Tootfinder

Opt-in global Mastodon full text search. Join the index!

@grumpybozo@toad.social
2025-08-04 23:00:21

I just noticed the existence of mod_md for httpd. That's cool. I wonder if I can make it work.
I hate Certbot and am getting to hate acme.sh
#Sysadminnery #WebPoking #InfoSec

@SmartmanApps@dotnet.social
2025-08-05 01:10:30

#InfoSec

AI LLMs are now so clever that they can independently plan and execute cyberattacks without human intervention
Large language models (LLMs) have long been considered useful tools in areas like data analysis, content generation, and code assistance. However, a …

@Xavier@infosec.exchange
2025-07-08 17:11:34

An #infosec drama, in two screenshots.

The image is a screenshot of a Twitter post by a user named Quackity, featuring a promotional tweet about a product called DABABEL. The tweet reads: "INTRODUCING DABABEL. THE UNIVERSAL REAL TIME TEXT AND VOICE TRANSLATION TOOL. SPEAK ANY LANGUAGE, WITH ANYBODY, ANYWHERE. AVAILABLE RIGHT NOW." Below the text, there is an image of two men sitting on stools, with one holding a smartphone. The man on the right is wearing a black t-shirt with the text "CAMPO REAL SOCCER" on it. The background is wh…
The image displays a mobile phone screen showing a subscription plan selection interface. The background is black, and the text is primarily white with some red and blue accents. At the top, the time is 7:04, and the battery is at 33%, with 5G connectivity indicated. The interface features several subscription plans: Pro Plan: Highlighted as "Popular," priced at $17.99 weekly, offering 10,000 credits, suitable for regular travelers and those who work, learn, and create across borders. …
@cjust@infosec.exchange
2025-07-15 22:39:21

Some of my best jokes just go to waste.
Also - these ones.
#Beyonce #Infosec101

MR 2 min -> A security incident you can use. Beyonce unreleased music stolen out of a producer's SUV in a parking garage. -> Dude on the 911 call is sad yet funny in his panic <- Is he asking them to . . . Ring The Alarm? <- Mentioning that the songs are . . . Irreplaceable?
@losttourist@social.chatty.monster
2025-09-30 08:56:22

#NIST have issued updated #password guidelines for businesses. Interestingly they now say that requiring special characters is no longer a recommendation, but longer passwords / passphrases (using spaces) is a better idea.
I say "interesting" because that's something I've been doing for many years, long before I discovered password managers to remember things for me.
#infosec

@grumpybozo@toad.social
2025-09-02 23:06:57

My sensor points for this manage their reactive blocking on Hotel California principles, so what was remarkable to me about today is the rate of entirely new sources of telltale sketchy behaviors. The whack-a-mole bot was wielding a dozen hammers at once.
#infosec

@floheinstein@chaos.social
2025-09-16 08:09:39

Why use a URL shortener when you can use a phishy URL extender?
#infosec

https://cheap-bitcoin.online/backdoor-loader/rat-controller/malware_patch.exe?cachecontrol=inject&cookievalue=steal&file=poison&id=fc3188fb&payload=%28function%28%29%7B+return+Math.floor%284.9%29%3B+%7D%29%28%29%3B&port=scan
@TFG@social.linux.pizza
2025-08-07 10:49:46

ActivitiesCache.db FTW!!!
#dfir #infosec #DigitalForensics

@johndoe@social.linux.pizza
2025-07-19 19:56:14

Just my two cents on the latest malicious AUR packages. This should serve as a reminder to everyone to not install whatever you find on AUR. Be critical, do some due dilligence to verify legimiacy. Check if if what you are looking for exist in pacman first. #cybersecurity #infosec

@kurtsh@mastodon.social
2025-09-10 03:51:15

JFC. The stupid... it burns.
Rly Portland School district?
#infosecfail #portland
From: @…

i am root (@null@puddle.town)
Portland Public School district’s response to an increase in hacked student Google accounts is to force-disable MFA, with the provided rationale being that MFA is making it harder to recover accounts. WTF. You’re doing it very wrong. Now I gotta email the district… again. #pps #infosec #fail

@floheinstein@chaos.social
2025-07-07 11:10:54

Save the Date:
‪RT Disobey_Fi€ disobeyfi.bsky.social€
Psst! Some dates may have been confirmed!
Those dates may be Feb 13-14 2026!
disobey.fi/2026/
#infosec #itsecurity #disobey

Magenta light beams illuminating a stage in front of that the text Disobey The Nordic Security Event 13th and 14th February 2026 Kaapelitehdas, Helsinki, Finland
@grumpybozo@toad.social
2025-07-06 18:16:54

Just like one prevents losing money by having none.
But seriously, “just use Linux” is the territorial call of the not-so-bright teenage geek. It screams of solipsism and inexperience. I say this as someone who has never chosen Windows for anything.
The idea that the solution to #infosec is for organizations to dump Windows and run Linux instead is a childish fantasy.

Joel Pomales (@joelpomales@mastodon.social)
@08956495@infosec.exchange this is disingenuous considering that there are technical solutions to prevent this. Like, for example, using Linux instead of Windows.

@grumpybozo@toad.social
2025-09-12 18:14:49

Oh #ShadowServer, now you're just being silly...
#InfoSec #Scanners

Snippet from a listing of a security log, showing a ShadowServer IPv4 address attempting to contact a (redacted) RFC1918 IPv4 address and being denied because the packet is supposedly protocol ID 41 (IPv6) Raw text, 3 lines: Sep 12 05:46:37 ‹security. info> shinyghost kernel: ipfw: 50000 Deny P:41 64.62.195.158 192.168. Sep 12 06:05:27 ‹security.info> shinyghost kernel: ipfw: 50000 Deny P:41 64.62.195.158 192.168. Sep 12 07:09:36 ‹security. info> shinyghost kernel: ipfw: 50000 Deny P:41 64.…