Jessysaurusrex ✨ Profile picture
I protect people from blockchains, and blockchains from people and @agoric and prev @cosmos. Use a pw manager + security key for 2-raptor auth, pls. 🦖🦖
Dec 6, 2021 8 tweets 2 min read
Attacks on 2FA methods are nothing new, but "ring the doorbell a whole bunch and annoy the target so they just buzz you in" really wasn't on my bingo card... not even as a city-dweller in the city at the center of delivery services. mandiant.com/resources/russ… Image But OF COURSE it worked. There are so many interrupts from mobile applications, popups on websites, SMS messages, robocalls, etc. warring for our attention. It seems pretty plausible for someone to dismiss a security alert just to get it to shush. There are just too many things.
Jun 11, 2021 13 tweets 3 min read
So many people take a photograph of their state issued IDs for online transactions — and those images sit on camera rolls, email servers, and way riskier places than a Secure Enclave.

The ID functionality here is more harm reduction than slippery slope. one.npr.org/i/1005419007:1… Getting online prescriptions filled, applying for an apartment, buying a house, ID reqs for online financial services all ask consumers to take a photo of ID and upload or email elsewhere. There’s so much more opportunity for theft/exploit in bad business practice than big data
Nov 11, 2020 22 tweets 4 min read
This email from Ledger to its customers about anti-phishing defense is such a train wreck. It is an absolute case study in everything wrong in the industry in regards to building security strategy and educating people in actionable strategies to minimize risk of exploitation. Offering trite security advice like “Never give away your [secret/password/words]” doesn’t help people, especially with spearphishing. It’s better to give users information about how they will/will not be asked to interact with you so they can avoid being tricked or compelled.
Aug 28, 2018 25 tweets 4 min read
Incoming: tiny or possibly not-so-tiny security rant about vuln + dependency management Alright, so, real talk: many of us who are trying to live our best security lives run on a handful of pretty serious mantras-- that Bruce Schneider quote about security being a process and not a product is one of the big ones.