Well, #RSAC2025 is in the bag. Happy to be home, but many good conversations were had.
3.5.2025 16:42Well, #RSAC2025 is in the bag. Happy to be home, but many good conversations were had.Best picture I got on my phone of the #eclipse from Indianapolis...
9.4.2024 02:12Best picture I got on my phone of the #eclipse from Indianapolis...Not watching @pancakescon? - you are missing out...
24.3.2024 16:58Not watching @pancakescon? - you are missing out...https://www.pancakescon.comWell, first pass thru the cURL details. Should be easy enough to threathunt. Perhaps not quite "sky is falling" like Log4J was, but still bad depending on your environment. Another cause of if you have a complete SBOM inventory you'll have a much easier time responding to this...
https://curl.se/docs/CVE-2023-38545.html
11.10.2023 11:45Well, first pass thru the cURL details. Should be easy enough to threathunt. Perhaps not quite "sky is falling" like Log4J was,...Oh look, an admission that Alexa listens all the time. No wake word needed.
2.6.2023 01:56Oh look, an admission that Alexa listens all the time. No wake word needed.Nothing against them - but I'm looking forward to not spending time with lawyers tomorrow.
30.12.2022 03:17Nothing against them - but I'm looking forward to not spending time with lawyers tomorrow.@merill I was able to setup Passkey under Chrome (by enrolling as a 'USB Hardware Key") as well as Mac TouchID (by enrolling as 'Windows Hello').
Although FIDO2 does not yet work in all scenarios (please make this better!) It's orders of magnitude better than the authenticator app.
Can you see about getting the security enrolling pages updated for the latest nomenclature so everyone knows they can in fact use phishing resistant #mfa with a Live accounts?
16.11.2022 00:14@merill I was able to setup Passkey under Chrome (by enrolling as a 'USB Hardware Key") as well as Mac TouchID (by enrolling as...State sponsored actors compromised "unknown" CA.... How is this 'unknown' but a known story....
15.11.2022 23:59State sponsored actors compromised "unknown" CA.... How is this 'unknown' but a known...Of course, it would be really nice if #passkey worked from the mobile app as well. Seems we have to keep the Microsoft Authenticator around for a while longer yet. :(
15.11.2022 04:26Of course, it would be really nice if #passkey worked from the mobile app as well. Seems we have to keep the Microsoft Authenticator around...Just discovered that personal Microsoft accounts now support Passkey! You can enroll a Mac TouchID as 'Windows Hello' (and of course use Hello natively) - and Android and IOS phones as passkey by selecting the USB token option while using chrome.
#passkey #fido2 #mfa
Hint for #mfa on Mastodon.
'Security Keys' can be Windows Hello (on your Widows device), TouchID (Mac) and Passkey (IOS or Android) as well as a Yubikey (or similar).
15.11.2022 01:02Hint for #mfa on Mastodon.'Security Keys' can be Windows Hello (on your Widows device), TouchID (Mac) and Passkey (IOS or Android)...I really hate how vendors are pricing tools out of home enthusiasts reach.
Latest - want to use HAProxy on pfSense with a SAML Idp (an enterprise feature) - minimum cost over $8k. A great deal for an enterprise - just plain insane for a home network. After all - why wouldn't I want to use #fido2 to protect my home network?
13.11.2022 02:16I really hate how vendors are pricing tools out of home enthusiasts reach. Latest - want to use HAProxy on pfSense with a SAML Idp (an...Looking for a Cybersecurity Architect to join my team in London, UK. For more information, please see the post: https://uk-stonex.icims.com/jobs/7825/cyber-security-architect/job
12.11.2022 21:51Looking for a Cybersecurity Architect to join my team in London, UK. For more information, please see the post:...I don't think I'll ever get over 'tooting' about passkeys... #usemfa
12.11.2022 21:11I don't think I'll ever get over 'tooting' about passkeys... #usemfaWell now, @CISAjen is here. infosec.exchange must be the official destination for infosec Twitter refugees....
12.11.2022 21:00Well now, @CISAjen is here. infosec.exchange must be the official destination for infosec Twitter refugees....⬆️
⬇️