Mattias T 

@[email protected]
172 Followers
90 Following
1.5K Posts

IT-consultant, nerd, aspiring security technician, larper, photographer, maker & jack-of-all-trades
πŸ‡ΈπŸ‡ͺ/πŸ‡¬πŸ‡§

(he/him) πŸ³οΈβ€πŸŒˆ

Tech:     πŸ“·

Certs: MS-500

Note to self (and you). Current emojis on infosec.exchange:
https://emojos.in/infosec.exchange

CountrySweden
TelegramOn request
Printableshttps://www.printables.com/@Tysonsw_806320
Mattias T Mar 2
TaggartMar 2
Claude is down so developers: this is a "take your brain to work" day.
Mattias T Feb 26
Ben Schorr Feb 26

I've mentioned this before, but it came up for one of our clients this week. I really wish Microsoft defaulted this to OFF, but they don't. So, if you manage a #Microsoft365 tenant you may want to take a look at this. #Copilot #Governance

Multiple account access to Copilot for work and school documents https://learn.microsoft.com/en-us/copilot/microsoft-365/multiple-account-access

Mattias T Feb 26
Harry SintonenFeb 26

Retroactively changing the role of a token or key is a very bad idea.

https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules

#google #googleapikeys #infosec #cybersecurity

Google API Keys Weren't Secrets. But then Gemini Changed the Rules. β—† Truffle Security Co.

Google spent over a decade telling developers that Google API keys (like those used in Maps, Firebase, etc.) are not secrets. But that's no longer true.

Mattias T Feb 17
BaluFeb 16

Next time someone tells me "#Prusa is so far behind with everything.", I will slowly look over to my 2023 XL5, look back and ask: "So, 2026 is going to be the year of the toolchangers?"

:-)

Mattias T Jan 30
Otmar LendlJan 30

The report from CERT.PL covering the attacks on the Polish energy system is finally available:

https://cert.pl/en/posts/2026/01/incident-report-energy-sector-2025/

Energy Sector Incident Report - 29 December 2025

CERT Polska presents a report on the analysis of an incident in the energy sector that occurred on 29 December 2025. The attacks were destructive in nature and targeted wind and photovoltaic farms, a large combined heat and power plant, and a company from the manufacturing sector. The publication aims to raise awareness of the risks associated with sabotage in cyberspace.

Mattias T Jan 26
daniel:// stenberg://Jan 26

The end of the #curl bug-bounty

https://daniel.haxx.se/blog/2026/01/26/the-end-of-the-curl-bug-bounty/

The end of the curl bug-bounty

tldr: an attempt to reduce the terror reporting. There is no longer a curl bug-bounty program. It officially stops on January 31, 2026. After having had a few half-baked previous takes, in April 2019 we kicked off the first real curl bug-bounty with the help of Hackerone, and while it stumbled a bit at first … Continue reading The end of the curl bug-bounty β†’

daniel.haxx.se
Mattias T Jan 22
Tinker β˜€οΈJan 22
The boy in the blue cap.
The girl in the red coat.
Mattias T Jan 21
Tom NicholsJan 21
No one can be watching this Davos speech and reach any conclusion but that the President of the United States is mentally disturbed and that something is deeply wrong with him. This is both embarrassing and extremely dangerous.
Show threadMattias T Jan 21
There are a couple of articles on their blog on how they set up the security.
https://confer.to/blog/
Blog

Updates and insights from the Confer team

Confer Blog
Mattias T Jan 21

Just got myself an #confer account. And LLM-chat with security and privacy as highest priority and not an afterthought.
My first impressions is that it is way faster than #copilot and #chatgpt .
Will have to evaluate it more the coming days.
The only thing missing is an business tier but I'm hoping it will come in the future.

#llm #ai #infosec