I spent my day sending extremely sensitive information unencrypted via email. Because people whose job it is to receive this kind of information have absolutely no clue what they are doing. #infosecFail

#PSA If you USB tether a laptop to a mobile device/hotspot, it's almost guaranteed that your mobile service provider is hijacking your #DNS despite whatever VPN you may be running on your laptop.

Is this intentional? No clue. Probably not. It seems more like a really poor implementation present in some probably very old spec used to enable USB tethering.

Is it annoying? Absolutely. Behavior is seen on multiple mobile providers in various versions and combinations of Linux, Windows, Android, wireguard, and OpenVPN.

#infosec #infosecfail

O.M.G (the men’s room of the restaurant we were at) #InfosecFail

ok... what numpty designed a system that requires a one time password sent to an email account, before you can log into said email account?
#InfosecFail #OTP #ITFail

*Quietly screaming*

I don't know how this goes in the teams planning, building and running things like MyGov.

But from the outside it looks so haphazard, arrogant and silly. Did they decide to ignore the risk in order to get something out quicker? Did they just never get a human security tester to test it? It seems like a decently imaginative tester could've seen this work around.

#AusPol #CyberSecurity #InfoSecFail

https://www.abc.net.au/news/2022-12-18/ato-tax-hacked-via-mygov-services-australia-exploit/101781656

Tl;dr: don't take candy (or #Free gear) from strangers (or your ISP). #InfoSecFail

Another post about the terrible #InfoSec practices of rural telcos inspired me to share an experience I once had while establishing fiber service in a major metro area. #TaleofTwoCities

The ISP was offering "free" wifi mesh points, which I kindly refused because momma didn't raise no fool. When the technician arrived on install day, he offered them again. After I politely declined, he shrugged and put them back in the truck. I'm still not sure why he even needed to come out, since the house was already wired and had the ISP's ONT installed. But, that's another story.

Later that evening, I sat down to get things set up and realized my account in the ISP's app showed hardware. Worried that I'd be charged for something I didn't accept, I began to investigate. It didn't just show a WiFi router, it showed an active one with several devices that I don't own attached.

Apparently, the ISP had already decided to assign the device to my account long before the tech arrived. He must have decided to either use it at his next stop, or claim it as a job perk. Knowing that I was looking at hours of fun on the phone trying to explain this to #CustomerService, I had another idea.

Since I had admin privileges (that I didn't want or ask for) to this poor fool's network I changed the SSID to YouNeedANewRouter, set the password to an appropriate difficulty level, and booted all of their devices from the network. Within hours it vanished from my account. I was never charged for the equipment, and I spent exactly zero seconds dealing with customer service.

Dear reader, if that was your WiFi and I caused you to miss any deadlines, I do regret the inconvenience. But I hope you also learned a valuable lesson about the danger of "free" gear. Let this also be a reminder that ISPs are equally incompetent regardless of geography or market share.

There are a few people who regularly mistype their email address and I end up with their replies.

This morning I got one from an identity protection service. Oh the irony.

And worse, I also have their address, their full name, their DOB, and some details of the bank they use. All because they keep using their email instead of mine.

#InfoSec #InfoSecFail

@pho4cexa
In soviet amerika, you no use Gmail, Gmail / alphabet use YOU ')

https://medium.com/@fuchschristian/when-ads-meet-fascism-on-youtube-what-the-recent-google-scandal-tells-us-about-big-data-capitalism-414ea72d94d0

"Palantir lives the realities of its customers: the NSA, the FBI and the CIA--an early investor through its In-Q-Tel venture fund--along with an alphabet soup of other U.S."

#Sauron #SaudiRoyalFamily #eternalWar #inqtel

#tolkien #gollum #orcs #palantir #infosecfail #opsec #techilluminati

https://www.forbes.com/sites/andygreenberg/2013/08/14/agent-of-intelligence-how-a-deviant-philosopher-built-palantir-a-cia-funded-data-mining-juggernaut/#3ff36db87785

https://twitter.com/Astro_Natt/status/645030314566397953?s=20

https://mobile.twitter.com/PalantirTech

https://hispagatos.space/media/L6ntAo1zT9p4HvEZHiA