TIL: Google Cloud Platform blocks outbound email outside of a project's firewall rules. There is no way for a user to unblock it. Makes it difficult to set up email for a small server.

@justin thanks for the GCP setup guide! I was stuck on the cloud storage part. Almost done.

Reading this book about a Soviet sausage magnate and a depressed communist drop-out. Thanks @WhiskeyTitBooks@twitter.com

en.m.wikipedia.org/wiki/Envy_(

Now when you do a Google search for “Tesla crash” the search algorithms have to decide if you’re asking about the cars or the share price ⚖️

“Going down the path of segmentation and zero trust is a heavy operational lift,” Schell says. “I highly recommend a very automated approach that incorporates a lot of orchestration capabilities for consistency in deploying policies and gives you far greater capabilities in how you monitor, manage and audit the networks.”

2023 goals: get dinosaur IT to at least operate software automation tools without fear. I've never met a single IT person in my industry who knows what Ansible or Terraform means. When I do a demo, I can see the fear in their eyes and hear the fear in their voices.

Show thread

This must be the kind of trade publication many IT directors and CISO types read. Why not focus on application security? It's very frustrating when a whole security team only focuses on network firewalls and VPNs.

statetechmagazine.com/article/

A look at Flipper Zero, a $200 portable security penetration testing tool for hackers of all levels to intercept and replay signals from IoT sensors and more (Dhruv Mehrotra/Wired)

wired.com/story/what-is-flippe
techmeme.com/221225/p5#a221225

Five Android apps to choose from for Mastodon. A bit of a tragedy of the commons. What about one that does all the things?

mstdn.social/@garry/1095717720

A former colleague @Stevewyshy is the DP for this short film Die Surely. A send up of the democratic party donor class who hang signs like "in this house, we believe water is life" in their windows.

As a San Francisco resident with a neighbor who literally has this sign in their window, I have the feelings. Check it out it's funny!

wyshy.net/video/comedy/die-sur

All the talented hackers posting about discoveries they made from the LastPass breach make me miss working in infosec as one of the good guys.

I have found the first of will likely be many non-expiring password reset URLs that you may have had stored in #LastPass

If you had a maxmind.com URL in LastPass that included set-password?token= in the parameters, I just tested and those do not expire... Possession of the URL is all you need in order to change the password.

Shame shame, Maxmind.

Want to hunt for your own possibly sensitive URLs? Start with this against your vault export.

cat lastpass_export.csv | cut -d',' -f 1 | grep -a -i -e '^http' | grep -v 'http://sn' | egrep -i '(api|password|reset|secret|token)'

Sam Bankman-Fried's old friends and former execs at FTX / Alameda Research, Caroline Ellison and Gary Wang, have pleaded guilty to fraud charges and are cooperating with the feds. #FTX #crypto #SBF .
According to the Washington Post they're facing 110 years and 50 years, respectively... So yeah I see why they started snitching real fast.

theverge.com/2022/12/21/235219

Show older
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.