Wasn't sure on the plan when originally signing up for BlueSky (other than fleeing the $OtherPlace)
Needing to re-organise. So, splitting personas....
Stay here for professional(ish) InfoSec releases. For personal stuff and uneducated hot-takes, come find me @andrew.waitesworld.co.uk
It’s an Iron Maiden sort of day, not sure why….
youtu.be/9a7xa6W39o4
Fills me with the same question I always have with stats like that:
20% increase in breaches?
20% increase in breaches *reported*?
20% increase in breaches *detected*?
From the data I’m never 100% confident of the correct narrative, and always spun all ways depending on vendors’ goal.
“I never heard of when a kid…”
When I was a kid, I knew nothing about nothing. When I grew up I (tried) to learn and fill in the blanks. I did not just assume that I’m anything I didn’t personally know about was wrong/fiction/conspiracy.
How big an ego do you need to make that leap?
This is cool af y’all
Started my career running a colo-DataCentre.
The look of bewilderment when explaining “we run part of the Internet” or better, showing them the racks, cables and blinky lights is something I’ll never forget.
One Old Chap discussing WiFi, staring at ceiling like he could see packets in the air…
Simple, because they still work
If they weren’t successfully achieving the goals of Threat Actors, TAs would move on. whilst they achieve the aim, why reinvent the wheel?
isc.sans.edu/diary/31880
Woohoo!
Tickets acquired - see you there
If it wasn’t a real data breach, and no tangible impact, orgs would have no issue being open and transparent. The fact that guidelines like these provide wiggle room for silence, is deafening
A Chinese APT left a server exposed and leaked its exploits
-Fortinet firewall and VPN exploit scripts
-A PHP-based webshell
-Network reconnaissance scripts
hunt.io/blog/keyplug...
It’s strange (and terrifying), I’m currently in US on vacation (booked *long* before $currentTimes), and I’ve been discussing current events and issues with some locals, who were previously completely unaware of goings on (and not just recent, “happened yesterday” events either….)
I’ve watched the WayBack machine grow from interesting curiosity to cultural necessity.
In the darkness of misinformation, silent edits and rewriting of history, WayBack machine offers a light in the dark.
It needs protecting at all costs.
I’ve been meaning to pickup new egg cups after smashing one of the set.
Not seen these yet (on vacation and away from hobby news). On the scale of “paint pot to Titan”, how scared should my wallet be?
Can confirm that my NSF grant "How False Beliefs Form & How to Correct Them" was cancelled today because it is "not in alignment with current NSF priorities" Shocking that understanding how people are misled by false information is now a forbidden topic. Our work will continue but at a smaller scale
Ticket purchase page for BSides Cheltenham. All currently available tickets sold out.
Downside of vacation: timezones, missed ticket release for @bsideschelt.bsky.social
Just keep my eyes open for the next release
Get Carter (Michael Caine version) cinema poster: Caine, holding shotgun
Oh wow. This just in from a CISA spokesperson:
“The CVE Program is invaluable to cyber community and a priority of CISA. Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate our partners’ and stakeholders’ patience.”
I doubt anyone would….*intentionally*.
I also highly doubt the current administration is competent enough to be trusted the the centralised functions we’ve all accepted that US Institutions run for the global collective up until this point. And not sure we can pivot fast enough to avoid pain now
Oh dear you’re going to want to read this. Looks like DOGErs were caught exfiltrating NLRB data, likely on unions, for private (seemingly Elony) use. This is must read. What we’ve all suspected. But now details. www.npr.org/2025/04/15/n...
Seen too many junior (and senior, tbf) devs blindly run what the LLM BS-Machine spits out, then troubleshoot from there.
Probably should have already been a control, but time to allowlist packages (or at least monitor) in the same vein as we (should) limit DNS, web and other external content?
I want to make jokes in reply, but they all make me sad and (more) depressed….
I’m speaking up in support of @thekrebscycle.bsky.social & @sentinelone.com
Cybersecurity should be a non-partisan issue that unites us in our shared mission to defend our country.
National security can’t afford the chilling effect on both public & private sector
www.lutasecurity.com/post/in-supp...
DShield one might do what you need, couple of their recent articles covered findings from similar deployments.
They freely share data via API feeds if you want to poke around some datasets whilst you get a feel for what you’re looking to look for.
Depends what protocols you’re looking for? Dshields honeypot isn’t a bad starting point. With HTTP*/SSH/telnet.
For “multi” I typically run different protocol pots via K8s/similar, and aggregate to a central log/analysis platform depending on needs/wants.
Expressing public support for Chris Krebs, Alex Stamos, and Renee DiResta.
They were doing their jobs.
And they should be celebrated, not vilified.
The former was trying to protect themselves, so is the latter.
The InfoSec industry needs to step up and push back against the USG’s moves here, which read like Soviet Russia.
Targeting Chris Krebs and his employer (and CISA) like this is appalling. Chris, a Republican if memory serves, was a great leader for CISA.
