Pinned
28 years ago today, 7 members of the hacking group @L0phtHeavyInd told the U.S. Senate they could "shut down the internet in 30 minutes."
Chris Wysopal
30.5K posts
Chris Wysopal
@WeldPond
Hacker. Co-founder Veracode. Former L0pht security researcher. GenAI Auto-repair of vulns is the future
- What are all the people who used "Sign in with Facebook" doing now?
- We've lost a true pioneer of the digital world, Kevin Mitnick. His ingenuity challenged systems, incited dialogues, and pushed boundaries in cybersecurity. He will remain a testament to the uncharted power of curiosity. #RIPKevinMitnick
- Replying to @WeldPond.@sifutweety pointed out that the fact that this is getting so many retweets is a credit to infosec education -- everyone knows this is a stupid idea.
- Does anyone want to share 15% of their password?
- "There are nearly 600K unfilled cybersecurity jobs in the U.S. right now, and about 3.5M open roles globally, says Lisa Gevelber, Google’s chief marketing officer for the Americas" This is because all the openings are entry level positions requiring 5 yrs experience.
- Log4j 2.16.0 is out and completely disables JNDI by default. logging.apache.org/log4j/2.x/chan…
- Current status: Sorry, I’ll have to get back to you. I’m dealing with an open source issue.
- "Password expiration requirements do more harm than good, because these requirements make users select predictable passwords" Thank you Microsoft. NIST agrees. Everyone who attacks password auth agrees. Can we get compliance to update their requirements.
- If you have an .io domain you should read this. When the British government announced last week that it was transferring sovereignty of an island in the Indian Ocean to the country of Mauritius, Gareth immediately realized its online implications: the end of the .io domain
- Due to U.S. telco networks being compromised, today CISA is recommending: 1. Use only end-to-end encrypted communications 2. Enable Fast Identity Online (FIDO) phishing-resistant authentication 3. Migrate away from Short Message Service (SMS)-based MFA 4. Use a password manager
