@IanColdwater 1) Do not take on more debt.
2) How vulnerable is your position to market fundamentals? Is it tied to consumer revenue? Is it tied to your company getting another round of funding? If yes:
3) Start looking at backup plans.
4) Do not raid your 401k unless you absolutely have to @IanColdwater Stock options / units / other imaginary incentives are imaginary. Be prepared to see them go underwater or otherwise become cement handcuffs instead of golden ones.

Ok, so while it's in my mind, a thread on leadership and management, why they're not the same but complementary, and why so many orgs f*ck up both. /1 of probably infinity Management is a science...a dismal science, but a science nonetheless. Leadership is an art that can enhance management, but it may sometimes get in the way. But most organizations have no mechanism for developing either managers or leaders. /2

#birbsunday at @CromwellValleyP list. /1 of ? So @paulajgal and I got off to a slow start this morning; a cardinal in molt and a high flying Coopers Hawk were all we saw for the first 20 minutes. Heard others—Carolina wrens and chickadees and blue jays pinging each other. We almost thought the day was going to be a bust. /2

So returning to the scammer from last week... /1

https://twitter.com/thepacketrat/status/1502366736674402309?s=20&t=63UamXNeEU5D4tFDFe_hMQ

"She" wants me to mine ETH. I don't have a system that can mine ETH, I say-- I don't have a CUDA-compatible video card. "She" : ??? No, set up CoinBase and Binance.

Complicated feelings about this.

https://twitter.com/elmundoes/status/1407779029541920779

I spoke with McAfee a few times. He was the ultimate unreliable narrator, and, let's face it, he definitely had mental health and substance abuse issues. He was a showman, always on stage, always working an angle (mostly with other people's money). He was a human being.

So let’s talk about the inherent difficulty of driving a giant container ship through a canal in a straight line. /1

https://twitter.com/IanColdwater/status/1374897889193783300

The Ever Given is a monster, and like most stack-on container ships has vast “sail area”— vertical surface area for wind to push against. Drive a van across a bridge on a windy day, and you’ll quickly understand what this means. /2

@AriellaBrown I would disagree.
BLM is a statement affirming that Black lives ALSO matter, and is a response to systemic racism in the US. I would argue that "All Lives Matter" responses are denial of the underlying conditions that led to the BLM movement. @AriellaBrown If you can't say "Yes, Black lives have been discounted systemically in the US"—and add to that anyone who is not white and Christian in this country--then by saying "All Lives Matter", it's an erasure of that.

After further review, including looking at previous downloads of my @Twitter data in addition to the post-account lock download (but with no further info from @TwitterComms or @TwitterSupport, this is what I can deduce about what happened on Sept. 5 between 8 am and 9 am ET: (/1) At 8:00 AM, I made this reply to a certain Twitter account post: (/2)

So, I downloaded my Twitter data to see what I could find.

It looks like I got pwned by Twitter itself. Here's what I've got: That's my email address being changed to null at 8:52, the same timeframe as me getting the email that my 2FA had been disabled.

So, I was away for a week, and never got a further response from @TwitterComms or @TwitterSupport regarding what the suspicious behavior was that triggered my account lockdown, or how my email and password were apparently reset without 2FA.
I find this immensely frustrating. /1 It is really hard to tell people how to best secure their accounts and do a threat model when I did everything I thought I should have done to secure my account, and someone still was able to get past the first line of defense. Especially when Twitter won’t tell me how.

So,Twitter sez:
"Our systems proactively detected some suspicious activity, and so we took steps to secure the account by requiring a password reset. As part of that process 2FA was disabled. Once the password was reset, the account holder re-enabled 2FA as part of that process." So to recap:
1) I was on my account and it disappeared from my phone.
2) I get an email saying 2FA has been disabled.
3) Twitter support bot says my email not the one for the account moments after sending that email.
4) 5 days pass with no response.
5) 🤔

For a lot of reasons, September 11 is a day with some very personal overtones. This cover story from the premiere issue of Baseline Is one of them. We were just about to put out our first issue when 9/11 happened. Our chief copy editor @RoryJThompson @RoryTMC was a volunteer firefighter and spent weeks at Ground Zero. And through a connection, @efcone lined up an interview with the CIO at Cantor Fitzgerald. I went along.

While I was...er...offline, we published some research I did on the ecosystem of web-based "fake alert" fraud, the latest evolution of "scareware" malvertising. news.sophos.com/en-us/2020/09/… A reader asked: "Have you heard of Nextweb-Solutions? Are they a legit company? I have been using their services for a while. Am I being scammed?"

Annnnd I looked for the company....

So, this pains me to say, because I used to make a living off ad page views.
But this particular rabbit hole of research I'm diving down shouts one thing to me louder than anything: use an adblocker (and of course pay to sub to sites you like).
Change my mind. There are some ad networks that are, honest to god, NOT CHECKING CONTENT AT ALL. The result is malvertising, fake alerts, tech support scams and PUA distribution at will.

To keep things upbeat, we’re just binge watching The Wire, a reminder of how much better things were in Baltimore the last time we had a two-term Republican President. It’s amazing how well The Wire holds up as a portrait of Baltimore nearly 20 years later. I mean, sure, all the pay phones are gone...shocker.

This is the story of how teaching your daughter to drive will drive you insane.
This evening, I was out with my daughter getting her learners permit hours, and she was so focused on checking oncoming traffic that she hit the left curb of a turn-off lane. /1 of 7 15 minutes later, the tire pressure light comes on. So at 11 pm, I am out to go put air in what I'm guessing will be the front left tire. It takes 20 minutes to find a working air pump, and then I run out of change and I have to go get $3 more in quarters. /2

Disinfo ops are so disinfo Working group does not exist. Memo is fake. Photoshop fail.

This weekend I was reminded that fresh catnip, as one of my BM1s said of the head in my division’s berthing during ammunition handling one day, “smells like Woodstock.” There is a story there that includes the most epic Captains Mast ever.

4th of July row house hurricane. The Hurricane is the perfect drink for the 4th because it contains rum, the output of the triangular trade of mercantilism that this country was built on.

Just added 172 more hostnames to our malicious COVID-19 domains list, enhanced with Whois and Intelix reputation data. github.com/sophoslabs/cov… I'm rerunning the whole earlier batch of 1805 identified malicious domains to check their status and collect reputation and whois data

Soooo, did a re-run of the last 25 days' COVID-19 linked hostname captures, with whois data mined. 21% of what gets scored as "malware repository" or "PUA" -- which includes phishing and scam sites-- are hosted on Cloudflare. 🤔 25% are on Russian ASNs (BEGET-AS, TIMEWEB-AS, THEFIRST-AS). The remainder are onesies and twosies: