Notices by Tarah Wheeler 🖖♦️ (tarah@infosec.exchange)

Gentlemen, I appreciate that courtesy isn't dead, and modesty won't forbid me from acknowledging that I look like a total smokeshow today but I beg you to cease holding doors open for me into secured facilities.

Today I introduced someone to a Seattle Dog for the first time.

You cannot contain joy. Especially not when smothered in grilled onions and cream cheese.

Street food and community is *also* valid revolution.

"what's their email address?" IDK
"what's their phone number?" IDK
"what's their last name?" I don't even know their first name
"I thought you said this was a good friend. What *do* you know?"

I have their Signal handle, their hacker name, and a raft of questionable collaborative activities. #BFF

If you're going to invite me to a thing at RSAC, there's a spectrum of bs behavior I'll be evaluating in balance with the quality of the catering.

If it's a good cause, save your money and make it a cash bar.

If I have to put up with misogyny, there better be hot crab dip and the *good* stuffed mushrooms.

@malwaretech @mkoek the closest indicator that could be measured is real purchasing power based on a basket of goods that have relevant impact. Measure the cost of braces and rotisserie chicken and gas and insurance copays and yes, even eggs. But the key is not the actual cost. It’s the delta between how much someone on a fixed or trailing salary can afford to purchase of those goods and the inflated cost. That gap has massively widened in the last 10 years.

The reason we are all obsessed with eggs is they’re a cheap protein that is flexible, storable, and ubiquitous. I used to be able to buy eggs at .99c a dozen 20 years ago, and 1.99/doz ten years ago. They’re now $10/doz in Seattle. In the last ten years, the cost of the most common and accessible protein has risen 5x but the median salary certainly has not.

When someone used to be able to afford steak and now they can’t afford hamburger, they correctly perceive it as losing something. That’s the sentiment @malwaretech is saying to measure.

I say this as a CEO: From now on, when children’s health data is compromised because multi factor authentication was not enforced, fire the CEO, not the CISO. I mean, sure, fire the CISO as well, but the CEO bears the responsibility. An update on the PowerSchool breach from the ever-incise @dangoodin https://arstechnica.com/security/2025/01/students-parents-and-teachers-still-smarting-from-breach-exposing-their-info/

I want to *physically* go to a store with safety glasses and order prescription lenses for them. I need motorcycle goggles.

Prescription safety glasses are too expensive to simply order online without having tried the frames first. Does anyone know a place in Seattle? Does Oakley do it?

I know some truly wonderful infosec journalists but here's a thing I need help with: currently, there are essentially *no* news stories out there about MSPs, small business cybersecurity - anything really meaningful beyond "here's a puff piece on a commercial white paper that did sentiment analysis on 70 small biz owners and they're all scared of furrin hackerz" or PR releases on "Google just bought an MSP in Indonesia".

Is there a cyber journalist with a beat that doesn't focus on the big gov and F500 stories?

In time, all data becomes either totally public, or disappears completely.

Clicking on a phishing email is not an “advanced cyberattack.” https://therecord.media/cyberhaven-hack-google-chrome-extension

I am a pilot and I am begging you: do not shine lasers at things in the air. You can kill us by blinding us at night. You’re not detecting UFOs; you’re blinding women like me driving beater SkyToyotas, animal rescue pilots, and Angel flights bringing rural cancer patients to hospitals.

This is Donation Week, and I want to see your Signature, Technical, and Showstopper donations as our @eff Attack Lawyers defend your rights in a battle for the ages.

Welcome to the Electronic Frontier Foundation.

https://eff.org/angrydollars

Oh goodness…schadenfreude? For MEEEE? You shouldn’t have.

No, really, you shouldn’t have. You should have been listening to us all along when we told you this would happen. A lot.

https://www.nbcnews.com/tech/security/us-officials-urge-americans-use-encrypted-apps-cyberattack-rcna182694

oh my god this is a utter #infosec banger and it should be heard by every #SOC this wknd

"CISO doesn’t have a clue.
No idea what to do.

He designed our security plan
though he's fallen for every scam
Writes backups straight to tape drive
His password is 12345"

https://www.youtube.com/watch?v=PbD4Q4Z1wwA

@patrickcmiller oh my god

@silverwizard what a fascinating movie. I am intrigued.

@Brad_Rosenheim hunger games is dudes. Frozen is dudes. Brave definitely qualifies. And Beasts of the Southern Wild is a *brilliant* addition to my list.

Dear internet: I would like your favorite movies about women overcoming huge/galactic obstacles. Those obstacles should not be dudes.

Good example: Gravity, Coraline
Bad Example: Kill Bill, Bombshell

EDIT: must be the main narrative, not a side quest. Hence, General Organa/Naomi Nagata don’t count.

This is a day where I’m LinkedIn-discovering a lot of people who are claiming to be cyber experts who’ve never held any role other than government policy or investment.

It vexes me when I’m brought in to mop up a situation created by people who’ve never touched a keyboard and yet somehow have been appointed to roles running government cyber policy development. I am greatly vexed.

Ask civil engineers who have built a bridge before making transportation budget policy. Ask doctors who have called a time of death before making medical policy. Ask survivors of abuse before making victim protection policy.

For heavens sake, ask a person who’s hacked a system before making cyber policy intended to fight cyber crime.

EDIT: if you’re in government and reading this and wondering if I’m subtooting you, I’m not. Anyone I’m talking about hasn’t ever heard of the fediverse 🙃🙃🙃 and I am absolutely shading them.

@dymaxion @deviantollam we both have mother tongues. For me, it’s the LOTR appendices and knowing which Doctor is which. For him, it’s whatever language he’s speaking when he orders a cheese steak in Philadelphia. It’s like when Gandalf utters the tongue of Morgoth; the skies darken, and a “wiz wit” appears.