photog.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for your photos and banter. Photog first is our motto Please refer to the site rules before posting.

Administered by:

Server stats:

247
active users

#securityfail

0 posts0 participants0 posts today
Mr Tech King<p>Yikes. Top Trump officials used Signal for classified Yemen strike plans &amp; accidentally added The Atlantic's editor to the chat. Major security questions arise, especially around Defense Sec Hegseth's handling of sensitive info.<br><a href="https://mastodon.social/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Signal</span></a> <a href="https://mastodon.social/tags/SecurityFail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityFail</span></a> <a href="https://mastodon.social/tags/GovTech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GovTech</span></a></p>
Childless Cat Lady<p>🚨 While Marco <a href="https://mastodon.social/tags/Rubio" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Rubio</span></a> oversees the rendition of innocent men to indefinite detention in foreign prisons, one of his top security personnel is arrested in Brussels for allegedly assaulting cops and hotel staff after demanding a drink after hours. 🍹🚫👮‍♂️</p><p>The best people? 🤔 <a href="https://www.washingtonexaminer.com/news/3368419/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">washingtonexaminer.com/news/33</span><span class="invisible">68419/</span></a><br><a href="https://mastodon.social/tags/MarcoRubio" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MarcoRubio</span></a> <a href="https://mastodon.social/tags/PoliticalScandal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PoliticalScandal</span></a> <a href="https://mastodon.social/tags/SecurityArrest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityArrest</span></a> <a href="https://mastodon.social/tags/Brussels" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Brussels</span></a> <a href="https://mastodon.social/tags/PoliceAssault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PoliceAssault</span></a> <a href="https://mastodon.social/tags/PoliticalCorruption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PoliticalCorruption</span></a> <a href="https://mastodon.social/tags/Accountability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Accountability</span></a> <a href="https://mastodon.social/tags/InnocentMen" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InnocentMen</span></a> <a href="https://mastodon.social/tags/ForeignPrisons" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ForeignPrisons</span></a> <a href="https://mastodon.social/tags/PoliticalHypocrisy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PoliticalHypocrisy</span></a> <a href="https://mastodon.social/tags/SecurityFail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityFail</span></a> <a href="https://mastodon.social/tags/PoliticalNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PoliticalNews</span></a> <a href="https://mastodon.social/tags/BreakingNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BreakingNews</span></a> <a href="https://mastodon.social/tags/uspol" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>uspol</span></a></p>
Frank Filippone<p>Was slightly amused earlier today when looking at Task Manager on a Windows server and found a properly ancient version of TeamViewer running on it.</p><p>Did I mention this server has direct internet access?</p><p>And is part of the security system for this site?</p><p><a href="https://aus.social/tags/it" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>it</span></a> <a href="https://aus.social/tags/itsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itsecurity</span></a> <a href="https://aus.social/tags/securityfail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securityfail</span></a></p>
Wolfgang Stief<p>Das Tastenfeld des Hotelzimmersafes quittiert jeden Tastendruck mit einem lauten Piep. Und während ich nachvollziehen kann, dass man bei so schwammigen Gummitastaturen ein akustisches Quittier-Signal erzeugt, wissen jetzt halt die beiden Zimmer neben mir, dass ich an dem Safe dran war und wie viele Stellen die gewählte PIN hat. <a href="https://mastodon.social/tags/abenteuerhotel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>abenteuerhotel</span></a> <a href="https://mastodon.social/tags/securityfail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securityfail</span></a></p>
Quinn Comendant 🐧<p><span class="h-card" translate="no"><a href="https://mastodon.social/@Edent" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Edent</span></a></span> If you call Bank of America, they will verify you using a code sent by SMS that contains, “DO NOT share this Sign In code.” </p><p>I’ll confirm with the agent that they’re asking for the one that says under no circumstances am I to share with anyone, and they reply cheerfully, “yeah that’s the one.” 🤦‍♂️</p><p><a href="https://mastodon.social/tags/bank" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bank</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/SecurityFail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityFail</span></a> <a href="https://mastodon.social/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a></p>
C.<p>Bank emails: Never click links in emails claiming to be from us, your bank! It's not safe.</p><p>Also Bank emails: To complete this transaction, click this link.</p><p><a href="https://mindly.social/tags/SecurityFail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityFail</span></a> <a href="https://mindly.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://mindly.social/tags/fail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fail</span></a> <a href="https://mindly.social/tags/stupidity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>stupidity</span></a> <a href="https://mindly.social/tags/idiocy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>idiocy</span></a> <a href="https://mindly.social/tags/email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>email</span></a> <a href="https://mindly.social/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>scam</span></a></p>
Claudius Link<p>Some more context to my rant about the shortcomings of <a href="https://infosec.exchange/tags/Entra" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Entra</span></a> ID <a href="https://infosec.exchange/tags/Password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Password</span></a> Protection, </p><p>1. The risk is greatly reduced if you use <a href="https://infosec.exchange/tags/MFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MFA</span></a> </p><p>BUT while I'm not sure if <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> enforces MFA they enforce the weak password rules. </p><p>And a recent event caused me to reevaluate my assumption on how well know <a href="https://infosec.exchange/tags/2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>2FA</span></a>/MFA really is:</p><p>I gave <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> talk to non-IT people (still technical so) and closed it with a set of recommendation. One was to enable Second Factor Authentication wherever possible. Which lead to the question from one participant "What is Second Factor Authentication"</p><p>That was quite a 😵​ moment. I had the wrong assumptions. How can I assume that MFA reduces a risk if many people don't know about it.</p><p><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Fail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fail</span></a> <a href="https://infosec.exchange/tags/SecurityFail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityFail</span></a></p>
Claudius Link<p>One more thing</p><p>Another shortcoming of <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> <a href="https://infosec.exchange/tags/Entra" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Entra</span></a> ID <a href="https://infosec.exchange/tags/Password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Password</span></a> Protection, I can't wrap.</p><p>They recommend to not mandate regular password changes (good) BUT they check the password against known bad passwords ONLY when changing it!</p><p>So to detect weak passwords I have to enforce a password change which is (rightfully) not recommended 🤡​</p><p>You could simply do this on entry. Every time (or once a day) the user enters the password it is checked if it isn't well known and complies to the current rules.</p><p><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Fail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fail</span></a> <a href="https://infosec.exchange/tags/SecurityFail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityFail</span></a></p>
Claudius Link<p>Sleeping over it I noticed another issue with <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> <a href="https://infosec.exchange/tags/Entra" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Entra</span></a> ID <a href="https://infosec.exchange/tags/Password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Password</span></a> </p><p>Regarding the Global banned password list the write "The contents of the global banned password list aren't based on any external data source, but on the results of Microsoft Entra security telemetry and analysis."<br>(<a href="https://learn.microsoft.com/en-us/entra/identity/authentication/concept-password-ban-bad" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">learn.microsoft.com/en-us/entr</span><span class="invisible">a/identity/authentication/concept-password-ban-bad</span></a>)</p><p>Now I have more questions:</p><p>WHY are passwords part of the security telemetry data?</p><p>The only case where I see this as ok, would be in a honeypot.</p><p>And what kind of data would be in the security telemetry data? Usually it's failed attempts, so you risk overestimating passwords attacks which fail (anyway). Again, this would only be OK with honeypots.</p><p>But if you are getting your data solely from honeypots, I fear you're getting a pre-selected type of data. Namely opportunistic, random attacks not targeted attacks.</p><p>While I think it's valuable to protect against these kind ob attacks, I really would like passwords to withstand even targeted attacks, even from the inside.<br>E.g when the attackers are in the Lateral Movement or Privilege Escalation. Especially if the attackers can start to crack hashes.</p><p>For this Microsoft Entra ID Password Protection seems completely useless there.</p><p><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Fail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fail</span></a> <a href="https://infosec.exchange/tags/SecurityFail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityFail</span></a></p>
Claudius Link<p>And the Custom banned password list of <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> <a href="https://infosec.exchange/tags/Entra" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Entra</span></a> ID <a href="https://infosec.exchange/tags/Password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Password</span></a> Protection just continues the joke.</p><p>First, it can only contain 1000 entries. And yes, I really don't want to manage a big custom list.</p><p>And it gets even worse. The list is intended to contain company specific banned words like brand or product names, company-specific internal terms as well as abbreviations. Entries must be at least 4 characters. </p><p>WTF, half the companies I worked for had 3 letter names. And there are many other BWM, KIA, SAP, IBM, GM, BBC, NBA, NFL, UPS, DHL, ...</p><p>And don't get me started on acronyms. <a href="https://infosec.exchange/tags/TLA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TLA</span></a> (Three-Letter-Acronym) is a term for a reason.</p><p>This means, taking my current company as an example, that SMA12 would be an accepted password (if it would be for the length) because 'SMA' 3 points + '12' 2 points is 5 points).</p><p>To reach the necessary length you could simply combine it. E.g. 'SMASolar1' would be an accepted password even if 'Solar' was a banned word.</p><p>And I CAN'T do ANYTHING!!!</p><p>Or at least not anything sensible. If I start to put combinations of 'SMA*' in the custom banned pw list, I'm back at an inadequate big list I have to manage myself 🤮​.</p><p>And even then SMASolar1234 stays valid 🤬​<br><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Fail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fail</span></a> <a href="https://infosec.exchange/tags/SecurityFail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityFail</span></a> </p><p>Call for <a href="https://infosec.exchange/tags/Help" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Help</span></a>: I would be very happy if someone can show me that I'm wrong. The state of Microsoft Entra ID Password Protection is a MUCH bigger pain than that I would have been wrong 😜​.</p>
Claudius Link<p>I'm not sure if I get something wrong, but I think <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> <a href="https://infosec.exchange/tags/Entra" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Entra</span></a> ID <a href="https://infosec.exchange/tags/Password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Password</span></a> Protection is complete rubbish. E.g. when ban weak passwords with the ominous 5 points rule the results seem to be completely arbitrary.</p><p>Microsoft speaks of including commonly used weak or compromised passwords in their Global banned password list. But the list isn't based on any external data source, so leaked passwords not leaked by Microsoft are not included 🤡​.</p><p>This leads to:<br>Known leaked passwords are accepted. Location name plus year is accepted. Dictionary word plus year is accepted!!!</p><p>Not sure if this applies only to German dictionary words.</p><p>It gets even worse. Reading the documentation, I found "Characters not allowed: Unicode characters" WTF </p><p>Coming back to the weird point system. A banned password is not really banned, it gives you "only" 1 point (and you need five).</p><p>This leads to the question how many points do none-banned words give?</p><p>If you think it can't get worse, you're wrong! It looks like each character of a none-banned word gives one point. Meaning "password1234" is an accepted password. (1 point for password and 4 for each digit)</p><p>And you can't do anything against it.</p><p><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Fail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fail</span></a> <a href="https://infosec.exchange/tags/SecurityFail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityFail</span></a></p>
Stuart Longland (VK4MSL)<p><span class="h-card" translate="no"><a href="https://social.taupehat.com/@me" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>me</span></a></span> <span class="h-card" translate="no"><a href="https://m.ai6yr.org/@ai6yr" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ai6yr</span></a></span> </p><p>Not only is that a denial-of-service vulnerability… but if it then came to "trust" that "face"… anyone could defeat your security system by buying and wearing an identical T-shirt.</p><p><a href="https://mastodon.longlandclan.id.au/tags/SecurityFail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityFail</span></a></p>
T.M. Baumgartner<p>Anyone have a preferred method for physically disabling the microphone on an indoor security camera? (Wansview Q5)</p><p>I have the microphone turned off according to the app, but I'm getting audio feedback when I have the app running in the same room as the camera, so... I don't think it's really off.</p><p>Would polymer clay in the hole do the trick?</p><p><a href="https://mstdn.social/tags/Wansview" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Wansview</span></a> <a href="https://mstdn.social/tags/SecurityFail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityFail</span></a> <a href="https://mstdn.social/tags/Microphone" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microphone</span></a></p>
Bobo_PK 🦄<p>Wenn du ein altes Android Handy auskramst damit du "sicheres <a href="https://chaos.social/tags/Banking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Banking</span></a>" machen kannst. <a href="https://chaos.social/tags/securityFail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securityFail</span></a></p>
Ben Jackson<p>Thanks Santander! :blobfacepalm:​ </p><p>Added to the fact that pasting the password is also prevented making a password manager hard/impossible to use and this is genius level security I just don't understand in place here.</p><p>I'm not convinced that an 8 character password as would be allowed is going to be all that strong under this policy. There are other factors that add some strength overall but no special characters seems a mighty odd decision.</p><p><a href="https://infosec.exchange/tags/securityfail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securityfail</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/santanderuk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>santanderuk</span></a></p>
Strypey<p>Independent security analyst points out security flaws in an app the NZ government is developing, to provide citizens with access to their COVID-19 vaccination record:<br><a href="https://www.rnz.co.nz/news/covid-19/453505/it-expert-says-my-covid-record-app-at-risk-of-security-breaches" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">rnz.co.nz/news/covid-19/453505</span><span class="invisible">/it-expert-says-my-covid-record-app-at-risk-of-security-breaches</span></a></p><p><a href="https://mastodon.nzoss.nz/tags/Aotearoa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Aotearoa</span></a> <a href="https://mastodon.nzoss.nz/tags/NZ" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NZ</span></a> <a href="https://mastodon.nzoss.nz/tags/MyCovidRecord" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MyCovidRecord</span></a> <a href="https://mastodon.nzoss.nz/tags/SecurityFail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityFail</span></a> <a href="https://mastodon.nzoss.nz/tags/HealthData" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HealthData</span></a> <a href="https://mastodon.nzoss.nz/tags/VaccinationCertificate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VaccinationCertificate</span></a> <a href="https://mastodon.nzoss.nz/tags/COVID19" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>COVID19</span></a></p>
FiXato<p>I really should've put a few cable ties or something through the whole of that key before letting <a href="https://toot.cat/tags/BeardGrabber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BeardGrabber</span></a> play with this <a href="https://toot.cat/tags/padlock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>padlock</span></a>. 🤦‍♂️😅😖</p><p>(It's also why I prefer <a href="https://toot.cat/tags/locks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>locks</span></a> that need the key to be inserted to actually lock them...)</p><p>Tried cutting a copy out of a tin can, but all I got out of that was a small cut. The metal probably was not thick and sturdy enough, or it might also have needed the raised edge on the side. Guess I could look up <a href="https://toot.cat/tags/lockpicking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>lockpicking</span></a> instructions for a <a href="https://toot.cat/tags/MasterLock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MasterLock</span></a> no.130.</p><p>Fortunately I should still have some other locks in a storage box, and am not in urgent need for one. :) Might find a spare key too, if I look for it; else I can always cut or file through the key. :)</p><p><a href="https://toot.cat/tags/parenting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>parenting</span></a> <a href="https://toot.cat/tags/securityFail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securityFail</span></a> <a href="https://toot.cat/tags/dadsOfMastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dadsOfMastodon</span></a> </p><p><a href="https://toot.cat/media/MhbJWbyUBX44BiF_p6E" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">toot.cat/media/MhbJWbyUBX44BiF</span><span class="invisible">_p6E</span></a></p>
FiXato (fallback)<p><span class="h-card"><a href="https://glitterkitten.co.uk/@sophia" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>sophia</span></a></span> after showing this to my wife, she shared this one from <a href="https://mastodon.social/tags/TMobileAustria" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TMobileAustria</span></a>, from April 2018, with me: <a href="https://www.reddit.com/r/sysadmin/comments/8aem4n/tmobile_plaintext_password_data_breach_thought_to/" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">reddit.com/r/sysadmin/comments</span><span class="invisible">/8aem4n/tmobile_plaintext_password_data_breach_thought_to/</span></a><br>and from the same thread, also: <a href="https://twitter.com/hanno/status/982530027135922179" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">twitter.com/hanno/status/98253</span><span class="invisible">0027135922179</span></a></p><p>(Now I wonder/hope *they* have at least cleaned up their act by now)</p><p><a href="https://mastodon.social/tags/SecurityFail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityFail</span></a> <a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://mastodon.social/tags/TMobile" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TMobile</span></a> <a href="https://mastodon.social/tags/Fail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fail</span></a></p>
Crazypedia :cyber_heart:<p>From the tales of the solution is worse than the problem:<br>Business partner loses control of an email account; it emails all their contacts a malicious attachment. 1 hour later, that same account sends out an email , and puts Every. Single. Recipient in the 'TO' field warning them not to open the previous message.<br>Guess everyone knows all their business partners and customers now 😡🤦‍♂️<br><a href="https://toot.chat/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://toot.chat/tags/netsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>netsec</span></a> <a href="https://toot.chat/tags/securityfail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityFail</span></a> <a href="https://toot.chat/tags/sysadmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sysadmin</span></a></p>