Pinned post

Hey everyone, time. I'm Chris, a small voice in the big world of InfoSec.

You might know me from:
* Helping to break down emerging information about Spring4Shell
* Tracking the impact of pro-Ukraine DDoS attacks
* Trying to figure out why a 2,000-IP botnet was torrenting Ubuntu

I'm going to be microblogging about the research I have in progress before it's as mature as the stuff I mentioned above.

I hope you have fun reading and I look forward to learning from folks here! ^_^

I gotta say just having stopped work unannounced to go snuggle with my partner for a while is 8/10 life enjoyment. Could be improved by not returning to work but unfortunately I do have rent to pay

Starting a yearly A9 Awards for , where I pick the top nine most asinine (geddit?) terms invented or popularized by the cybersecurity industrial complex to sell you more cybersecurity.

So far this year:
* Quishing (QR phishing) - Used as early as 2021, repopularized (*ahem* freshly derided) thanks to CyberNews.
* Cryware (infostealer malware that steals cryptocurrency keys, AKA a normal infostealer since like 2016) - Microsoft farted this one out just today.

Anything else?

Religion, human rights 

My LinkedIn is cleaning itself out, apparently. Disconnecting from a former-friend who is *apparently* doing marketing work on the Catholic church's vitriolic pro-life propaganda. A bridge worth burning.

My Bing in Christ how have you discovered 1,000 pages to index, you're reading the same two HTML files over and over??

Anyway. Capitalism working as intended for Reddit. Just stuck with me tonight.

G'night fediverse. <3

Show thread

That's kind of snarky, but honestly, I feel like I've earned the right to be snarky haha.

I do like moderating. Being a janitor for such a big audience, connecting with folks online, improving the quality and quantity of positive InfoSec spaces, etc. are all important to me personally.

But having a dollar value assigned - to me - then forced a bit of mental calculation for "the thousands of dollars Reddit makes off our subreddit alone, I get... cents per hour."

I'd almost prefer nothing.

Show thread

Just in case folks wondered what the exact dollar value Reddit allocates to volunteer moderators is - I was allocated about $100 ($50 snack box, plus a comparable-cost second option) for going on 1.5 years of effort.

There are a few days when someone says thanks for keeping a clean discussion space, but that's about the only time this feels worthwhile (and even then, only briefly).

Hey fediverse! The subreddit has an AMA with several CISO Series staff starting now - probably one of my favorite AMA series (if not *the* favorite AMA series).

What's the five year security strategy look like elsewhere? Is cereal soup? Only one way to find out :)

Marie Kondo your system with this one weird trick: mount ~/Downloads as tmpfs. Anything you don't explicitly save elsewhere disappears on reboot.

Side note: how long do you think I'll last before losing something I needed because of this?

I can't be the only person for whom installing a new OS sparks joy, right?

Saving everything I need from my desktop, then wiping and starting again.

Just don't forget anything - that'd kill the zen fast!

This I have a little something special. Source material.

Everyone reading: "What?"

Source material - that is to say, 30.3 GB of whole genome sequencing results for my cat, Aida.

As far as "I need x large file served worldwide at reasonable speed with full HTTP support" remains my go-to, though a more expensive option for almost every workload.

Show thread

First impressions of Cloudflare R2: positive on pricing, positive on vision, negative on the current state being "implement your own $everything to interact with it."

Being able to make a bucket public (with standard support for HTTP's tomfoolery, such as complete support for ranges, etc.) but behind Cloudflare's CDN is much-needed. Hopeful for the future there.

Several of my coworkers left for Coinbase in October/November, where they got a hefty increase in compensation (salary plus RSUs).

Unfortunately, that was when Coinbase was trading around ~$330, where it's now ~$73 ... a loss of ~78%.

I really don't know if they ended up making more money in the end.

I am starting a vote to ban EC-Council (and their certifications) from the entire r/cybersecurity subreddit, due to repeated rule violations including advertising and guerrilla marketing.

Wish me luck :)

Show older

Taking the "Twitter" out of "InfoSec Twitter."