience in Enterprise Security.
Penetrators got in through poking for trivial misconfiguration and lack of protection, not novel trespass.
They had millions of targets with a small % of success and won.

So I ask, why aren't we focusing on high assurance?

Because assurance is hard. It is not fun. It is not flashy. It fails silently. It supposes diligent attention.
Remediation is by definition beyond self-correction. The percentage of failures meets 85% SLA, even though it fails every month for three years.
Catastrophe is demure.

The modern Enterprise endpoint is almost always a massive distribution of responsibility. And in that denial of culpability, nobody is responsible for success.
The completeness of maintenance. The completeness of security configuration. The completeness of the agents that assure it.
It is the perfect failure.

Nobody owns actual success, just blame.

PJ SlineyNov 26, 2022
thesle3pNov 26, 2022
PJ SlineyNov 24, 2022
wardNov 24, 2022
The best thing about Thanksgiving
https://youtu.be/Z4Qxqmhqj1A
Eat, Fry, Love: A Cautionary Remix (REUPLOAD)

YouTube