User tries to click open a malicious attachment, but it's been neutered by a CDR solution...

MSSPs racing to the bottom with their service levels...

Seems a lot of folks don’t know that bucket names show up by default in the Certificate Transparency logs.

If you build your infrastructure without an extraction plan, you are trapping yourself.

If you don’t think that’s a problem, go back and look at Broadcom’s strategy for VMWare and get back to me.

The Serverless cliff.

Proprietary platforms are ok, but make sure you have a migration path, even if it's not perfect. You can hedge your bets by using platforms backed by open standards, think email and SMTP. Enjoy the initial benefits but don't get trapped by them.

I had to break this news *many* times when I was at Duckbill.

At scale, lambda is almost always going to be more expensive than running persistent jobs in containers or VMs.

And running compute & block storage in a cloud provider is going to be more expensive than on prem.

I endorse this message.

Seriously, come check out what we're doing at IANS to help our clients navigate the security struggle bus of securing the generative AI solutions business stakeholders are demanding.

Someone asked why not use the same technique used to suspend my account against those who targeted me? It’s easy, I’m not a fraud, nor do we need to commit criminal acts to expose frauds and assholes. These acts are for the desperate and depraved. When they go low we get high.

The real horror here is that when OP enabled CloudTrail for S3 data events each of those $1300 worth of S3 requests started charging them 20x more. Or, y'know. $26K for the month.

With dogs in the news, and handling of behavioral issues, I thought I'd talk about our experience with difficult dog breeds. Namely: the Siberian husky.

And not just any huskies: every one of ours are behavioral surrenders. 1/n

💥

(slightly overdue, but welcome) end of an era

Solid thread that's worth the read.

The lengths some people will go to just to open an extra tab on Chrome.

This seems... problematic. Any insight here Corey Quinn?

Nice to see Naomi Wu 机械妖姬 getting some credit for this!
'Razer made a million dollars selling a mask with RGB, and the FTC is not pleased' theverge.com/2024/4/29/2414…

What a shit heel.

What nyxgeek found was epic and should definitely read this blog.

We had to sit on this for almost a year for a fix - and it is huge one.

Ability to endlessly enumerate and password spray any Azure/Entra tenant across the globe - completely undetected. Unlimited threads for

Today the FCC has fined US telcos $200 million for illegally sharing phone location data. This comes after a NYTimes investigation into how corrupt law enforcement were using this data, and then my investigation on bounty hunters being able to buy it docs.fcc.gov/public/attachm…

Does anyone in my network have a link to the leaked ENISA EUCS draft?

Nothing in security is easy.

Anyone who tells you otherwise is misinformed, outright delusional, or selling you something.