Rick Hunter

@rickhunter@infosec.exchange
10 Followers
56 Following
247 Posts
Got roped into product security by sitting in the wrong cockpit at the wrong time.
Rick HunterFeb 20
daniel:// stenberg://Feb 20
It's time to re-enjoy this golden quote about me and #curl, shown in the most awesome way.
Rick HunterAug 8, 2024
Jen GentlemanAug 8, 2024
😶
Rick HunterJul 25, 2024
Kenn WhiteJul 25, 2024

Protip: When choosing a root-of-trust encryption key for a hardware secure enclave, maybe don't use the vendor's asymmetric key literally labeled "CN=DO NOT TRUST - Test PK". New scoop by @dangoodin: Secure Boot is Completely Broken on 200+ Models from 5 Big Device Makers

https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/

Secure Boot is completely broken on 200+ models from 5 big device makers

Keys were labeled “DO NOT TRUST.” Nearly 500 device models use them anyway.

Ars Technica
Rick HunterJul 19, 2024
Rick HunterJul 16, 2024

So, let me see if I understand the current state of anti-malware from an application vendor's perspective:

* One tool's AI/ML feature hallucinates and marks your software as malware
* VirusTotal publishes their finding
* All the other anti-malware vendors see the one report in VirusTotal and copy it.
* App vendor's customers complain because their local scanner or IT department's monitoring freaks out
* The app vendor has to individually contact each anti-malware vendor, dealing with broken support portals, outdated contact info, or full email inboxes.
* A few vendors clear your app, while others won't clear their finding until other vendors clear first (insert Spiderman pointing meme)
* Repeat forever

Rick HunterApr 12, 2024
Gert van DijkApr 10, 2024

Lasse Collin in commit message: “The other maintainer suddenly disappeared.” 😆

#jiatan #xz
https://github.com/tukaani-project/xz/commit/77a294d98a9d2d48f7e4ac273711518bf689f5c4

Update maintainer and author info. ¡ tukaani-project/xz@77a294d

The other maintainer suddenly disappeared.

GitHub
Rick HunterJan 25, 2024
Glyn MoodyJan 25, 2024
The amazing helicopter on #Mars, Ingenuity, will fly no more - https://arstechnica.com/space/2024/01/nasas-mars-helicopter-has-made-its-last-flight-above-the-red-planet/ "has flown a staggering 72 flights. It has spent more than two hours—128.3 minutes, to be precise—flying through the thin Martian air."
The amazing helicopter on Mars, Ingenuity, will fly no more

Ingenuity has spent more than two hours flying above Mars since April 2021.

Ars Technica
Rick HunterNov 28, 2023

There's a lot of appeal to Cybellum, but their SBOM scanning tech is still immature on Windows. They consistently mis-identify Microsoft's binaries as OSS equivalents (Wine, Samba), even though those binaries are attributed and signed by MS. Hoping they get that resolved soon.

https://bird.makeup/users/thecybersechub/statuses/1729516803616117009

The Cyber Security Hub™

Cybellum achieves significant market share growth among leading medical device manufacturers https://www.helpnetsecurity.com/2023/11/28/cybellum-medical-device-manufacturers-market-share/?utm_source=dlvr.it&utm_medium=twitter

Rick HunterAug 24, 2023
Politico's headline game on point!
https://www.politico.eu/article/wagner-reacts-oh-my-god-they-killed-yevgeny-you-bastards/
Wagner allies react: OMG, they killed Yevgeny! You bastards!

The former catering chief’s death is an ominous sign for his cheerleaders.

POLITICO
Rick HunterAug 23, 2023
First the moon, now this. What will Russia crash next?