Supposedly the Department of Homeland Security offers security training to Congressional campaigns who ask for it. Campaigns who write in are told they can sign up for a six-week phishing vulnerability assessment, or a network audit. The email that DHS sends has three attachments
-
Show this thread
-
This is like writing to the FBI to say you are concerned about letter bombs, and getting a ticking package in return.
2 replies 12 retweets 57 likesShow this thread -
A typical congressional campaign doesn't have any IT staff or a network to infiltrate, just a bunch of tired, caffeinated people who need to share documents all the time. They need training on how to do that, how to text, and how to secure password-protected personal accounts.
2 replies 10 retweets 45 likesShow this thread -
If you work on such a campaign, or are a working journalist (facing many of the same threats), there are nerds in every city champing at the bit to help you. It takes about an hour for a person, two hours for a group. Hit me up and I will be delighted to matchmake—415 610 0231
3 replies 17 retweets 54 likesShow this thread -
For the curious, here's what that training looks like. It's nothing you haven't heard, except possibly for the part about setting up security keys. It will offer you a lot of protection over the status quo. https://techsolidarity.org/resources/congressional_howto.html …
2 replies 14 retweets 47 likesShow this thread -
Replying to @Pinboard
Suggest for committee volunteers you need an even simpler version..
1 reply 0 retweets 0 likes -
Replying to @amstanley
Most definitely. I don't know your experience, but some of the most effective volunteers I've met are elderly people who do the work of 10, but are completely set in their ways about how they do computer stuff
1 reply 0 retweets 0 likes -
Replying to @Pinboard
need to be careful, some now use phones exclusively, computers are falling away because they don't understand them. so things like yubikey-based 2FA in all mobile environment don't work. long slow process. can you link/post the initial config instructions you referenced?
1 reply 0 retweets 0 likes
The Yubikey training is still useful in all-mobile settings because the fallback methods (app passwords, TOTP and no SMS 2FA) hamper phishing attempts. But I completely agree on the process being long, slow, and harder than it looks before you try it a couple of times
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.