@ryanc I found it here https://www.manufactum.com/door-mat-wire-mesh-a88879/
I haven't checked if they'd deliver it to where you are, but I assume you can find something similar locally anyway.
@gsuberland
Notices by Ben Aveling (benaveling@infosec.exchange)
-
Embed this notice
Ben Aveling (benaveling@infosec.exchange)'s status on Sunday, 03-Nov-2024 06:36:27 JST 
Ben Aveling
-
Embed this notice
Ben Aveling (benaveling@infosec.exchange)'s status on Sunday, 03-Nov-2024 06:32:44 JST
Ben Aveling
@ryanc I've seen people using a wire mat under a conventional mat.
But there are also a sort of combined thing available that possibly works better.
@gsuberland -
Embed this notice
Ben Aveling (benaveling@infosec.exchange)'s status on Tuesday, 24-Sep-2024 23:28:56 JST
Ben Aveling
@GossiTheDog @iaintshootinmis we’re told there’s some simple mitigations that will be included in the announcement on the 6th.
Probably worth scheduling someone to watch for those, with stakeholder contact details and access to whatever mgt tooling you use for deploying changes/running commands across the fleet.
For some companies that means scheduling a change/outage window, so there might be some prep required for that.
#EvilSocket #EvilSocketVuln -
Embed this notice
Ben Aveling (benaveling@infosec.exchange)'s status on Tuesday, 27-Aug-2024 04:44:52 JST
Ben Aveling
@jeffowski They will never admit they were fooled. They will however magically pivot to never having supported him.
-
Embed this notice
Ben Aveling (benaveling@infosec.exchange)'s status on Friday, 23-Aug-2024 02:01:43 JST
Ben Aveling
@mcc I got a HD in 1st year quantum physics. I understood nothing about quantum physics, but I could apply the formulae.
-
Embed this notice
Ben Aveling (benaveling@infosec.exchange)'s status on Tuesday, 06-Aug-2024 19:21:05 JST
Ben Aveling
@ryanc Looking around, current consensus seems to be that if quantum ever happens, then ECDH is not going to be resistant.
On the other paw, 1. it's not clear that quantum will happen (because noise) and 2. even if we were sure that quantum will happen, it's not clear that any of the current alternatives are better.
Perhaps the old adage still holds, the only enduring secret is the one that isn't written down.
@ada -
Embed this notice
Ben Aveling (benaveling@infosec.exchange)'s status on Monday, 12-Feb-2024 18:53:11 JST
Ben Aveling
@ryanc if you’re mitm’d then it doesn’t matter how good your password is…
-
Embed this notice
Ben Aveling (benaveling@infosec.exchange)'s status on Monday, 12-Feb-2024 05:30:53 JST
Ben Aveling
@ryanc how did we segue to phishing?
-
Embed this notice
Ben Aveling (benaveling@infosec.exchange)'s status on Friday, 09-Feb-2024 20:41:05 JST
Ben Aveling
@ryanc interesting.
back of the envelope calculation for that attack, assuming 6 letter words, chosen randomly, 3 letters, chosen randomly, 5 guesses, attacker has full knowledge of those 3 letters => almost 70% chance of guessing.
Much harder if the attacker knows the letters but not the exact locations.
Also a lot harder if the bank is deliberate in its choosing of letters rather than completely random - many words have some combination of 3 letters that are a complete 100% giveaway and other combinations that are very much not. -
Embed this notice
Ben Aveling (benaveling@infosec.exchange)'s status on Sunday, 04-Feb-2024 21:23:06 JST
Ben Aveling
@ryanc … but you only get a few wrong guesses before it locks.
-
Embed this notice
Ben Aveling (benaveling@infosec.exchange)'s status on Thursday, 01-Feb-2024 20:56:34 JST
Ben Aveling
@aris @ryanc …implies that it must have happened repeatedly.
All GNU social JP content and data are available under the