Ryan Jamieson

@[email protected]
53 Followers
73 Following
43 Posts
Head Honcho at Knit Security. OIF invasion vet. Boulder resident. Toddler dad. Emotional support husband. Lord Commander of the home stereo.
Ryan JamiesonOct 17, 2024

@JimmyB @firebreathingduck @munin @hacks4pancakes

Usually those lines come out when speaking with someone who's arguing against women having any agency at all. It's a midpoint to get this other person to at least make the leap that women he knows are real people worthy of rights and agency.

Show threadRyan JamiesonMay 14, 2024
@ai6yr And this is why people keep pirating things.
Ryan JamiesonApr 18, 2024
Anybody I'm connected with here headed to RSAC this year? Would love to meet up!
Ryan JamiesonApr 18, 2024
@GossiTheDog You love to see it. Unfortunately, this will do little to deter the bad actors in the space, of which there are plenty.
Ryan JamiesonApr 17, 2024
Delving into the minutiae of AD/Entra/DS is always an adventure.
Show threadRyan JamiesonApr 17, 2024

@pluralistic @molly0xfff
It's a great article on the topic, and I agree with it in many counts. Your parallel to Web3 shenanigans is spot on, too - costs to create, maintain, and evolve GenAI are essentially immaterial to its backers, who are all trying to get rich quick, much like the Web3 folks.

My hope is that the issues of trust which AI will only exacerbate will spark a pivot away from social media and unmoderated online interactions. Social media is a pox, but I can imagine a world where people simply refuse to believe anything they read online and return to more traditional information sources as a result.

Show threadRyan JamiesonApr 17, 2024
@shortstack Yay stickers!
Ryan JamiesonJan 11, 2024
SwiftOnSecurityJan 11, 2024

PUBLIC SERVICE ANNOUNCEMENT:

There is an increase of account takeovers due to insiders at telco firms simply giving control to people paying them/compromised support staff accounts. Do a check on systems where this single factor would permit an account compromise. And change the configuration. These are opportunistic trawling attacks. This is becoming more common as attackers replicate the success.

The attacker uses other channels (like people search websites) to enumerate and guess the phone number attached to an online account and then checks against the telco they have control over.

The insider only briefly temporarily forwards the victim number to a 3rd party then switches it back to normal once they’re in. This is how they stay quiet since most victims will not have leverage or telemetry to understand how they got hacked.

It was their cell phone provider.

Make it so account recovery systems require multiple factors and remove telephony-based recovery for VIP accounts entirely.
Go check your systems now. Go try to access all your stuff like you forgot your password.

I am very serious. This is based on private knowledge but is compelled by the compromise of the SEC. This is common now.

Ryan JamiesonNov 7, 2023
Writing policies and standards for clients really doesn't get old. Nor does socializing them to the company. It's kinda great to show up with a manual about how to tackle a problem they've faced for years and then walk them through how to implement it in their company. It's not always easy, but it's nearly always gratifying.
Ryan JamiesonNov 7, 2023
kaoudisNov 7, 2023
Please vote in your local election if you haven’t yet and get the chance. This is where we set the stage for the big national decisions in several years. This is where we stop fascists from getting airtime, and stop people who want to ban books from getting on school boards in the first place. This is where we decide how our local taxes get used for our benefit. 😤