Notices by Paco Hope (paco@infosec.exchange)

So Marcus Hutchins, of #WannaCry fame and who had been arrested in the US has pleaded guilty to writing banking #trojan software. Over on the birdsite there's lots of strong opinions. I blogged my opinion that it's a big world out there and trying to dismiss him as a criminal or pardon him because he's a hero are fundamentally misguided. https://blog.paco.to/2019/marcus-hutchins-infosec-soul-searching/

I'm running a pi-hole in the house now to block ads and trackers. It's absurdly easy to setup and very effective. Plus the stats are so interesting to see all the ads blocked. The best thing is that because it works at the DNS level, it affects things like TVs, mobile apps, game consoles, and other embedded devices. https://pi-hole.net/

Not learning a thing from 3D printing of TSA keys or all the data breaches that have happened in the last decade, a firm has created photos-of-keys-as-a-service. It is a bad idea beyond bad ideas.
This year's announcement. https://www.bbc.co.uk/news/technology-46795616
Why that's bad.
https://www.wired.com/2015/09/lockpickers-3-d-print-tsa-luggage-keys-leaked-photos/

This is not a joke. This was an actual progress bar on a web site I use. Microsoft has nothing on these folks. :)

@redfrog @TheGibson I just wish that the headline said "if, like a reasonable person, you feel that violates your trust" as opposed to "if that freaks you out". We need to normalise people who want privacy, and de-normalise (by using words like "freak") companies that violate privacy as a business model.

Oh, man. The 2000s called and they want their integer overflow bugs back.

"unprivileged users with UID > INT_MAX can successfully execute any systemctl command"

https://github.com/systemd/systemd/issues/11026

When I read a report like this on the deceptive design practices, the constant nagging for location access, etc. I sorta shrug. It's obvious to me. But then I have to ask WHY do we allow this? We, who know better, don't advocate on behalf of those who don't know better. How do we fight this business model? How do we fight and prevent this being the norm? https://www.forbrukerradet.no/side/google-manipulates-users-into-constant-tracking

Japan cyber security minister admits he has never used a computer. More secure than any of us!
https://www.theguardian.com/world/2018/nov/15/japan-cyber-security-ministernever-used-computer-yoshitaka-sakurada

I've just discovered the hot garbage entitled "Certification Magazine's 2019 Annual Salary Survey". Ugh. So American. Don't survey about #infosec #certification if what you're really interested in is US-based companies and how they compensate their American employees who live and work in America. As a proper Brit would, I wrote a sternly-worded letter.

“Microsoft adopts systemd for Windows. Rewrites it in JavaScript.” Good luck getting to sleep tonight, punks.
Scary #halloween stories for tech people

People with "knowledge of the cyber domain" are also low on my list. What the fuck is #cyber? Can you name me two things? One that everyone would agree is cyber and one that everyone would agree is totally not cyber? I mean, I'm gonna assume a horse isn't cyber. But maybe it is. A chair? A door? Obviously everything that has electricity is cyber. An electric toothbrush, a kettle, an analog wristwatch. I just want to cyberstab myself in the cybereye.