John Opdenakker Profile picture
Infosec blogger | Cyclist | Runner | Tweets might contain bad humor, sarcasm or irony | Takes your security seriously! | 🐘 @j_opdenakker@infosec.exchange
Mar 29, 2021 4 tweets 1 min read
Interesting research by Trinity College Dublin about which data iOS (on iPhone) and Android (on Pixel) send to Apple and Google.

Even idle devices share telemetry data (also when user explicitely opted out) with Apple/Google on average every 4.5 mins.

scss.tcd.ie/doug.leith/app… "phone IMEI, hardware serial number, SIM serial number and IMSI, handset phone number etc are shared with Apple and Google."

"iOS sends the MAC addresses of nearby devices, e.g. other handsets and the home gateway, to Apple together with their GPS location."
Aug 7, 2020 8 tweets 2 min read
Well, let me elaborate a bit on this one. Pentests are only one of the crucial parts of a secure software development lifecycle. I like to think about it as the ultimate quality gate. a short thread

#infosec If a pentest is the only security test you do that's still much better than nothing. It can result in a lot of high vulnerabilities to fix and fixing them for sure will improve the security of your applications. While your developers will (have to) learn how to fix these issues..
Aug 3, 2020 7 tweets 2 min read
A thread with observations about #infosec professionals on Twitter. Probably won't make friends by saying this but anyway...
- A lot of infosec professionals live in utopia and are so far disconnected from avg users' reality
- Still SO MUCH user blaming instead of helping - A lot give recommendations without having or taking into account the full picture. Ex: yes password cracking is a concern but there are other password related risks you should also be concerned about. Can't take into account what you don't know but please be open to learn.
Jul 3, 2020 6 tweets 2 min read
A thread (rant) about this article and why telling people how to delay/block automatic updates is just a shit thing to do. It already starts with the title: "How to Block Windows 10 Updates for As Long As You Want".

#infosec There's a very good reason why Windows and other vendors foresee auto-update features. To protect people that otherwise would never patch. This article is also read by average non-tech/security aware users, most of them don't understand the security risks and even if they do...
Jun 28, 2020 9 tweets 12 min read
So for the newcomers in #infosec a thread with some useful resources and people that are worth following in my opinion. Check out my blog. I haven't been active recently but for instance last year I did a series for cybersecurity awareness month (October)
Jun 21, 2020 4 tweets 1 min read
Trying to reach TUI is harder than explaining how to use 2fa to a non techie 25 minutes in wait already and counting
Jun 16, 2020 6 tweets 3 min read
A regular reminder to:
- Keep your software up to date
- Remove unused software and features
- Disable/remove unnecessary accounts
- Use strong unique passwords for your accounts
- Enable multi-factor authentication where possible

#infosec #tips Why it matters to keep your software up to date: johnopdenakker.com/why-you-should…

#Infosec
Jun 5, 2020 7 tweets 2 min read
A short rant, because i'm disgusted about the behavior I see daily on #infosec twitter.

A lot of media and people on Twitter bash or shame companies when they have security issues or don't implement "the most secure" solution. This should stop.

1/n
First of all, just saying "company X is shit" without any substantial ground (just because you read some news article) is not helpful and not fair. You should take everything into account and look how companies react to security incidents...

2/n
May 16, 2020 5 tweets 1 min read
Starting my Saturday with a factory reset of my Lenovo. Hopefully this helps after more than an hour of trying to get WiFi working without success Fuck sake this is really ruining my day so far. I'm really doubting to ever buy a lenovo again, when it's working it's a nice machine but so much issues with WiFi
May 7, 2020 12 tweets 9 min read
I just noticed that today is #WorldPasswordDay. One of my favorite security topics. And whatever people wish or say passwords are here to stay for many more years to comes. Here's a thread with some blogs about passwords I've written that you might find interesting.

#Infosec How to create strong passwords:

johnopdenakker.com/how-to-create-…

#WorldPasswordDay #Infosec
May 7, 2020 4 tweets 3 min read
Because I saw a few questions and replies coming back. I'll handle them in this thread.

First of all why a browser password manager might not be the best idea.

johnopdenakker.com/browser-passwo…

#Infosec There's also people that don't understand or can put themselves in the shoes of people that are less tech savvy. Threat models and usability are important factors which should always been taken into account. Also read this: johnopdenakker.com/secure-passwor…

#Infosec
Apr 29, 2020 6 tweets 3 min read
Well my mentions exploded and I have hundreds of new followers since Casey mentioned me in this tweet 😃! So I'll post a few resources that might be helfpul to my new followers

P.S. don't forget to follow @varcharr as well, she posts a lot of interesting infosec stuff! For the application security people, here's a list of resources I regularly update. The intro also gives a very brief overview of how I got into #infosec

johnopdenakker.com/some-useful-ap…
Apr 20, 2020 5 tweets 1 min read
Which 3 challenges you completed are you proud of? Nothing spectacular in my case. Random order

- Ran several marathons (best 3h05)

- Wrote 31 day blog series last year

- walked 54 km without preparation to place of pilgrimage (promised to do if first child was born healthy) I thought I'd walk the first 20 and the rest I'll run at a very slow pace. I had run a marathon the year before after all. But being untrained both in walking and running at that moment that didn't work out as expected. At a certain moment I took the wrong road as well.😆
Apr 13, 2020 13 tweets 3 min read
Seems urgent... Image Well, there we go Image
Mar 19, 2020 4 tweets 1 min read
Going to watch some Pluralsight courses! Starting with this dude. Does someone know who he is? Image
Mar 8, 2020 4 tweets 2 min read
Many great answers, also many ppl recommend not to get into #Infosec and I understand this sentiment:

- it can be stressful
- you might feel like the person that only has to bring bad news
- you are/feel responsible when things go wrong, but... you feel some ppl don't take you(r) (message) seriously

- The work you do is often not visible
- etc...
Feb 5, 2020 5 tweets 2 min read
Info from University of Maastricht symposium with info about the #ransomware attack

Initial vector: #phishing mail
then 2 unpatched servers compromised
lateral movement: 267 servers en 2 PCs compromised, including backup

security.nl/posting/642452…

(Dutch Article) 1/2

#Infosec Some of the malware the attackers used was discovered by the antivirus but no action was taken by the UM. The attackers uninstalled the antivirus before they finally infected the network with ransomware.
Feb 5, 2019 10 tweets 6 min read
It's #SaferInternetDay today. Will tweet some tips today.
1. You can't lose what you don't have. Only register an account for a website or app when you really need to. Use a throwaway email address (like Mailinator) and fake as much personal data as possible.
#Security 2. Never reuse passwords. Even not for "low value" accounts. Use a password manager or even a password book if that's most convenient for you to support you in creating unique passwords.
#SaferInternetDay #Security