Sherri Davidoff

@sherridavidoff@infosec.exchange
179 Followers
138 Following
76 Posts
CEO of @LMGsecurity, author of “Data Breaches” & “Ransomware & Cyber Extortion.” The hacker known as Alien. Loves to mountain bike. Most important role: mom.
Webhttps://LMGsecurity.com
Text editorEmacs
Sherri DavidoffJan 11, 2024
I know this is dorky, but it’s been a really exciting 48 hours in #crypto ! Pretty sure me and Monkey (our cat) had the same expression this morning in the kitchen, except he was watching hermit crabs, and I was watching live #bitcoin price fluctuations…
Sherri DavidoffMar 30, 2023
I’m super excited to watch @tompohl’s new “weaponar” on printer hacking! Watch him show 3 ways that his red team goes from zero to full network takeover, all starting with your printer. Our pentest team does this regularly on real-world tests-- is your printer vulnerable? Find out! https://www.lmgsecurity.com/event/weaponar-how-i-met-your-printer/?latest #pentest #hacker #cybersecurity  
Weaponar: How I Met Your Printer

LMG Security
Sherri DavidoffJan 16, 2023
Freedom and security go hand-in-hand. On this day each year, my children and I watch MLK’s “I Have a Dream” speech. All great accomplishments start with great vision— that is the first step. We aren’t done, but we’ve come a long way. https://youtu.be/smEqnnklfYs
Martin Luther King - I Have A Dream Speech - August 28, 1963

YouTube
Sherri DavidoffJan 13, 2023
Hackers are leveraging ChatGPT, an #AI chatbot, to write #malware. Researchers have spotted threat actors on the dark web sharing code for AI-generated malware strains that steal files, install covert backdoors, or encrypt files. Read more here: https://www.darkreading.com/attacks-breaches/attackers-are-already-exploiting-chatgpt-to-write-malicious-code
Attackers Are Already Exploiting ChatGPT to Write Malicious Code

The AI-based chatbot is allowing bad actors with absolutely no coding experience to develop malware.

Dark Reading
Sherri DavidoffJan 3, 2023
A flaw in Google Home speakers could enable hackers to to spy on you. This demonstrates why we need to prioritize #API #security issues in the coming year! Check out the brilliant research by Matt Kunze: https://www.bleepingcomputer.com/news/security/google-home-speakers-allowed-hackers-to-snoop-on-conversations #privacy
Google Home speakers allowed hackers to snoop on conversations

A bug in Google Home smart speaker allowed installing a backdoor account that could be used to control it remotely and to turn it into a snooping device by accessing the microphone feed.

BleepingComputer
Sherri DavidoffDec 30, 2022
We need #E2EE to be “the default in all messaging apps.” There’s a reason you put letters in envelopes, people. Nice article by @ErrataRob on the Signal/NY Times issue— check it out: https://cybersect.substack.com/p/ethics-of-end-to-end-encryption
Ethics of end-to-end encryption

It's not ethics but politics.

Cybersect
Sherri DavidoffDec 29, 2022
From McAfee antivirus to ReiserFS: such murky ethical dilemmas when a namesake is disgraced.
https://physicsworld.com/a/the-ethical-dilemmas-of-renaming-scientific-principles-that-honour-fallen-idols
The ethical dilemmas of renaming scientific principles that honour fallen idols – Physics World

Robert P Crease looks at the ethics of renaming scientific principles that honour discredited figures

Physics World
Sherri DavidoffDec 28, 2022
“Brain area necessary for fluid intelligence identified.” That’s our “ability to solve problems without prior experience.” Security pros need to have high fluid intelligence just to be in this industry! https://medicalxpress.com/news/2022-12-brain-area-fluid-intelligence.html
Brain area necessary for fluid intelligence identified

A team led by UCL and UCLH researchers have mapped the parts of the brain that support our ability to solve problems without prior experience—otherwise known as fluid intelligence.

Medical Xpress
Sherri DavidoffDec 24, 2022
All SaaS vendors should have to certify once a year that they HAVEN’T been hacked (and provide supporting evidence). Right now, we just assume that if we hear nothing, they’re secure (cough Blackbaud cough cough Yahoo). We need to presume SaaS vendors are breached unless they demonstrate otherwise. #LastPass
Sherri DavidoffDec 24, 2022
Blowing bubbles and watching them freeze before they hit the ground… #Montana