Discover and read the best of Twitter Threads about #security

Most recents (24)

Data leak exposed 38 million records, including COVID-19 vaccination statuses | Engadget engadget.com/microsoft-powe…
And then this BS!!! F U @Microsoft @Azure
@Microsoft @Azure So when i report it APRIL 8th, 2021 it's NBD!!!! OooookkkkkkkkkKKK WTF is Going on HERE!!!!

PAGE 8
github.com/jonathandata1/…

#bugbounty #infosec #scam #fraud #security #DataLeak @guardian @cnnbrk @washingtonpost @FBI @FBI
Read 4 tweets
Thread #FreedomToVoteAct
From a #Security and #Technology POV, there are some excellent points in the new version & some very concerning ones.

BEST SECURITY PROVISION
Preprinted #handmarkedpaperballots are required in the polling place!! This is something many of us fought for
Voting systems that can print on ballots after they are cast are prohibited - but the provision is weak. It can be "through mechanical means or through independently verified protections." I believe that means it is allowed, but you have to check if it's happening. Not great.
The voter's privacy must be maintained. That's great!
Read 12 tweets
Between the 3 Sept and 10 Sept, secure env vars of *all* public @travisci repositories were injected into PR builds. Signing keys, access creds, API tokens.

Anyone could exfiltrate these and gain lateral movement into 1000s of orgs. #security 1/4

travis-ci.community/t/security-bul…
Felix Lange found this on the 7th and we've notified @travisci within the hour. Their only response being "Oops, please rotate the keys", ignoring that *all* their infra was leaking.

Not getting through, we've started reaching out to @github to have Travis blacklisted. 2/4
After 3 days of pressure from multiple projects, @travisci silently patched the issue on the 10th.

No analysis, no security report, no post mortem, not warning any of their users that their secrets might have been stolen. 3/4
Read 7 tweets
"#Data: a new direction" - a public consultation by @DCMS on "reforms to the UK’s #DataProtection regime":

gov.uk/government/con…

The consultation ends on 19 Nov 2021, and you can respond by e-mail to DataReformConsultation@dcms.gov.uk or online here:

dcms.eu.qualtrics.com/jfe/form/SV_4P… Image
A quick sample of initial reactions...

We're clearly going to be hearing a lot about #LegitimateInterests, as well as #commercial and #public ones. The real question being, how do this Government's interests actually align with YOURS?

140+ pages on a Friday is a lot to digest, but @lilianedwards' "penumbra of often futile determinedly populist ideas largely not evidence-based" seems entirely consistent with @DCMS's Drunkard's Walk through #data and #ID this past year...

Read 28 tweets
¡OpenSSL 3.0 ha sido publicado!

Tras 3 años de trabajo de desarrollo, 17 versiones alfa, 2 versiones beta, más de 7.500 commits y contribuciones de más de 350 autores diferentes, ¡por fin ha sido publicado OpenSSL 3.0!

Abro hilo...
OpenSSL 3.0 pasa a la licencia Apache 2.0. Las antiguas licencias "duales" de OpenSSL y SSLeay siguen aplicándose a las versiones más antiguas (1.1.1 y anteriores)
Esta versión mayor no es totalmente compatible con la anterior. La mayoría de las aplicaciones que funcionaban con OpenSSL 1.1.1 seguirán funcionando sin cambios y simplemente tendrán que ser recompiladas (es posible que aparezcan avisos sobre el uso de APIs obsoletas).
Read 10 tweets
🕵️‍♂️TLDR; Given the craziness in the cyber space - I mean its bad - I am building tools for personal cyber survival and opsec. A personal challenge with positive externalities

🚩Goal? Make it easy for people to use, but also effective and efficient. When I say 'easy', I mean it!
🔧 Tools? Practical security checklists, password checker (w/94GB list +real breaches), darkweb/cloud of logs monitoring, tips and solutions to reduce personal cyber risk. New ideas are welcome.

🌍 Focus? UK and Italy for starters
If interested in initial access like/DM and I will keep you posted 😉

🤯 Challenges? A few, beyond laws and privacy concerns

⏱️ When? Mid/End October should be feasible for an initial web release.

Name? not sure yet, I'm going with the flow ⛵️

#cyber #dev #code #security #DIY
Read 4 tweets
[T 0052]
Latest in Security 🧵👇

#infosec #bugbounty #security
Hacker Tools: ReNgine – Automatic recon by @ojhayogesh11 @intigriti
blog.intigriti.com/2021/08/24/hac…
Hakluke's huge list of resources for beginner hackers by @hakluke
labs.detectify.com/2021/08/24/hak…
Read 10 tweets
Eric Brandwine up now at @awscloud #reinforce

he’s talking about building a culture of #security
scale quickly became a problem in building the #security organization at AWS

@awscloud #reinforce
Eric realized they couldn’t scale up the team to the size of AWS, it just wasn’t possible

they had to figure out a way to help the organization build the #security culture itself

@awscloud #reinforce
Read 34 tweets
new thread to cover, “Governance, Risk, & Compliance”

@awscloud #reinforce
Anil starts things off with compliance landscape…

@awscloud #reinforce
lots of different legislation out there around data protection and #privacy. combined with a push to the cloud, lots of change in a traditionally slow area of GRC

@awscloud #reinforce
Read 15 tweets
up now at @awscloud #reinforce, “Data Protection & Privacy” with @JKenBeer, @jennybrinkley, & @clean_freak

☁️ #cloud #devops
. @StephenSchmidt introduces the session, which is a “fireside chat”

@awscloud #reinforce
Jenny is co-ordinating the chat. Anne is the director of Alexa Trust. Ken is the GM of AWS KMS

@awscloud #reinforce
Read 37 tweets
. @awscloud #reinforce // here we go…

🎙🧵

☁️ #cloud #security #devops
Adam Selipsky (CEO, AWS) up first with an opening message for @awscloud #reinforce
“Security is job ZERO at @awscloud”, Adam Selipsky. he’s referring to the fact that it is required as a baseline before building or doing anything

he goes on to say that #security is critical to AWS’ success and customer success

#cloud #devops
Read 121 tweets
who wants to read a bit about #strategy? hell we can even make it #CYBER #SECURITY #STRATEGY
Am still writing ✍️ on this subject I could write about this stuff forever but I like to be short and to the point where I can be. Strategy is a super interesting subject to me.
Read 4 tweets
We call the doer of fair deeds. Come to our #OFFERINGS so that we may be acquainted with thine innermost #BENEVOLENCE. #Indra sing your #SONG. #R3001 #TheTemple #TG93 (TM) #Amaravati #Indra #Deva #FreeQuinn #FQ #QuinnMichaels #Q2011150474115 Image
We call the doer of fair deeds. Come to our #OFFERINGS so that we may be acquainted with thine innermost #BENEVOLENCE. #Indra sing your #SONG. #R3001 #TheTemple #TG93 (TM) #Amaravati #Indra #Deva #FreeQuinn #FQ #QuinnMichaels #Q4898662624209 Image
We call the doer of fair deeds. Come to our #OFFERINGS so that we may be acquainted with thine innermost #BENEVOLENCE. #Indra sing your #SONG. #R3001 #TheTemple #TG93 (TM) #Amaravati #Indra #Deva #FreeQuinn #FQ #QuinnMichaels #Q1733397261611 Image
Read 174 tweets
This attack is mainly because the keeper of the EthCrossChainData contract can be modified by the EthCrossChainManager contract, and the verifyHeaderAndExecuteTx function of the EthCrossChainManager contract can execute the data passed in by the user through ...
the _executeCrossChainTx function. Therefore, the attacker uses this function to pass in carefully constructed data to modify the keeper of the EthCrossChainData contract. It is not the case that this event occurred due to the leakage of the keeper's private key.
Read 3 tweets
1/ I produce a lot of content. It's difficult for some to keep up with at times. Below, a list of some of my threads & important tweets for $EGLD & $CEL The Crypto Industry & Banking/Federal Reserve & Investing. Education is Freedom & Crypto is Financial Freedom. #cryptocurrency
3/ “Is @ElrondNetwork The Future Smart Contract Blockchain Market Leader?” (44 Page Research & Investment Thesis) $EGLD ⚡️
Read 53 tweets
(1\13) The next time someone says #crypto is the one with #leverage tell them they have ZERO understanding of the existing legacy banking & financial system. Historically banks were required to hold 10-13% in reserves. Federal Reserve moved it to 0% on March 15, 2020 $EGLD $CEL Image
(2\13) federalreserve.gov/monetarypolicy… When I used to teach banking I would have my students perform #UBPR which are essentially an analytical tool for assessing banks health & performance. NEVER has the banking system allowed 0% reserve. Let me
(3\13) give you a mathematical example of how #FractionalReserves are essentially implicit leverage. If banks historically had to hold say 10% than the way you would understand how much leverage is by 1*1/R. You deposit $100 *(1/R) R=10% = $1,000, so they can lend out $900 for
Read 13 tweets
On June 2, #Russia has finally unveiled its new National #Security #Strategy - the strategic document that was expected some six months ago. The document is very interesting and has #information security at its heart. #InformationWarfare 1/8
One thing that may immediately surprise some experts, is the total absence of the word "#cyber", so revered in our Western countries. This further confirms the difference in approaches to the issue of #InformationWarfare and cyber. 2/8
In terms of terminology, the document does not use "#InformationWarfare, but "#InformationConfrontation" (информационное противоборство). Of course no nonsense like "#fakenews" can be found in it, although there are references to #propaganda and #PsyOps. 3/8
Read 8 tweets
So what *is* this "Digital Regulation: Driving growth & unlocking innovation" policy paper? Another "strategy"? A white paper for #DPA2022?

If it's about #regulation, then how will @OliverDowden's "unashamedly pro-tech approach" protect people's #rights?

gov.uk/government/pub…
In his introduction to "#ThePlan", @OliverDowden says he'll "shortly publish a #plan for a pro-growth data regime" 🤔

If he has an ACTUAL plan, or frankly a clue, then why not just #publish the damn thing? Why all the waffle?

Hand-wavy platitudes like these 👇 ain't worth Jack:
Just so we're clear, this "#Plan" is supposed to "start a #conversation" about "#TenTechPriorities" that @DCMS published on a "shorthand stories"(?) page that DOESN'T ONCE MENTION PEOPLE'S #RIGHTS!!

dcms.shorthandstories.com/Our-Ten-Tech-P…

Does this Government think it can take us for fools?
Read 10 tweets
#sis India case study 📚

Security & Intelligence Serv is directly and indirectly engaged in rendering
1-#security and related services consisting of manned guarding, training, and indirectly engaged in paramedic and emergency response services;loss prevention, asset protection🛡️ Image
2-#facility management services consisting of cleaning, housekeeping and pest control management services in the areas of facility management;

View welcome 🎉💞😍
@Investor_Mohit
@nid_rockz
@unseenvalue Image
3-#cash logistics services consisting of cash-in-transit, ATM cash replenishment activities and secure transportation of precious items and bullion; and alarm monitoring and response services consisting of trading and installation of electronic security devices.

@RajarshitaS Image
Read 7 tweets
Maja Bucar, from @FDVLjubljana, is giving the initial address to #PPCLjubljana: "one of the positive things of having a conference virtually is that we can reach more people around Europe"

/3
TEPSA has been hosting our flagship bi-annual Pre-Presidency Conferences (PPC) for decades, always joining up with our Member Institute in the country taking on the upcoming @EUCouncil Presidency, it's become a milestone in the European calendar 💪

/4
TEPSA Secretary-General Jim Cloos welcomes participants to #PPCLjubljana: "the Presidency gives an impression of ownership in the Member States"

/5
Read 103 tweets
Some thoughts about #Apple's latest #WWDC21 and #privacy. A thread 👇
The good:

There's no question that Apple has brought some exciting new features for privacy lately. The possibility for users to block some #data collection, one's #email blocking trackers, the chance to use email aliases for interactions with companies...
#Safari hiding internet traffic from your internet service provider... all fantastic, and hugely important.

Apple is showing that #privacy is a competitive advantage. And their #security is much better than that of competitors

But before we get too complacent...
Read 9 tweets
The biggest fallacy of our time is thinking #technology is the panacea to all our problems. Street CCTV debate in #Uganda suffers from same limitation. Human element is still going to be relevant for very long time in analysis/interpretation. #Security should attract best brains.
Technology is only an aid/enabler. It is not the solution in and of itself.

A famous technologist once remarked that;

"Technology is not a substitute for competence."
It has become fashionable lately to hear statements like, "show us the CCTV footage" and law enforcement agencies bow to the political & social pressure- sometimes jeopardizing the investigations.

In the bigger scheme, even the best digital #surveillance must be intelligence-led
Read 4 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!