Allison Nixon

@nixonnixoff

Chief Research Officer at Unit 221B / Previously Director of Security Research at Flashpoint / Tweets are actually my company's now i guess

nice try
Vrijeme pridruživanja: travanj 2012.

Tweetovi

Blokirali ste korisnika/cu @nixonnixoff

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @nixonnixoff

  1. Prikvačeni tweet
    19. sij 2016.

    mouseover for full msg

    Poništi
  2. I got locked out of my account and needed to convince customer support to remove my 2FA. Oh how the tables have turned

    Poništi
  3. 21. sij

    Tl;dr, don't take legal advice about a service from the person selling it on Hackforums. And don't practice threat intelligence in a way that puts you&your clients at risk. Thanks bye

    Prikaži ovu nit
    Poništi
  4. 21. sij

    Orcus RAT author writes for years on HF about how extremely legal his RAT is, and after his inevitable arrest, his customers complain about getting raided. There is a pattern here. 🤔

    Prikaži ovu nit
    Poništi
  5. 21. sij

    The "definitely above board" booter service "vDos" also had its customer database used for numerous prosecutions.

    Prikaži ovu nit
    Poništi
  6. 21. sij

    5 years ago, a "totes legit" remote admin tool "Blackshades" got seized. They went through the whole customer list. A lot of arrests, a LOT of knock-and-talks. I don't know if they will do this with WLI, but it's not unprecedented.

    Prikaži ovu nit
    Poništi
  7. 21. sij

    Criminal sites have OSINT value, as long as you don't forget it's a criminal site. Do you input client names directly into exploit[.]in's search bar? Do you access Joker's Stash without a proxy? Hope not. If you don't have a policy for safely accessing a criminal site, make one.

    Prikaži ovu nit
    Poništi
  8. 21. sij

    Stuff like this should have been seen as an early warning sign. (I don't know that guy. It's just a search result. Don't hate him)

    Tweet je nedostupan.
    Prikaži ovu nit
    Poništi
  9. 21. sij

    Ultimately the people who pay the consequences will be those who convinced themselves these sites are legit. Your account info, search history, IP addresses, client data, are in the hands of some fed who has no idea why you were searching for so many [important people at client].

    Prikaži ovu nit
    Poništi
  10. 21. sij

    If your favorite "OSINT" data selling website keeps getting its payment accounts shut down and has to resort to crypto, if it has positive reviews on fraud sites, etc, treat it the same as you would treat SSNDOB or cc shops. Don't go around telling people it's legit.

    Prikaži ovu nit
    Poništi
  11. 21. sij

    I warn infosec people away from these sites for OSINT because it's only a matter of time before their data is in the hands of the feds. People think the site is legit and don't take precautions that they would've taken if they knew it was a criminal shop.

    Prikaži ovu nit
    Poništi
  12. 10. sij
    Poništi
  13. 10. sij

    People following sim swap should read this research. Most of the focus has been on actively abused vectors, but that's only a subset of all the vectors out there, and this paper addresses some of the latter part of the problem.

    Poništi
  14. proslijedio/la je Tweet

    We have a number of concerning findings but the most problematic is that there are 17 websites that simultaneously allow SMS both for password recovery and as the second factor for authentication. Given the ease of SIM swaps, that’s zero-factor auth, not two-factor auth.

    Prikaži ovu nit
    Poništi
  15. 28. pro 2019.

    i hope everyone's 2019 was above average, and i wish them the same for 2020

    Poništi
  16. 27. stu 2019.

    A vanity gov domain would be pretty awesome TBH

    Poništi
  17. proslijedio/la je Tweet
    3. stu 2019.

    On behalf of , we started a GoFundMe campaign as expenses from treatment and recovery can be significant. Help aid in a less stressful road to recovery and provide an avenue to impact a wonderful man's life.

    Poništi
  18. 16. stu 2019.

    Setting up a Linux graphical environment on a vps is a never ending nightmare. Half the programs refuse to run as root, and the other half only want to run as root.

    Poništi
  19. 27. lis 2019.

    I've heard a sentiment expressed by some people at online services that sim swap is a low volume form of fraud that's too expensive to fix Lawyers are running Google ads for simswap now. Hmmmmmmmmm

    Poništi
  20. 17. lis 2019.
    Poništi
  21. 15. lis 2019.

    It's 10PM. Do you know where your credit cards are? getting replaced lol

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·