SwiftOnSecurity

@SwiftOnSecurity

computer security person at a place. former helpdesk. they/them/tay. Microsoft MVP, Client Security

Cyber, USAJoined April 2014

9,278 Following

369.3K Followers

SwiftOnSecurity’s Tweets

SwiftOnSecurity

@SwiftOnSecurity

37m

Would have fixed the Rockstar breach just saying

Quote Tweet

SwiftOnSecurity

@SwiftOnSecurity

· Mar 9, 2021

Microsoft should have an Enterprise license program where employees get Minecraft and Halo for free as long as their home computer's Defender is tuned up to max settings and BAFS + Network Protection is on.

SwiftOnSecurity

@SwiftOnSecurity

A LITERAL ACTUAL astrophysicist DM'd me this XKCD I wasn't aware of.

DEPARTMENT OF ASTROPHYSICS
MOTTO:
YES, EVERYBODY HAS ALREADY HAD THE IDEA,
"MAYBE THERE'S NO DARK MATTER - GRAVITY JUST WORKS DIFFERENTLY ON LARGE SCALES!"
IT SOUNDS GOOD BUT DOESN'T REALLY FIT THE DATA.

read image description

ALT

196

Show this thread

SwiftOnSecurity

@SwiftOnSecurity

Look we've all watched Stargate we all want to punt the fake experts who doubted Daniel Jackson but it's not that easy IRL

Show this thread

SwiftOnSecurity

@SwiftOnSecurity

The thing about dark matter/dark energy is they feel wrong like a lazy answer, but the intuitive reasons you as a layperson come up with why they're wrong, turn out to not be it. They checked it's not the reason. Which is even more frustrating!

131

Show this thread

SwiftOnSecurity Retweeted

Jen Gentleman

@JenMsft

Drawing the tower of pisa from memory

A drawing, literally made of computer memory, of the tower of pisa. There are probably too many "floors", but that's what you get when it's done from memory

read image description

ALT

785

SwiftOnSecurity

@SwiftOnSecurity

Idk I've been in situations where I as a security person join an architecture call, and the knowledge things _are possible_ is my value contribution.

Show this thread

Topics to follow

Carousel

SwiftOnSecurity

@SwiftOnSecurity

The public has no idea asymmetric cryptography is _physically possible_. Their understanding of smartphone app capabilities is based on general-purpose operating systems without sandboxes. Important to keep this in mind.

152

Show this thread

SwiftOnSecurity Retweeted

SwiftOnSecurity

@SwiftOnSecurity

Sep 19

🤔🤔🤔 "For such a serious hazard, relying only on procedures to protect workers isn't enough [...] here it meant engineering controls [...] having those likely would have made all the difference." 🤔🤔🤔 By

@WorkSafeBC

youtube.com

Incident Investigation: Fuel Tanker Explodes, Fatally Injuring Worker...

The presence of static electricity where a flammable liquid is being handled or used is an extreme workplace hazard and can lead to explosions and fire.This ...

Show this thread

SwiftOnSecurity

@SwiftOnSecurity

Using command-line Chrome browser to get a text string from an HTTP server is a crime itself forget the hacking just straight to prison

Quote Tweet

Joe Desimone

@dez_

· Sep 15

Interesting headless chrome technique with this [--headless --dump-dom] api.myip[.]com whatismybrowser[.]com twitter.com/JAMESWT_MHT/st…

128

SwiftOnSecurity

@SwiftOnSecurity

The problem with facing teens as a Defender is they haven't yet conceded to continually lose at life by restricting their gambits to within the bounds of failure money has decided have solutions. They seek only results and that is why they are dangerous.

Quote Tweet

Gareth Corfield

@GazTheJourno

· 8h

The law means I can't tweet the name, but there is a definite Twitter whispering campaign attempting to link one of the British teens alleged to be part of Lapsus$ with the most recent Uber and Rockstar / GTA6 hacks.

Show this thread

110

Show this thread

SwiftOnSecurity Retweeted

Orin Thomas

@orinthomas

Demystifying the “SVCHOST.EXE” Process and Its Command Line Options nasbench.medium.com/demystifying-t by

@nas_bench

nasbench.medium.com

Demystifying the “SVCHOST.EXE” Process and Its Command Line Options

Understanding the “svchost.exe” process and its command line options

142

517

SwiftOnSecurity Retweeted

Marcus Hutchins

@MalwareTechBlog

13h

Ok guys you've convinced me TikTok is spyware. I'm uninstalling it now so China can't get my personal data which is is only accessible by a ride share company that was hacked by a child, and a cell provider that was hacked by a child, and Twitter which was hacked by a child

120

1,501

10.6K

Show this thread

SwiftOnSecurity Retweeted

Kurt Seifried (He/Him)

@kurtseifried

17h

Replying to

@SwiftOnSecurity

Back in the day, Red Hat used a data center with two fiber feeds, a "normal" feed and a "deep" feed to make it impossible for both to be cut at the same time. Guess what happened? Also, it turns out fixing deeply buried fiber takes a much longer time.

162

SwiftOnSecurity Retweeted

Replying to

2018, day before Thanksgiving state Police arrest a man beside of the interstate, who thinks he's got copper but instead pulled up about 800 feet of fiber. Was our backbone to business app, and failover was set incorrectly in router. Not a fun day.

SwiftOnSecurity Retweeted

Replying to

As they say - if you ever go hiking in a remote part of the world, take a strand of fibre. If you get lost, bury it, and a digger will appear in a few hours to dig it up.

219

SwiftOnSecurity

@SwiftOnSecurity

18h

And it turns out there's locations where you can buy service from two or three providers, but somewhere along they all end up on poles along a random road with copper thieves who don't care about the integrity nor worthlessness of your glass next to the other cables.

285

Show this thread

SwiftOnSecurity Retweeted

Replying to

The backhoe ecosystem is vast.

117

SwiftOnSecurity

@SwiftOnSecurity

18h

Working for a large and distributed company with access to problem reporting: Holy shit there are way more fiber cuts than I thought. Like all the time.

599

Show this thread

SwiftOnSecurity Retweeted

Margi Murphy

@MargiMurphy

Sep 19

Uber shares detail on last week's breach: " It is likely that the attacker purchased the contractor’s Uber corporate password on the dark web, after the contractor’s personal device had been infected with malware, exposing those credentials"

uber.com

Security update | Uber Newsroom

Updates on security incident

111

"Why would someone write Reddit fiction anonymously." Why do people write Wikipedia. Why do people contribute to tech support forums. Why post on 4chan (which is also mostly engineered bait posts). Because being a social creature is a disease, and the salve is exhibition.

183

Show this thread

SwiftOnSecurity Retweeted

Replying to

literally half of /r/AmITheAsshole

SwiftOnSecurity

@SwiftOnSecurity

19h

I try to write amateur flash fiction. And when I read a lot of these breakout Reddit posts, my alarm bells go off. These are not normal random people writing this shit. It's often well-composed and full of great hooks. This shit is a cabal open your eyes sheeple.

189

Thesis: ➡️Many books are written by ghostwriters because writing a book is a unique skill and not just a product of literacy. ➡️Most Reddit posts are written by a small group of people, because being compelling in short-form writing is a skill and not a product of literacy.

267

Spreading news that a teen used a buttplug to cheat at chess based on some Reddit shitposting was definitely close to a new low score

478

Via

370

3,092

SwiftOnSecurity Retweeted

Jordan Wildon

@JordanWildon

Sep 19

It was a fake plastic plant that did it. Other things narrowed it down, but ultimately, a fake plastic plant.

Quote Tweet

Jordan Wildon

@JordanWildon

· Aug 20, 2021

We then found a Google account used to review local restaurants, amenities, and that very gas station. It belonged to Robert R Smart, the man behind the GhostEzra persona. Photos from social media accounts connected to Smart matched with photos GhostEzra posted from his home.

Show this thread

142

Show this thread

SwiftOnSecurity Retweeted

NirSoft

@nirsoft

Sep 19

New tool: BatteryHistoryView -

nirsoft.net

Battery History Viewer For Windows 10/11

BatteryHistoryView extracts and displays the battery history information stored in the SRUDB.dat database of Windows 10 and Windows 11.

SwiftOnSecurity

@SwiftOnSecurity

Sep 19

Driving a convertible at night is truly the ultimate gaming experience with 64K resolution, 9000 FPS raytracing and physics, force feedback 6DOF motion chair powered by 500HP actuators, 5.0L subwoofer, and freelook activated the entire time.

281

This is $8 whatever conspiracy you think I'm pressing I promise you referral links aighnt it

You're welcome

OXO Tot Bottle Brush with Nipple Cleaner and Stand, Gray

The OXO Tot Bottle Brush is the ideal tool for cleaning baby bottles. Combining soft bristles for gentle cleaning and firm ones for serious scrubbing, this handy brush has a flexible neck to easily...

Show this thread

SwiftOnSecurity Retweeted

Replying to

and

"The decisions, trade-offs, preferences and priorities that people made, even if seemingly out of the ordinary and immoral after the failure, were once normal and common sense. Just as we like to believe that ours are now"

SwiftOnSecurity

@SwiftOnSecurity

Sep 19

For HORRIBLE GRIEVOUS PAINFUL DEATH, written procedures and finger-wagging is not enough. "MOTIVATION" IS NOT THE CORE FACTOR IN ASSURANCE FAILURE. You are never going to win in Security with this approach. You can't. It's stupendous arrogance. Humanity has learned this before.

Incident Investigation: Fuel Tanker Explodes, Fatally Injuring Worker...

The presence of static electricity where a flammable liquid is being handled or used is an extreme workplace hazard and can lead to explosions and fire.This ...

Pouring gasoline into other gasoline generates static electricity 😵‍💫

youtube.com

Incident Investigation: Fuel Tanker Explodes, Fatally Injuring Worker...

The presence of static electricity where a flammable liquid is being handled or used is an extreme workplace hazard and can lead to explosions and fire.This ...

103

SwiftOnSecurity Retweeted

name cannot be blank

@defnotdivy

Sep 18

Honestly was a great set Can't recommend enough

Quote Tweet

SwiftOnSecurity

@SwiftOnSecurity

· Jan 16, 2020

How authentication works for the web and apps in the modern enterprise - This is a fantastic 35min split across 6 videos. youtube.com/watch?v=fbSVgC

Show this thread

SwiftOnSecurity Retweeted

SwiftOnSecurity

@SwiftOnSecurity

Sep 5

"in 2011, [a single NSA program to develop system penetration and persistence technologies] GENIE alone cost $615MM, with a combined headcount of about 1500 people." Fixed link from blog: web.archive.org/web/2015021416

Show this thread

SwiftOnSecurity Retweeted

SwiftOnSecurity

@SwiftOnSecurity

Sep 5

A blog post I still think about all the time, 7 years later: "If the NSA has been hacking everything, how has nobody seen them coming?" blog.thinkst.com/p/if-nsa-has-b

Imagine an attacker that can conceive of and execute on new classes of stupendous compromise and you've got the NSA

This is probably the type of high-echelon supply-chain attack NSA thrive on... if I was them...

Show this thread