Discover and read the best of Twitter Threads about #Security

Most recents (24)

But for every other country on earth, the #UnitedStates is the absolute worst country on earth.
We cherish #liberty but not enough to hang politicians for their every #encroachment on it.

(Remember, according to #ThomasJefferson (and all the natural rights philosophers who preceded him), the purpose of the government is to #securetheseliberties among men.)
Read 12 tweets
Stuck @ home wondering where China & world are headed? Read #TheChinaQuestions—36 @Harvard @FairbankCenter chs. ed. by Profs. @MichaelSzonyi & Rudolf!

Order: amazon.com/gp/product/067…

English: fairbank.fas.harvard.edu/china-question…

中文: bit.ly/FairbankCenter

한국어: bit.ly/ChinaQuestions
See great chapters by Profs. Elizabeth Perry, Joe Fewsmith, Rod MacFarquhar, Mark Elliott, Ya-Wen Lei, Arunabh Ghosh, Yuhua Wang, Arne Westad, Robert Ross, Ian Johnston, Steve Goldstein, Ezra Vogel, Richard Cooper, Dwight Perkins, Meg Rithmire, Mark Wu, Tony Saich, Nara Dillon...
..Michael McElroy, Karen Thornber, Susan Greenhalgh, James Robson, Leonard W. J. van der Kuijp, Bill Alford, Bill Kirby, Michael Puett, Rowan Flad, Peter Bol, Wai-Yee Li, David Der-wei Wang, Jie Li, Stephen Owen & Paul Cohen!

Honored to join them in this @FairbankCenter project!
Read 51 tweets
Governors of Nigeria's South-South geo political zone are set to facilitate the establishment of a regional security framework to manage crime.
 google.com/amp/s/www.sunn…
#TheDiscuss
#Security
@PoliceNG
@AcpIshaku
@segalink
@jstmo
@ChifeDr
#FridayThoughts
#FridayMotivation
This follows the passage of bills by States' Houses of Assembly in the South West : Lagos, Ogun, Oyo, Ondo, Osun & Ekiti; establishing the Western Nigeria Security Network, "Operation Amotekun"
 tribuneonlineng.com/as-amotekun-go…
#TheDiscuss
#Nigeria
@edoyakulo
@tysalihu
@CACCOT1
Recall also that a similar proposal had been voiced in the North
thisdaylive.com/index.php/2020…
Do these platforms indicate failure by the federal security outfits to manage crime in the country?
In what ways will these benefit the citizens, after all costs are considered?
#TheDiscuss
Read 5 tweets
1/25 How to Establish Secure Communications
- This is for you if:
- You’ve been stalked or harassed
- You think your spouse/partner is spying on you
- You are a journalist or activist
- You are a concerned about privacy
#30DaysofThreads #Security #infosec
1/25 What we’ll cover:
- Your risk profile
- Back Up Communication Plans
- Burner Phones
- Resources
3/25 Your Risk Profile:
If you believe your current phone, internet, accounts or computer are monitored, DO THIS NOW:
1) Do not/not use the phone, computer or accounts for communications with your trusted intermediary or with a third party you are asking for help.
Read 27 tweets
🚨It took Kraken Security Labs just 15 minutes to hack both of @trezor’s crypto hardware wallets.

Here’s how we did it and what it means if you’re a user:

blog.kraken.com/post/3662/krak…
@Trezor 2/ This attack relies on voltage glitching to extract an encrypted seed. This initial research required some know-how and several hundred dollars of equipment, but we estimate that we (or criminals) could mass produce a glitching device that could be sold for about $75.
3/ We then crack the encrypted seed, which is protected by a 1-9 digit PIN, but is trivial to brute force.
Read 6 tweets
Cuz #china is trying to kill me and my race it’s time they start paying all my bills and not only
Read 25 tweets
Mr. Hogan is the new @Trade_EU Commissioner and is making his first trip outside the EU as part of the @vonderleyen Commission. He is speaking with @CSISEurope's Heather Conley and Scholl Chair Bill Reinsch.
Mr Hogan was previously Irish Minister for Environment, Community and Local Government. At The Europe Desk, we recently interview @HcMEntee, Irish Minister for European Affairs, on Ireland's role in transatlantic relations after #Brexit: podcasts.apple.com/us/podcast/bri… @GUGlobalIrish
Read 47 tweets
📚tl;dr sec 19
* @shehackspurple & @j_opdenakker on getting into security
* Google's BeyondProd & code provenance (thx @MayaKaczorowski)
* Cloud, API, and file access bug security tools

... and I've got something big planned next week, stay tuned 🤫

tldrsec.com/blog/tldr-sec-…
Static analysis tools to find security issues in:

🌎Terraform scripts:
* github.com/liamg/tfsec
* github.com/bridgecrewio/c…
* github.com/cesar-rodrigue…

☁️CloudFormation templates:
* github.com/Skyscanner/cfr…
* github.com/stelligent/cfn…
Other #security tools:

Docker container that wraps 7 other #AWS security tools:
github.com/z0ph/aws-secur…

Automatic API attack tool that takes API specs as input:
github.com/imperva/automa…

Finding file access bugs:
github.com/google/path-au…
Read 4 tweets
[Thread on a thread] A lot of relevant questions listed by @jasmineelgamal, on which I would add few points :
1/ Beyond the decisions that are taken or not, the uncertainty created by #US messaging on #Syria before and now on #Iraq is making the work of US allies very complicated. Both military and civilian actions c/ #ISIS are paralized by uncertainty. Planning is simply impossible.
2/ Nobody wants #endlesswars and #America has to decide for itself its level of engagement in the #MiddeEast. The #US could be right to call for #burdensharing, esp. from #Gulf & #Europe, but the way it has been doing it makes it difficult for allies to answer operationally.
Read 5 tweets
An empty arena accessible in virtual reality style & accessible to a merchandise stand with stock currently available. Whhhhaa does that even mean? Any world arena that can be cloud stored for mobility-challenged folks planning but easy access in #VirtualReality no line for goods
Who else, but for those who could never access an arena, be thrilled by the #VirtualReality presentation of such with options to mix and match merchandise / @WWEShop on a virtual merch stand. Save and change up favorite arrangements, lights, sound envmt for simulated best merch.
@WWEShop I'm not talking about making @WWEShop a part of @2K @WWEgames although for some reason, the company has never tried. I'm talking a #WebAR (createwebxr.com) style disability friendly standard VR map (think Google Maps for arenas) for merchandise with languages & styles...
Read 10 tweets
I've been using #AWS for 8+ years now, so IAM is relatively second-nature to me. But I just sat down to explain it to someone new to AWS and... wow, it is a confusing service. (thread) #aws #cloud #security #cloudcomputing
First, we've got policies - what can the role do and what services can it access? Policies are JSON-based (although AWS added a "friendlier" UI recently, which honestly creates some really confusing output). Most common security mistake here: using wildcards.
An IAM user or role can then have multiple policies, each with 1+ statements. Policies can be inline, AWS-managed, or account-managed (i.e. shared). Policies can be attached directly to users or roles or to the groups those users are in.
Read 9 tweets
#ElectionSecurity funding will NOT actually have to be used for Election Security.
$425M allocated in bill to be announced later today.
"the funding deal used the language in the Senate version" which has NO #security requirements.
thehill.com/policy/cyberse… via @jennycohn1
@jennycohn1 2/ Why is this bad? Because states will be pressured by vendors to buy risky & expensive #votingmachines that do not protect voters or #taxpayers. Plz call members of the appropriations committee & ask them to include the language from #HR3351.
@jennycohn1 3/ What is #HR3351? It's the 2020 govt. funding bill that passed the House. It's a massive bill that includes $ & #security requirements to help protect #Election2020.

congress.gov/bill/116th-con…

Here is the language that relates to #ElectionSecurity.
#SMARTelections @jennycohn1
Read 15 tweets
#Security for #Election2020 is at stake right now.
1) #ElectionSecurity is for our national defense. It is worth investing in.
2) If we do not have security REQUIREMENTS w/funding some states will spend poorly. That is bad for tax payers & bad for voters. #SMARTelections
At our #Senate briefing on #ElectionSecurity we brought national experts on #computer systems, #security and #audits together to demonstrate why it's critically important that congressional funding for election security includes REQUIREMENTS for security.
smartelections.us/congressional-…
3/ How EASY is it to change election results? #Princeton Prof of #Computer Science AndrewApppel says it's basic. Voting machines are computers. Computers can be programmed to run malware. It could be done w/ a USB stick & via modem.
Read 9 tweets
The Cyber Attack Lifecycle describes the actions taken by an attacker from initial identification and recon to mission complete. This helps us understand and combat bad actors, ransomware, and others.

Let’s break down the steps ! 🧵

#30DaysOfThreads #infosec #security #tech 1/9
Initial Reconnaissance 🔎 - 2/9

Intruder selects target, researches it, and attempts to identify vulnerabilities in the target network. Some things attackers use and look for:

Whois
Target IP Ranges
Web Properties, Domains & Subdomains
Open Cloud Buckets
Google dorking
Initial Compromise 📬 - 3/9

Attacker compromises a vulnerable host. This may be a DMZ host or something in a higher security group via email phish. This is the first step into a network and why security people always say:

Don't click email links!
Don't open email attachments!
Read 10 tweets
Day 2 #Gambia v #Myanmar #ICJ begins, w/#ASSK up first. She declares #genocide is a crime, applied by #ICTR to #Rwanda but not to #Kosovo or #Croatia by #ICTY or #ICJ, because of a lack of dolus specialis.
Gambia has put fwd 'Incomplete & misleading factual picture'. Situation in #Rahkine is 'complex & not easy to fathom'. (same rhetoric as we have heard for years)
Complexities go back for yrs. Claims conflict btwn Arakan Army w/5000 fighters & the #Myanmar Army, w/Arakan Army seeking independence. The conflict has led to displacement & security measures such as curfew & checkpoints, applied to all regardless of background.
Read 123 tweets
1. CNN Gets Triggered By a Supercut of Their Impeachment Coverage of President Trump, Has It REMOVED From YouTube

(But We Have It)

#TRUMP #NEWS #Impeachment #ImpeachmentHoax #ImpeachmentHearing #FakeNews
2. Senators Sanders and Warren Could Face Arrest if They Skip Impeachment Trial nypost.com/2019/12/07/202… #TRUMP #NEWS #Impeachment #ImpeachmentHoax #ImpeachmentHearing
3. President Trump Calls on CNN to Retract Fake Story That He Uses a Personal Cell Phone dailywire.com/news/hardball-… #TRUMP #NEWS #Impeachment #ImpeachmentHoax #ImpeachmentHearing #FakeNews
Read 66 tweets
I'm just reading W. Edwards Deming, while he talks about quality and management, so much applies to #InfoSec

(#Security is an -illiterate :-)

A thread (with some words replaced)
Not illiterate, an -ility
People [are] our most important asset
Read 19 tweets
1/3 Since the unrest began last month, more than 260 #protesters have been killed by #security forces who have used live ammunition, rubber bullets and #Teargas to quell the protests. iranfocus.com/en/iran-a-neig…
#Iranfreedom #freeiran #MEK #Iran @USAdarFarsi
2/3 #AmnestyInternational called it a "bloodbath" and said Iraqi authorities should immediately rein in #security forces.
iranfocus.com/en/iran-a-neig…
#Iranfreedom #freeiran #MEK #Iran @USAdarFarsi
Read 4 tweets
Found a @facebook #security & #privacy issue. When the app is open it actively uses the camera. I found a bug in the app that lets you see the camera open behind your feed. Note that I had the camera pointed at the carpet.
@CNET @WIRED @TechCrunch @ABC7 @CNN Anyone seen this??
Read 6 tweets
1/6 HOW TO SET GOOD GUIDELINES FOR VOTING SYSTEMS
1) Consult with #cybersecurity experts
2) Do what they say
House bill #HR3351 says "the voter shall have the option to mark his or her ballot by hand." That's good. That's what the majority of cybersecurity experts recommend.
2/6 HOW NOT TO SET GUIDELINES FOR VOTING SYSTEMS
Senate bill #SecureElectionsAct sets up a panel of "independent experts on #ElectionSecurity" then fills it with ppl who are NOT #security experts. If you have to have heart surgery - do you want a surgeon or a hospital admin?
3/6 The #SecureElectionsAct has #bipartisan support, but contrary to current narrative it is NOT less intrusive to states - just less effective. It still sets up standards - but instead of specific ones, they are undefined & will be determined later by a panel of non-security ppl
Read 7 tweets
देविओ और सज्जनो, आशा है कि आपने बड़ी धूम से दिवाली मनाई होगी और बहुत पटाखे चलाए होंगे। आशा ये भी है कि जम्मू-कश्मीर और लद्दाख के UT बन जाने पर आपने और हर्ष मनाया होगा। अब आप कुछ समय निकाल कर इस thread को ध्यान से पढ़ें। #राममंदिर /1
राम मंदिर का निर्णय आने में बस अब कुछ ही दिन रह गए हैं। निर्णय कुछ भी हो सकता है लेकिन chance ज़्यादा है कि मंदिर के पक्ष में होगा। अगर आप पिछले कुछ महीनों से कटुओं की करतूतें देख रहे हैं तो आप को पता है कि निर्णय होने के बाद... /2
....वो हिन्दुओं पर हमला करेंगे और कत्लेआम भी करेंगे। अगर आप ने secularists की करतूतें देखी हैं तो आप को ये भी पता है वो लोग कटुओं को भड़कायेंगे, हमले के बाद उनको बचाएंगे, और उल्टा घायल हिन्दुओं पर दोष लगाएंगे। /3
Read 18 tweets
Die #IT-Umgebung des indischen #AKW's Kudankulam wurde nicht nur gehackt, sondern als Command and Control Server benutzt.

Hoffentlich war die #OT nicht auch öffentlich am Netz!

#KRITIS Sektor #Energie #nuclear #nuclearsafety #Resilienz #Cyber #Security

Zur Unterscheidung:

IT sind Informationstechnische Systeme (#PC #Laptop #Windows #Office, #Buchhaltung...)

OT sind Operative Systeme (#ICS #SCADA #SPS #HMI #PLC #Steuertechnik...)
Angemessener Stand der Technik #SdT wie in #KRITIS gefordert wurde offenbar im #AKW nicht eingehalten.

Strikte #Trennung zwischen #OT-Steuersystemen und #IT ist eine wesentliche #Sicherheitsmaßnahme!

Weitere #Maßnahmen und #Forderungen finder Ihr hier.

ag.kritis.info/politische-for…
Read 5 tweets
Securing America’s Elections Part II: Oversight of Government Agencies #ElectionSecurity hearings supposed to be starting now by the House #JudiciaryCommittee
Strong priorities stated by #MattMasterson from @CISAgov but a focus on detecting interference will not detect insider rigging.
@CISAgov @EACgov Hovland saying states do not have the resources they need to protect #elections. And Election Assistance Commission budget is less than some cities spend on potholes.
Read 17 tweets
TheTotalConnector#38: Adam Back (PhD) @adam3us -
The Bitcoin Rabbit Hole & The Lightning Conference 2019 in #Berlin.
@LNconf #TLC2019

bit.ly/35Xtd66
During the Lightning Conference 2019 in Berlin, I had the pleasure to sit down with Adam Back (cyberpunk, cryptographer, PhD in computer science, CEO/Co-Founder of Blockstream etc.) for an interview.
Adam´s works (#Hashcash used in #Bitcoin #Mining) is cited in the White Paper of #SatoshiNakomoto.
Our fascinating talk deep down the Bitcoin Rabbit Hole covers a spectrum of questions and topics:
Read 12 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!