computer security person. former helpdesk.
Joined April 2014
- Tweets 180,618
- Following 9,232
- Followers 409,855
- Likes 160,342
21,234 Photos and videos
Fun fact: The European language does not have a word for "freedom"
86
16
274
57,497
Europeans remember to submit your post to the EU for approval first
2
5
55
5,164
SwiftOnSecurity retweeted
Adult Europeans with a social media permit are going to be so mad at you
3
3
111
14,638
SwiftOnSecurity retweeted
Jun 12
No, your tax dollars not paying for this. The Ad Council is a nonprofit that promote public-service announcements.
The initial stated reason was to get nice charitable messages out to the public, but now it's pretty much just used to fill unsold ad time. These are wildly common on overnight radio.
Now some of the ads might have been paid for by the government - the NHTSA runs *a lot* of traffic-safety ads - but they're not paying for any airtime.
1
1
17
15,276
Jun 12
Taylor Swift observing her children at the Game Day Rec dance regionals
1
2
68
8,551
Jun 12
Can someone in American manufacturing explain if this factory is... real? How is this amount of labor and speed profitable? youtu.be/p40gaCou2Qs
9
2
20
13,151
SwiftOnSecurity retweeted
Jun 12
IT HAPPENED. I pointed at a thing and called it a tank and my partner was like, "um, no, it's a self-propelled howitzer"
20 Sep 2020
If you want to identity a piece of military hardware just post a picture to Twitter calling it a "tank."
I'm seriously not joking. It's like that thing about giving wrong answers in a tech forum gets you the right answer from somebody else faster.
5
10
454
31,141
Jun 11
Saw someone driving my car except with their top on and I let them know exactly how much of a piece of shit I thought they were
4
54
9,270
Jun 11
RIP to all the baddies lost on Olympic Carrier, this date in 21354
4
2
54
11,612
Jun 11
RIP to all the baddies lost on the Olympic Carrier, this date in 21354
1
2
37
7,228
Jun 11
> 3-day IT problem on my radar as they finally blame Security
> listen for a few minutes
> thats not what bidirectional networking means
> neither you nor vendor staff understands they are a military contractor who has to deal with data diodes
> server doesn't need SYN to client
8
3
264
31,361
Jun 11
To prevent upstream influence from downstream device (like exfiltrating from higher security level in DoD/IC) there are "data diodes" and methods that make it so data (including just establishing a connection) can only flow one-way on a nominally bi-directional Ethernet link.
4
82
8,505
Jun 11
The short, curt format sounds like I'm contemptuous but I'm from years of helpdesk so that's mostly trained out of me, this pays my mortgage, and I contacted team directly with advice.
I need them to owe me, because there's a cybersecurity uplift coming they are NOT gonna like...
4
69
5,353
SwiftOnSecurity retweeted
Jun 11
Reminds me of my early PFE days when I had to fly to Alaska last minute because a customer was experiencing AD authentication issues. I get there, nothing wrong with the DCs, but nothing outside the datacenter can auth. Run packet captures, smells like network issue. Customer swears it isn't. On a hunch, I ask them if they recently rotated keys on a TACLANE (classified network), they say no, but they just upgraded one right before the issue started. Lucky for them I was former USAF and still in the ANG at the time, with experience managing TACLANEs. I tell them to rotate keys on both ends. Problem solved. Customer POC is super embarrassed for calling in a crit-sit when it wasn't remotely a MSFT problem.
1
60
11,250
SwiftOnSecurity retweeted
Jun 10
NEW: malware developers added nuclear & biological weapons text to to their spyware.
Goal? To trigger LLM safety refusals... so that their spyware wouldn't be analyzed by an AI security scanner.
Cleanest practical example I can think of for why over-indexing on first order safety alignment is risky.
When closed (and open) models ship with aggressive refusals, they will be sprinkled with second-order blindspots that attackers will discover...and exploit.
We are only in the earliest days of attackers leveraging these features, and it wouldn't surprise me if users systems that need to handle complex cybersecurity issues demand that models be less safety-blunted.
In the weeds: @SocketSecurity's post also shows why intention matters in how you design a malware analysis pipeline to avoid prompt manipulation.
H/T to colleagues that shared this with me socket.dev/blog/mini-shai-hu…
226
2,150
12,625
1,539,492
Jun 10
The best part of waking up is knowing how few degrees of Kevin Bacon I am from supporting Taylor Swift having a good day.
3
1
40
6,870
Jun 10
Imagine the NPCs who don't even get rendered for this simulation. At least I can walk around and like feel despair and stuff.
1
18
3,676