Mirko Adam @elshid@librem.one

HEY Infosec Mastodon! Wanna help me out?
I'm looking for screenshotable quotes about pentesting. Wanna respond to any of these questions? If you do you may be included in my next talk!

What's the biggest pitfall a pentester can make?
What makes a good pentest?
What makes a bad test?
Vuln scan versus pentest - which one is "better"?

Or just whatever you want. I will include any memes I get, so reply away.
Boosts help :)

I keep hearing people say that Microsoft has finally come clean and provided an honest reckoning of the mistakes that led to the breach.

Allow me to push back on that HARD.

Wednesday's update is the first time Microsoft disclosed that hackers connected to Storm-0558 were inside the corporate network. In journalism parlance, Microsoft (intentionally?) buried the lede.

This allowed the company to omit key details we need to fully assess the damage these hackers did. How long were the hackers inside Microsoft's network? Did they access other data beside the crash dump? Were any other employee accounts hacked? How did they get in? Has Microsoft remediated whatever weakness or vulnerability made the network breach possible?

Storm-0558 is among the world's most skilled hacking outfits. As Microsoft observed: "The actors are keenly aware of the target’s environment, logging policies, authentication requirements, policies, and procedures. Storm-0558’s tooling and reconnaissance activity suggests the actor is technically adept, well resourced, and has an in-depth understanding of many authentication techniques and applications." In short, Storm-0558 has telemetry into Microsoft's network that's a par with Microsoft's own telemetry.

Storm-0558's technical tradecraft prowess is on full display by its ability to suss out a signing key in a crashdump made two years prior to the hack. It's further bolstered by the hackers' success in exploiting the failure of a Microsoft API to validate signatures properly.

So Microsoft reveals for the first time on Wednesday that Storm-0558 was inside its network. It provides no other details and doesn't respond to reporters' emails seeking them. And people say Microsoft has finally put the issue behind it?

Er, no. This should be the very beginning of the inquiry. We need to press Microsoft to answer these questions.

Wie genial ist das denn? Unter dem Motto "Weil Appelle nicht mehr reichen – Wer blockiert, muss mit fast dreimal höherer Strafe als bisher rechnen" Ab sofort kostet in #Wien das Falschparken im Gleisbereich der Tram oder auf der Busspur so viel ... wie eine Jahreskarte: 365 Euro. Das sind verkehrspolitische Zeichen - in Deutschland undenkbar.

Kinderarzt: "Lehrpersonal muss sensibler werden und sollte adipösen Kindern den Sport nicht vermiesen" https://www.derstandard.at/story/3000000186032/kinderarzt-lehrpersonal-muss-sensibler-werden-und-sollte-adipoesen-kindern-den-sport-nicht-vermiesen?ref=mastodon

I ordered a gorgeous #lateart of #peppercarrot from @davidrevoy at Reissue Cafe in Tokyo.

It also felt cool that I was probably one of the only customers asking to reproduce a drawing they were formally allowed to use thanks to #CreativeCommons ❤️

Was gerade passiert, ist prägend für den Sport Fußball und die Gesellschaft. Ich bin froh und habe riesigen Respekt vor den Frauen, die jetzt dagegen aufstehen, um sich zu nehmen, was sie verdienen: Anerkennung, Respekt, Gleichberechtigung. Volle Solidarität mit ihnen. Wir als privilegierteste Gruppe der Gesellschaft (weiße Männer) dürfen das nicht ignorieren. Wir dürfen nicht wegsehen. Wir müssen realisieren, dass das die Regel und nicht die Ausnahme ist. Wir können etwas ändern.

"Inequality isn’t just an observable statistical phenomenon; it’s also a belief system. It comes from the idea that one group of people is better than another and that you deserve better things than someone else." https://prostasia.org/blog/impact-of-inequality/

Knapp am Ziel vorbei…
Familie aus Österreich will nach Kroatien - und landet in Rheinland-Pfalz

Stellt euch vor, ihr wollt in den Urlaub fahren und befindet euch knapp sechs Stunden später in der genau entgegengesetzten Richtung. Wie kann so etwas passieren?

https://www.swr3.de/aktuell/nachrichten/urlaub-falsches-salzburg-100.html?at_medium=Mastodon&at_campaign=swr3.de

#Salzburg #Westerwald #Osterreich #Urlaub #Kroatien #Familie #Verfahren

Don't we all.

As we've long predicted, the misapplication of obscenity laws hasn't stopped with the most taboo content. Some states are now going after companies that support the LGBTQ community - and using these dangerous laws as justification.
https://www.cnn.com/2023/07/08/business/target-attorneys-general-pride-month/index.html