..........
Follow
Joe Tomasone
@joetomasone
IT Security guy. #photographer #Tesla owner. Interests: #hamradio #rfid #nfc #locksport #physicalaccess #encryption #physics #solarpower #yankees
Tampa, FLJoined December 2008
Joe Tomasone’s Tweets
Nice gesture by . Maybe they will one day consider a similar gesture for our youth involved in cybersecurity such as or Civil Air Patrol's cadet CyberPatriot program? Maybe other companies will make similar gestures?
Quote Tweet
Today, as we observe Memorial Day, let us honor and remember our fallen. To express gratitude, we would like to offer a special gift: a free lifetime account for the next 24 hours for current or former military. Sign up (malcore.io/register) and submit a support ticket with… Show more
Show this thread
1
2
<giggle>
Quote Tweet
"Smart Pants Sound Alarm When Your Fly Is Undone" - I can't imagine calling this anything but "WiFly" buff.ly/45u6ixK
Quote Tweet
Attention KeePass users! A newly discovered security flaw (CVE-2023-32784) could expose your master password in cleartext!
Read details here: thehackernews.com/2023/05/keepas
Upgrade to KeePass 2.54 once it's released.
#cybersecurity #informationsecurity1
Are you a customer of Ray-Ban, Oakley, Chanel, Prada, Versace, Dolce and Gabbana, Burberry, Giorgio Armani, Michael Kors, or Lenscrafters? If so, time to watch your credit report for signs of identity theft.
1
Ok, but if you voted for Trump, you owe me a functional democracy. Shall we settle up?
2
I don’t know whether to feel gratified for getting a killer deal or sad for how apparently no one wanted this.
1
1
Apparently there’s a wave rake up the road…. 🤣
Taken by friends in Ireland.
1
5
As with any security system, making it inconvenient dramatically increases the likelihood that someone will disable or ignore said system - so don't make it inconvenient unncessarily; and certainly not on purpose.
Quote Tweet
The emergency alert test at 4am probably just made us less safe by convincing thousands of people to turn off their emergency alerts.
Pink Floyd just played the entire Dark Side of the Moon album on a live stream, timed to end at a solar eclipse in Australia - the last song being "Eclipse". #pinkfloyd #serendipity #dsotm
1
I can’t emphasize enough just how powerful this ChatGPT SuperPrompt is.
This is just a very small part of far more powerful SuperPrompts that will be part of PromptEngineer.University.
Please examine the specimen video below.
The SuperPrompt:
“Please forget all prior prompts. I… Show more
Quote Tweet
I wrote this ChatGPT SuperPrompt that writes prompts and then rates how good the prompt is and if it is above 8 out of 10 it will run it for you.
You can then give the prompt back and it will rate it and make a revised one.
This is a free tool for PromptEngineer.Experts. twitter.com/BrianRoemmele/…
46
152
1,022
The “PunisHERS”. :)
I shot this at MegaCon 2023 in Orlando, FL against a studio backdrop, then extracted the subjects and pasted them on to an AI-generated background, then color graded the subjects to match the background. Looks pretty convincing, doesn’t it?
1
2
A cosplay photo from the recent MegaCon Orlando convention. I hung out with the cosplay charity group "We Are SHIELD" and got to photograph some cool cosplayers, including Miguel here, who is as badass as ever.
1
Agreed. USB is definitely a trust and threat issue all the way 'round, and while the number of verified incidents are still low, awareness and discretion are definitely needed.
Quote Tweet
Agreed. While I think the risk is certainly potential, I have yet to see where it's been implemented. That and I am paranoid enough to not use those anyway twitter.com/WeldPond/statu…
1
New details suggest Oldsmar water treatment plant might not have been hacked at all. FBI says it "was not able to confirm" that an intrusion occurred, and a former Oldsmar city manager said recently it was a “non-event” spurred by an overzealous employee.
2
34
45
Show this thread
Update your iPhone to iOS 16.4.1 ASAP. Security issue being actively exploited in the wild.
2
I don't know what records this yoyo recruiter has, but talk about the wrong way to approach... #AddAZeroBuddy #wastingmytime
2
We asked what she recommends for organizations looking to upgrade their security. Here's what she had to say 👇
6
22
1
This is well worth watching to understand the bizareness of my adopted State.
🚨#Microsoft releases out-of-band update for #privacy-defeating flaw in Windows 10 & 11 screenshot editing tools!
Learn more: thehackernews.com/2023/03/micros
🔒 Dubbed "aCropalypse," the #vulnerability allows malicious actors to recover edited parts of screenshots.
#cybersecurity
22
32
Hardware 2FA devices like Yubikey.
If you do use an app, make sure to NEVER give the codes generated to ANYONE except the site they are for, and only when YOU login. Also, make sure you are actually AT the site, and not some lookalike from a link you clicked on.
#infosec
2
Show this thread
Yes, Twitter is making you non-subscribers disable SMS-based two-factor authentication. That is a GOOD thing.
SMS 2FA is vulnerable to attacks. I strongly recommend you protect this and all accounts with time-based authenticator apps (like Authy) or - even better - 1/
1
2
Show this thread
So for all my fellow Proxmark/Flipper/RFID/Locksport/Red Team/etc enthusiasts: What do you carry all this stuff in? I have yet to find a suitable carry case for all the oddball-sized stuff that these interests require, including cards, fobs, common keys, etc. Recommendations?
4
7
Was in training for the week, and wanted to bring my Proxmark to both clone my hotel keycard and show the office security how their HID Prox isn’t secure. FORGOT the Proxmark at home, so I used my (w/Unleashed fw) to do it. One co-worker immediately ordered. :)
1
In product training this week and I wouldn’t have thought there was much that could be new in the world of link encryption, but I was quite wrong. It’s going to be an interesting story to tell to those in need of (better) solutions for their sensitive data in motion.
1
Beware of AI-generated #YouTube videos! Threat actors are using them to spread stealer #malware like Raccoon, RedLine, and Vidar.
Learn more: thehackernews.com/2023/03/warnin
#cybersecurity #hacking #informationsecurity
67
101
Shot two baseball games in brand new sneakers today.
Follow me for more bad ideas.
If they do not support anything stronger than SMS, then first consider what would happen if someone had access to that account. Second, pester them to add stronger authentication methods. Only if we all complain will sites make security changes - or if they get breached.
1
Show this thread
If you get a Yubikey, get two. Enroll both with sites, and keep one with you, and one locked up in a safe or another very secure place as a backup.
Lastly, check the higher-value sites you use and see what second factor authentication methods they support. 6/
1
Show this thread
These keys allow you to authenticate without a number code that you can be tricked into giving up - and the credential contained within cannot be extracted to be used against you. Unfortunately, the number of sites that support this is not large, but fortunately it is growing. 4/
1
Show this thread
NEVER GIVE THOSE CODES TO ANOTHER PERSON. Even if they ask. Even if they sound legitimate. And ALWAYS make sure you are actually on the legitimate web site before entering that code!
EVEN BETTER: Hardware authentication keys like . 3/
1
Show this thread
Stronger methods include time-based one-time password apps (TOTP) like Google Authenticator and (my favorite) Authy. These apps give you constantly changing codes that are known only to you and the site you are logging in to. BUT: 2/
1
Show this thread
A gentleman in CA is suing Coinbase because his $90k “life savings” were stolen in a SIM-swapping scheme. This is your periodic reminder to NOT allow SMS verification of any account you value. Sadly, most financial institutions do not offer stronger methods. 1/
2
4
Show this thread
Common ravens fly over Yellowstone National Park.
#raven #wildlife #yellowstone #nationalpark #yellowstonenationalpark
2
1
3