very interesting and relevant point. “You secure what you know/understand”. Most security (kinda) works in the abstraction build around what is understood, which is rarely the complete picture.

If you are using Zoom to send meeting invites, note that people no longer receive them as invites but as regular emails and it is ANNOYING!

In infosec, relentless sharing of knowledge and expertise is still the best way for growth. Don’t let marketing and legal tell you otherwise.

It's Friday, it's the end of a 4 day week here in Blighty which is also half term for a lot of schools.

A lot of people took this week as holiday, including your suppliers and support teams.
That makes it #ReadOnlyFriday .
Do not deploy to prod today unless it urgent, that's what…

If you don't understand someone's perspective on something, strive to understand their feedback loop first. An incorrect feedback loop will almost always generate incorrect perspectives.

My team just released a new tool called GraphSpy. Useful for testing M365 and Entra! insights.spotit.be/2024/04/05/gra…

Keep relying on shiny tools to detect bad things …

I just heard about a potential team downsizing, so if you’re looking for pentesters, red teamers, or technical leadership for those things, share your job openings. There are some folks who may be looking for work soon.

I wish people realised human rights weren't like a birthday cake. Someone else getting more doesn't mean you'll get less.

░O░S░T░ ░I░N░ ░B░I░O░

Dan Kaminsky used to say : “The world runs on TCP/80” (granted, it’s 443 mostly today). The reality today is that everything is code. That is our baseline for what we are securing. Everything that drives value in businesses in 2024 is connected to code. Period.

There can’t be anybody with even a fragment of a functional brain left that can justify bombing a legitimate World Central Kitchen convoy would do anything for your cause. 3 missiles, more than 2 km apart, is not an incident. It’s a war crime.

Just heard an excellent consulting/offsec team lead became available for whoever is first. Feel free to DM for intros. This guy is fucking ace and will take your team to new heights!

#TheSecurityPath is a great testament that shows how diverse the paths into infosec are, how people build value through knowledge, and how one can take charge of their own path.

So … on that xz backdoor … is there any real proof that this is a specific nation state’s work? I’ve tried to delve through the publicly available stuff but haven’t found. real clues.

meat-induced coma is next.

The xz backdoor just got even *more* interesting… (h/t Filippo Valsorda @filippo.abyssdomain.expert )

If Jia Tan doesn't get a Pwnie Award this year, there is no justice in the world.

Wim Remes TR The two of us discussed this almost two decades ago. Most vendors add to the risk. The fault per SLOC ratio hasn't changed in a long time.

blog.recurity-labs.com/2006-02-14/11_…

I’m surprised this needs repeating:

Vendors don’t solve security risks for you.