Share this page!

SwiftOnSecurity Profile picture
Twitter logo
2 Nov, 7 tweets, 3 min read
Please note I am a real person I have met @hacks4pancakes multiple times and been to @tarah + @deviantollam's house.
Just to be clear Tarah was there I did not break in.
The emplaced gun turrets were a nice touch props to @deviantollam tho
Okay I met Barry in a hotel bar too.
This story was about @selenalarson and @HowellONeill. (Reosted with mutual permission)
Also @film_girl and I hung out after a Microsoft job interview and she bought me this at the employee store
Also @film_girl bought me this. A+ talent

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with SwiftOnSecurity

SwiftOnSecurity Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @SwiftOnSecurity

SwiftOnSecurity Profile picture
3 Nov
ADEPT-LEVEL IT TROUBLESHOOTING:
In this series, I will lay concepts and processes for ascertaining technical causes of IT failures and outages.
🎖I am a Microsoft MVP in Windows management, worked 10 years in Helpdesk and System Engineering, and now work as an F500 Security IC.
⭐️LESSON 1: EXECUTION CONTEXT
You initiate a process that should work. But it seems like it can't access what it needs. For example, you make a machine login script on a network share, but logs access denied. Or, you launch a process, and the target you have access to can't open.
A critical, advanced IT troubleshooting concept is understanding _execution context_.
You see a machine with everything on one screen. Diagnostic tool or another tool should have same experience as other apps, right? If you can access file, everything else should? No.
Explained:
Read 5 tweets
SwiftOnSecurity Profile picture
2 Nov
Not everything can be captured on phone cameras (40D 70-200 f/2.8) Car windshield in rain show...
Note the 40D is a DSLR from 2007, over 14 years ago.
Your prosumer camera and even lower-tier lenses were unimaginable when I was getting into photography. Image
The biggest advancement in sensors in my mind has been low-light performance. It's just unimaginable how clear night photography has become. This was as good as I could get it in 2009. (South Silicon Valley as seen from turnoff near Lick Observatory, 40D 24-105 f/4) Image
Read 5 tweets
SwiftOnSecurity Profile picture
27 Oct
If you are junior IT in small to medium biz, isolated, caring about critical security issues you learn about daily as you expand your knowledge — I've been right the fuck exactly where you are. Years isolated, stewing in humiliation.

Here's what I learned the hardest way, alone:
1.) It is naively admirable to identify yourself and take personal stake in security of your employer's network. It sounds like a way to establish personal investment in the success of a project.
But it's a false idol. Be passionate on aims, but not occlusive in career scope.
Sidebar: Power is restraint.
Technical command of a subject – ability to speak authoritatively to others – is not itself correctness or effectiveness. Biting your tongue is not weakness.
It's strategy. Only you know your mind. Choosing not to strike rhetorically is discipline.
Read 4 tweets
SwiftOnSecurity Profile picture
26 Oct
I'm part of an IT architecture task force guiding business units and vendors in our supply chain.
The cyber requirements we write 90% __do not require specialized InfoSec skills__. They require IT staff with competency in their tools, provided resources and management backing.
If you work in IT and work to work in InfoSec, congratulations, you start today. Understand your tools, their security implications and guidelines, and how to integrate that into your architecture. That's what Security is.
"Who makes sure the bridge doesn't fall down?"
The person who designs it.
Sure there's other checks and changes during building and inspections and service expectations, but it's the designer. Not the Bridge-Don't-Fall-Down Department.
Read 4 tweets
SwiftOnSecurity Profile picture
22 Oct
Funny thing about data centers, one of the most connected things on the planet, is you can only see them in-person. Nobody involved can share photos. It's a strong policy taboo everywhere. The justification basis for this is weak, but still just not something ever published.
Google and Microsoft have a few press photos of last-generation dataventers. Some carefully abstracted video segments. Otherwise, nada. One of the most critical pieces of physical infrastructure has no real public existence.
Something I bring up often because it tickles me: The people who work on cloud programming and the people allowed in cloud datacenters are separate workforces. At Microsoft you have less ability to enter them than a customer on a tour. Books of separation of duties requirements.
Read 4 tweets
SwiftOnSecurity Profile picture
14 Oct
Sometimes you just need people hitting F12 and seeing if there's a hidden column for social security numbers on your site. Computer security, especially data disclosure, is hugely about assurance against mistakes.
However, offering a public interface to your raw HR data is architecturally wrong. It should be different silo entirely even if you have to periodically replicate a subset of the columns. There's no way a public site should be able to send queries against tables with PII.
I received a $10,000 bug bounty by just looking at text attributes on a high-profile site, trust me you should just go poke around stuff. They had sanitization built and validated, they thought they did everything right, but it _broke in certain situations_.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @SwiftOnSecurity has new unrolls!

Check out other threads from @SwiftOnSecurity!

Read all threads by @SwiftOnSecurity

:(