Opens profile photo
Follow
Click to Follow DanielMiessler
ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ 📚
@DanielMiessler
🤖 Founder of UL 🎯Building products that help companies/individuals discover and pursue their purpose 📋Apple, IOActive, Robinhood, HPE, US Army
Science & TechnologySan Francisco Bay Areadanielmiessler.com/newsletter/Joined March 2007

ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ 📚’s posts

Google's search engine is jumping the shark. 1. Half the page is ads. 2. There's one result on the page. 3. Then recommendations for more questions. It's almost like their mission is to sell ads rather than organize information. What's better? Startpage? Kagi? Something else?
Image
273
1,526
This is the best security tool released in probably 10 years. Maybe longer. It’s Nessus—except transparent and automatable—and for AppSec as well.
Quote
Using wildcard glob support in nuclei, you can quickly scan for CVEs of specific years, for example, 𝗻𝘂𝗰𝗹𝗲𝗶 -𝘁 '𝗰𝘃𝗲𝘀/𝗖𝗩𝗘-𝟮𝟬𝟮𝟬*' will scan for all the CVEs assigned in 2020 from nuclei templates project. #nucleitips #hackwithautomation
Image
18
1,104
Millions of people clicking "Accept All Cookies" all day long is not improving anyone's security. This is the new textbook example of security being in the way, and not exploring the tradeoff between efficacy and experience before making a policy change.
Image
36
780
Twitter is a bowl of Ice cream. If you have one every once in a while, it’s pure magic. But if you eat it for every meal, in place of better foods (like doing your own projects), there is a 0% chance you won’t feel like garbage. Do not eat too much Twitter.
10
601
The more creatively you pay for your tickets to DEFCON the more you’re showing you deserve to be there. Hacking has always been about doing unexpected things in the name of curiosity. The idea of demanding “traditional” behavior from hackers is the epitome of losing the plot.
14
544
If you can work from home consider yourself lucky. There are millions of people in the service industries right now who are everyday making the choice between potentially getting (or spreading) a sickness, and paying bills. This thing will be so much worse for them.
15
506
AWS banning Parler from their platform is not censorship because there are countless other providers that will host them. Individual providers are not required to host anyone. It’s their choice who to take on as a customer. They are not the government.
33
389
Doing pentests on orgs with no security is like doing full genome analysis on morbidly obese people. You're wasting valuable time and money by not jumping directly to diet and exercise. The pentest industry thrives off the false belief that the problems are hard to find.
21
421
The Mudge/Twitter situation is what happens when a company wants to hire a named security personality for marketing purposes, and not to actually fix things. Companies need to realize that such people often got famous in the first place by having principles they won't violate.
5
373
A brief thought on the Hawaiian missile warning failure. When an Amazon employee deleted a bunch of infrastructure, Amazon had the best response ever. They basically said it wasn't the employee's fault because that option shouldn't have been available to them. 1/n
10
344
If you are under-represented in information security, and you're looking to get into the field, please consider me a personal resource to you getting your first job. My email is first@firstlast.com, and while I might not always be timely, I will respond to ever email I receive.
7
318
Remember when 280 characters destroyed Twitter? And when Microsoft destroyed GitHub when they bought it? It’s crazy that people move to aggressive panic insults when tiny, inconsequential things change on the internet. You can only use Word 97 for so long. Embrace change.
14
324
Ransomware is the new PCI. 1. It’s annoying 2. It’s not nearly the whole story 3. It’s forcing a lot of organizations to take security seriously No catalyst for change compares to real-world consequences. Business disruption is the ultimate argument.
11
307
I just wanted to say, I’ve always had a very mixed signal here on Twitter. I talk about tech, politics, and human/philosophical topics. And I know between 1-3 of those have annoyed the crap out of you. If you’re seeing this, thank you for accepting the whole me.
41
296
I find it remarkable that a massive percentage of the country believes the Democrats somehow committed voter fraud when everyone watched Trump launch a massive attack on the post office—in broad daylight—so that fewer democrat votes would be counted. Like, *actual* voter fraud.
14
269
So I guess tomorrow starts the UK’s 5-15 year effort to get back in the EU. What a colossal waste of time and money. Same with the US and lost global trust. The lesson for both is to listen less to large numbers of old white people trying to prevent the future.
15
266
This month I learned that the most “essential” people in the world are those who are paid the least, have the fewest benefits, and who are required to expose themselves and their families the most during a medical crisis. This month I learned our society is an embarrassment.
11
265
A lot of people are asking about the motive of the NSA releasing a free reverse engineering tool at RSA this year. Theories include: it’s a backdoor, it’s a tracking mechanism, etc. My opinion? Recruiting. It’s a PR move to attract talent post-Snowden/ShadowBrokers.
21
249
I just deleted a tweet of mine that asked a question about why someone would wear a mask while alone in a car. It was poorly worded, and had a negative tinge to it. I'm fiercely pro-mask and don't want to be associated with those who aren't. Sorry for the off-note.
32
257
I think requiring users to “accept all cookies” multiple times per day while browsing the internet is going to become a future case study for how not to do security—from a user interaction standpoint. If you ruin the experience, you often do more harm than good.
26
255
Replying to
Or—and this might be crazy—it could be a variant of a virus that’s killed more people than 5 million people. Generally it’s not called sales when you inform the public about such things. Drug companies wanting to make money doesn’t turn all their products into farces.
183
240