Notices by Jerry 🦙💝🦙 (jerry@infosec.exchange), page 3

Which firewall vendor will disclose critical vulnerabilities in time to ruin Christmas for many? and why is it probably Fortinet?

I am so honored to have been awarded the first annual infosec.exchange peace prize. 🏆

Adding compromised npm packages to your app like

It’s Friday, which obviously means today is the day to push all your untested vibecode to prod before the weekend, but remember that (at least for those of us in the US), next week is a short week presenting one of the best opportunities for code pushes. 🦃🍂🍃🍁

I guess it’s good that we’re still up so people can complain about all the other stuff being down?

I do feel like MS/Azure, AWS, and Cloudflare need to do a better job of coordinating their outages so some of yall can get some much needed time away from IT

I did not have "new surge of accounts on infosec.exchange due to X bungling their passkey migration" on my bingo card for today

I don't remember the last time I was at a security conference... I'm looking forward to BSides Atlanta on Saturday, where I'll apparently be making a guest appearance in a presentation about the Fediverse. Hopefully, I am not too embarrassing.

@GossiTheDog I’ve seen plenty of romance scam accounts trying to lure people to telegram or other DM, but I hadn’t seen this class of account doing that. I may just not be looking though.

@GossiTheDog there’s about 12,000 of those lately on mastodon.social. I can’t yet tell what the game is, but my best guess is account farming to build and the. sell high follower accounts, like happens on twitter, instagram, and so many others. Little do they know how few people are actually here.

There have been a deeply disappointing number of mastodon account takeovers in the past few weeks used to spam out malicious links in the guise of porn. I’m guessing most or all are abandon accounts, so the owner doesn’t even realize.

Please please please enable two factor authentication on your mastodon accounts regardless of which instance you are on or how sensitive or not you think the stuff you post is.

RE: https://infosec.exchange/@jerry/115407118712223410

The old saying comes to mind: “in theory, there is no difference between theory and practice. In practice, there is.”

@GossiTheDog all the people might be gone, but there would still be plenty of active accounts willing to argue about politics with you.

There’s been an oppressive amount of spam originating from what appears to be compromised mastodon accounts posting links that appear to be porn, but lead to various badness depending on the location, IP address, browser, and operating system of the visitor. Don’t click on tinyurl or other link shortened links promising to, er, satisfy your porn needs. And for the love of $deity, please enable 2fa authentication on your accounts AND stop using the same damn password everywhere. Thank you for your attention in this matter.

I took a trip out on the Sea Screamer yesterday and got some ok dolphin pics. The dolphins love to hop through the wake the boat creates.

Testing image uploads from vivaldi. Please ignore.

Looks like Tropical Storm Jerry is brewing off the coast of Africa 🎉🌀🎉

I just got an alert that Nvidia’s market cap crossed $4.5T. I know I am mixing elephants and telephone poles here, but it seems weird that the manufacturer of IT components has a market cap that is almost 15% of the GDP of the US for 2025 🤔

The reason for wanting to join infosec.exchange in a recent signup. Yes, it includes the placeholder for the person’s name, which I assume came from ChatGPT or one of the other amazing LLMs. 🚮

Hi, I’m [Your Name]. I have a strong interest in information security, privacy, and technology. I’d like to join infosec.exchange to stay updated, share knowledge to connect with the community

Why, oh why does SNMP need to be exposed to the Internet for everyone to hack?