Here is what *actually happened* on a technical level in the recent CrowdStrike debacle from someone with deep knowledge of Windows' inner workings.

CrowdStrike IT Outage Explained by a Windows Developer
https://youtu.be/wAzEJxOo1ts

Update video, where he gets deeper into how CrowdStrike and Microsoft could have possibly prevented this, including an EU regulatory factor.
https://youtu.be/ZHrayP-Y71Q

#cosotech #cososec

Consumer Wi-Fi device manufacturers really need to have better defaults.
#cososec

Below are two screenshots from a scan I just did for nearby access points. These are both Netgear routers. WPS has been known to be terrible for years, yet it's enabled by default.

Why are these routers broadcasting the number of connected clients and channel utilization? TMI.

One of my neighbors made the situation worse by using their address as the SSID (redacted).

PSA: Don't click on any links you receive from unsolicited political fundraising campaigns. You never know where or what that link will lead to.

Delete the message and block the sender. If you want to make a donation to something, you know where to go for it.
#cososec

Every time there's a major tech-related incident, it's a good reminder to evaluate your backup strategy. Have multiple local and off-site copies of all data. Daily mirrors to cloud and/or local drives, and quarterly to removable media.

Use optical discs for long-term storage because of their greater stability compared to magnetic media. Use HTL BD-R discs - I can recommend specific models.

Store sensitive material in VeraCrypt volumes.

#cososec #cosotech

Google's Gemini AI caught scanning Google Drive hosted PDF files without permission

https://www.tomshardware.com/tech-industry/artificial-intelligence/gemini-ai-caught-scanning-google-drive-hosted-pdf-files-without-permission-user-complains-feature-cant-be-disabled

#cososec

Hey #Apple #cososec #cosotech people - I need a small assist to help diagnose a network issue for family I'm visiting.

I need an #iOS network info/scanning app that shows full info of the radios it sees or it is connected to. Uniquiti Wifiman is what I use for this in on Android, but the iOS version is nerfed for some reason.

I have tried literally 10 other iOS network scanning apps and none of them can show band, channel, width, etc. which is the info I need.

Any recommendations?

What's a good tool for discovering who owns a certain phone number? I received a suspected spam/catfish text and all the typical sites can tell me is that this number is a VOIP line in Jersey City, not previously reported as malicious.

Sure, I could just block them. But where's the fun in that?

#cososec

#cososec nightmare

I had a very vivid dream last night that my desktop PC and phone both got infected by ransomware, and I was completely unprepared for it. Oh, and there was an audio file playing the ransom instructions through a speaker in my CRT monitor. 🧐 Thanks, Benadryl.

I guess it's time to fire up Clonezilla.

If you want to know which browsers do or do not respect your privacy, check out the site below. They put a wide variety of desktop and mobile browsers through a battery of tracking and other privacy tests. Click on each test for more details.

I post this site every year or so, which is why I wasn't surprised about the recent news regarding Chrome "incognito" mode. It's unfortunate that it took so long to be widely reported.

https://privacytests.org/

#cososec
#browserwars

This week, my district IT department sent out another one of these:

"Your password will expire in [n] days."

Every time they do this, I have to fight myself from replying with the NIST guidelines.

https://www.isaca.org/resources/isaca-journal/issues/2019/volume-1/nists-new-password-rule-book-updated-guidelines-offer-benefits-and-risk

#cososec #cosotech

This should be obvious, but I think some people are missing it:

If you ask @Alfred to geolocate a photo with you in it, all of CoSo can see exactly where you are/were. (Assuming the response is accurate.)

If your PLP is enabled, the entire Internet can see that info. @Alfred has PLP enabled, so its responses are public.

This will be concern for some, but not for all. Just be aware of the content of these photos. Consider blurring faces if necessary.
#opsec #osint #cososec

For those looking for an alternative to Keybase, this might be it:

https://keyoxide.org/

#cososec

PSA: Truncating the displayed URL of links can hide the fact that they may be direct file download links. Phones don't have a hover functionality so you may find yourself downloading a file you didn't intend to. This just happened to me a few minutes ago.

#cososec

Modern problems require modern solutions. #cososec

As we begin a new year, now would be a great time to:

- Back up your data, with local, off-site, and non-magnetic (optical disc) copies.

- Update firmwares, drivers, and security patches.

- Delete junk files. Bleachbit, FTW!

- Delete unnecessary apps and accounts, especially those that do not respect your privacy.

- Review app permissions.

- Opt out of data broker sites:
https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List

- Set up network-wide ad and malware filtering:
https://txt.fyi/-/20206/2d6d8f1e

#cososec #cosotech

Be careful who you do business with.

Here's a conversation I recently had with an eBay seller. See how many red flags you can spot.

#cososec

Wow, this is a low-effort phish if I've ever seen one. #cososec

👋 Welcome, new CoSoNauts!

CoSo has no algorithm, so hashtags are your friend. Here are some of my favorites:

Infosec topics: #cososec #InfosecFail

Music and musicians:
#cosomusic #cosoclassical #cosojazz #cosochoral #musictheory

Food & drink: #cosocooks #cosobbq #caffeineclub #winetime #beerme #spirited #mixmeup

Animal lovers: #petsofcoso #dogsofcoso #caturday

Check out the User Guide or ask for #help:
https://help.counter.social

We're glad you made it here. Be kind, and be social.

🚨#COSOSEC ALERT 🚨

GSK Plc will pay 23andMe Holding Co. $20 million for access to the genetic-testing company’s vast trove of consumer DNA data, extending a five-year collaboration that’s allowed the drugmaker to mine genetic data as it researches new medications.

https://archive.ph/gz2dM

iPhones have been exposing your unique MAC despite Apple’s promises otherwise

Three years ago, #Apple introduced a privacy-enhancing feature that hid the Wi-Fi address of iPhones and iPads when they joined a network. On Wednesday, the world learned that the feature has never worked as advertised.

https://arstechnica.com/security/2023/10/iphone-privacy-feature-hiding-wi-fi-macs-has-failed-to-work-for-3-years/

#cososec #iOS