@howelloneill@infosec.exchange cover
@howelloneill@infosec.exchange avatar

howelloneill

@howelloneill@infosec.exchange

This profile is from a federated server and may be incomplete. View on remote instance

howelloneill , to Random stuff
@howelloneill@infosec.exchange avatar

when you compare it to Messi, the average MLS salary is kind of mean https://www.nytimes.com/athletic/5499223/2024/05/16/mls-player-salaries-teams-messi/

howelloneill OP ,
@howelloneill@infosec.exchange avatar

please clap

howelloneill OP ,
@howelloneill@infosec.exchange avatar

@selenalarson finally my biggest fan arrives

howelloneill , to Random stuff
@howelloneill@infosec.exchange avatar

Here’s a very specific dark pattern that I bet has made Google many millions: Some old folks install Google Photos on their iPhone, it basically automatically backs up photos and even if you turn off backup it bombards you with prompts to back up photos. That’s generally unnecessary but old folks do it. Then their Google account has no storage left and they’re bombarded with prompts to subscribe for more storage which they do so they can still read their email because the prompts threaten them with loss of access to GMail.

briankrebs , to Random stuff
@briankrebs@infosec.exchange avatar

I'm not sure what this says about me, but I can't remember the last time I checked the number of hits on a story (on my own site). Had this realization today when someone offered to show me what they saw on their site after I posted something recently. Is it good or bad that I'm so incurious?

howelloneill ,
@howelloneill@infosec.exchange avatar

@briankrebs I’m not sure. Obviously good to not be totally driven by those metrics but you want to be responsive to the audience in some ways, right? I’m curious, how do you think about other kinds of feedback? Maybe a source telling you they liked a story, a message on social? A traditional reporter would have an editor to render some kind of judgement. Obviously you’re doing a good job, so how do you think about that dimension?

howelloneill ,
@howelloneill@infosec.exchange avatar

@briankrebs That all makes sense to me. What makes you decide a story was a success?

howelloneill , to Random stuff
@howelloneill@infosec.exchange avatar

I wish so many people on Mastodon didn’t feel the need to have one account for cyber stuff and the other for personal hobbies like books or sports or whatever else. I actually want to read about your hobbies and see you as a full person

howelloneill , to Random stuff
@howelloneill@infosec.exchange avatar

I have a genuine question: Who thinks basic cybersecurity goals like "enable MFA by default for users and administrators" or "instead of bad default passwords, enable random, instance-unique initial passwords for your product" or "require the user who installs the product to create a strong password at the start of the installation process" couldn't be mandatory?

howelloneill , to Random stuff
@howelloneill@infosec.exchange avatar

It is so intense for a reporter to write "scoop" on something that company PR sent them

howelloneill , to Random stuff
@howelloneill@infosec.exchange avatar

What's it mean when I have a follow request here? My account is public so I feel like it might be something to do with the respective servers and how they interact?

howelloneill , to Random stuff
@howelloneill@infosec.exchange avatar
howelloneill OP ,
@howelloneill@infosec.exchange avatar
howelloneill , to Random stuff
@howelloneill@infosec.exchange avatar

It’s wild that the student protests are making top headline news as if occupying an Ivy building is a national crisis. I just listened to NPR and they talked about the “escalating” student protests first, before they talked about the pending military offensive that they’re about. Which should take first billing? Journalists are failing.

malwaretech , to Random stuff
@malwaretech@infosec.exchange avatar

[Thread, post or comment was deleted by the author]

    •
    howelloneill ,
    @howelloneill@infosec.exchange avatar

    @GossiTheDog @malwaretech a funny thing is the idea, held by a shocking amount of people now, that everyone was gung ho on war when the anti war protests were among the biggest in human history https://en.wikipedia.org/wiki/15_February_2003_anti-war_protests?wprov=sfti1

    howelloneill ,
    @howelloneill@infosec.exchange avatar

    @GossiTheDog @malwaretech same

    howelloneill , to Random stuff
    @howelloneill@infosec.exchange avatar

    I just got a pop up on my iPhone alerting me to a new iPad being added to my iCloud account. It said it has access to my iMessage. This wasn't me, so I was alarmed. I went to check my settings but the only iPad there is the iPad I've owned for several years. All the devices on my account are mine. Has anyone seen something like this? Can you get an alert like this in error or is it more likely to be a problem? I'm researching around but figured a post here couldn't hurt given the crowd.

    howelloneill OP ,
    @howelloneill@infosec.exchange avatar

    ps if you're trying to get into my icloud, chill out, there's nothing of value, you're wasting both of our time.

    howelloneill OP ,
    @howelloneill@infosec.exchange avatar

    One possible/probable diagnosis I've found: "This behavior seems to be common when a device's OS is upgraded (major or minor update)." I didn't upgrade my iPad, I was walking my dog, but it could have done it automatically.

    howelloneill OP ,
    @howelloneill@infosec.exchange avatar

    I guess this is one of those fun iOS moments where it's impossible to, for example, look at logs at see if anything like this occurred.

    howelloneill OP ,
    @howelloneill@infosec.exchange avatar

    Thank you for joining me on this episode of Half Assed Incident Response

    howelloneill OP ,
    @howelloneill@infosec.exchange avatar

    My posts auto-delete so likely no one will stumble upon this in the future but, on the off chance: This notification appears to go out in error pretty regularly. Sometimes it's the result of an update, other times it's when a device comes online for the first time in a while. iOS makes it fairly impossible to troubleshoot this but given how many times it happens -- judging by google results -- I'm feeling like this is an Apple problem, not a me problem.

    howelloneill , to Random stuff
    @howelloneill@infosec.exchange avatar

    When people talk about AI and say things like "in a very quick amount of time we won’t be able to trust anything on the internet without verification tools," what tools are they talking about? Do they actually work or is it just more obfuscation-by-marketing?

    howelloneill , to Random stuff
    @howelloneill@infosec.exchange avatar

    Good
    https://www.nytimes.com/2024/04/23/business/noncompete-clause-ban.html?smid=nytcore-ios-share&referringSource=articleShare&sgrp=c-cb

    howelloneill OP ,
    @howelloneill@infosec.exchange avatar

    I've worked at several companies that made me sign unenforceable noncompetes which are still shitty because they are essentially a fraudulent intimidation tactic.

    selenalarson , to Random stuff
    @selenalarson@mastodon.social avatar

    Tell me something good that happened for you this week

    howelloneill ,
    @howelloneill@infosec.exchange avatar

    @selenalarson my wife got a promotion

    howelloneill , to Random stuff
    @howelloneill@infosec.exchange avatar

    The fact that Wikipedia remains generally really good and useful despite everything else happening online is totally astounding and great

    GossiTheDog , to Random stuff
    @GossiTheDog@cyberplace.social avatar

    AI Tech Bros are VERY UPSET that reviewers are REVIEWING PRODUCTS

    howelloneill ,
    @howelloneill@infosec.exchange avatar

    @GossiTheDog what's so funny is that I heard Marques on a podcast talking about this pin and he was so luke warm about it. He was generous about the potential -- overly generous imo -- compared to everyone else. Hope these sensitive souls don't see the other much harsher reviews.

    howelloneill , to Random stuff
    @howelloneill@infosec.exchange avatar

    I've been using Ugmonk Analog weekly for a while and I really like it. I also have a big book pen-and-paper calendar. Obviously I still use app calendars but the pen-and-paper is now my top priority and it's the best set up I've ever had, fully recommend https://www.wired.com/review/ugmonk-analog-starter-kit/

    howelloneill OP ,
    @howelloneill@infosec.exchange avatar

    with that said, if anyone ever calls me a Productivity Guru I will have to fight you. I need a calendar, it's not deeper than that

    howelloneill OP ,
    @howelloneill@infosec.exchange avatar

    actually, if you even say the word guru around me I will dial 9 and then 1 as I await your next word

    howelloneill , to Random stuff
    @howelloneill@infosec.exchange avatar

    Invite me to this poker game

    howelloneill , to Random stuff
    @howelloneill@infosec.exchange avatar

    It continues to be completely amazing to me that we've just kind of accepted the fact that Instagram doesn't really allow links. People talk about walled gardens but IG rarely gets shouted out. Huge props to Zuck for seeing the fundamental point of the web -- the ability the link all of the world's information -- and giving it the finger

    howelloneill , to Random stuff
    @howelloneill@infosec.exchange avatar

    In the 30 years I’ve been on the internet, I’ve found one thing to be always true about online communities: the best communities have very strong moderation. Make rules, enforce them. A willingness and comfort with suspending and banning jerks strongly correlates with great community. 🔨

    howelloneill , to Random stuff
    @howelloneill@infosec.exchange avatar
    howelloneill , to Random stuff
    @howelloneill@infosec.exchange avatar

    Can Threads users, whose posts we can see here, see interactions from outside Threads?

    howelloneill , to Random stuff
    @howelloneill@infosec.exchange avatar

    I love minor earthquake twitter

    howelloneill , to Random stuff
    @howelloneill@infosec.exchange avatar

    Should CSRB have subpoena power? Should the structure of the board change? Seems like a good time to discuss, right after the Microsoft report, is the status quo good enough?

    howelloneill , to Random stuff
    @howelloneill@infosec.exchange avatar

    This is a solid timeline of the XZ backdoor, ht @GossiTheDog https://research.swtch.com/xz-timeline

    Quick question: If this effort began in 2021 and presumably involved numerous personas driving very deliberately toward this goal over the over course of the next 2-3 years, is it a safe guess that this is not all they were doing in the last 2-3 years?

    howelloneill OP ,
    @howelloneill@infosec.exchange avatar

    @lcamtuf @GossiTheDog Right, I remember reading that when you wrote it. It's a totally reasonable take. To be frank, I don't have much to base my question on except the sheer timespan involved here versus the number of data points on that (or any) timeline. The alternate theory is that government contractors are incredibly lazy and can get away with just one glacially-paced operation for a three year period. Inconceivable

    howelloneill , to Random stuff
    @howelloneill@infosec.exchange avatar

    I recommend you turn on the women’s basketball

    mjg59 , to Random stuff
    @mjg59@nondeterministic.computer avatar

    Just finished writing my lengthy paper on how "Many eyes make all bugs shallow", time to check what's happening on the internet today

    howelloneill ,
    @howelloneill@infosec.exchange avatar

    @mjg59 take a big swig of hot coffee before you log on

    howelloneill , to Random stuff
    @howelloneill@infosec.exchange avatar

    tiny thing but shout out to the reporters like @dangoodin who are very quickly tackling and covering a tricky but important issue in the xz backdoor. not easy but important work. it's cool if you are someone who can make sense of a linux mailing list but it's important for the rest of the world to be able to decipher what's going on too and that requires journalism.

    howelloneill , to Random stuff
    @howelloneill@infosec.exchange avatar

    does Microsoft still call their intel team MSTIC? I thought they had a name change but I may have just dreamed that up completely out of nowhere

    howelloneill OP ,
    @howelloneill@infosec.exchange avatar

    @GossiTheDog right, global behemoth and all that, I was just wondering if that name is still actively used by them

    SwiftOnSecurity , to Random stuff
    @SwiftOnSecurity@infosec.exchange avatar

    I just worry about what happens when they monetize mastodon you can’t just run on VC cash forever

    howelloneill ,
    @howelloneill@infosec.exchange avatar

    @SwiftOnSecurity this website hasn't truly made it until the spam bots hit

    howelloneill , to Random stuff
    @howelloneill@infosec.exchange avatar

    Do we know the initial infection vector for UnitedHealthcare? I haven't been following it as closely as I could have, wondering if I missed this detail

    howelloneill , to Random stuff
    @howelloneill@infosec.exchange avatar

    the rare good hacker news comment in the middle of a hype hurricane

    howelloneill OP ,
    @howelloneill@infosec.exchange avatar

    also, unrelated, but it's very funny to me that the top comment is a paywall-circumventing link to the NYer. Hacker News is made up, generally, of high earning tech workers/managers. Look, I understand paywalls are annoying but something about seeing these people adopt never paying for journalism as a cultural norm rubs me the wrong way

  • All
  • Subscribed
  • Moderated
  • Favorites
  • supersentai
  • WatchParties
  • Rutgers
  • jeremy
  • Lexington
  • cragsand
  • mead
  • RetroGamingNetwork
  • loren
  • steinbach
  • xyz
  • PowerRangers
  • AnarchoCapitalism
  • kamenrider
  • Mordhau
  • WarhammerFantasy
  • itdept
  • AgeRegression
  • mauerstrassenwetten
  • MidnightClan
  • space_engine
  • learnviet
  • bjj
  • Teensy
  • khanate
  • electropalaeography
  • neondivide
  • fandic
  • All magazines
    •