Notices by Jake Williams (malwarejake@infosec.exchange)

Again, Microsoft - unsolicited advertisements for games have NO PLACE in Windows 11 Professional. Please slap whoever decided this was appropriate.

It's 2025 - please stop using the terms whitelisting and blacklisting. Yes, I know many of these terms were acceptable when you were growing up.

Continuing to use them today shows you're unable to adapt to change, which particularly in high-change environments like cybersecurity, is NOT a good look.

If you're a leader in tech, take this to your stakeholders and explain the implications. Many of the AI-enabled apps your users are integrating into their workflows (or outright relying on) could literally cease to exist with a single court ruling.
https://www.wired.com/story/thomson-reuters-ai-copyright-lawsuit/

DOGE is a bigger threat to US federal government information systems than China. If you find this statement controversial, I'm going to question your IT and cybersecurity credentials.

Only those wanting to scam consumers are threatened by the existence of the CFPB.

I said what I said.

Hot take: the cybersecurity industry wastes an incalculable amount of effort "remediating vulnerabilities" in code because a library used has some "vulnerability" that can't actually be exploited in the way it's used in the application.

Find yourself someone who buys you a life size metal Sword of Omens from Thundercats for Christmas.

Never, EVER, do anything that might create personal legal liability for yourself on behalf of your org.

No matter what anyone says, you are not "family." You are not "in this together." And most importantly they do NOT "have your back."

Have been low key thinking about replacing a vehicle and decided yesterday to jump on it before prices soar due to tariffs. This is $50k I would have spent in mid-late 2025 that I'm spending now.

Got to wondering:
How many others are doing this?
How does this reflect in economic reporting?

Publicly declaring "I will give you a child" to someone you have no consenting relationship with is a threat of sexual assault, full stop.

My favorite thing about the Telegram arrest is that "normies" are asking me if this is why I've been refusing to use it for comms and moving them to Signal instead.

Yes. Yes it is...

Management "helping" with the incident response...

Big feels...

Misunderstanding threat actor capabilities...

Deploying honey tokens in the network to catch attackers...

CISOs: please stop asking "how will AI fix X"

If AI widely solved the problems you're delusionally thinking/hoping/praying it will, you wouldn't have to ask consultants about it. Your peers wouldn't be able to shut up about it. Thanks for coming to my TED Talk...

Privilege escalation with Python...

Threat actor disabling the EDR before deploying a destructive cyberattack...

If you're considering using Gusto for HR outsourcing, just don't. I legit do not understand how these clowns stay in business. It's so bad, it would take something very special for me to even work at a company using Gusto for benefits administration again.

Congratulations Gusto - you've inspired me to add new questions to my interview process when looking for jobs "do you use Gusto?"

Narrator voice: "it was not, in fact, 13 seconds"