Discover and read the best of Twitter Threads about #Security

Most recents (24)

#InvArch is an intellectual property & decentralized development network for #web3. InvArch is not just new to the @Polkadot ecosystem, but also a novel project throughout the entire #blockchain community.

This thread serves as a brief introduction to the project.

1/24
First, it is important to understand the three (3) key focuses of the network:

1.) Allow users to tokenize their ideas (intellectual property #IP).

2.) Provide a secure environment where ideas can be shared.

3.) Foster a network for collaboration and partnership forming.

2/24
#InvArch views #ideas as sets of non-fungible components. Specifically, InvArch introduces Intellectual Property Sets (#IPSets), which are collections of #NFTs called Intellectual Property Tokens (#IPT). These files are what help to describe and detail an idea.

3/24
Read 24 tweets
🚨🚨 Another 10K giveaway

50 Like - Burp Suite Ext Dev - 10 Coupons
100 Likes - SOP Zine - 10 Coupons
150 Likes - Web Auth Zines- 10 Coupons
200 Likes - Bundle - 3 Coupons

Thanks to @FeedHive_io for post conditions functionality.
#Security #Learn365 #bugbountytips #bugbounty
Woah we hit 50 Likes, here is the link for Burp Suite Plugin Development Guide : securityzines.gumroad.com/l/burp-plugin-…

Only 10 Grab Fast.
Woah we hit 100 Likes, here is the link for SOP Zine : securityzines.gumroad.com/l/sopzine/21so…

Only 10 Grab Fast.
Read 7 tweets
This $CYBL tweet has more clues than you think from @CyberluxC.

Did you catch #FlightEyeDNA w/ #StrategicIP and the mention of $LMT = #NVG 🧩

Remember me talking about #TestBeds?

$BAESY strong theory for European connection.

$CREE $WOLF $LHX $BA $NOC $HON relevant!

Thread ⬇️ ImageImageImageImage
Read 15 tweets
the biggest disappointment I have with @awscloud IAM is that people don't use it like a dynamic system

permissions are still granted on/off, very few teams add a time component in there but they are starting to with roles

...I think there's more there

🧵☁️ #cloud #security
of course, that tweet probably gave @ben11kehoe a heart attack (sorry Ben!)

...on that note, Ben just published ANOTHER fantastic post on @awscloud IAM, he's on a roll lately

🧵☁️ #cloud #security
"Never put AWS temporary credentials in the credentials file (or env vars)—there’s a better way", by @ben11kehoe

the title says it all, but in the post he dives into the why and what might be better ways for you

ben11kehoe.medium.com/never-put-aws-…

🧵☁️ #cloud #security
Read 7 tweets
THIS IS LEARN HACKING PART 2🧑‍💻
/A thread🧵👇
There was part one be sure to check it out.


#cybersecurity #infosec #Security
4a) BEGINNER VIDEOS AND SOME INTERMIDIATE

- Corey Schafer (@CoreyMSchafer)- YouTube - youtube.com/c/Coreyms
- code with tim python (@TechWithTimm) - YouTube youtube.com/c/TechWithTim
Read 14 tweets
@Europarl_EN 14 Jan⏰1999 @Europarl_EN
Report on environment, #security & #foreignpolicy.
Committee on #Environment, Public #Health & #Consumer Protection🔔▶ europarl.europa.eu/sides/getDoc.d…🔔 #HAARP disrupts❕ #climate

#ClimateCrisis😱 #MADEinUSA ® HAARP #DEW

#ClimateEmergency
#ClimateChaos
@Europarl_EN @TimmermansEU @EU_Commission @EUCouncilPress @EU_Consumer @EUCourtPress @eu_echo @EUClimateAction @fvdemocratie @coe @PieterOmtzigt #FreemanDyson💎math physicist. Worked in the same building @Princeton as #Einstein💭when Einstein was there "big brain"💭
Knew the guy who designed 1st #ClimateCrisis👎model"

"EU using #ClimateChange to justify its own existence"
- #PaulNuttall @ukipmeps
Read 27 tweets
One thing people often don't know about #Ergo is it's use of Sigma Protocols (Σ-protocols) (afaik entirely unique to Ergo) and will dive into them in this thread 👇👇
1/ #Ergo’s smart contracts and #DeFi functionality are built on Sigma protocols – a powerful, flexible class of zero-knowledge proofs. A zero-knowledge proof allows someone to prove they know the solution to a problem without actually revealing the solution itself $ERG
2/ ∑-protocols are a sub-class of efficient and composable proof-of-knowledge protocols, using simple AND and OR logic, you can ask for a signature with "Prove to me knowledge of either this secret OR that secret" (this is a one-of-two ring signature) $ERG #privacy
Read 7 tweets
10 Useful websites for cyber security.

🧵

@shifacyclewala
#infosec #bugbounty #security
1. @DanielMiessler

An experienced cybersecurity expert, consultant and writer. Worth reading his blogs, curated newsletters, essays, podcasts and high-quality writing.

Link:
danielmiessler.com
2. @gcluley

A longtime industry expert who held senior roles with Sophos and McAfee before deciding to begin “working for myself” in 2013

Link:
grahamcluley.com
Read 11 tweets
Dr. Watson and I enjoyed a great afternoon discussing the challenges of securing The Hague, including the @OPCW attempted capture of electronic signals by the GRU from 2018. I had to step outside to snag some pictures of the building and the parking lot. Thanks again to …
the Dutch Ministry of Justice and Security.

2018-Apr-10: four Russians enter the NL as diplomats into AMS

2018-Apr-11 and 12: the four drove around OPCW in The Hague with WiFi interception equipment to capture user logins; one laptop had MH17 data on it
Immediately when the equipment was turned on, the agency noticed it and arrested the four Russians. One of the four destroyed their mobile phone when approached by the police. The same mobile phone that was activated near the GRU building in Moscow.
Read 4 tweets
‘The Trojan Horse Scandal and the Problem of Equalities in Britain Today’.

The event examined the scandal from a broad range of perspectives, engaging with debates on #equalities, #liberalism, and #Britishness.

northernnotes.leeds.ac.uk/the-trojan-hor…
It also provided an opportunity to discuss and generate a dialogue about the significance of the 'Trojan Horse’ scandal and the duty placed on schools after the scandal to promote Fundamental British Values (FBV) in the promotion of #democracy.
Speakers analysed how both are reproducing narratives of racial discrimination & inequalities in a context that is informed by minoritising communities, #problematising specific religious #values, & essentialising the signification of social, religious, & cultural identities.
Read 47 tweets
Here is the full Thread for

The iOS 15 Data Experiment Part III

CONFIRMED: THE DATA LIVES ON!

#infosec #ios #iPhone #Apple #bugbountytips #infosecurity #Security
I know i was going to go deeper into the bluetooth connections, but if I don't hold on that I'll never finish! lol, my purpose is to prove that data still exists on your phone even though you have done a "full restore."

OTAUpdateLogs
restore_perform.txt shows the entire process
Not to deviate too much from the task, but I love how straight forward this is...

collecting logs at "/private/var/mobile/Library/Logs/CrashReporter/DiagnosticLogs/sysdiagnose/temp.l1OzUV/brctl"
- sending SIGINFO to cloudd
Read 7 tweets
This is the thread for

The iOS 15 Experiment Part II

CONFIRMED HIDDEN BLUETOOTH DEVICE CONNECTIONS!

#infosec #ios #iPhone #Apple #bugbountytips #infosecurity #Security
As I am looking through the Diagnostics Dump I notice that my phone is already Bluetooth paired with my computer via a (cloudpaird daemon...???)

The image is a screenshot of the data

Yes i'm showing my BT Mac Address...i'm a scientist get over it.
I wanted to show you all I was not looking at the data wrong so I ran

ideviceinfo

then i did a search Bluetooth

The bluetooth mac address on my phone matched the output of ideviceinfo, so we do have a valid data set
Read 10 tweets
🌎

1. The U.S. sees a vital role for the Security Council to tackle the negative impacts of climate on peace and security.

U.S. Secretary of State Blinken said this when he addressed the U.N. Security Council on the impact of climate change on security.

Thread 🧵

#Climate Image
🌎

2. Blinken said climate change is taken into account at every foreign policy decision because of its devastating implications and the cascading effects on virtually every aspect of our lives, like #agriculture, infrastructure, public #health, or food. theplanet.substack.com/p/the-us-sees-…
🌎

3. Blinken said: "The consequences are falling disproportionately on vulnerable and low-income populations. And they're worsening conditions and human suffering in places already afflicted by conflict, high levels of violence, instability".

🧵 #UNSC
theplanet.substack.com/p/the-us-sees-…
Read 19 tweets
Today, @irishmissionun hosts a #UNSC debate on #climate and #security. @SCRtweets has a preview: securitycouncilreport.org/whatsinblue/20…
The @UN #FoodSystemsSummit also takes place today, highlighting the overlap between 3 critical issues.

We'll be tweeting highlights from today at #UNGA 🧵👇
@irishmissionun @SCRtweets @UN @monkeycageblog @washingtonpost @McFarlandKellyM @KitGraceEvans At the UNSC today, world leaders spoke of climate #resilience in the face of existential threats to our environment:
Read 10 tweets
Data leak exposed 38 million records, including COVID-19 vaccination statuses | Engadget engadget.com/microsoft-powe…
And then this BS!!! F U @Microsoft @Azure
@Microsoft @Azure So when i report it APRIL 8th, 2021 it's NBD!!!! OooookkkkkkkkkKKK WTF is Going on HERE!!!!

PAGE 8
github.com/jonathandata1/…

#bugbounty #infosec #scam #fraud #security #DataLeak @guardian @cnnbrk @washingtonpost @FBI @FBI
Read 4 tweets
Thread #FreedomToVoteAct
From a #Security and #Technology POV, there are some excellent points in the new version & some very concerning ones.

BEST SECURITY PROVISION
Preprinted #handmarkedpaperballots are required in the polling place!! This is something many of us fought for
Voting systems that can print on ballots after they are cast are prohibited - but the provision is weak. It can be "through mechanical means or through independently verified protections." I believe that means it is allowed, but you have to check if it's happening. Not great.
The voter's privacy must be maintained. That's great!
Read 12 tweets
Between the 3 Sept and 10 Sept, secure env vars of *all* public @travisci repositories were injected into PR builds. Signing keys, access creds, API tokens.

Anyone could exfiltrate these and gain lateral movement into 1000s of orgs. #security 1/4

travis-ci.community/t/security-bul…
Felix Lange found this on the 7th and we've notified @travisci within the hour. Their only response being "Oops, please rotate the keys", ignoring that *all* their infra was leaking.

Not getting through, we've started reaching out to @github to have Travis blacklisted. 2/4
After 3 days of pressure from multiple projects, @travisci silently patched the issue on the 10th.

No analysis, no security report, no post mortem, not warning any of their users that their secrets might have been stolen. 3/4
Read 7 tweets
"#Data: a new direction" - a public consultation by @DCMS on "reforms to the UK’s #DataProtection regime":

gov.uk/government/con…

The consultation ends on 19 Nov 2021, and you can respond by e-mail to DataReformConsultation@dcms.gov.uk or online here:

dcms.eu.qualtrics.com/jfe/form/SV_4P… Image
A quick sample of initial reactions...

We're clearly going to be hearing a lot about #LegitimateInterests, as well as #commercial and #public ones. The real question being, how do this Government's interests actually align with YOURS?

140+ pages on a Friday is a lot to digest, but @lilianedwards' "penumbra of often futile determinedly populist ideas largely not evidence-based" seems entirely consistent with @DCMS's Drunkard's Walk through #data and #ID this past year...

Read 28 tweets
¡OpenSSL 3.0 ha sido publicado!

Tras 3 años de trabajo de desarrollo, 17 versiones alfa, 2 versiones beta, más de 7.500 commits y contribuciones de más de 350 autores diferentes, ¡por fin ha sido publicado OpenSSL 3.0!

Abro hilo...
OpenSSL 3.0 pasa a la licencia Apache 2.0. Las antiguas licencias "duales" de OpenSSL y SSLeay siguen aplicándose a las versiones más antiguas (1.1.1 y anteriores)
Esta versión mayor no es totalmente compatible con la anterior. La mayoría de las aplicaciones que funcionaban con OpenSSL 1.1.1 seguirán funcionando sin cambios y simplemente tendrán que ser recompiladas (es posible que aparezcan avisos sobre el uso de APIs obsoletas).
Read 10 tweets
🕵️‍♂️TLDR; Given the craziness in the cyber space - I mean its bad - I am building tools for personal cyber survival and opsec. A personal challenge with positive externalities

🚩Goal? Make it easy for people to use, but also effective and efficient. When I say 'easy', I mean it!
🔧 Tools? Practical security checklists, password checker (w/94GB list +real breaches), darkweb/cloud of logs monitoring, tips and solutions to reduce personal cyber risk. New ideas are welcome.

🌍 Focus? UK and Italy for starters
If interested in initial access like/DM and I will keep you posted 😉

🤯 Challenges? A few, beyond laws and privacy concerns

⏱️ When? Mid/End October should be feasible for an initial web release.

Name? not sure yet, I'm going with the flow ⛵️

#cyber #dev #code #security #DIY
Read 4 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!