I don't know who needs to hear this, but 👏 PLEASE 👏 CHANGE 👏 YOUR 👏 ROUTER'S 👏 DEFAULT 👏 CREDS
Oooof. Was just subjected to the most credible phishing attempt I've experienced to date. Here were the steps: 1) "Hi, this is your bank. There was an attempt to use your card in Miami, Florida. Was this you?" Me: no.
@mitchparkerciso @mitchparkerciso “I see we share some common interests in infosec and I’d love to connect on LinkedIn” Me: *starts to look for the person’s job title* “I bet it’s a salesperson” Their LinkedIn title: Business Development Rep at $vendor Me: *facepalm, clicks decline*
No, the absolute worst is writing them down + leaving in plain sight. Reuse is second to that. To prevent reuse, take this Wirecutter article's suggestions: Use a password manager (@1Password, @LastPass, @dashlane, etc.) AND ENABLE MULTI-FACTOR (2FA) EVERYWHERE! #infosec twitter.com/wirecutter/sta…
all security pros: "Never open attachments in dodgy-looking emails" security vendors: "Open the weirdly named attachment in this dodgy-looking email to read your secure message" pic.twitter.com/82trcx4uKC
I strongly suggest making a security presentation with Q&A session a part of your org’s on-boarding process. It is a great way to open up a line of communication begin forming relationships early.
Passwords are: 1) Secrets; 2) Which can be rotated. Biometrics are usernames, not passwords. (Have fun rotating your fingerprints everybody!) twitter.com/techreview/sta…
PSA: Don't upload your ssh private keys to virus total. I can't believe I have to say this. pic.twitter.com/396P7KOodR