Discover and read the best of Twitter Threads about #SECURITY

Most recents (24)

QUESTIONS YOU SHOULD NEVER ANSWER ON/OFFLINE - Have you been asked about your -

- Childhood
- Family
- Favorites
- Favorites Historical
- Firsts
- Personal Characteristics
- Education
- Work

A #thread

#SecurityQuestions #Beware #BeAware #Risk #Security
A security question is a form of shared secret used as an authenticator.

It is commonly used by banks, cable companies and wireless providers as an extra security layer. - @Wikipedia

#SecurityQuestions #Beware #BeAware #Risk #Security
When a random post asks you any or a combination of any the following questions, let your antenna be up and please ignore:

The house number & street name you lived in as a child?

#SecurityQuestions #Beware #BeAware #Risk #Security
Read 21 tweets
It's #SaferInternetDay today. Will tweet some tips today.
1. You can't lose what you don't have. Only register an account for a website or app when you really need to. Use a throwaway email address (like Mailinator) and fake as much personal data as possible.
#Security
2. Never reuse passwords. Even not for "low value" accounts. Use a password manager or even a password book if that's most convenient for you to support you in creating unique passwords.
#SaferInternetDay #Security
3. Configure 2FA for your online accounts when possible, even if only SMS based 2FA is available. 2FA is always better than no 2FA. Configure a fallback (2FA backup codes or other recovery mechanism) for when the code cannot be received or generated.
#SaferInternetDay #Security
Read 10 tweets
Another card consolidation scheme. "Curve".
Whether you're a small business or a giant payments provider, if some nobody startup tries to wedge itself between you and your customers, f$%^ them up, with extreme prejudice. Seriously.
My previous comments on Curve's lazy, cynical, parasitic business model:
Another failed scheme from a few years ago, "Fuze"
facebook.com/ideafaktory/po…

And Amazon tried this with their "wallet"
facebook.com/ideafaktory/po…
Read 6 tweets
"I want to warn the world about an unprecedented danger that’s threatening the very survival of open societies.

…I’ll focus on #China, where President #XiJinping wants a one-party state to reign supreme."

project-syndicate.org/onpoint/the-ai…
"Xi is trying to consolidate all the available info about a person into a centralized database to create a 'social credit system'..people will be evaluated by algorithms that will determine whether they pose a threat to the 1-party state. People will then be treated accordingly."
"#China is not the only #authoritarian regime in the world, but it is undoubtedly the #wealthiest, #strongest & most developed in machine learning & #AI.

This makes #Xi the #most #dangerous #opponent of those who believe in the concept of #OpenSociety."

project-syndicate.org/onpoint/the-ai…
Read 22 tweets
Your browser is (probably) one of the apps you use most throughout the day. What can it do to protect your privacy online? Let's take a look.

vi.tc/2CICDnZ

#privacy #Security #YourBrowserMatters
Your browser:

1. Secures your connection to websites.

When you connect to a secure (https) website, your browser establishes a secure connection with that website. All data is encrypted so that only the browser and the website can see what is being sent over the connection. 🔒 The site info pane in Vivaldi browser
2. It checks for certificates.

Your browser checks the certificates sent by the website to make sure you’re connecting to the real domain. That stops attackers from pretending to be that website. Simply put, an attacker will not have the website’s certificate.
Read 13 tweets
So I wanted to encrypt some files. Thought about using 7z+password. Stackexchange folks said "Didn't review it but it should be fine. You can browse the code yourself". So I did. After a few mins I noticed they use 8byte "random" IV. Yes, half of IV is zeroes. But it gets worse.
Aside from the fact that 7z XORs plaintext with zeroes, I was curious about the "RandomGenerator" which generates IV. That's when I vomited. The first comments say "This is not very good random number generator. Please use it only for salt." It is not used only for salt.
Yes, it uses PID and time(null) as seed. Yes, this is 7zip's random generation code running on your computers in 2019. More "cursed" code below. #7zip #encryption #facepalm #randomness #entropy #RNG #crypto #cryptofail
Read 9 tweets
We all love your media player, but that’s really rude #VLC 🙄

VLC developers refused to consider #software "update-over-HTTP" as a threat.

Responded→ “no threat model. no proof. no #security bug"

It wouldn't hurt if you simply consider the suggestion.

trac.videolan.org/vlc/ticket/217…
Though VLC updates are "signed and authenticated with OpenPGP," as developers said, adding an inexpensive but an important extra later of security is a considerable suggestion.
Yes, absolutely. But Looking at your software' popularity and the user base, adding another "easy to implement" second-factor authentication is not a bad idea. Or is it?

Read 3 tweets
There are just over two weeks left to submit a talk for #GR8Conf EU 2019 at cfp.gr8conf.org

If you need ideas, here's a thread.

#groovylang #grailsfw #gradle #spockfw #gebish #griffon #springboot #micronautfw #ratpackweb #sdkman #android #devops #ci #cd #cfp #jenkins
Feel free to like/❤ a topic you’d attend and @ people you think should submit a talk on this topic. I have A LOT of ideas so I’ll spread this out over a few days maybe a week depending on how this goes.
1/ an intro to @spockframework

including:
- using #spockfw in a polyglot organization including any tips/tricks for integrating with other languages like #Java and #Kotlin
- the top things you wish you knew when you started using spock
- good testing practices in general
Read 15 tweets
Second cache of 9/11 docs released by The Dark Overlord hackers rt.com/usa/448416-hac…#september11 #DarkOverlord #TheDarkOverlord #ITsec #ITsecurity #IsraelDid911
According to @Forbes, the cybercrime group known as #TheDarkOverlord has acquired 18,000 documents, many of which are related to the 9/11 events, and are demanding #bitcoin ransom in return for the data. #DarkOverlord
forbes.com/sites/thomasbr…
Read 24 tweets
@KonikuTech We are deliberate...Yes, we work with great intent, always and rightfully so. Did you know the word Koniku means immortal? It comes from the south of Nigeria. There is a whole back story it? Would you like to know...? 1/6
Now, have you seen the device we are debuting soon? Its inspired by natural iridescence: pinterest.com/pin/8760915523…. The iridescence typified by the Scarabaeus sacer of Egyptian mythology, the divine manifestation of the early morning sun...Read about Ra: en.wikipedia.org/wiki/Ra 2/6
For those fortunate enough to have visited the Koniku HQ in Berkeley (🤫, your NDA still applies...sorry 🥺... blame the lawyers), one of the first remarks they make is: "it's a Jellyfish!". Yes, that's also deliberate. The number 1 remark is "how do you keep neurons alive?" 3/6
Read 6 tweets
#Q new thread
VP .. SA..MISSILES..NOV 2017.. TWITTER.. LOC.
Why Did VP get envelope to?
#911
#money
#security
#SA.
#PODESTAGROUP
#LAWYERS
#QAnon
What does VP know relates to 911?
@arresthrc
@fedupwarriorq17
@Qstorm1969
VP & Tim Kane 911.

freebeacon.com/politics/tim-k…
@fedupwarriorq17 @arresthrc
@Qstorm1969
Read 58 tweets
Automotive blockchain platform opens new opportunities for connected vehicles

#blockchain #vehicles #connectedvehicles #IoT #BlockletTVA

smart2zero.com/news/automotiv…
IBM, Seagate partner on blockchain anti-counterfeiting project

#blockchain #security #technology #harddrive

smart2zero.com/news/ibm-seaga…
SpaceChain blockchain-based satellite network a step closer to reality

#blockchain #satellite #networks #opensource

smart2zero.com/news/blockchai…
Read 5 tweets
Earlier today, I wrote a tweet about another @Twitter promoted tweet #phishing advert and I reminded you that I had written about it a couple of week ago. link.medium.com/UXh4iZtCMR

Well, guess what has happened since this morning...?

#security #scam
Amazingly, there had been another one today, @twitter!

This time, @farahmenswear is the main hacked account and the supporting account for this #phishing #scam is incredible...
Amazingly, the supporting accounts for this #phishing #scam include @EuroParlPress - the European Parliament Press Office. This is now off-the-scale!

Maybe @guyverhofstadt or @GabrielMariya can look into what is going on?

link.medium.com/UXh4iZtCMR
Read 4 tweets
I wrote a piece about #phishing adverts on @Twitter a couple of weeks ago. @TwitterSupport had put it about that they had it under control. Here’s the article...

link.medium.com/UXh4iZtCMR

#security #digitaladvertising
Incredibly, it’s still going on. This is a #safety and #privacy issue that is not being addressed by @TwitterSupport.

This time @capgemini_aust are the main target and it is EXACTLY the same promoted advert that I highlighted in my article. link.medium.com/UXh4iZtCMR
The accounts used to legitimise the #scam this time are

@BenAllenCA @azariarachel @ARTNIGHTLDN @AKIpress_com and @67Kelechi.

Once again, all of them are @verified accounts. And this is still live over half an hour after it was posted.

#security #privacy
Read 5 tweets
It’s Time Twitter Cleaned Up The #Phishing Ads

I’ve just written this. I’m passionate about Twitter - always have been. I love how it is tackling fake accounts and hoping to reduce the amount of extremism online. But these adverts should be a priority.

link.medium.com/gCqRV3BVAR
Today’s scam has roped in @patheuk, @swansladies, @sarahscoop, @angola2411, @bookmyshow_sup - last time it was @monsterjobs, @GeoffroyDidier, @wsu_womensgolf, @CarteNoireUK and @rpsgmavericks - all without their knowledge and all trying to scam people out of their #bitcoin.
Each of the accounts used in the scams are @verified and, last time this happened, I copied in @TwitterSupport so they knew it was happening. It looks like it takes about 30 mins-1 hour to take down these scams but that is long and the damage to innocent accounts lasts longer.
Read 5 tweets
This is THE most incredible #scam on @Twitter yet and it raises all sorts of questions for @twitter, @verified and @jack (there goes my chance of ever getting my blue tick!!)

It starts with a promoted tweet...
You’ll notice that, on the #promoted tweet, the account name is Elon Musk and it has a blue tick... so it’s got to be legit, right?
But, if we need proof that this is a genuine offer from Elon Musk, we just have to click on that account and see his other tweets to make sure it’s him...
Read 12 tweets
If #ETN #Electroneum @electroneum #ETN242 $ETN was a #startup I will definitely put all my money to them like I made during the #ICO stage:
BCS i see the potential with this hybrid model #fintech & #blockchain #company & like the potential with the GROWTH we have #instantpayment
2/3 We have integration to #WooCommerce & #magento and we are searching more clever people #developers who help us with integration to more #webshops #eshops with other #plugins so if you want to earn money accept as as #payment option like #vendor or check our #hackerone program
3/3 For #developers #PHP experts are there links you can be rewarded if you help us with #security #hacks #problems #fix some #issue GO
1 hackerone.com/electroneum
2 Plugins needed for #eCommerce #Opencart #WIX #prestashop #omnipay #jigoshop #drupal THX lot community.electroneum.com/t/instant-paym…
Read 4 tweets
(1) The Chinese spy chips found in hardware of Apple and Amazon should have been expected. There's a long history of cases like this. #cybersecurity #defense #security
(2) The Senate Armed Services Committee warned of this threat in May 2012, and found over 1 million counterfeit parts is US military systems — largely from China. theepochtimes.com/fake-electroni…
(3) It reported: “The investigation uncovered dozens of examples ... including on thermal weapons sights delivered to the Army, on mission computers for the Missile Defense Agency’s Terminal High Altitude Area Defense (THAAD) missile, and on a large number of military airplanes.”
Read 21 tweets
Friction is the enemy of #compliance. Before you conduct security awareness training for topics like third-party security, make sure you understand and FEEL the friction in the end-to-end experience for employees who have to follow those processes and policies. #UX matters. 1/
Sit with your sales team to understand the #UX of getting an NDA in place with a prospective customer or partner. Try to understand the pain and confusion when it comes to delays, manual steps, confusion, approval workflows, or lack of integration with things like #CRM. 2/
Ask yourself: do the right people have access to the #ContractManagement or e-signature systems, or do they need to REQUEST access and wait for approval? Do the systems support #SSO? Do people have to manually print and scan docs (in 2018!), and if so - do they know how? 3/
Read 8 tweets
This is the best thing on Twitter this morning. I see too many security products trying to *replace* human-to-human interaction - there’s a good chunk of security and privacy that’s about *people*.

Let’s make more products which help people STOP, collaborate, and listen 😝
Forgetting about the “people” part of security is why we’ve heard “GRC is dead” for the last 10 years. We’re on “GRC 4.0” now and it *still* sucks.

GRC tools like Archer are designed for Process and Technology but forget about the poor People who have to use that dumpster fire.
We still have new vendors trying to design single-pane-of-glass “CISO dashboards”, meanwhile *very* few security companies are truly focused on people (not just security people) inside of organizations.

@duosec is one of the few companies who has focused on people. @habitu8 too
Read 10 tweets
We have a huge credibility problem in information security and it's time we addressed it. We #infosec experts spend too much time asking "How do we get users to care more about security?" - and not enough time asking "How do we get security to care more about users?"
We give security advice without considering the impact to users in terms of cost, time, complexity, and risk of harm. A perfect example is "Turn on #2FA everywhere". It's #2factortuesday, right? I'm a fan. We spend endless hours debating whether SMS-based 2FA should ever be used.
Meanwhile we've spent ZERO time educating users on the risks of harm with #2FA. Namely, the risk that they could lose access to their account. The recovery procedures for 2FA-protected accounts are nearly impossible for average users. How honest are we about this with users?
Read 8 tweets
It's a criminal offence to falsifying a legal instrument. But if the #MetPolice / #LBRUT do it, then there is not even an investigation. 12 years of silence. Evidence to prove it - ukcoverup.com/search-warrant-

#skynews #lbc #theresamay #uk #bbcnews #coverup #c4news #worldnews #ukgov
Welcome to the #Metpolice who also changed & falsified my arrest details. Have a look at the evidence here ukcoverup.com/arrest-details as it's all easy to prove & that's why it's never addressed

#R4today #corruption #coverup #leadership #values #corevalues #bbcnews #skynews #itvnews
Read 97 tweets
Many people are too consume with the idea of owning a plot of land so sometimes feel too elated to do due verifications before making payment. In this thread, i will tell you how a survey plan search, an essential land check can save you from land trouble. THREAD👇👇👇
Before i go ahead, it is essential we understand what a survey plan means: A #Survey plan is a document that measures the boundary of a parcel of land to give an accurate measurement and description of that land #RealEstate #LandDebate
The people that handle #Survey issues are Surveyors and they are regulated by the office of the Surveyor general in #Lagos as it relates to survey issues in Lagos. #RealEstate
Read 18 tweets
Today, @CER_EU publishes my piece on #Brexit and #JHA. I have been looking at this for 1,5 years so I hope I did not make too many mistakes (links to piece - cer.eu/publications/a… and opens thread)
At the outset of the #Brexit process, most people assumed that a deal on #police and #judicial co-operation was easier to get than one on #trade. Time has shown this is not the case. Ongoing co-op on #JHA is one of the few items yet to be agreed on #withdrawal deal. Why?
Well, because the #EU and #UK's opening positions in the #negotiation are incompatible: Britain wants a #bespoke agreement with the EU, a la #Schengen, but is not willing to accept #ECJ or #EUCharter. EU wants to replicate existing models. What to do?
Read 10 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!