Tootfinder

Opt-in global Mastodon full text search. Join the index!

@qurlyjoe@mstdn.social
2026-05-19 04:22:28

#infosec #cisa #oopsie

‘The Worst Leak That I’ve Witnessed’: U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHub
Passwords were stored as plain text in a public GitHub repository.

@Xavier@infosec.exchange
2026-05-13 12:38:47

"Root Cause:
A dog named Kubernetes ate a YubiKey."
This a fun read.
"The legitimate maintainer has won €2.3 million in the EuroMillions and is researching goat farming in Portugal."
#infosec #incident

Incident Report: CVE-2024-YIKES
A series of unfortunate events.

@grumpybozo@toad.social
2026-06-16 18:49:53

No, really, creating a login role account so multiple people can have access to support a system is very bad.
— How I make developers look at me incredulously.
#InfoSec #Sysadminnery

@adulau@infosec.exchange
2026-03-22 15:23:16

Before submitting one or more talks to @… 2026, I wrote a blog post based on my 2024 presentation: Bring Back RSS for Operational Security.
#rss #infosec

Bring Back RSS for Operational Security
Personal webpage of Alexandre Dulaunoy - from information security to open source and art

@unixorn@hachyderm.io
2026-04-13 02:18:23

Every time I update my United credentials I get irritated by their #infosec incompetence.
The security questions require you to pick answers only from a dropdown menu. It barely even qualifies as checkbox security.
What other incompetence is hiding behind the scenes?

@floheinstein@chaos.social
2026-04-09 04:23:58

What wakes better in the morning than an ice cold shower or freshly brewed coffee ☕ / mate 🧉 ?
2390 unread messages in the inbox, all sent by someone called "Cron Daemon" 👹
#infosec #sysadmin

Cron Daemon: 2391 Element(e), 2390 ungelesen then four lines of "Cron Daemon" "[EXTERN] Cron" and a blacked out identifier
@whophd@ioc.exchange
2026-04-11 21:46:27

#infosec

@unixorn@hachyderm.io
2026-05-03 00:28:57

#infosec #ai #sre

@grumpybozo@toad.social
2026-05-01 12:45:12

I’ve had 3 requests from *different* supposed market survey entities who each claim to be working on behalf of an #InfoSec vendor seeking customer feedback.
They all got an explicit “FUCK OFF” response from me, and had their mail sent through our spam-learning gadgetry.
I’m not naming the vendor intentionally. Many people may recognize them as a spin-off from a very damaged brand. But …

@floheinstein@chaos.social
2026-04-22 04:48:12

Have you ever tried to dictate someone a private IPv4 address in French 🇫🇷 ?
I'm now pretty certain that whoever said "Let's use 192.168... subnets for this" did that to annoy - or as a gigantic prank. And I salute you for it.
Hundred four twenty twelve, hundred sixty eight...
#infosec #sysadmin

@grumpybozo@toad.social
2026-06-01 18:26:37

I’ve said it before and I will likely say it again:
If you value your secrets, you don’t use a 3rd-party "cloud" password manager.
Go ahead, keep doing it, but understand that you will be subject to other people's failures. Which WILL occur.
#InfoSec @…

mkj (@mkj@social.mkj.earth)
WTAF?! Getting locked out of your cloud-based password manager would be really quite inconvenient. Being locked out of it by the provider because of actions taken by an adversarial actor against your account would be rather worse! If you haven't, then please consider your backup plan for if you ever get locked out of the one service that lets you into for all intents and purposes everything else. Do you even have a current backup? https://www.theregister.com/security/2026/06/01/password-man…

@frankel@mastodon.top
2026-05-22 09:19:24

Project Glasswing: what Mythos showed us
#cloudflare

Project Glasswing: what Mythos showed us
In recent weeks, we pointed Mythos and other security-focused LLMs at live code across critical parts of our infrastructure. We share what we observed, the models’ strengths and weaknesses, and what the work around them needs to look like before any of it can scale.

@qurlyjoe@mstdn.social
2026-04-05 02:41:38

Mikko Hyppönen is going after drones.
#InfoSec #Finland #drone #Ukraine

After fighting malware for decades, this cybersecurity veteran is now hacking drones | TechCrunch
Mikko Hyppönen is one of the most recognizable faces of the cybersecurity industry. After fighting computer viruses, worms, and malware, for more than 35 years, he tells TechCrunch why he is now working on systems to stop killer drones.

@floheinstein@chaos.social
2026-05-06 03:03:49

Looks like the problem is fixed and .de-Domains are coming back
#DNSSEC #denic #infosec #DNS

3 part meme with pictures from Indiana Jones and the last crusade Top bar: Indiana Jones throwing a Nazi officer out of the Zeppelin. Indi is labelled DNS Server, the Nazi officer is labelled .de-domains Center bar: Nazi officer falling into a pile of luggage, all labelled NXDOMAIN Bottom bar: Indiana pointing out of the window where he just threw the officer out. He says RRSIG with malformed signature found for de/soa