Notices by Tarah Wheeler 🖖♦️ (tarah@infosec.exchange)

I'm just like any modern woman trying to have it all. It's just...I wish I had more time to seek out the dark forces and join their hellish crusade. That's all.

I do this ish for a living, I am an AI developer and researcher, and *I* don’t fully understand the security implications. What hope do regular users have?

https://www.windowscentral.com/microsoft/windows-11/microsoft-warns-security-risks-agentic-os-windows-11-xpia-malware

Good news, everyone! The password has been updated to "LouvreWinter2025!" and is now compliant with our password change policies.

It does bear repeating that “the only unhackable computer is one that’s running a secure operating system, welded inside a steel safe, buried under a ton of concrete at the bottom of a coal mine guarded by the SAS and a couple of armoured divisions, and *switched off*”.

~ @cstross

I protest.

https://www.thetimes.com/world/europe/article/diet-worms-climate-change-france-wcsxtr2jj#:~:text=Crunchy%20worms%20au%20paprika%2C%20carrot,and%20other%20leading%20French%20chefs.

@catsalad OMG thank you for understanding my humorrrrrr it is dad I mean bad puns

Gentlemen, I appreciate that courtesy isn't dead, and modesty won't forbid me from acknowledging that I look like a total smokeshow today but I beg you to cease holding doors open for me into secured facilities.

Today I introduced someone to a Seattle Dog for the first time.

You cannot contain joy. Especially not when smothered in grilled onions and cream cheese.

Street food and community is *also* valid revolution.

"what's their email address?" IDK
"what's their phone number?" IDK
"what's their last name?" I don't even know their first name
"I thought you said this was a good friend. What *do* you know?"

I have their Signal handle, their hacker name, and a raft of questionable collaborative activities. #BFF

If you're going to invite me to a thing at RSAC, there's a spectrum of bs behavior I'll be evaluating in balance with the quality of the catering.

If it's a good cause, save your money and make it a cash bar.

If I have to put up with misogyny, there better be hot crab dip and the *good* stuffed mushrooms.

@malwaretech @mkoek the closest indicator that could be measured is real purchasing power based on a basket of goods that have relevant impact. Measure the cost of braces and rotisserie chicken and gas and insurance copays and yes, even eggs. But the key is not the actual cost. It’s the delta between how much someone on a fixed or trailing salary can afford to purchase of those goods and the inflated cost. That gap has massively widened in the last 10 years.

The reason we are all obsessed with eggs is they’re a cheap protein that is flexible, storable, and ubiquitous. I used to be able to buy eggs at .99c a dozen 20 years ago, and 1.99/doz ten years ago. They’re now $10/doz in Seattle. In the last ten years, the cost of the most common and accessible protein has risen 5x but the median salary certainly has not.

When someone used to be able to afford steak and now they can’t afford hamburger, they correctly perceive it as losing something. That’s the sentiment @malwaretech is saying to measure.

I say this as a CEO: From now on, when children’s health data is compromised because multi factor authentication was not enforced, fire the CEO, not the CISO. I mean, sure, fire the CISO as well, but the CEO bears the responsibility. An update on the PowerSchool breach from the ever-incise @dangoodin https://arstechnica.com/security/2025/01/students-parents-and-teachers-still-smarting-from-breach-exposing-their-info/

I want to *physically* go to a store with safety glasses and order prescription lenses for them. I need motorcycle goggles.

Prescription safety glasses are too expensive to simply order online without having tried the frames first. Does anyone know a place in Seattle? Does Oakley do it?

I know some truly wonderful infosec journalists but here's a thing I need help with: currently, there are essentially *no* news stories out there about MSPs, small business cybersecurity - anything really meaningful beyond "here's a puff piece on a commercial white paper that did sentiment analysis on 70 small biz owners and they're all scared of furrin hackerz" or PR releases on "Google just bought an MSP in Indonesia".

Is there a cyber journalist with a beat that doesn't focus on the big gov and F500 stories?

In time, all data becomes either totally public, or disappears completely.

Clicking on a phishing email is not an “advanced cyberattack.” https://therecord.media/cyberhaven-hack-google-chrome-extension

I am a pilot and I am begging you: do not shine lasers at things in the air. You can kill us by blinding us at night. You’re not detecting UFOs; you’re blinding women like me driving beater SkyToyotas, animal rescue pilots, and Angel flights bringing rural cancer patients to hospitals.

This is Donation Week, and I want to see your Signature, Technical, and Showstopper donations as our @eff Attack Lawyers defend your rights in a battle for the ages.

Welcome to the Electronic Frontier Foundation.

https://eff.org/angrydollars

Oh goodness…schadenfreude? For MEEEE? You shouldn’t have.

No, really, you shouldn’t have. You should have been listening to us all along when we told you this would happen. A lot.

https://www.nbcnews.com/tech/security/us-officials-urge-americans-use-encrypted-apps-cyberattack-rcna182694

oh my god this is a utter #infosec banger and it should be heard by every #SOC this wknd

"CISO doesn’t have a clue.
No idea what to do.

He designed our security plan
though he's fallen for every scam
Writes backups straight to tape drive
His password is 12345"

https://www.youtube.com/watch?v=PbD4Q4Z1wwA