My Friend Network | silverwizard @ My Friend Network

silverwizard 2 months ago friendica

[bookmark=https://twitter.com/maddiestone/status/1268218293640290304]Dear #Infosec

I've been "warned" 3x that if I keep posting that Black Lives Matter, I'm unhireable.

If I, a white, cis, straight, US-born... woman w public evidence of my work can be "unhireable" due to just saying #BlackLivesMatter, how can Black hackers even hope to be hired?[/bookmark]

#InfoSec #blacklivesmatter

The Trough

silverwizard 5 months ago friendica

NordPass and NordVPN are so very shady. #infosec https://t.co/3EIB3i1Xl1
— Kim Crawley (@kim_crawley) March 7, 2020

#InfoSec

Mithas

silverwizard 6 months ago friendica

#shmoocon #infosec we need to populate stock image sites with those ORLY spoof books, and wait for them to appear in slide decks. 😅😆😂 pic.twitter.com/QTbKQDfG8l
— ADoug (@ADoug) February 1, 2020

#InfoSec #shmoocon

Skullcap

silverwizard 7 months ago friendica

Hey - #infosec people:

is there a way you tend to communicate "I don't care about what the design says, this is what we are actually doing"

#InfoSec

Solace

12 comments - Show more

Hypolite Petovan 7 months ago friendica (via ActivityPub)

I don't know about #infosec, but on the #Fediverse, this is pretty much the ActivityPub/Mastodon dichotomy from what I understand.

#fediverse #InfoSec

silverwizard 7 months ago friendica

That is definitely the case. The drift there seems analogous to "This is what the W3C says" vs "This is what Chrome does" (insert my unearned opinion that Mastodon is a bad actor here)

In this case it's "Our design doc says this, our implementation says this, but since the spec says this, that must be what it is"

Hypolite Petovan 7 months ago friendica (via ActivityPub)

Where do you place "the spec"? In "design" or "implementation"?

silverwizard 7 months ago friendica

Sorry, "the spec" is the design doc, I just used two different words because I am a monster

Hypolite Petovan likes this.

Hypolite Petovan 7 months ago friendica (via ActivityPub)

If there's a known difference between the design doc and the implementation, then the design doc is pretty much useless and should be corrected, because it probably would be cheaper than correcting the implementation.

silverwizard 7 months ago friendica

Well, that's the point. I am trying to get them to admit the difference *exists*

"Hey, if I sign up with this password, it passes an error! What's the actual rules for this? And shouldn't we expose them to the client?"

"Oh, we have no rules"

"Why can't I sign up with this terrible password then"

"oh, because it's terrible"

Hypolite Petovan 7 months ago friendica (via ActivityPub)

Ugh.

silverwizard 7 months ago friendica

We *seem* to be doing it right, but don't communicate what we are doing, and need to do that

Hypolite Petovan likes this.

Hypolite Petovan 7 months ago friendica (via ActivityPub)

Update the spec, add user-facing errors, etc... you know the drill.

silverwizard 7 months ago friendica

All I get to do is say "this passed security review" or no

Hypolite Petovan likes this.

Hypolite Petovan 7 months ago friendica (via ActivityPub)

Well, did it?

silverwizard 7 months ago friendica

Luckily I had a manager step in and say if someone gets an error on signup that doesn't explain how to fix it, then isn't not passing design, so I was good and can keep trying to upload 10GB passwords

Hypolite Petovan likes this.

silverwizard 8 months ago friendica

I need to know more

Homeland security is hiring professional grade hackers👇🏾 #hacker #hacking #cybersecurity #hackers #hack #technology #coding #ethicalhacking #tech #code #security #computerscience #programmer #infosec #hacked #coder #software #ethicalhacker #python #hackerman #cyber #pentesting pic.twitter.com/dlmpF4y6a0
— Panda (the Reverend) (@iamthereverend) December 16, 2019

Qualinost

bumbervevo likes this.

Sven Türpe reshared this.

silverwizard 9 months ago friendica

Something Everyone Knows
Something Everyone Has
Something Everyone Is

0 Factor Authentication #InfoSec #cybersecurity pic.twitter.com/zyrgFvTsPs
— Malia🗝🐇 (@IDAccessGoddess) November 15, 2019

#InfoSec #CyberSecurity

Ansalon

Theodotos Andreou likes this.

silverwizard 1 year ago friendica

Cybersecurity is no longer merely a tech issue — a nuisance to be offloaded on IT. It’s a business problem too. This is especially true as more and more businesses transform digitally. https://t.co/mFyWEOmvoo @Unix_Guru @CIOJimLove #CISO #cybersecurity #infosec #security
— IT Business Canada (@itbusinessca) June 13, 2019

#security #InfoSec #CyberSecurity #ciso @Michael Ball vCISO 🇨🇦☕️ @Jim Love

Inn of the Last Home

silverwizard 1 year ago friendica

EUnomia's ethical™ advicer

2019-04-11 22:42:30

'if you're a matrix.org user you should change your password now.'

It's running again, but:
'The hacker exploited a vulnerability in our production infrastructure'

https://matrix.org/blog/2019/04/11/security-incident/

#infosec #matrix

#InfoSec #matrix

Que Shu