Notices by Security Writer (securitywriter@infosec.exchange)

@grrrr_shark this?

@evan 10-15 years ago I might have said 1m, but today <1s is perfectly achievable, and expected in most cases.

It might seem trivial in the grand scheme of things, but this is a beautiful act of malicious compliance and defiance, simultaneously.

https://apnews.com/article/boise-salt-lake-city-pride-flags-law-13c8f9f7269d1b33daaa7ef041c6c497

@amszmidt This isn’t something you can explain to me. I literally wrote the book on it.

@amszmidt Anybody serious about security cares, and they do this every day, and have done for over a decade. Any discrepancy matters.

Otherwise how would you monitor changes to systems?

Every file on every OS is checked against origin, then re-hashed and catalogued, and given a list of interactions it can have with the network, the OS, and other applications at the very least.

Security is hard, but it isn’t that hard.

I am once again telling vendors, if your software is unsigned, not checksummed, doesn’t have an SBoM or manifest, or that SBoM doesn’t include network destinations and application interactions…

It’s not running in any environment I look after.

You made it. You should know how it works. That is nobody’s job but yours. I’ll validate it later.

In before “yOu NeEd To ReAd A hIsToRY bOoK”

I’m a Security Advisor specialising in national security in Europe.

We read stuff. It’s what we do. Whodathunkit?

Lend lease was hugely important to the speed of victory. Not to the victory itself.

Russia especially would have lost many, many times more people than they did in the twilight years of the war, but they would have still pushed Germany back regardless. You need to remember, Germany, for what it’s worth, was landlocked.

Now I’ve been using ‘Russia’ as the point of reference, when I should have been saying ‘Soviet Union’. This was intentional. The German push to acquire the ‘Sudetenland’ mean a lot of the Soviet Union was destabilised. But the Soviet Union was MASSIVE. Stretching from the Atlantic to the Pacific, and touching many countries along the way, most of which did more than a little trade with neighbours.

A war of attrition was not going to be won by Germany. It’s just counting.

In fact, without lend lease, you could argue that Germany’s defeat would have been even more crushing as other allied forces likely wouldn’t have been able to push that quickly into Germany without lend lease.

Making the Soviet Union ever larger, and Germany smaller. It is said that due to Germany’s betrayal of the Molotov-Ribbentrop Pact, that Stalin actually wanted all of Germany in retaliation.

Lend lease probably saved tens of millions of lives. But it didn’t decide the outcome.

For Americans needing a history lesson in light of the Orange one’s comments on world wars, specifically the second (important to note, this is not to minimise the US’s contribution and loss, just to ground it in reality)

The allies would have won the Second World War without US participation. It would have been bloodier, and longer, but won nonetheless. This isn’t really up for debate, and has been explored extensively in academia.

See, by the time the US had entered the war, Germany was already on the back foot in the east, forced on a rearguard out of its newly claimed territories by Russia which lasted for nearly two years. Germany was running out of resources fast, and people were beginning to starve at home.

The British had all but defeated Italy, and a strong resistance movement sealed the deal. They’d successfully regained (as if they really lost it) naval supremacy, even with the u-boat threat, essentially blockading Germany from the Atlantic and sinking u-boats at an alarming rate by 1943.

This would have likely meant the land invasion of Europe would have been through Italy, which initially was the plan. It would have been bloodier, as Hitler was expecting this, but arguably shorter as it stretched Germany’s resources thinner still, all to the periphery of controlled territory, making supply line attacks even more devastating.

The US would likely have still been at war with Japan (but even this is in doubt due to resources, and if US involvement didn’t feel inevitable at the time) but Japan was already being pushed back by Chinese, British, Dutch, and by Indian forces, who all supported China’s pushback.

BUT, but, but, lend-lease I hear you ask…

1/2

Just thinking back to how we really did use ‘master’ and ‘slave’ when describing computer components, and people thought this was totally fine. 🙄

The thing about using AI to replace jobs, is that you’re starting from a position where management has failed to hire appropriately.

Because if you’re using AI today to replace people, they have to be terrible at their jobs because AI is objectively bad at *gestures at everything* in a workplace.

What you’re saying is either your managers hired incompetent people, meaning they’re also incompetent, and their managers are equally incompetent.

OR AI is shit and you’re trying to save a buck, and this will all fall on your heads.

Sooo say you’d found a vulnerability with a protocol used by the majority of OT devices of a particular kind…

How might you disclose that given there’s potentially billions of devices currently use it across thousands of vendors?

@Viss what’s the gl.inet stuff like? Not a brand I’m familiar with, but I’m looking for a new secondary WAN given today’s bullshit

@Viss I’m just looking for a 4/5g connection to the WAN port on my main router. Don’t care if it’s double NAT as I tend to run double NAT with my DMZ anyway.

Work begins on my first novel this week.

It’s probably going to take a very long time, but it’s something I’ve been working on in my head for years.

Just a reminder to do some self care.

You’re all doing amazing things, but you gotta look after number one or the amazing things stop happening.

Hydrate, meditate, eat, exercise, have a personal day, whatever it is you need. Make sure you do it.

I PROMISE you the world won’t stop turning.

Ok. I’m installing Ubuntu on my gaming laptop. This device won’t be a Windows machine ever again.

If this goes steady for a couple of months, my main gaming rig is making the switch.

Given the conversations around capital punishment at the moment, it’s worth knowing for any advocates of it:

1) If guilty people still end up on death row, it’s not a deterrent.

2) If innocent people still end up on death row, it’s not a deterrent.

3) If it’s not a deterrent, it’s vengeance.

4) If your desire for vengeance is so great that you’re willing to kill innocent people for it, it’s time for some serious introspection.

There is no counter to this, by the way.

4) If you try argue that *you’re* not seeking vengeance, then it’s the state that’s seeking vengeance.

5) If you vote for the state to be able to seek arbitrary vengeance against private citizens, it’s time for some serious introspection.

All of our US travel has been cancelled for the indefinitely as we’d all probably be detained or shipped who the fuck knows where due to our work and public status.

Really sucks as I don’t get to meet up with my wonderful friends and colleagues, but beats the alternative.

On the plus side, 125% tariffs on China means a lot fewer Temu IoT devices on domestic networks 🤷

Ever the optimist.