Anybody I'm connected with here headed to RSAC this year? Would love to meet up!
Ryan Jamieson
- 53 Followers
- 73 Following
- 43 Posts
Head Honcho at Knit Security. OIF invasion vet. Boulder resident. Toddler dad. Emotional support husband. Lord Commander of the home stereo.
Delving into the minutiae of AD/Entra/DS is always an adventure.
SwiftOnSecurityPUBLIC SERVICE ANNOUNCEMENT:
There is an increase of account takeovers due to insiders at telco firms simply giving control to people paying them/compromised support staff accounts. Do a check on systems where this single factor would permit an account compromise. And change the configuration. These are opportunistic trawling attacks. This is becoming more common as attackers replicate the success.
The attacker uses other channels (like people search websites) to enumerate and guess the phone number attached to an online account and then checks against the telco they have control over.
The insider only briefly temporarily forwards the victim number to a 3rd party then switches it back to normal once they’re in. This is how they stay quiet since most victims will not have leverage or telemetry to understand how they got hacked.
It was their cell phone provider.
Make it so account recovery systems require multiple factors and remove telephony-based recovery for VIP accounts entirely.
Go check your systems now. Go try to access all your stuff like you forgot your password.
I am very serious. This is based on private knowledge but is compelled by the compromise of the SEC. This is common now.
Writing policies and standards for clients really doesn't get old. Nor does socializing them to the company. It's kinda great to show up with a manual about how to tackle a problem they've faced for years and then walk them through how to implement it in their company. It's not always easy, but it's nearly always gratifying.
kaoudisPlease vote in your local election if you haven’t yet and get the chance. This is where we set the stage for the big national decisions in several years. This is where we stop fascists from getting airtime, and stop people who want to ban books from getting on school boards in the first place. This is where we decide how our local taxes get used for our benefit. 😤
web3 is going just greatArrests made in $300 million Indian crypto scam
November 6, 2023
https://web3isgoinggreat.com/?id=himachal-pradesh-scam
Arrests made in $300 million Indian crypto scam
Indian police have arrested around eighteen people, including four police officers, in connection with a $300 million cryptocurrency scam that affected around 100,000 people in Himachal Pradesh. Victims were invited to invest in a cryptocurrency called Korvio Coin (KRO), but later the scam incorporated other tokens as well. Around 5,000 government officials and around 1,000 police fell victim to the scam, with some themselves becoming promoters.The scam was allegedly orchestrated by Subhash Sharma, who has not been apprehended. This particular fraud was uncovered in September, but has been ongoing since as long ago as 2018.
Andrew BrandtIt's less than 24 hours until the end of this election campaign. Win or lose, by tomorrow at this time, it will be over. And I have to say, I'm very grateful for that. It has been exhausting and thrilling and every emotion to every extreme throughout this campaign. As awful as it sounds, I wouldn't have wanted it any other way.
Today I canvassed #CU #Boulder students outside the UMC building. A lot of my fellow candidates were there. One thing I learned as a candidate is that no matter what vitriol is thrown around online, when people are face to face, the dynamic changes. #BVSD #SchoolBoard
K, I'm done with the Birdsite as of today. Not much good happening there.
I read this today for the first time and it resonated in a remarkable way: https://catvalente.substack.com/p/stop-talking-to-each-other-and-start
Jae Bochs@chris_kirsch @dangoodin since we’re starting to wind down, I’ll come clean: it me.
Also to offer some reassurance: this was built with two purposes - to remind people to *really shut off* Bluetooth (I.e. not from control center) and to have a laugh.
There’s no data collected, it’s just sending out BLE advertisement packets that don’t require pairing (and as such aren’t stopped by the control center toggle).
Hoping by next DC to have it working with the new iOS17 “NameDrop” features, and potentially do something similar for android (at least certain models). Either way I’ll probably submit it for a talk.