Notices by Chris Partridge (tweedge@cybersecurity.theater)

@GossiTheDog The wording is ambiguous for sure. "If you follow security best practices you're OK" is weird. I was on the fence on publishing my mirror until I saw I wasn't the first, and people were just playing whack-a-gdrive link. If folks have it they might as well have a reliable, durable source.

Need a copy of the 15k FortiGate configs leak from the Belsen Group (collected in 2022, leaked in Jan 2025)? They started charging $100. Donate that money to charity instead - here it is for free instead, thanks to Redditors who got it before Belsen Group started charging.

https://chris.partridge.tech/data/belsen-group-fortigate-config-leak/

@GossiTheDog @detective Fabulous! Thank you!

@detective Hi! If you have a moment I have an odd question, I've searched around to no avail: what folder was the DB stored in on your system? I see snapshots are saved in C:\Users\[username]\AppData\Local\Temp but looking for where the Administrators-and-SYSTEM-only permanent copy is. I see D:\Analysis\... in your SQLite browser but I'm not sure if that's a copy or its location on your system 😅

Reddit invited my moderation bot to buy shares in their company... fantastic work as always

A friend sent this to me and y'all might enjoy

@yojimbo @doot god damn it this got me

I'm looking into "are deceptive links on social media typically malicious" and the answer is no (of course) and the most popular deception in 2023 by far is still linking to Rick Astley's Never Gonna Give You Up on YouTube (OF COURSE)

I tell ya hwat, I don't think most of the #InfoSec field is ready for a Safety-II mindset. Just look at how differently the human factor is considered in Safety-I and Safety-II ... that certainly rings a bell with all the user-blaming I've seen :/

Maybe someday.

This #caturday I have a little something special. Source material.

Everyone reading: "What?"

Source material - that is to say, 30.3 GB of whole genome sequencing results for my cat, Aida.

Just checked my seedbox and found that someone downloaded a file I wasn't expecting would ~ever be downloaded, lol

Whoever is out there that actually downloaded the full genome sequence of my cat Aida (a whopping 30GB of data) that I published exclusively on Mastodon, you're my role model <3

And yes, this is real. Thread: https://cybersecurity.theater/@tweedge/108298759311976108

@etherknot

re: Mastodon link previews

I'd just like to interject for a moment. What you're referring to as a Mastodon DDoS, is in fact, Mastodon Request Amplification, or as I've recently taken to calling it, Mastodon plus Request Amplification. Request Amplification is not a DDoS unto itself, but rather another free component of a fully functioning DDoS system made useful by the REST API, Sidekiq jobs, and vital link preview generating components comprising a full Mastodon server as defined by Eugen.