Notices by da_667 (da_667@infosec.exchange), page 2

@dalias really?

@dalias I absolutely want executives in cuffs for failing to secure data that I have no choice but to trust to them, that is mostly immutable. They get paid ridiculous sums of money for the job, but there are zero consequences for that failure. and if that means an executive gets jail time for failing to patch a box, I would welcome it. At the same time, I would absolutely welcome them getting imprisoned for the collection of PII, especially biometric data.

When I acquired my credit card in the early 2000s, I never once needed to take a picture of my license, or take a picture of myself for some credit card company to verify my identity. They tell you that the data isn't stored, but if it isn't, then why did they need it in the first place?

nobody is held liable when breaches occur and your PII gets stolen for the fifth time in a single year.

And then we read the inevitable report that it was a third-party managed system that was 6 months behind in patches that got popped. Or it was a risk assessment result that they said "they would get to that eventually" and never did.

You start throwing executives in cuffs for failing to do their duty and sure as shit things would start changing.

Is what I said right? am I a fucking loon for having said it? I don't care. I haven't seen any improvements over the past 20 years I've been here and I'm fresh out of fucks to give when so-called professionals telling me that the way we've been doing things for so long, which has produced nothing positive so far as I have seen, should be maintained, stop questioning it.

I'm going to say something that's been festering in my mind for a while now. In my two decades of practice in information security, I have yet to see responsible disclosure result in measurably better security posture.

Code quality hasn't improved, patch management hasn't improved, minimum viable product hasn't improved, automated security updates, especially for IoT devices... Jesus Fucking Christ haven't improved. The cost of failure for organizations losing your data due to gross negligence has in no way improved, why should responsibility be the domain of the security researcher when nobody else is willing to share in that responsibility?

I'm half-tempted to say if you have 0-days you might as well get paid for them than be responsible. Because even with a tilted playing field, nothing has measurably improved since I've been here and I would argue with "vibe coding" and the tech industry's view of "Let the AI handle it" that software quality is the worst it has been since the 90s. I lived through windows millennium edition. I've seen shit you wouldn't believe.

"Hardware's fucked because we can't buy any, software is fucked because the LLMs trained by reddit and stack overflow are in charge now. You might as well fucking guess at this point."

@catsalad

Storyline:

MC: "I'm a lowborn person who can handle mcguffanite, even though commoners shouldn't be able to."

Authority: "We need the MC to handle the mcguffanite. Otherwise monsters will come and eat our potatoes."

Nobles:"Dude, fuck the MC, handle the mcguffanite. Why do they think they are tryna save the world? Fuck that. smacks MC

MC: "Oh no, I can't handle the mcguffanite because I'm hurt!"

Monsters: "Lookit dem potatoes! Don't mind if I do!"

Nobles: surprised pikachu face

Authority:*The nobles have doomed us all

Nobles: 🤷

MC: "If I don't handle the mcguffanite, more people will lose their potatoes!"

Frens of the MC: "No, you cant!"

MC: "I just did! blergh :blobdead: "

Nobles: And we learned zero lessons

@krishean

as always, they are wrong is going to be my new favorite phrase to drop into my writing.

remember when we used to be able to do pointless shit on the internet for fun?

https://leekspin.co/

feeling extra spicy today.

both of my bassetts are snoring on their dog beds behind me. I'm jelly AF.

"The maintenance is gonna suck"

"Who the fuck cares? We all work in tech. Either you're gonna do the maintenance, or its going to scheduled its maintenance window for you."

"You're an elder millenial with over 10 years experience, and you no longer exist to be a people pleaser" in a nutshell

"Execs getting pay raises, while every else plays employment russian roulette to make Q4 look good" in a nutshell

BORN TO PCAP
TCP STREAM IS A FUCK
DROP EM ALL
I AM SURICATA MAN
410,376,111,223 ALERTS

6,000 followers.

Why are you here?

yeah

dear Sans: it was one course, over 10 years ago, back when the government paid for it for me.

Please stop asking me if I'd like to buy an 8,000.00+ one-week class.

OH? YOU ARE APPROACHING MY REGISTER? APPROACHING MY WAFFLE HOUSE?