Grumpsec Spottycat @kyhwana@mastodon.social

RT @agl__@twitter.com
Apple, Google, Microsoft, and Mozilla today jointly announced a timeline for the removal of TLS 1.0 and 1.1 from their respective browsers. https://webkit.org/blog/8462/deprecation-of-legacy-tls-1-0-and-1-1-versions/ https://security.googleblog.com/2018/10/modernizing-transport-security.html https://blogs.windows.com/msedgedev/2018/10/15/modernizing-tls-edge-ie11/ https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/

RT @dlitchfield@twitter.com
Oracle are fixing 302 vulnerabilities tomorrow, many with a CVSS score of 10 or 9.8... Order you coffee and pizzas now. https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Oh, right..I'm broken. So broken.

Something something not trusting people in authority positions and not being able to social network IRL properly.

But welp, I guess I ended up here because my dad was into computers in the 90s and I had dialup bbs/internet's in the mid 90s oh and I came out because my dad read my email between me and my bf when I was like 14. But then growing up in a rural farming town wasn't that great..

Ugh. I totally got into the wrong.. industry? Work.. thingy. Infosec is all about people, especially from the engineering side. But, I just can't do people. I'm bad at doing internal connection stuff. :| (Tho I got lucky and have at least some good immediate team mates?)

What links/free ebooks would Twitter peeps recommend to someone that wanted to get into software development?

Crypto(graphy) developer nerds, libsodium is still the recommended way to do API encryption/signing/etc right? #infosec

Hmm, need to commision some arts of angel spottycats and devil spottycats..

TIL chrome now has a "don't download executables via HTTP" flag o.o chrome://flags/#disallow-unsafe-http-downloads

RT @mc_hankins@twitter.com
SCIENCE FACT: In the 21st century people will travel large distances to work at a computer that's networked to all the other computers, including the one in their home

RT @creature124@twitter.com
Right. I am now Officially on the job market. If you know of any Systems Admin, Infrastructure Engineer or related technical roles going, hit me up.

Yay, latest Ubiquiti USG update fixed our speed issues. (Apparently even tho it said hardware acceleration was on, it wasn't). Can now get ~900mbit/s down.

RT @nz_liam@twitter.com
This should alarm kiwis too, the amount of apps / could providers that store data in Australia or transit data via Australia, weakening security in Australia has flow on effects to NZ too. https://twitter.com/juhasaarinen/status/1051207112854884352

Hmm, need to schedule home network downtime. o.o

Maybe if people patched their shit, we wouldn't need someone to do it for them.. #infosec
---
RT @campuscodi@twitter.com
A mysterious grey-hat is patching people's outdated MikroTik routers.

Internet vigilante claims he patched over 100,000 MikroTik routers already.

https://www.zdnet.com/article/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers/
https://twitter.com/campuscodi/status/1051041100230787073

RT @hanno@twitter.com
By the way next time someone asks why anyone would need HTTPS on a page without any secrets and passwords: Ask them if they want a cryptominer injected on their webpage from a compromised device at their ISP. https://badpackets.net/200000-mikrotik-routers-worldwide-have-been-compromised-to-inject-cryptojacking-malware/

RT @PyroTek3@twitter.com
It's #FF (Friday Firewall), your Friday reminder that enabling host-based firewalls on all workstations with default deny rules breaks many attack methods and forces attackers to adjust tradecraft. https://twitter.com/jepayneMSFT/status/1011644500702199808

For anyone in Wellington atm, the army surplus M65 jacket liners work pretty well at being warm under hoodies etc

RT @Viss@twitter.com
Reposting this again for anyone who may have missed it yesterday.
We've released our waterline theory document.
Hopefully it helps folks!

full pdf is here: https://github.com/phobosgroup/waterline/blob/master/phobos-waterline.pdf