Pedant @Pedant@qoto.org

Reminder. For #iinfosec cyber defenders, there’s only one thing you can find where you are required by law to notify the feds immediately, before even your employer.

US Code Title 18 s2251

https://www.law.cornell.edu/uscode/text/18/2251

Reporting requirements are s2258

https://www.law.cornell.edu/uscode/text/18/2258A

You report it to the National Center for Missing and Exploited Children here:

https://report.cybertip.org/

I am extremely fortunate I’ve never run into it, but I know #blueteam and #dfir people who have.

Always be the good guys. And leave these bad guys to the professionals. The amateur ‘catch a predator’ people have fubar’ed cases by not following legal procedure. Don’t give the villains an out.

The car industry is even worse for your privacy than the worst tech company -- and that's because the worst behavior of the tech industry is embedded in every car. This report from @mozilla is what Consumer Reports should have done years ago -- and it is infuriating. https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/

At #defcon31 #DARPA
announced a huge 2-year #AI #Cyberchallenge with the semis and finals hosted at good old #defcon. Over 18M in total prizes, access to cutting edge tech and a chance to help secure the open infrastructure we all rely on. If that sounds like your kind of fun, details are at http://aicyberchallenge.com

#AIxCC

https://youtu.be/DFnxrsEvs7M

The good @paperghost is on the look for a new role from next month (https://infosec.exchange/@paperghost/111047507006190661)

Being so humble, he really doesn't sell himself well. So I'll try to pitch in by saying Chris is one of the most genuinely nice people in the industry, not to mention extremely competent, a brilliant researcher, and quite possibly delivered the <best> conference presentation I've seen in person ever.

People like this don't come on the market very often... so do whatever you can to land this man.

In other news, my daughter has completed her A levels, and the ISC2 CC, and is looking for an apprenticeship / entry level cybersecurity position. So, you have the choice of a n00b or an experienced pro. Don't say hiring is a challenge! you're welcome!

Microsoft says an initial access broker known for working with ransomware groups has recently switched to Microsoft Teams phishing attacks to breach corporate networks.

https://www.bleepingcomputer.com/news/security/ransomware-access-broker-steals-accounts-via-microsoft-teams-phishing/

Ars Technica: Password-stealing Linux malware served for 3 years and no one noticed

https://arstechnica.com/security/2023/09/password-stealing-linux-malware-served-for-3-years-and-no-one-noticed/

#Linux #Malware #PasswordManagers

It is #BreakawayDay. Remember the 311 in Moonbase Alpha we lost with the moon. Where are they today?

Hack the fortieth anniversary of the #GNU System at the #hacker meeting in Switzerland: https://u.fsf.org/40f Are you located in the US and cannot fly to Europe? Celebrate with kith and kin at the FSF's office in Boston, MA: https://u.fsf.org/hackday #GNU40

Mozilla released emergency security updates today to fix a critical zero-day vulnerability exploited in the wild, impacting its Firefox web browser and Thunderbird email client.

https://www.bleepingcomputer.com/news/security/mozilla-patches-firefox-thunderbird-against-zero-day-exploited-in-attacks/

You: Oh no the world is burning

InfoSec workers: Already been done now currently

I don't think I've ever read an incident report (goes from bottom to top) like this and had a more clear and escalating trend of "Oh NO!"s.

Rackspace got absolutely piledriven to the point that they completely shut their hosted Exchange service off and paid for Office365 for anyone impacted.

They've said absolutely nothing about backups, restoration, or data recovery.

You can feel with each update the incident communication responsibilities getting handed further up the ladder.

status.apps.rackspace.com/index/viewincidents?group=2

A financially motivated threat actor is hacking telecommunication service providers and business process outsourcing firms, actively reversing defensive mitigations applied when the breach is detected.

https://www.bleepingcomputer.com/news/security/sneaky-hackers-reverse-defense-mitigations-when-detected/

Don't let anyone tell you that you can't use #FOSS tools top-to-bottom to make things.

I like and support @fosstodon, and I thought it would be cool to #3dprint the logo for my desk. Here's what I used:

OS->#ubuntu
Browser(download image)->@bravebrowser
SVG(from image)->@inkscape
CAD(make solid from SVG)->@FreeCAD
Slicer->@prusa3D

If anyone is interested, I can upload the files so that you can make your own.
#3dprinting #freecad #inkscape

All of the #freecad parts in the post last night are from a 1970's drafting textbook that I have. I decided to try modeling the entire assembly to show that you can do it just fine using the Assembly3 workbench to put it all together after modeling each individual part. It really wasn't any harder than doing it in something like SolidWorks. @FreeCAD is an incredibly powerful tool, and it makes me happy to see more and more people realizing that and using it.

logic gate

I've just scheduled the next instance of my monthly devlog livestream for #OctoPrint, "OctoPrint on Air", on next Monday. That one will be a special one because OctoPrint is turning 10! 🎂

To properly celebrate this, I've made this livestream open to everyone who wants to join me in looking back on OctoPrint's first 10 years, some celebration, and of course a chance for some Q&A.

Interested? Details here: https://octoprint.org/blog/2022/12/05/octoprint-on-air-50/

🥳