Rolling StoneA new report has found that John Durham’s investigation was a mess, and that he even leaned on sketchy Russian intelligence to get into a George Soros aide’s email. https://www.rollingstone.com/politics/politics-news/john-durham-sketchy-russian-intel-1234669178/
WeaponPlus
- 127 Followers
- 512 Following
- 48 Posts
#infosec #cybersecurity enthusiast, Vulnerability Management and Attack Surface Reduction. @weaponplus.bsky.social
John StrandI wanted to take a few moments and apologize to many of my former students.
In the past I said the industry needs people who look at security as a vocation and an avocation.
I was wrong.
Have a life outside of this industry.
Have hobbies that have nothing to do with your computer.
Get outside.
The problems of the industry are not problems of people not working hard enough.
They are not problems of people not being "hard core" enough.
They are problems of education and resource prioritization.
I was wrong.
I am sorry.
Stop breaking yourself on rocks for people who don't really care if you break yourself on rocks.
Lesley Carhart 
Just another reminder that your employer that is treating you badly will replace you without caring in like one nanosecond if they can, and you do not owe them some honorable debt to stay if they’re abusing you.
Pro tip!
In security, never say the following:
"That is old."
"Nobody uses that anymore."
"We don't need to worry about X attack vector."
It screams that you are inexperienced and/or you don't know what you are talking about.
xyhhxHey #infosec / #cybersecurity fediverse!
I'm looking for resources on writing secure code, or security best practices for software development, etc. Anything specifically for #javascript / #typescript / #web is a plus!
Please #boost for reach! Thanks!
ᴉpᴉǝH 🐐💕
L.P.I'm still looking for a @ShmooCon ticket, if anyone has one for sale.
Boosts/shares for reach appreciated.
Patrick C Miller 
Zoho urges fixing a critical SQL Injection flaw in ManageEngine https://securityaffairs.com/140369/security/zoho-sql-injection-manageengine.html
Zoho urges fixing a critical SQL Injection flaw in ManageEngine
Zoho is warning its customers of a critical vulnerability, tracked as CVE-2022-47523, affecting multiple ManageEngine products. Zoho is urging its customers to address a critical SQL Injection vulnerability, tracked as CVE-2022-47523, that affects multiple ManageEngine products. “This security advisory is to let you know that a high severity vulnerability was detected in ManageEngine Password Manager […]
Dwight SilvermanSorry for the Twitter link, but Patrick Wardle doesn't yet have a Mastodon account that I can find.
https://twitter.com/patrickwardle/status/1611482670156091392
Microsoft security blog post "comes close" to ripping off Wardle's "The Art of Mac Malware," and doesn't cite prior research, which it clearly draws upon, he says.
The post in question: https://www.microsoft.com/en-us/security/blog/2023/01/05/unraveling-the-techniques-of-mac-ransomware/
Patrick Wardle on Twitter
“Microsoft's latest ~5000 word "research" blog on Mac ransomware contain zero new research ...yet contains no citations / credit to existing research 😢 See: https://t.co/nhmeniUuLC Worst, seems pretty close to ripping off "The Art of Mac Malware" book. 😳 What y'all think?”
SwiftOnSecurityShitposts are important ecosystem barometers for banter; an early warning guidepost to approaching the maximal allowed discourse.
Without shitposts, you have no constantly governed North Star in your community because you have no measure of its distance – only shallow and stricting fear of nonconformity. Like fish that choke without oxygen from water burbling over brooks, without shitposts your dreams of a blooming dialogue will dry into a wasteland.
(Edit: Shitpost in this instance is a Twitter term for out-of context random posting without a larger purpose or theme. Think dril)