Non Hypergolic @lazzarello@qoto.org

I'm seeing a lot of hot takes on #LastPass, from people in #infosec coming to the conclusion that LastPass transparently disclosing breaches, or near breaches, or any incidents, is a sign of something terrible.

I think those people have not been at this long.

All companies eventually get hacked. All companies eventually will be breached, and it's not if; it's when.

And if you are a company storing millions of passwords, you better believe you are being attacked constantly.

Given that world, I want a company that:

is transparent and lets their users know immediately when something is up and gives as many details as they can.
can actually detect incidents and has a solid process to follow in dealing with them and communicating about them

If you think a company that never says, "hey, we had an incident," is more secure. .. oh boy.

It merely means they either a) can't detect incidents or b) are hiding them from you

If you are using a password manager that is silent about breaches, near misses, incidents, etc., That should be cause for concern.

"Mastodon feels much closer to hanging out with reasonable friends and acquaintances, whereas Twitter is equivalent to having 15 racists drunk uncles assigned to follow you wherever you go."

lol

https://escapingtech.com/tech/opinions/i-was-wrong-about-mastodon-moderation.html

I can't believe this exists, but you can now get anonymous 5G data-only mobile plans with 30 eSIMs a month, in the US and EU. #mobile #security #privacy https://invisv.com/pgpp/

Here is a machine learning challenge: "Decode" EEG to estimate what a listener was hearing, actually, what features of continuous speech can be predicted from EEG.

https://exporl.github.io/auditory-eeg-challenge-2023/

The challenge runs from now until February 6, 2023, after which the top 5 teams will be invited to submit a 2-page paper to ICASSP and later on an invitation to write a journal paper for the IEEE open journal of signal processing.

#machinelearning #EEG #neuroscience #speech #ICASSP

#WorldCup

Today on Risky Biz:

* Tom Uren and @thegrugq talk about why EU plan to regulate 0day won't do much on Spyware. That podcast up imminently in Risky Business News RSS feed (site currently building)

* News bulletin podcast and newsletter out at 2:30pm AEST
- Some Cyber Partisans action
- Vanuatu government ransomware update
- Russia moves towards cybercrime proceeds forfeiture laws (lol corruption gonna be amazing)
- Free Wickr app gets the Amazon razor
- More

* A long form interview I did with head of developer relations from Snyk: How can CSOs help foster a good secure dev culture within dev org? Still working on that one but will be out later today in the primary RSS feed.

Looks like I'll be spending a bit more time on Mastadon now because this is clearly where the action is. :)