@MalwareTechBlog Discord/Slack/IRC are best for synchronous communications; when you want to have a live conversation.
Forums are better for posting a message then people reply over days or weeks.
Oh no, not again.
If Professor Chaos really thinks the @tracelabs ctf participants can't track him down, he's in for a surprise.
I wonder what his PhD is in. Clearly it's not culinary arts, based on his performance against @brysonbort
@arekfurt Would you mind expanding on those technical and procedural controls? That's what I miss from these discussions.
Infosec twitter is like "don't do awareness training do *waves hands vaguely* better security"
@arekfurt Perpetuating a theme isn't a replacement control. Show me something a security team can implement that negates the need for user training, and I'll work towards that.
@arekfurt Like... Today we have security awareness training and phishing training to try to prevent some of these attacks.
I get the idea behind the movement that "training users isn't the solution" but then... What is?
@techlife@mubix@netflix Yup, I turned mine off and it's been much easier to browse.
It's annoying in it's own way; now it take like 3 more clicks to watch a trailer. But it doesn't make me want to throw the remote to browse.
Thanks to @SecShoggoth for a great class today! I hadn't realized how much Windows Forensics has changed since the last time took a class on the topic.
Great stuff, thanks Tyler!
@SecShoggoth Can confirm. Sat in the same talk thinking "Man, I get to learn some good Zero Trust stuff". Left thinking if they had named this talk more accurately 'How our company used XXX vendor' I would have avoided it like the pitch it was.
@bettersafetynet I don't expect that from the devs doing Apache, FreeBSD, or PostgreSQL. They're underappreciated and I feel like I owe them patience while they do their patches.
@bettersafetynet I claim this, but for a different reason. It's not about the source, it's about the support model.
I'm paying Microsoft and Oracle $MM/year to have devs doing code review and working overnight to make a patch when a vuln is found.
@bettersafetynet@FAIRInstitute Also, Target's data breach didn't hurt their stock price much, but it still cost them real money: https://t.co/Wf64J0hoz2
@bettersafetynet Those of us who follow @FAIRInstitute methodology have been saying this for years.
Measure impacts, then it's easy to tell if a tool, process, engagement, or control will have an ROI.
@mubix Depends on the context. Saving $250 on a house purchase feels like a drop in the ocean. On a car purchase, feels like a drop in the bucket. On a Lowes trip, that could make my day. On groceries, feels like the lottery.