I won't say it's, like, the series' best feature, but on a personally relatable level my favourite thing about The Murderbot Diaries is the repeated implication that most of SecUnit's success as a hacker stems from the fact that it keeps bumping into mission-critical systems where nobody's bothered to change the factory default wi-fi password.

Watching air traffic come to a halt because of the CrowdStrike IT outage. This reminds me of the video showing the FAA closing U.S. airspace during the 9/11 attacks.

Are passwords with words actually good? I ask because you mentioned being shown that xckd comic in security class

Short Answer:

Yes! Its easier to remember, and the chance of a hacker guessing your password is very low- especially if the words are unrelated (such as CorrectHorseBatteryStaple)

Long answer:

Yes, but there are lots of different ways passwords can be compromised.

A password with words- or a passphrase- is good because it adds many possibilities. For example, CorrectHorseBatteryStaple has 25 characters in total. A hacker has no idea WHAT those 25 characters are, making a brute force attack (a method where you try every POSSIBLE combination) will take fucking eons- and nobody has time for that. Using a passphrase also prevents modifications, ie. when you use 1337speak or add random capitalization (password -> p455w0rd -> Password!).

However, a password/passphrase is only as good as how many times its used. If you use CorrectHorseBatteryStaple for everything, from your Tumblr account to your bank, it makes it REALLY EASY to hack into your stuff. If you use the same email and password for a random forum that is the SAME email and password for your paypal, they could theoretically access your paypal. There's another great xckd comic on this:

So, its best to have a different password for everything. I recommend a password manager. I personally use BitWarden since its free, can connect between your phone and your computer, and it requires one master password to access everything! (Which is easier than remembering 25 different long ass passwords). I tend to randomly generate them then punch them in.

If you want to be more secure, I recommend 'peppering' your randomly generated passwords. I wont go to into what that means, but basically, a password 'pepper' is adding an extra little bit at the end. lets say you choose your pepper to be 'xkcd', your password would look like 'passwordxkcd'. That way, if something ever happens to your password manager, you STILL don't have to worry to much about your passwords!

What I do is save a password in Bitwarden (8zeCSdv7k$), then whenever it autofills, i add my pepper onto as my official password! (8zeCSdv7k$xkcd). Therefore, the only things i have to remember are:

A) a master password, where I recommend using a passphrase, and

B) a random 'pepper' word to add onto the end of your passwords

And boom! That's IT security 101 with a dude who has taken one class.

TLDR: Passphrases are good and great for memorizing, but try not to reuse them! Use a password manager and keep your info safe!

Idk whether you’re an iPhone user or not but what are your thoughts on iOS 18.3 and whether or not it’s a good idea to go ahead and update to it? I’ve seen sound arguments both ways and was curious if you had any thoughts about it

Good question tbh. Unfortunately, for this question, I am an android user.

I DID do a quick little search on it, though:

Just from a glance, OOF, what a bunch of bugs. Sounds like they've got a handful of things to fix in this release. I do believe there are also a handful of workarounds, too.

HOWEVER - with that said, the update does fix some 20+ vulnerabilities. Here's the list:

but they may NOT apply to you and you can just continue with what you have until they do a hot fix for all the things they broke. You can also weigh how LIKELY you'd be a target for any of the vulnerabilities that DO apply. Most people really AREN'T - just depends on everyone's unique scenario. If you spend a lot of time on public wifi, download a lot of apps, visit not-so-secure sites a lot, maybe consider an upgrade. Otherwise, if you're the careful-with-your-data type, you could probably wait.

But if you want to know more about the vulnerabilities, you can search any of those CVEs here:

Search any of the CVE codes and it'll basically tell you how an attacker exploits the vulnerability. You can just read the simple description otherwise, if you're like me, you'll go down a rabbit hole learning how to reproduce.

Hope this helps!

"The UK government has set in train plans to introduce legislation requiring tech companies to let it know when they plan to introduce new security technologies and could potentially force them to disable when required.

The measures were announced just minutes ago in the King's Speech – when the country's monarch reads out a declaration that is written by the ruling political party, marking the start of the parliamentary year. The proposed changes could give the Home Office advance access to technical details of security measures employed by popular big tech platforms so it can access user data and monitor nefarious activity."

just got this email with the subject line being "stinky cheese". that's pretty silly and quirky lol. gonna open it

Navigating the Digital Landscape: Unraveling the Essence of Access Management with Sigzen Technologies

In an era dominated by digital transformation, the importance of robust access management cannot be overstated. Businesses worldwide are grappling with the challenges of securing sensitive data, maintaining compliance, and providing seamless user experiences. Enter Sigzen Technologies – a trailblazer in the realm of access management, offering cutting-edge solutions to address the evolving needs…

View On WordPress

Peran dan Tugas seorang IT Infrastructure dalam Perusahaan

Seorang profesional IT Infrastructure memiliki peran yang sangat penting dalam sebuah perusahaan karena mereka bertanggung jawab atas desain, implementasi, pemeliharaan, dan keamanan infrastruktur teknologi informasi perusahaan. menurut pengalaman saya selama beberapa tahun bekerja di bidang IT Infrastructure, Berikut adalah beberapa peran dan tugas penting seorang IT Infrastructure dlm…

View On WordPress

I love how half the sites I use are spiralling deeper and deeper into pure security theatre by enforcing extremely complicated password policies whose only practical effect is to create a single point of failure for everybody's personal data by forcing them to rely on password manager apps because any password that actually satisfies the rules is impossible for humans to remember, and the other half are like "actually, we're switching to PINs, so now your account is secured by a six-digit number".

Qradar coming with some subtle commentary with the alert

"Ransomware Behaviour: Microsoft Windows System"

untuk pegiat IT / Hobbist / dan yang tertarik soal IT Security. Mari merapat. Sekaligus kopdar. Untuk area solo dan sekitarnya yok..

are you five nights at fucking kidding me

Literal definition of spyware:

Also From Microsoft’s own FAQ: "Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. 🤡