Notices by Rabbit (ra6bit@infosec.exchange)

“But after two years of annoying our users with condescending 'gotcha!' phishing training, our response rate fell from 50% to 20%!”

Congrats. This will certainly slow me down as an attacker when only 20% of your org gives me their passwords. Good jorb.

The "phishing training" industry and practice has lost the plot. You'd be far better off building your security program around the idea that sometimes users get phished than to invest the same money to constantly harass them with phishes that don't even reflect what actual phishes look like.

We’ve created a type of control which can be bypassed by spelling things correctly, since we've trained people to believe phishes will always be misspelled or come from an obvious domain.

This is why your company still gets rocked with ransomware from some 14 year old who sends your users a plain looking URL from a gmail account with the subject “You’ve received a Dunkin' Gift Card!”

KnowBe4 can't save you.

You know how they have those memory villages for people with dementia or other degenerative memory ailments? If I ever succumb to such a thing, please place me in front of a VT100 and let me browse a Usenet archive tweaked to act like it is 1989. Perhaps occasionally provide me with some cool ranch Doritos and a cherry coke. I'm pretty sure I could spend eternity that way fairly happy.

If you are not a US citizen and you are thinking about coming here, please strongly reconsider. I would be concerned for your safety, and to be honest these idiots need to feel the pain of tourism and international business drying up.

The US has what are effectively secret police snatching up people and disappearing them into a detention system. Some people reemerge in two weeks, some stay in there.

Don't risk it until something changes.

Security and hacker conferences and the like should really be considering alternate venues for international audiences, and consider whether they are being held in places queer folks within the US can safely attend.

Elon spouts about how he's "fighting bots on social media”

Elon also sells internet connectivity to “bot” farms.

The bot farms are powered by slave labor.

The moral? Fuck Elon. https://flipboard.com/@wired/elon-musk-s-twitter-q6o95242z/-/a-Icgi5mIOS8CGzWzcVmiJwg%3Aa%3A3199480-%2F0

Fun fact: The oldest statue made by human beings ever discovered, the Lion-man of Hohlenstein-Stadel, is an anthropomorphic cat.

By current evidence, furry art is literally the oldest form of art that still exists, and arguably all visual arts are descended from it.

I am appreciative of people who broadcast their support of trans people with signs like “Trans healthcare is suicide prevention!”... which is true, but it doesn't capture why, and it makes it sound like “Humor them or they will hurt themselves!”

The reason "Trans healthcare is suicide prevention" is because denying trans people affirming care is literally torture, it turns out tortured people often don't want to continue to be tortured.

You don't see people holding signs like “Anesthesia is suicide prevention!”... it's because _ withholding care for physical or psychological pain, when it exists and is easily available, is inhumane _

Google has dropped it's moratorium on using AI for weapons as well as dropped it's diversity recruitment goals.

I think I'll be looking for alternatives for the Google backed services I use. Youtube will be the tough one, I think.

@De_Minimis @GossiTheDog They burned down the German equivalent of Planned Parenthood in 1933 as well. https://en.wikipedia.org/wiki/Institut_für_Sexualwissenschaft

@GossiTheDog Some of us -are- the minority group they're coming for. :(

I don't want to be to catty or anything, but a reminder that President Trump takes a gender affirming HRT medication to alleviate his dysphoria.

https://www.nytimes.com/2017/02/01/us/politics/trump-prostate-drug-hair-harold-bornstein.html

After all I do dangerous things, like ask women “do you think this shade is more of a meadow dawn or a marigold?”, or “hey, don't you think everyone should have bodily autonomy and that being defined purely by presumed reproductive capabilities dehumanizes and objectifies all women of all types?” or “Don't you think the implication that women need ‘protection' from trans women perpetuates societal messaging that women are weak and incapable of defending themselves solely so they won't recognize that they are a large and capable repressed class capable of defending and liberating themselves from their actual oppressors if they coordinated?” or perhaps “do you think this is more of a midi or a maxi length?”

It funny how a serial rapist, felon, philandering pal of Jeffrey Epstein gets to set rules for the government to “protect women" from -me-.

The thing they don't tell you about a career in infosec is how often you will get yourself in trouble by doing your job.

If the simple sabotage handbook were written today, I'd imagine there would be an entire chapter on "Whoops, I fell for that phish."

Just in case you ever need this in the future..

Actual wide-scale resistance groups operating under a repressive regime rarely look like what many movies have led you to believe.

What they look like are a lot of normal people who maybe lose a document, maybe forget to latch a gate, maybe take a little longer to do a task than they would otherwise.

It requires no command and control, no leaders, no connections to be compromised. For most, it is not the work of great measures, it is the thousand.. million.. cuts that grind the oppressor to a halt while never being something they can prove.

Think less about secret handshakes, and more about an unfortunately bad case of ADHD at an inopportune time.