Will add my
#CyberSecurityAwarenessMonth
blogs to this thread.
If you like the content please retweet and feel free to share elsewhere. Help me reach ppl that are less aware about online security!
Oct. 1: Why everyone should care about online security.
Security by removal.
Remove all
- user accounts you no longer use
- software you no longer use on your pc
- redundant apps on your mobile devices
- unnecessary third party apps that have access other apps
- files or documents that contain sensitive information
#Infosec
DDoS is not hacking
DDoS is not hacking
DDoS is not hacking
DDoS is not hacking
DDoS is not hacking
DDoS is not hacking
DDoS is not hacking
DDoS is not hacking
DDoS is not hacking
DDoS is not hacking
DDoS is not hacking
DDoS is not hacking
DDoS is not hacking
DDoS is not hacking
I started to whisper and my wife asked me why I was whispering.
I told her I didn't want Mark Zuckerberg to hear us.
I laughed.
My wife laughed.
Alexa laughed.
Siri laughed.
How Gmail aliases work:
Email+<anything>[at]gmail[.]com
Everything after the + is ignored by gmail, thus 1 mailbox gives unlimited aliases.
Use service specific aliases to track the source of a data breach and services that share your data.
#Infosec
#tip
This is how email aliases work.
For gmail: YourMail+<anything>[at]gmail[.]com
Everything after the + is ignored by gmail.
1 mailbox and unlimited aliases.
Use service specific aliases to track the source of a data breach and services that sell/share your data
#Infosec
#tip
Mozilla reverts disabling TLS 1.0 and 1.1 because critical government sites sharing
#Covid_19
information still have these protocols enabled. While I think this is absolutely the right thing to do it once again shows the state of
#security
of some government sites.
#Infosec
Website/app developers: for the love of God stop preventing users from pasting passwords. 😱
It's one of the many - but probably my biggest - frustrations at account login.
#infosec
What would be the first 3 things you'd do if a company hires you to help them improve their security?
These are mine, what about yours?
1) Asset management
2) Offsite backups for all assets (disaster recovery)
3) 2FA wherever possible
#Infosec
Holy shit. Researcher discovers that TeamViewer stores user passwords encrypted and finds the encryption key and initialization vector in the windows registry
#Infosec
I’m not a elite hacker nor do I have any CVEs and that’s fine. Infosec entails so many subdomains. We’re all different people with different skills and that’s what makes it such an interesting domain.
Respect each other.
Learn from each other.
Get along and stop fighting.
Posting this again because it’s so good.
“HTTPS & SSL doesn't mean "trust this." It means "this is private." You may be having a private conversation with Satan.”
- Scott Hanselman (
@shanselman
)
If you ask people to change their password every 3 months they’ll either update the season and/or year or increment the number at the end. Don’t encourage bad password practices by forcing password changes on regular intervals.
#infosec
If you are producing
#infosec
training content please remember that anyone can buy a certificate for a website, including the criminals! HTTPS or 🔒does not mean site is trustworthy / legitimate. This tweet is mainly aimed at content vendors who still include incorrect advice.
If you care about your kids' privacy and security
DONT
- put IoT devices (webcams, baby monitors,...) in their bedroom or anywhere near them
- let them wear tracking devices like smartwatches
- share images/videos on social media that might harm them (later)
Please!
#Infosec
encoding != encryption != hashing
You can decode, decrypt but there's no such thing like "dehashing". Hashing algorithms are one-way irriversible algorithms. Hashes can be cracked.
#Infosec
“We have no reason to believe customer data has been affected” in a data breach notice just means “We have no clue whether customer data has been affected”.
Security by absence: you can’t get hacked through what you don’t have.
- Only create accounts you really need
- Only install software you really need
- regularly revise your software, accounts & 3rd party apps that have access to them and remove what you no longer use
#Infosec