Discover and read the best of Twitter Threads about #infosec

Most recents (24)

2/16 Silencing expert voices in the cybersecurity discussion space is a
strategy for weakness not strength, as any Red Team expert would tell
you. #CyberCon #CensorCon
3/16 The @CyberGovAU removed me from the #AISA #CyberCon speakers list
8 days b4 the event. Reason: my talk content was 'incongruent' w/ the
largest cybersec conf in AU. Yet they had not seen my talk content yet.
#CensorCon #cyber #infosec #cybersecurity #informationsecurity
4/16 #CyberCon removed me from the speakers list based on my talk title
alone. I'm not the only speaker removed: @Thomas_Drake1 was also disinvited. Others
told to alter format. #CensorCon #cyber #infosec #cybersecurity #informationsecurity
Read 16 tweets
Interview done and dusted. Really interesting topic this morning. I did some digging and found out that reportedly last year there were 18.5m reports of sexual abuse worldwide and 12m can be traced back to Facebook Messenger.
In 2018, Facebook made 16.8 million reports of child sexual exploitation and abuse content to the US National Centre for Missing and Exploited Children, which the National Crime Agency estimates have led to more than 2,500 arrests…
So the concerns about Facebook's 'the future is private' campaign, using end-to-end encryption would stand in the way of this reporting process significant and potentially remove much of the responsibility from Facebook to report is valid in my opinion...
Read 18 tweets
Poll time, because I'm curious as to your position. Is a non-disclosure agreement a security measure/control? You can elaborate in the comments, and please retweet for greater visibility. #dfir #infosec #threatintel #security
Almost even on answers so far. Let's get more.
These numbers are so close, so this is clearly not a clean cut issue here. Bumping for more participation.
Read 3 tweets
1. During my last talk someone in the audience asked me if I was optimistic. Are you optimistic? Do you think the future will be better?

My answer is a clear no, let me explain why
2. Public interest is not a thing for #infosec sector. Business is everywhere. A conference organizer told me recently: "We have difficulty to find people who want to talk and have nothing to sell"
3. There is a lot of money in this sector and everybody is trying to get a part of it. As said during the @defcon talk of @schneierblog, public interest should be one of the major concern of the #infosec sector.
Read 11 tweets
#BREAKING: Trump asked the President of Ukraine to investigate @Crowdstrike, a now publicly traded company $CRWD that 1st determined state-sponsored Russian hackers hacked the DNC. There is no server in Ukraine .. but that's beside the point #infosec
Here's our thread on @crowdstrike from 07-24-19 documenting the continued propaganda efforts coming from the Kremlin 2 smear & muddy the waters on something that has been fact 4 a number of yrs & confirmed in the Mueller report #infosec #osint #Hamilton68
This is a good breakdown of the Ukraine call with Zelensky and spells out numerous problematic sections #UkraineTranscript
Read 8 tweets
There are several #infosec data "event horizons" that significantly impact the ability to perform serious malware archeology, depending on the capabilities available to an analyst. I thought it was worth mentioning a few horizons as I've hit a few recently (1/7)
⚫️🔚 YARA retro hunts (~3m/1y/custom if doing it yourself)
Helps in identifying existing samples, but commercial services limit searches. If you can't index yourself you are probably out of luck here (2/7)
⚫️🔚 Public reporting (~2012, maybe 2008)
Some blogs contained interesting factual snippets, but only really started being comprehensive around 2012. Previously it was just elements of interest or forum archives. Recording hashes for research wasn't typical. (3/7)
Read 10 tweets
I don't usually pin tweets. Certainly not personal ones.
But this one is pinned and it's personal because #Neurodiversity is a real thing in my life and probably yours, too, whether you know it or not.
I'm talking generally now about #ActuallyAutistic #ADD #ADHD + so many others.
This is a thread, a single story only, about one person's relationship with #Neurodiversity

I did a thing I don't usually do. I talked about my personal relationship with it at a thing. I didn't plan it. As many life-changing things tend to do --> it just happened.

Before we go too far tho it's very important we establish that this is only a single story. There are many voices that need to be heard.

Read 15 tweets
Hey #infosec peeps! I got locked out of an account so I had to call customer service.

The rep asked for PII, and then unlocked my 2FA. She literally said this: "They ask the most stupid questions ever that nobody can remember. I suggest you pick 3, then screenshot it"
So, I refreshed my screen, and I enountered the worst choice of 2FA questions ever. I literally have no idea what the last name of my best friend from 3rd grade is. His first name is Toure, and I'm friends with him on FB these days, but who in the hell knows that when they are
literally, at best, 8 years old. May I humbly suggest that, if your own front-line CSRs are telling your customers to "just screen shot your 2FA answers" you are hands down, doing it wrong? Asking for a friend.
Read 3 tweets
1/5 #CDNpoli #Elxn43 #InfoSec #MeToo

An update to the #Liberalist data breach of voter & personal information to criminals:

Both Jared Nolan & Luke Strimbold have pleaded guilty to sexual abuse of children, while active as Liberal Party executives…
2/5 #CDNpoli #Elxn43 #InfoSec #MeToo

Details of sex assault charges against Luke Strimbold emerged in local media (to which he pleaded guilty)

As a #BCpoli Liberal exec, he had access to federal #Liberalist database

*Trigger & graphic content warning*…
3/5 #CDNpoli #Elxn43 #InfoSec #MeToo

This confirms Luke Strimbold's extensive relationship with the Liberal Party

LPC shares the #Liberalist database with provincial & federal riding associations across the country

This constituent info remains unsecure…
Read 6 tweets
At the airport waiting on flight to see Mom in ICU. Promised I would tell her story to the world before she’s gone. She is my hero, shaped the man I am today, and the most OG #hacker when Kevin Mitnick was still in diapers.

Prepare for a mega thread. RTs welcome! 1/x
Grew up in a bad home, left at 13 and took her 5yo brother too. Went off grid. Got a job, apartment, everything. She was always tall and attractive, so she made a life for them in relative safety.

Learned to socially engineer people at a pretty young age. 2/x
You can’t do this if you’re just a dumb kid raising another kid. She had street smarts, and did her best to impart that on us. Especially my older sister. Best piece of advice I ever heard her tell sis:

“Don’t have to choose between wearing and burning your bra. Adapt.” 3/x
Read 23 tweets
So let's take a look at the worst/most interesting part of the report @privacyint just published about mental health websites and tracking. How an online depression test share answers with a third party. Say hi to @doctissimo! 👋 1/8

#infosec I guess
@privacyint @doctissimo So let's say you have been feeling quite bad recently and you have suspicion that this might be linked to depression. You're french (lucky you), so you google "test dépression" and find this page 👇 2/8
@privacyint @doctissimo Let's ignore this terrible way of obtaining consent for now and just scroll to start taking the test. I'm using @httptoolkit to look at the request sent when navigating the page...

OH GOD. 3/8
Read 10 tweets
I *may* have been a complete idiot and wiped my PC by attempting to expand the hard drive partition containing my OS when I upgraded my SSD, would any #infosec person like to charge me $10k for a threat analysis confirming I was hacked by China and it's not my fault?
Mfw I successfully defeat the Chinese hackers that stopped my computer from running by typing “bootrec /rebuildbcd”
Read 3 tweets
A thread about #journalism and #infosec/#cybersecurity.

I hear ALL the time from executives who read about infosec issues in the news and want to know more. Journalists are the most important part of the education and information component of #cybersecurity.
I consider journalists part of #infosec - not outside of it. They serve their purpose like a Firewall admin serves theirs for the larger #cybersecurity space. I've never met a malicious journalist, not saying they're out there but, almost all have good intentions.
Most journalists have a non-technical background. This is changing but it is still the case. Just like many of #infosec who came from a non-traditional background and joined our space we need to be supportive and mentor them.
Read 5 tweets
It's absolutely dishonest when a company offers a position but do not tell how much they gonna pay you.

They make you waste your precious time preparing and sending CVs and even testing your remotely.

A job is a bilateral contract: it has to be good for them as well is for you.
I'm tired to see that in @LinkedIn. Hey @GoDaddy, I'm talking about you too!
They take you who are interested in get a job and make you go through their processes. When you are finally accepted, it will be too late for you to drop it since you are about to fix your unemployment situation. No matter if they won't pay you what you want or expect.
Read 6 tweets
Okay who the hell is State #2 from the just released Senate Intelligence report on Election Interference. FBI told 3-4 counties they were breached & those counties refused help? Am I reading this correctly? #infosec #russiagate
State 6 is Arizona ... at least based on this Threatconnect report. The use of the Acunetix scanning tool gives it away…
Okay I am 95% sure State 14 is Wisconsin based on this DET timeline memo they sent out on 09-26-2017. Keep in mind for quite awhile the Walker admin claimed Wisconsin was never targeted. Read the memo closely & you will notice a couple alarming details. This isnt all of it either
Read 16 tweets
This thread includes all my #infographics so far, they present different terms related to Information Security 🔐

It's an easy way to learn new things 📖 I hope it will be useful to the community. RT appreciated 🌐

Follow me @Guillaume_Lpl for more about #infosec #cybersecurity
What is a Botnet & How ti works?
Follow me @Guillaume_Lpl for more about #infosec #cybersecurity #dataprivacy #ITsecurity #technology
What is a Bug Bounty?
Follow me @Guillaume_Lpl for more about #infosec #cybersecurity #dataprivacy #ITsecurity #technology
Read 29 tweets
Alô alô amiguinhos.

Essa é pra vocês que usam/usaram/conhecem alguém que usou algum desses apps de colocar ara de velho.

Segue essa #NoticiaFio que eu te conto pq vcs deveriam largar esse negócio AGORA.
Falar sobre a popularidade desses apps é chover no olhado, abri aqui o Google Play e na parte de mais pesquisados 4 do TOP5 fazem esse tipo de coisa
Pro fio não ficar muito grande vamos nos focar no maior deles o FaceApp.
Na descrição do GPlay ele diz: "Obtenha qualidade de capa de revista em qualquer selfie com apenas alguns toques! Desenvolvido pela IA da FaceApp, a mais avançada tecnologia neural de edição de retrato."
Read 33 tweets
Attempt number 12, to try & suggest #SethRich leaked the DNC emails to Wikileaks & was killed by a Hillary Clinton hitsquad. This is in response 2 the actual bombshell reporting last wk that Russian Intelligence promoted this conspiracy idea #Qanon is mad.
This new #fakenews from alt-right is just a statement from a goofy private investigator Edward Butowsky submitted 2 the court. He was hired by Foxnews 2 try & find evidence that #SethRich leaked DNC emails to Wikileaks. Its his warped reality not, that of the FBI #infosec
And I suppose none of this should be surprising because back in 2016, days after #SethRich was murdered multiple propaganda shops went into overdrive. This tweet said a Hillary Clinton hitsquad killed the 1st Guccifer hacker. Marcel Lazăr is both still in jail and very much alive
Read 6 tweets
Many students asked my academic background by DMs and what is the best to do to work in #infosec. I will answer here:

1) I have a Master's Degree in Telecoms and Networks Engineering from @INP_ENSEEIHT.

2) There is not only one way to work in infosec, create your own!
In France the diploma is very important, this is stupid. Being a hacker is about the mindset, the curiosity, you as a person. Not a piece of paper.
Last but not least, I'm the last person you should ask advice. My life is crazy as hell for the last 2 years. I'm incredibly lucky. I planned nothing. I'm trying to bring my contribution to this world as I can. The only thing I can say is: Learn. Share. Help. Repeat.
Read 3 tweets
For those who want to learn about #infosec 🔐 here is a #thread that includes all my #infographics.
An easy way to learn new things 📖Feel free to share with your community🌐

Follow @Guillaume_Lpl for more things about #CyberSecurity #startup #ITsecurity #security #technologies
Some good tools useful in Infosec

Follow @Guillaume_Lpl for more things about #infosec #cybersecurity
Some good tools useful for OSINT

Follow @Guillaume_Lpl for more things about #infosec #cybersecurity
Read 20 tweets
Okay there's a serious flaw in the monetization calculations by Symantec. I really doubt these rogue IRA employees were making bank off of Shorte link shorteners. Most definitely did not make $1 million dollars from these #infosec #disinfo…
Stick with me as I walk through this. The IRA account @CathyTo47590555 first retweeted a Sh(.)st (Shorte) link on 10/27/15, this accnt had 8685 followers, twice the Symantec example. But most of the Shorte activity started in 05/2016
The example Symantec used had 4,123 followers and sent out 16,914 tweets that generated about 8362 retweets. So not particularly huge engagement and roughly every 2 tweets generated one retweet. #infosec #disinfo…
Read 10 tweets
Thread updated of my infograhics : To make things more convenient and to help beginners in #infosec , I decided to regroup my #infographics with this tweet ! #Cybersecurity #Startups #IoT #ITsecurity #Security #tools
Some good tools useful in Infosec : by @Guillaume_Lpl #infosec #cybersecurity #Infographic
Some good tools for Mobile APP Security Testing : by @Guillaume_Lpl #infosec #cybersecurity #Infographic
Read 13 tweets
A must read blog serious by @3r1nG on some of the techniques & trolling tactics that domestic social media trolls like the ones that come from the 4chan message boards used 2 run & manage multiple accounts. #infosec #disinfo #fakenews…
Sorry just noticed my typo. That should read “series”
Of note from @3r1nG article is the reference about creating "white noise" or general topic tweets to dilute out the political tweets. This was an area of contention around the Voty botnet that pushed politically charged content around the Al Franken sexual misconduct allegations
Read 3 tweets
1/ Thread: Few days ago, I had a nice discussion with a French #infosec professional. He told me: “Maybe you don’t know it but some French infosec pros don’t like what you are doing”

A clarification is needed.
2/ I’m very surprise by the amount of negative feedback I received from the French infosec community. I don’t know why but I don’t receive the same feedback from the others infosec community 🤷‍♂️
3/ Dear infosec pros, I don’t care if you don’t like my account because this account is not made for you. It is here to make things change, to solve issues, force companies to fix their sh*t, to have an impact on millions of people.
Read 9 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!