GNU social JP
  • FAQ
  • Login
GNU social JPใฏๆ—ฅๆœฌใฎGNU socialใ‚ตใƒผใƒใƒผใงใ™ใ€‚
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Notices by Bob Lord ๐Ÿ” :donor: (boblord@infosec.exchange)

  1. Embed this notice
    Bob Lord ๐Ÿ” :donor: (boblord@infosec.exchange)'s status on Friday, 14-Feb-2025 05:22:56 JST Bob Lord 🔐 :donor: Bob Lord ๐Ÿ” :donor:

    I'm tired of reading about "sophisticated actors" who just asked for and were given the admin password. Has anyone produced a classification scheme to rate threat actors and the tactics they used?

    "Sure it was a Class 1 threat actor, but they just used a Class 4 attack vector".

    Links welcome!

    In conversation Friday, 14-Feb-2025 05:22:56 JST from infosec.exchange permalink
  2. Embed this notice
    Bob Lord ๐Ÿ” :donor: (boblord@infosec.exchange)'s status on Tuesday, 31-Dec-2024 01:43:32 JST Bob Lord 🔐 :donor: Bob Lord ๐Ÿ” :donor:
    in reply to
    • Zack Whittaker

    @zackwhittaker
    Human error describes the proximate cause of an incident, not the root cause.
    Human error is a symptom, not the cause, of failure.ย 
    Human error is a social judgment, not an objective conclusion.
    Human error is the start of the investigation, not the conclusion.
    Human error can reveal systemic design flaws in the system that fail to account for human use.
    Human error as a conclusion will lead to myopic and insufficient remedies like โ€œuser educationโ€.
    Human error is a label that shifts responsibility from system designers to system users who will inevitably fail.

    ๐—ฆ๐˜†๐˜€๐˜๐—ฒ๐—บ๐˜€ ๐˜๐—ต๐—ฎ๐˜ ๐—ณ๐—ฎ๐—ถ๐—น ๐—ฏ๐—ฒ๐—ฐ๐—ฎ๐˜‚๐˜€๐—ฒ ๐—ผ๐—ณ ๐—ฎ๐—ป ๐—ถ๐—ป๐—ป๐—ผ๐—ฐ๐—ฒ๐—ป๐˜ ๐—บ๐—ถ๐˜€๐˜๐—ฎ๐—ธ๐—ฒ ๐—ฏ๐˜† ๐—ฎ ๐—ต๐˜‚๐—บ๐—ฎ๐—ป ๐—ฎ๐—ฟ๐—ฒ ๐—ฑ๐—ฒ๐˜€๐—ถ๐—ด๐—ป๐—ฒ๐—ฑ ๐˜๐—ต๐—ฎ๐˜ ๐˜„๐—ฎ๐˜†. ๐—ง๐—ต๐—ฒ๐˜† ๐—ฎ๐—ฟ๐—ฒ ๐—ฏ๐—ฟ๐—ถ๐˜๐˜๐—น๐—ฒ ๐—ฏ๐˜† ๐—ฑ๐—ฒ๐˜€๐—ถ๐—ด๐—ป.

    If you are curious as to why we should be intolerant of the label โ€œhuman errorโ€ when talking about security incidents, please see Behind Human Error by David Woods and friends.

    In conversation Tuesday, 31-Dec-2024 01:43:32 JST from infosec.exchange permalink
  3. Embed this notice
    Bob Lord ๐Ÿ” :donor: (boblord@infosec.exchange)'s status on Friday, 29-Nov-2024 04:51:08 JST Bob Lord 🔐 :donor: Bob Lord ๐Ÿ” :donor:
    in reply to

    Why is our plan to train users to avoid the built-in dangers of software and software deployments instead of ๐˜€๐—ต๐—ถ๐—ณ๐˜๐—ถ๐—ป๐—ด ๐˜๐—ต๐—ฒ ๐—ฏ๐˜‚๐—ฟ๐—ฑ๐—ฒ๐—ป ๐—ผ๐—ณ ๐˜€๐˜๐—ฎ๐˜†๐—ถ๐—ป๐—ด ๐—ฐ๐˜†๐—ฏ๐—ฒ๐—ฟ ๐˜€๐—ฎ๐—ณ๐—ฒ to those who can best affect change?

    In conversation Friday, 29-Nov-2024 04:51:08 JST from infosec.exchange permalink
  4. Embed this notice
    Bob Lord ๐Ÿ” :donor: (boblord@infosec.exchange)'s status on Friday, 29-Nov-2024 04:51:08 JST Bob Lord 🔐 :donor: Bob Lord ๐Ÿ” :donor:
    in reply to

    1๏ธโƒฃ How was the enterprise laptop fleet misconfigured to make this possible?
    2๏ธโƒฃ What products were so dangerous that a single click led to arbitrary code execution? (Think about the specific make/model of browser, mail client, OS, or other software.)

    Now, hereโ€™s the real question: Why are we training and blaming users for these failures if the true issues lie in ๐˜€๐—ผ๐—ณ๐˜๐˜„๐—ฎ๐—ฟ๐—ฒ ๐˜‚๐—ป๐˜€๐—ฎ๐—ณ๐—ฒ๐˜๐˜† and ๐—ฝ๐—ผ๐—ผ๐—ฟ ๐—ป๐—ฒ๐˜๐˜„๐—ผ๐—ฟ๐—ธ ๐—ฎ๐—ฟ๐—ฐ๐—ต๐—ถ๐˜๐—ฒ๐—ฐ๐˜๐˜‚๐—ฟ๐—ฒ?

    In conversation Friday, 29-Nov-2024 04:51:08 JST from infosec.exchange permalink
  5. Embed this notice
    Bob Lord ๐Ÿ” :donor: (boblord@infosec.exchange)'s status on Friday, 29-Nov-2024 04:51:08 JST Bob Lord 🔐 :donor: Bob Lord ๐Ÿ” :donor:

    โ€œ๐—”๐—น๐—น ๐—ถ๐˜ ๐˜๐—ฎ๐—ธ๐—ฒ๐˜€ ๐—ถ๐˜€ ๐—ผ๐—ป๐—ฒ ๐—ฐ๐—น๐—ถ๐—ฐ๐—ธโ€. How many times have you heard someone say that? How often have ๐™ฎ๐™ค๐™ช said it?

    Take a step back and ask yourself if this is ๐˜ณ๐˜ฆ๐˜ข๐˜ญ๐˜ญ๐˜บ how the hacks happen in 2024. Just one click? Really? If that were true, we'd be asking these questions:

    In conversation Friday, 29-Nov-2024 04:51:08 JST from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/562/283/178/955/968/original/1d15c9f28967f746.png
  6. Embed this notice
    Bob Lord ๐Ÿ” :donor: (boblord@infosec.exchange)'s status on Wednesday, 11-Oct-2023 17:33:24 JST Bob Lord 🔐 :donor: Bob Lord ๐Ÿ” :donor:

    Phishing simulations are cruel and they don't work. They are weak administrative controls that IT should replace with strong technical controls, namely FIDO authentication. Stop blaming users for dangerous software products and unsafe configurations.

    https://www.wsj.com/tech/cybersecurity/no-you-arent-getting-a-bonus-your-company-is-just-testing-you-2155c3c?st=bozizyn3vya2fp8&reflink=desktopwebshare_permalink

    In conversation Wednesday, 11-Oct-2023 17:33:24 JST from infosec.exchange permalink
  7. Embed this notice
    Bob Lord ๐Ÿ” :donor: (boblord@infosec.exchange)'s status on Wednesday, 30-Aug-2023 09:32:08 JST Bob Lord 🔐 :donor: Bob Lord ๐Ÿ” :donor:
    in reply to
    • Patrick C Miller :donor:

    @patrickcmiller Will read this after I finish some work from vacation.

    In conversation Wednesday, 30-Aug-2023 09:32:08 JST from infosec.exchange permalink

User actions

    Bob Lord 🔐 :donor:

    Bob Lord ๐Ÿ” :donor:

    Personal account where the owls are not what they seem.๐Ÿฆ‰๐Ÿ”๏ธ๐Ÿ”๏ธ๐Ÿชตโ˜•๐Ÿฉ๐Ÿฅง๐Ÿ•ต๏ธโ™‚๏ธ๐Ÿ‘Also:๐Ÿ”๐Ÿ”‘๐Ÿ”’๐Ÿ’ป

    Tags
    • (None)

    Following 0

      Followers 0

        Groups 0

          Statistics

          User ID
          164905
          Member since
          30 Aug 2023
          Notices
          7
          Daily average
          0

          Feeds

          • Atom
          • Help
          • About
          • FAQ
          • TOS
          • Privacy
          • Source
          • Version
          • Contact

          GNU social JP is a social network, courtesy of GNU social JP็ฎก็†ไบบ. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

          Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.