Taco 🌮

@[email protected]
42 Followers
20 Following
74 Posts

Software developer for 15+ years interested in infosec.

When I'm not hanging out with the family or at my day job I enjoy writing and contributing code. I like to create and break software.

#Golang entertains me.
#C++/C feeds and shelters me and my family.
#Python is my ongoing one night stand apparently.

I used to break web base chat rooms in the mid 90's and keep that passion going keeping up with infosec type things and #CTF like activities.

I'm here to learn more and get more engaged with the #infosec community. I'm willing to entertain a career shift as well.

My Github Profilehttps://github.com/steampoweredtaco
Show threadTaco 🌮Oct 3, 2024

@DavidJBianco I'll tack on. Most "security" valid reasons to use a VPN is better served by using wireguard/VPN back to a hosted location in your control. Otherwise you're just moving the goal post to trusting the VPN provider and many of the use cases (like geo-changing) are going to be blocked with a well established provider.

I think people should still use a VPN of some sort anywhere other people have access to the switch/hotspot and in public areas. Unfortunately we don't know always might be leaking, or services open, on our devices. The default settings of most VPN configs to block routing to your device directly is a boon for most people. But that is still a legitimate reason in my opinion for avid use of a VPN for most non tech savvy people.

I actually only rely on a public VPN for IP hiding and testing how my apps respond when they are specifically geo/IP blocked. Even then I'll use a proxy into the VPN container and not expose my whole system routing to the VPN provider. Otherwise, straight to my wireguard setup at home just in case there is something leaking on my device I am unaware of at a hotspot or strange jack. It is much faster and more reliable than most VPN services and I don't get blocked anywhere.

Taco 🌮Jan 31, 2023
Robert ReichJan 30, 2023
Instead of: no one wants to work anymore. Try: no one wants to be exploited anymore.
Taco 🌮Jan 31, 2023

Just got this email from Google Fi of a breach, doesn't indicate which third party had the breach.

Indicates they have my sim card serial and activation dates, sound like a purchase order.. I think the important info is that my phone number may be included.

Given an attacker may have the sim serial and my number how exposed am I to them socially engineering an attack calling up the telecom with that info? Is this serious or a nothing burger?

Please boost if you know someone that may have a good answer. #GoogleFi #Security #Leak #3rdParty

Taco 🌮Dec 5, 2022
@mpiedrav you ok?
Taco 🌮Dec 5, 2022
@lucidh3x yeah, waiting for it to get more interesting!
Taco 🌮Dec 4, 2022

When we arrived the hotel had a boiler fire earlier this week and canceled our reservations without contacting us. So parked now farther away and freezing our butts off while waiting for things to start.

My wife thinks I'm too anxious about planning and doing anything....but this is the kinda confirmation bias that convinces me to just stay at home and forego all the stress all over planning and traveling time and time again.

Trying to stay in a good mood for the rest of the family....

Taco 🌮Dec 2, 2022
rob pikeDec 2, 2022

Remember when computers worked?

Nah, me neither.

Taco 🌮Dec 1, 2022
#hashcat is now on my windows host. #noreason
Taco 🌮Nov 29, 2022

Stay safe out there... Just got this in an email. The email is PayPal's and it almost looks legit. Scammers trying to get you to pay them now with a misleading PayPal payment request. #scam #psa

Anyone else gotten these lately?

Taco 🌮Nov 23, 2022
https://www.theverge.com/2022/11/22/23471842/facebook-hr-block-taxact-taxslayer-info-sharing
Facebook has been receiving users’ financial info from tax preparers

The Markup found that tax preparation services including TaxAct, TaxSlayer, and H&R Block have sent users’ personal financial information to Facebook through the Meta Pixel.

The Verge