🐀 
| Works at | Sophos |
| Works as | Principal Threat Researcher |
| Non-Infosec things | birds, pottery, shoulder cats, media criticism, natsec |
| https://twitter.com/thepacketrat | |
| blog | https://fancybearfriends.org |
| Work blog | https://news.sophos.com/en-us/author/sean-gallagher/ |
The U.S. Navy has refused near-daily requests from the shipping industry for military escorts through the Strait of Hormuz since the start of the war on Iran, saying the risk of attacks is too high for now, according to sources familiar with the matter.
A breach story I wrote 10 years ago.
Best practices. Who's got 'em?
Also, 10 years ago, one of my many conversations with John McAfee. Love him, loathe him, whatever, nobody deserves the ending John got. #mentalhealthawareness
A decade ago in my Ars Technica history: https://arstechnica.com/information-technology/2016/03/dam-you-justice-dept-to-indict-iranians-for-probing-flood-control-network/
Dammit.
Welp.
As of this morning, I am no longer employed, and am looking for a new role.
If you happen to know anyone hiring remote positions in the US, and looking for:
- Lead/Senior/Principal level software engineers (Ruby/Rails, React, NodeJS, etc.)
- Business Analysts
- Engineering Managers
please let me know.
This weekend, I demonstrated to my dad that passwords on MacOS are no barrier to someone with physical access (he forgot his password he set the last time he opened his computer to do his taxes).
On a related note, I am hoping he doesn't connect that to my statement that I could not get into my brother's MacBook after he died. I didn't want him going through his search history.
Proof AI is not ready for CTI #36,453,325:
Prompt: Here is some base64-encoded text. Can you extract the URL for me?
AI: (gives an actual URL to an example from an unrelated source)
Me: You hallucinated that didn't you?
AI: Please do your own Cyberchef-ing, I don't deobfuscate malware asshole
Steve Herman
Nic Lake 
