Improve the way you identify and communicate #infosec risk. All #opensource and free for you to takeaway and use to improve how you manage #cyberrisk 💪 🔗 oisru.org THREAD 👇

Quote Tweet

Open Security Summit

@opensecsummit

Jun 18, 2020

Currently speaking at the Open Security Summit @oracuk , @rto and @PetraVuk1311 on the topic: "Open Information Security Risk Universe (OISRU)" Join here: open-security-summit.org/tracks/ciso-an Join YOUTUBE Live stream: youtube.com/watch?v=uVHEqN #oss2020 #opensecuritysummit2020 #threatmodeling

If you have already exported/imported into a new password manager, make sure to check for any accounts you're not expecting. They may be in a sub-folder.

At the time of writing "unlinking" vaults does not seem to be working via the "Advanced Options" menu, but does work under "Account Benefits".

PSA: When you export your data from

@LastPass

, it will also include all credentials on any linked accounts too. There's no option to choose which vaults are exported. That means you may end up with all your personal accounts in your new work vault, or visa-versa.

Show this thread

Robin Oldham Retweeted

Sean Wright

@SeanWrightSec

Jan 10

Any GRC folk looking for a role? We have an upcoming role in our team.

Robin Oldham

@RTO

Jan 8

Some neat data viz and journalism from

and

Quote Tweet

The Westminster Accounts database is just one click away

news.sky.com/westminsteracc

Show this thread

Robin Oldham

@RTO

Dec 24, 2022

Final newsletter of 2022 out a bit early this morning. Also live on my website here: rto.me.uk/newsletter/rob Usually it’s a retrospective, but there’s quite a bit to cover this week!

rto.me.uk

Robin’s Newsletter #236

LastPass customer vault data stolen in breach. EternalBlue-style vulnerability in Windows. Okta source code stolen.

I’ve asked

to confirm which vault data fields are/n’t encrypted.

Quote Tweet

Robin Oldham

@RTO

Dec 24, 2022

Replying to @SeanWrightSec @UK_Daniel_Card and @LastPass

And disappointingly it’s different to how they advertise their service. The zero knowledge architecture implies the whole vault is encrypted locally before transmission to their servers:

Robin Oldham Retweeted

Armando Ayala

@pixels_sd

Dec 22, 2022

TBT, one of my favorite shots from October 2020. It’s not the sharpest but pretty amazing to have captured it. I don’t know if San Diego will have another lightning show like this again. #LightningStorm #lightning #StormHour #PhotoOfTheDay #ThePhotoHour

116

627

Robin Oldham Retweeted

Cyrus, Goober Unicornsaw

@BigPapaFox2

Dec 20, 2022

Everybody. Thank Naruto the Macaque for helping set the precedent that copyrightable material requires 'human authorship'. This monkey may have single-handedly destroyed the AI art industry. 🐵🎉

Quote Tweet

dish

@companiondish

Dec 20, 2022

today I woke up to the lovely news that an AI-generated comic lost its copyright protection because the USPTO determined that "copyrightable works require human authorship." great step in the right direction

Show this thread

271

12.7K

64.6K

You gotta stick the landing on your razzle-dazzle plays.

Quote Tweet

Las Vegas Raiders

@Raiders

Dec 19, 2022

NEVER SEEN ANYTHING LIKE IT. @chanjones55 TOUCHDOWN FOR THE WIN.

FOX

1:19

1.4M views

Robin Oldham

@RTO

Dec 17, 2022

Polish prosecutors are investigating a “violent release of energy” at the national police headquarters amid media reports that the chief of police fired a grenade launcher in his office. theguardian.com/world/2022/dec

GIF

read image description

ALT

Robin Oldham

@RTO

Dec 16, 2022

Move fast and Barbra Streisand.

Robin Oldham Retweeted

TwistedDoodles

@twisteddoodles

Dec 13, 2022

Santa observing subjects #Science #AcademicTwitter

329

1,167

Robin Oldham

@RTO

Dec 12, 2022

For a brief moment thought they’d sent

@carolkirkwood

for an outside broadcast without a coat this morning! #ColdOut #UKSnow

Robin Oldham Retweeted

Paul Waugh

@paulwaugh

Dec 10, 2022

What's really shocking is that although the govt rightly *expanded* eligible photo-ID to include bus/train/travel passes for the elderly, they've *refused* to accept travel passes for the young.

152

1,617

3,726

Show this thread

Robin Oldham Retweeted

payloadartist

@payloadartist

Dec 1, 2022

I gave ChatGPT a code snippet And asked how I could exploit a vulnerability in it Tbh I'm blown away by the potential of this tool for #cybersecurity use cases🤯 #bugbounty #hacking #infosec #gptchat

151

507

What does this company do? "We help our clients set clear experience objectives and implement experience-driven results in the right places. Helping them unlock hidden value across their entire eco-system."

Robin Oldham Retweeted

Hank Green

@hankgreen

Dec 1, 2022

I asked an AI to describe a cat and then I put the AI's description of a cat into an AI image generator.

"a small, furry animal that is commonly kept as a pet with soft, silky fur that comes in a wide range of colors and patterns. They have slender, agile bodies and sharp claws, which they use for hunting and climbing"...apparently.

read image description

ALT

1,136

5,166

130.3K

Show this thread

Robin Oldham Retweeted

Your Mum

@mumtuum

Nov 26, 2022

You know that video of a bloke playing Back in Black while his girlfriend batters his helmet with a frying pan? Found it.

0:14

1.4M views

751

12.4K

50.1K

Show this thread

Robin Oldham Retweeted

Massimo

@Rainmaker1973

Nov 23, 2022

In 1951, Adelbert Ames created the mind-boggling ‘Ames Window’. It’s so effective that even when you know how it works you can’t break the illusion [video from The Curiosity Show: buff.ly/36DvRNs]

2:01

3M views

From

Bobbie

370

9,949

39.5K

Robin Oldham Retweeted

Maryam Aslany

@m_aslany

Nov 17, 2022

A female led revolution : For years the Islamic Republic has tried to shame Iranian women in the most intimate ways. Today, protesters in Iran are using sanitary pads to cover the regime’s CCTV cameras, which could identify protesters. Ingenious acts of defiance. 💚🤍❤️

426

1,256

Robin Oldham

@RTO

Nov 22, 2022

Also, I don’t know who at

@MakingMonzo

needs to hear this, but customer service is stateful.

Been bounced around 6 agents on

@monzo

live chat and now told that’s because the system automatically disconnects when someone is scheduled to go on break, dumping you back in the queue. Do not contact

@monzo

live chat around 10:30/11:00. They all go on coffee break.

Just finalised the 231st edition of my weekly #infosec newsletter. It goes out every Sunday at 7pm (UK time), with a round up of what you need to know, analysis and interesting stats. You can see previous editions and subscribe at:

rto.me.uk

Robin's Newsletter

This is the personal website of Robin Oldham, an information security leader, speaker and consultant. Founder of Cydea, the postive security company. Check out Robin's Newsletter, a weekly roundup of...

Robin Oldham

@RTO

Nov 18, 2022

It sucks when vendors put productivity and security benefits out of reach.

@Atlassian

have been working on (long-requested) SCIM user provisioning for

@trello

, but have decided it will only be an enterprise users paying >$10Kpa. jira.atlassian.com/browse/ACCESS- #SecurityPovertyLine

Ahh,

didn’t actually preload #Warzone2 when it downloaded an update yesterday and now I have ~50GB to download at… *checks notes* 89KB/s. Wonderful.

Robin Oldham

@RTO

Nov 13, 2022

There are many hugely talented people working in our health service and I can’t help but feel they’d do a better, at a lower price, if that’s what we want.

Quote Tweet

Phil Booth

@EinsteinsAttic

Nov 13, 2022

This headline

will be no surprise to anyone who's been following @NHSEngland's plans (and actions) for a while. But @JonUngoedThomas's article reveals some crucial details about what's intended for your #NHS #HealthRecords that are worth unpacking... theguardian.com/society/2022/n

Show this thread

Controversial £360m NHS England data platform ‘lined up’ for Trump backer’s firm

Patients will have no say over records going to Palantir, the software giant run by billionaire Republican backer

read image description

ALT

Yes! Come on

! Congratulations 🥳

👀

Quote Tweet

Andrew Z¡gler

@andrewzigler

Nov 11, 2022

*gets popcorn*

Show this thread

Robin Oldham

@RTO

Nov 3, 2022

Cool: magnetic, true and grid north are converging for the first time in history! ordnancesurvey.co.uk/newsroom/news/ #MapGeek 😎

ordnancesurvey.co.uk

The three ‘norths’ combine over Great Britain for the first time in history

November 2022 will see true north, magnetic north and grid north combine at a single point in Great Britain for the first time ever.

Robin Oldham

@RTO

Oct 31, 2022

So MW2 isn’t finished and the UI is a mini-game you have to fight to do anything.

Robin Oldham

@RTO

Oct 26, 2022

Date format quick reference:

Quote Tweet

insane moments in british politics

@PoliticsMoments

Oct 25, 2022

Jacob Rees Mogg's resignation letter is dated as 'St Crispin's Day' rather than the 25th October (2022)

Show this thread

Robin Oldham

@RTO

Oct 21, 2022

Newsnight not pulling their punches.

Quote Tweet

Tim Johns

@timoncheese

Oct 20, 2022

Stunning and devastating opening from Newsnight tonight. Harsh, yes. Media students (and current broadcast journalists!) take note: your edit is nothing without the right choice of music. And oh boy this is quite the choice.

Show this thread

1:45

2.9M views

Robin Oldham Retweeted

Basit Mahmood

@BasitMahmood91

Oct 20, 2022

We shouldn’t let this be buried by other news today. Foodbank charity Trussell Trust says that the need for foodbanks has outstripped donations for the first time. It has distributed 46% more emergency food parcels in August and September than at the same time in 2021.

4,047

4,770

Robin Oldham

@RTO

Oct 20, 2022

Checks out

Quote Tweet

Lapis

@DegenerateThing

Oct 20, 2022

In light of Liz Truss' resignation, I made a chart to explain UK politics for anyone confused

Show this thread

Chart explaining how the people in charge of the UK has declined from 2 on the 6th of September to 0 after the death of Queen Elizabeth and the resignation of Liz Truss

read image description

ALT

Robin Oldham

@RTO

Oct 20, 2022

2022:

Quote Tweet

Ben Smoke

@bencsmoke

Oct 20, 2022

flatmate has just asked me whether i think the lettuce voted leaf or romaine in the brexit referendum and im frankly furious at how funny i found it

Show this thread

Robin Oldham

@RTO

Oct 20, 2022

If you wait 'til this point to 'formally start taking customer contracts' then you have probably burned through your runway, lost investor confidence and gone bust.

Quote Tweet

Mike Boutwell

@MikeBoutwell4

Oct 19, 2022

If you have followed these steps well, you have done both a SOC 2 and ISO 27001 certification somewhere between 6-12 months. As of this point, you can formally start taking in new contracts from clients.

Show this thread

Robin Oldham

@RTO

Oct 20, 2022

Good intentions; poor advice. Security can help, but doesn't sell. Focus on customer need. Get your engineering team to tick off minimum viable security features (mvsp.dev). Come back to this and worry about security once you have something of value to protect.

Quote Tweet

Mike Boutwell

@MikeBoutwell4

Oct 19, 2022

How to secure your B2B SaaS startup & close million dollar deals for less than $100,000 Here’s the entire 10-step information security plan for you: 1. Procure enterprise grade equipment and tools which will be easy to make compliant.

Show this thread

Robin Oldham Retweeted

James O'Malley

@Psythor

Oct 19, 2022

Britain’s real productivity problem isn’t the lack of houses or infrastructure, it’s that the government keeps collapsing and we’re a nation of rubberneckers glued to Twitter.

161