GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Notices by Tod Beardsley (todb@infosec.exchange)

  1. Embed this notice
    Tod Beardsley (todb@infosec.exchange)'s status on Thursday, 08-May-2025 04:04:37 JST Tod Beardsley Tod Beardsley

    so close #CISA.

    In conversation about 3 days ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/468/070/726/514/583/original/45a5c3c24bb620d6.png
  2. Embed this notice
    Tod Beardsley (todb@infosec.exchange)'s status on Wednesday, 30-Apr-2025 05:31:11 JST Tod Beardsley Tod Beardsley

    Welp. Let’s see which way this room goes.

    In conversation about 11 days ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/423/125/242/360/613/original/a4ac9c38051802f3.jpeg
  3. Embed this notice
    Tod Beardsley (todb@infosec.exchange)'s status on Sunday, 27-Apr-2025 10:05:28 JST Tod Beardsley Tod Beardsley

    I’m always happy to take an opportunity to save an early-carreer netsec neophyte from the heartache of the totally fake and not real OSI model.

    #BSidesSF

    In conversation about 14 days ago from infosec.exchange permalink
  4. Embed this notice
    Tod Beardsley (todb@infosec.exchange)'s status on Thursday, 17-Apr-2025 21:08:18 JST Tod Beardsley Tod Beardsley

    l feel like i’m going to be using this a lot

    In conversation about 23 days ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/345/087/526/277/853/original/b59dc3f1a3157fc0.jpeg
  5. Embed this notice
    Tod Beardsley (todb@infosec.exchange)'s status on Friday, 28-Mar-2025 02:56:03 JST Tod Beardsley Tod Beardsley

    Greetings, Montrealers! I'll be talking about VibeSploitation at NorthSec, May 15 or 16th. More to come!

    Salutations, Montréalais! Je parlerai de VibeSploitation à NorthSec, le 15 ou le 16 mai. Plus à venir !

    https://nsec.io

    In conversation about a month ago from infosec.exchange permalink
  6. Embed this notice
    Tod Beardsley (todb@infosec.exchange)'s status on Tuesday, 25-Mar-2025 10:02:13 JST Tod Beardsley Tod Beardsley

    There's going to be a lot of confused attackers and scanners over the next couple days.

    More: https://www.runzero.com/blog/ingress-nightmare/

    In conversation about 2 months ago from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/220/323/770/331/037/original/68a2944eb603f349.png
    2. Domain not in remote thumbnail source whitelist: www.runzero.com
      How to find Kubernetes Ingress-NGINX Controller installations on your…
      from @runzeroinc
      On March 24th, Wiz and Kubernetes disclosed a pre-authentication remote code execution attack chain. Here's how to find Ingress-NGINX controller…
  7. Embed this notice
    Tod Beardsley (todb@infosec.exchange)'s status on Sunday, 09-Mar-2025 03:46:00 JST Tod Beardsley Tod Beardsley
    in reply to

    now, an \0x27 in this URL feels like a crime against polite society.

    https://www.classy.org/event/creative-commons'-open-house-for-an-open-future/e663144

    #sxsw2025

    In conversation about 2 months ago from infosec.exchange permalink

    Attachments


  8. Embed this notice
    Tod Beardsley (todb@infosec.exchange)'s status on Sunday, 09-Mar-2025 03:46:00 JST Tod Beardsley Tod Beardsley

    Neat

    https://en.m.wikipedia.org/wiki/G0v_movement

    at an open house with these folks right now at #sxsw2025

    more: https://www.classy.org/event/creative-commons'-open-house-for-an-open-future/e663144

    In conversation about 2 months ago from infosec.exchange permalink

    Attachments


  9. Embed this notice
    Tod Beardsley (todb@infosec.exchange)'s status on Thursday, 06-Mar-2025 12:21:14 JST Tod Beardsley Tod Beardsley

    On March 12, join @wingz3ro and me as we expose the seedy underbelly of exploits, espionage, and crime on the internet at #SXSW

    Also, there will be costumes - we’ve been in a noir mood lately.

    https://schedule.sxsw.com/2025/events/PP153751

    In conversation about 2 months ago from infosec.exchange permalink
  10. Embed this notice
    Tod Beardsley (todb@infosec.exchange)'s status on Saturday, 08-Feb-2025 00:42:31 JST Tod Beardsley Tod Beardsley

    Archived version of the quoted The Atlantic article is here:

    https://archive.ph/2025.02.07-140733/https://www.theatlantic.com/technology/archive/2025/02/elon-musk-doge-security/681600/

    Unrelated: If you believe there has been an intrusion in a US government system, you are encouraged to report it at https://cisa.gov/report
    https://journa.host/@w7voa/113963205109936094

    In conversation about 3 months ago from infosec.exchange permalink

    Attachments


    1. No result found on File_thumbnail lookup.
      Steve Herman (@w7voa@journa.host)
      from Steve Herman
      The Atlantic - Four government IT employees say Elon Musk's incursion into the US government may be worse than anyone realizes: “This is the largest data breach and the largest IT security breach in our country’s history." https://www.theatlantic.com/technology/archive/2025/02/elon-musk-doge-security/681600/
  11. Embed this notice
    Tod Beardsley (todb@infosec.exchange)'s status on Wednesday, 29-Jan-2025 07:22:12 JST Tod Beardsley Tod Beardsley

    So check it out. KEV data is now available on GitHub, in the proper cisagov organization. I know other people mirror KEV for their projects, but who can say if they're fiddling with it along the way? With https://github.com/cisagov/kev-data, you can rest assured that it's the Real and True mirror of KEV.

    https://cisa.gov/kev is still the actual authoritative source, but this GitHub mirror is a pretty close second.

    I posted about this on LinkedIn since that's what people do with work stuff, apparently.

    In conversation about 3 months ago from infosec.exchange permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
      GitHub - cisagov/kev-data: Mirror of cisa.gov/kev data files
      Mirror of cisa.gov/kev data files. Contribute to cisagov/kev-data development by creating an account on GitHub.
  12. Embed this notice
    Tod Beardsley (todb@infosec.exchange)'s status on Friday, 03-Jan-2025 01:50:01 JST Tod Beardsley Tod Beardsley

    98 KEVs to go until KEV #1337

    Hopefully it'll be a good one.

    In conversation about 4 months ago from infosec.exchange permalink
  13. Embed this notice
    Tod Beardsley (todb@infosec.exchange)'s status on Thursday, 28-Nov-2024 12:12:34 JST Tod Beardsley Tod Beardsley
    in reply to
    • sjvn

    @sjvn and even though nearly everyone believes archive.org is an unmitigated good, I have yet to see a single tech billionaire, of which there are several, step up and just peel off some millions to help out. Not one.

    In conversation about 5 months ago from infosec.exchange permalink

    Attachments

    1. No result found on File_thumbnail lookup.
      Internet Archive: Digital Library of Free & Borrowable Books, Movies, Music & Wayback Machine
  14. Embed this notice
    Tod Beardsley (todb@infosec.exchange)'s status on Thursday, 28-Nov-2024 09:43:57 JST Tod Beardsley Tod Beardsley

    I’m not pirating movies, I’m just training my model.

    In conversation about 5 months ago from infosec.exchange permalink
  15. Embed this notice
    Tod Beardsley (todb@infosec.exchange)'s status on Monday, 02-Sep-2024 23:45:58 JST Tod Beardsley Tod Beardsley

    So this is neat.

    1) Some (all?) antispam/counterphishing email scanners are blind to #QRCode content.

    2) You can draw working QRCodes with Unicode character sets, thus avoiding an image parser entirely, even if the scanner could process images in the first place.

    3) By providing QRCode links, the attacker encourages the victim to use their personal device rather than the workstation, making defensive tracking more complicated.

    I think it’s hilarious that a format designed SPECIFICALLY for machine vision is being used to evade machine interpretation.
    https://infosec.exchange/@patrickcmiller/113067302631450126

    In conversation about 8 months ago from infosec.exchange permalink

    Attachments

    1. No result found on File_thumbnail lookup.
      Patrick C Miller :donor: (@patrickcmiller@infosec.exchange)
      from Patrick C Miller :donor:
      New QR Code Phishing Campaign Exploits Microsoft Sway to Steal Credentials https://thehackernews.com/2024/08/new-qr-code-phishing-campaign-exploits.html
  16. Embed this notice
    Tod Beardsley (todb@infosec.exchange)'s status on Monday, 22-Jan-2024 13:11:58 JST Tod Beardsley Tod Beardsley
    in reply to
    • Patrick C Miller :donor:
    • nobody
    • Funes

    @funes @Rajiv @patrickcmiller not just scans, but each individual port. Plus a bunch of other made up stuff. 45 billion is a really big number of events, per day.

    In conversation about a year ago from infosec.exchange permalink
  17. Embed this notice
    Tod Beardsley (todb@infosec.exchange)'s status on Wednesday, 17-Jan-2024 06:02:46 JST Tod Beardsley Tod Beardsley
    in reply to
    • Kevin Beaumont
    • Rich Warren

    @GossiTheDog @buffaloverflow You might want to double check that assigning CNA.

    https://www.cve.org/cverecord?id=CVE-2024-21887

    Maybe it’s one issue that has several vectors. Haven’t looked myself yet since I’m on vacation.

    But the CVE isn’t issued by Ivanti, technically.

    In conversation about a year ago from infosec.exchange permalink
  18. Embed this notice
    Tod Beardsley (todb@infosec.exchange)'s status on Thursday, 04-Jan-2024 03:45:11 JST Tod Beardsley Tod Beardsley

    Tomorrow I have to go on a clear liquid diet because i’m getting a colonoscopy because i’m a responsible goddam adult.

    Today, I’m eating excellent Texas chili.

    I regret nothing.

    In conversation Thursday, 04-Jan-2024 03:45:11 JST from infosec.exchange permalink
  19. Embed this notice
    Tod Beardsley (todb@infosec.exchange)'s status on Saturday, 23-Dec-2023 12:24:32 JST Tod Beardsley Tod Beardsley

    For that special domain in your life, give the gift of a security.txt. Check out the #CISA blog: https://www.cisa.gov/news-events/news/securitytxt-simple-file-big-value

    In conversation Saturday, 23-Dec-2023 12:24:32 JST from infosec.exchange permalink

    Attachments

    1. No result found on File_thumbnail lookup.
      security.txt: A Simple File with Big Value | CISA
  20. Embed this notice
    Tod Beardsley (todb@infosec.exchange)'s status on Monday, 18-Dec-2023 02:27:51 JST Tod Beardsley Tod Beardsley

    Amazing. CMG is an ad company that’s ioffering a fake ad service that people already a) believe is actually happening already and b) really, really hate.

    Active Listening: where your phone and TV eavesdrop on your convos to target ads at you.

    It cannot possibly work the way they’re pitching it, but I love that they’re taking this scam to the next level.

    https://www.404media.co/cmg-cox-media-actually-listening-to-phones-smartspeakers-for-ads-marketing/

    In conversation Monday, 18-Dec-2023 02:27:51 JST from infosec.exchange permalink

    Attachments

    1. No result found on File_thumbnail lookup.
      Servizio in corso di attivazione
  • Before

User actions

    Tod Beardsley

    Tod Beardsley

    Shmethical #Hacker. #Research mucky-muck at @runzero. #Election Judge. #CVE bagman. #Metasploit collaborator. Briefly a fed. #FriendofDeSoto. #Podcaster #fedi22-findableAll subpoenas, warrants, contracts, and other linguistic puzzles should be directed to my attorney, @hotdogitsclaire.I post here for me, mostly around #infosec / #cybersecurity. Sometimes I post work stuff.Intro: https://infosec.exchange/@todb/109270457002321619

    Tags
    • (None)

    Following 0

      Followers 0

        Groups 0

          Statistics

          User ID
          29830
          Member since
          18 Nov 2022
          Notices
          31
          Daily average
          0

          Feeds

          • Atom
          • Help
          • About
          • FAQ
          • TOS
          • Privacy
          • Source
          • Version
          • Contact

          GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

          Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.