Systems security, author DecentSecurity.com, GotPhish.com, SciFi @ UniversalShards.com, sysadmin & SecEng. Microsoft MVP, Client Security 2021. they/them/tay
Cyber, USA
Joined April 2014
- Tweets 137,118
- Following 9,033
- Followers 334,021
- Likes 118,470
"The chorus of laughter in these flames is from hearing you think time is a gift, or that demons are the damned. God invented time to kill you, Gabriella. Each clockface has two hands β one to beat the life out of you, the other to put you back on the wall until your expiration."
7
10
1
88
Certified hyper-genius Hank Green agrees
3
13
0
149
SwiftOnSecurity retweeted
"These malicious ads are clever too. [ When ] browser's dev tools opened (to record the redirect event), they will go to an entirely different endpoint. When the tools are closed, they go to the malicious endpoint."
switches on Cache-Control: no-cache or Pragma: no-cache header
Incredible, it appears as though Google is allowing malicious sites to take-over Brave search terms to target the vulnerable. Consider this site, which uses a homoglyph in the URL to look official. The download is flagged as malicious by several security vendors. Please report!
Show this thread
3
58
2
145
SwiftOnSecurity retweeted
Instructive: FDE laptop, sniffed BitLocker decryption key coming out of TPM [via SIP bus sharing CMOS], backdoored [sticky keys] virtualized image, used VPN auto-connect feature to attack the internal corporate network via @nickdothutton by @DolosGroup dolosgroup.io/blog/2021/7/9/β¦
6
122
16
339
SwiftOnSecurity retweeted
I've also been tracking Nzyme by @_lennart
nzyme.org/
You can run this on a RasPi with good WiFi monitor hw, and then over Ethernet do appropriate reporting of various attacks.
2
3
0
18
I used white silicone bumpers on the cameras and white spraypaint on the PIR motion sensors to ensure direct sunlight on hot days doesn't make them ineffective.
2
0
0
86
Note this is totally nonsensical, somebody is just going to taze me walking to my car and steal my backpack. But it's a fun game to wargame out home security stuff.
10
5
1
297
Cameras have motion push alerts and Alexa voice notification. Network closet on on UPS, underground utilities.
As a low-power more failsafe backup, I have 8 solar charged exterior motion sensors generally laid out according to the lights on my base station. Each sector diff sound
14
0
0
85
Next, I need security shatter film on all glass, and for bedroom windows/rear door getting security shutters like these. Bonus: Excellent thermal insulation when away or very hot days.
32
5
2
167
9,687
(The security shutters are more of a posturing move for internet content, but long term I think they would be nice to have. The glass film is far more reasonable.)
20
0
0
103
If you want a personal security nightmare go watch Upstream Color. Don't read the reviews or watch a trailer. And don't come back here saying this tweet didn't describe the movie correctly at all.
4
1
0
50
SwiftOnSecurity retweeted
What do you call an outdated VPN appliance run by the Federation of Electrical Engineering Technicians?
FEET PIX
25
44
1
384
Today I was thinking about the trajectory of security-critical software and code in my lifetime.
And the largest theme is moving towards simplicity of configuration. I don't understand what philosophies and realities drove decisions of the past for endless variables and footguns.
8
3
0
68
SwiftOnSecurity retweeted
The even have them at angles which simultaneously blew my mind and made so much sense when I first saw them.
The very german word for those is: SCHRΓGROLLLΓDEN
5
4
1
71
SwiftOnSecurity retweeted
In Germany these are commonplace and usually automated, often set on a timer even.
3
1
0
27
SwiftOnSecurity retweeted
Not just laypeople. Can't tell you how often I see this mindset in tech -- usually framed as "of course there's fifty thousand steps, it's ~secure~"
1
22
1
131
