Relevant: https://jorts.horse/@ecosurrealism/114088955703056555
Notices by Ben Aveling (benaveling@infosec.exchange)
-
Embed this notice
Ben Aveling (benaveling@infosec.exchange)'s status on Sunday, 18-Jan-2026 00:30:08 JST
Ben Aveling
-
Embed this notice
Ben Aveling (benaveling@infosec.exchange)'s status on Friday, 16-Jan-2026 04:58:14 JST
Ben Aveling
In conversation from infosec.exchange permalink -
Embed this notice
Ben Aveling (benaveling@infosec.exchange)'s status on Monday, 21-Apr-2025 19:56:40 JST
Ben Aveling
@patrickcmiller Need scare quotes around "reasons"
In conversation from infosec.exchange permalink -
Embed this notice
Ben Aveling (benaveling@infosec.exchange)'s status on Sunday, 13-Apr-2025 07:37:15 JST
Ben Aveling
@Uair @feld cold weather does cause colds, via precisely the mechanism you identified. Old wives are worth listening to.
In conversation from gnusocial.jp permalink -
Embed this notice
Ben Aveling (benaveling@infosec.exchange)'s status on Saturday, 12-Apr-2025 19:34:44 JST
Ben Aveling
With apologies to Benjamin Schwartz. #NewYorkerCartoons #NewYorkerCartoonsUpdated #fads #AI #Crypto #Quantum #Hype #VC
In conversation from infosec.exchange permalink Attachments
-
Embed this notice
Ben Aveling (benaveling@infosec.exchange)'s status on Friday, 11-Apr-2025 03:05:36 JST
Ben Aveling
@adamshostack They spend more on lawyers than they spend on security.
In conversation from infosec.exchange permalink -
Embed this notice
Ben Aveling (benaveling@infosec.exchange)'s status on Thursday, 27-Feb-2025 21:56:11 JST
Ben Aveling
@pluralistic @Starkimarm
Wolf: let me explain why fences are bad for sheepIn conversation from infosec.exchange permalink -
Embed this notice
Ben Aveling (benaveling@infosec.exchange)'s status on Sunday, 12-Jan-2025 07:37:59 JST
Ben Aveling
@patrickcmiller It's almost as if being a Nazi's disqualifies you from having a sense of humour.
In conversation from infosec.exchange permalink -
Embed this notice
Ben Aveling (benaveling@infosec.exchange)'s status on Monday, 30-Dec-2024 04:31:18 JST
Ben Aveling
@hramrach engagement based on anger is a sugar hit. It’s real, and compelling in the moment. But it also makes visiting whatever site less attractive @mekkaokereke @UP8 @dalias
In conversation from infosec.exchange permalink -
Embed this notice
Ben Aveling (benaveling@infosec.exchange)'s status on Sunday, 03-Nov-2024 06:36:27 JST
Ben Aveling
@ryanc I found it here https://www.manufactum.com/door-mat-wire-mesh-a88879/
I haven't checked if they'd deliver it to where you are, but I assume you can find something similar locally anyway.
@gsuberlandIn conversation from infosec.exchange permalink Attachments
-
Embed this notice
Ben Aveling (benaveling@infosec.exchange)'s status on Sunday, 03-Nov-2024 06:32:44 JST
Ben Aveling
@ryanc I've seen people using a wire mat under a conventional mat.
But there are also a sort of combined thing available that possibly works better.
@gsuberlandIn conversation from infosec.exchange permalink Attachments
-
Embed this notice
Ben Aveling (benaveling@infosec.exchange)'s status on Tuesday, 24-Sep-2024 23:28:56 JST
Ben Aveling
@GossiTheDog @iaintshootinmis we’re told there’s some simple mitigations that will be included in the announcement on the 6th.
Probably worth scheduling someone to watch for those, with stakeholder contact details and access to whatever mgt tooling you use for deploying changes/running commands across the fleet.
For some companies that means scheduling a change/outage window, so there might be some prep required for that.
#EvilSocket #EvilSocketVulnIn conversation from gnusocial.jp permalink -
Embed this notice
Ben Aveling (benaveling@infosec.exchange)'s status on Tuesday, 27-Aug-2024 04:44:52 JST
Ben Aveling
@jeffowski They will never admit they were fooled. They will however magically pivot to never having supported him.
In conversation from infosec.exchange permalink -
Embed this notice
Ben Aveling (benaveling@infosec.exchange)'s status on Friday, 23-Aug-2024 02:01:43 JST
Ben Aveling
@mcc I got a HD in 1st year quantum physics. I understood nothing about quantum physics, but I could apply the formulae.
In conversation from infosec.exchange permalink -
Embed this notice
Ben Aveling (benaveling@infosec.exchange)'s status on Tuesday, 06-Aug-2024 19:21:05 JST
Ben Aveling
@ryanc Looking around, current consensus seems to be that if quantum ever happens, then ECDH is not going to be resistant.
On the other paw, 1. it's not clear that quantum will happen (because noise) and 2. even if we were sure that quantum will happen, it's not clear that any of the current alternatives are better.
Perhaps the old adage still holds, the only enduring secret is the one that isn't written down.
@adaIn conversation from infosec.exchange permalink -
Embed this notice
Ben Aveling (benaveling@infosec.exchange)'s status on Monday, 12-Feb-2024 18:53:11 JST
Ben Aveling
@ryanc if you’re mitm’d then it doesn’t matter how good your password is…
In conversation from infosec.exchange permalink -
Embed this notice
Ben Aveling (benaveling@infosec.exchange)'s status on Monday, 12-Feb-2024 05:30:53 JST
Ben Aveling
@ryanc how did we segue to phishing?
In conversation from infosec.exchange permalink -
Embed this notice
Ben Aveling (benaveling@infosec.exchange)'s status on Friday, 09-Feb-2024 20:41:05 JST
Ben Aveling
@ryanc interesting.
back of the envelope calculation for that attack, assuming 6 letter words, chosen randomly, 3 letters, chosen randomly, 5 guesses, attacker has full knowledge of those 3 letters => almost 70% chance of guessing.
Much harder if the attacker knows the letters but not the exact locations.
Also a lot harder if the bank is deliberate in its choosing of letters rather than completely random - many words have some combination of 3 letters that are a complete 100% giveaway and other combinations that are very much not.In conversation from infosec.exchange permalink -
Embed this notice
Ben Aveling (benaveling@infosec.exchange)'s status on Sunday, 04-Feb-2024 21:23:06 JST
Ben Aveling
@ryanc … but you only get a few wrong guesses before it locks.
In conversation from infosec.exchange permalink -
Embed this notice
Ben Aveling (benaveling@infosec.exchange)'s status on Thursday, 01-Feb-2024 20:56:34 JST
Ben Aveling
@aris @ryanc …implies that it must have happened repeatedly.
In conversation from infosec.exchange permalink