@thegibson @drwho @ryen @estoricru Security through assumed security, that old devil... :P Enigma still works if the thing looking at it doesn't know it's enigma it's looking at... ;)

@thegibson @ryen @estoricru When one company I worked for moved servers from site to site (interstate) they hired a military contractor the convoy looked like it was passing through Afghanistan or something...

@thegibson @ryen @estoricru Probably sooner than you think, fully air gapped data is really the one arguably secure data...

@thegibson When you expand into physical testing, and manage to get kidnapping the CEO in scope, I would happily donate time to that one! LOL I mean, the one man system is a vulnerability... ;)

@ryen @estoricru

@ryen @estoricru @thegibson The mashable version of the story amuses me.

"What is and is not off limits — something typically referred to as in or out of scope — during both digital and physical pentests is often a hot-button issue. That the scope of an engagement is often carefully negotiated ahead of time makes sense. After all, you wouldn't want the security company you hired to test your payroll system kidnapping your CEO and demanding he hand over the digital keys."

mashable.com/article/penetrati

@ryen @estoricru @thegibson

"The alarm system was triggered by the two men whom law enforcement found walking around the courthouse's third floor at about 12:30 a.m."

Maybe these guys first time doing a PPT themselves... Who attempts physical access middle of the night burglar style on a courthouse? So many better ways... lol

@thegibson @estoricru @ryen @tinker I mean, a physical would be a bit unusual for a courthouse contract...

@thegibson @estoricru @ryen The article claimed the client didn't request a physical test at all...

@thegibson @ryen I mean, they are clearly not ready for physical security testing...

@redcosmonaut Or can hates that you have cider, lot's of possible emotions in that shot...

@kaniini @indio @mazuba I mean, this entire thing is silly, if you are federating you can't say other stuff you federate to doesn't federate further... It's madness, and I don't see it as likely or technically possible to do, at least in a way users would accept.

The only way that even remotely works is if all follower level content was encoded to keys of the followers, which turns into a bit of work server side across the board (imagine 1000+ followers)...

Show more
social.panthermodern.net

I'm not really sure what they actually want me to put here, nor do I care. It's a random mastodon instance, that will likely change to whatever tech is decided to be the most useful at the time...