from Molly
Outside: warm, windy, Spring Inside: brooding, melancholy, gray
Reader
Read the latest posts from Infosec Press.
from beverageNotes
I've been slacking again.
This evening, I'm finishing off a Basil Hayden Toast Small Batch. It's 80 proof, “artfully aged”, but no age statement.
It starts with some toasted marshmallow and cinnamon on the nose. Leads with some carmel, cinnamon, and maybe cherry or peach. There's a hint of toasted marshmallow in the middle, but the finish is a little weak.
I like it, I think it's a fairly inexpensive bottle—this one in particular was a gift.
It's got some oaky heat that lingers after the sip. I prefer to have it with an ice cube. A splash of water is also a good choice, if you prefer the heat.
A Beginner's Guide to Political Cults - Sources and Further Reading
from Stories of Salt
- The Psychology of Political Cults by Andrewism
- Losing Reality by Robert Jay Lifton
- Age of Propaganda by Anthony Pratkanis & Elliot Aronson
- Thought Reform and the Psychology of Totalism by Robert Jay Lifton
- How to be a dictator by Frank Dikötter
- Syndicalism and the transition to communism by Ralph Darlington
from Sidney Borne
Read more...Palestine Resources
from Stories of Salt
This page will be expanded over time. Send DM's to @fauxialist_alternative on Instagram with suggested additions.
NFP's and Lobbying Groups
- PARA – Palestine Australia Relief and Action – Focuses on rehabilitation and aid for Palestinian migrants refugees in Australia. Founded and run by Palestinian immigrants.
- AFOPA – Australian Friends of Palestine Association – NFP from South Australia, primarily focused on political lobbying. Successfully delayed the Australia-Israel Free Trade Agreement in 2021. Founded and led by Palestinian immigrants.
- APAN – Australian Palestine Advocacy Network – BDS-aligned political lobby group with a focus on government divestment and sanctions.
Other good resources
- Palestine Free Trade Australia – Sydney-based NFP importing goods from Palestine. Runs a general humanitarian appeal, as well as an education project in partnership with Friends of Hebron Sydney.
Lucrécio
from Sirius
Prefácio de Albert Einstein sobre a introdução à Lucrécio.
Titus Lucretius Carus (c. 94 a.C. – c. 50 a.C.) era um poeta e filósofo epicurista romano que, em seu De rerum natura (Da Natureza das Coisas), descreveu o universo como a combinação do vazio e uma coleção de minúsculas partículas semelhantes a átomos em movimento perpétuo (seguindo os seus mestres Demócrito e Epicuro), com o diferencial de ter adicionado a elas um desvio imprevisível, chamado clinamen, que as leva a colidir e compor formas mais complexas.
Tal estrutura não permite a vida após a morte, apenas a disseminação do corpo e da alma de volta às partículas. O imperativo estabelecido por Lucrécio, seguindo os ensinamentos de Epicuro, era que o homem maximizasse o prazer e minimizasse a dor na única vida que lhe estava disponível. No universo de Lucrécio era impensável que os deuses, absortos nos seus próprios afazeres, tivessem algum interesse nos assuntos humanos. O homem era livre para seguir seu próprio caminho.
Einstein, em suas correspondências, realiza uma introdução ao pensamento de Lucrécio, a qual segue abaixo com as devidas vênias por eventual má tradução do idioma alemão:
Introdução a Lucrécio
PREFÁCIO
Para qualquer pessoa que não esteja totalmente imersa no espírito de nosso tempo, mas ocasionalmente se sinta como um espectador em relação ao seu mundo e especialmente à mentalidade intelectual dos contemporâneos, a obra de Lucrécio exercerá seu encanto. Aqui se vê como um homem dotado de interesse científico e especulativo, com sensibilidade e pensamento vivos, concebe o mundo, alguém independente que também não tem ideia dos resultados da ciência natural atual que nos são ensinados na infância, antes de podermos conscientemente ou criticamente enfrentá-los.
Deve causar uma profunda impressão a firme confiança que Lucrécio, como fiel discípulo de Demócrito e Epicuro, deposita na compreensibilidade, respectivamente, na conexão causal de todos os acontecimentos mundiais. Ele está firmemente convencido, a ponto de acreditar que pode até mesmo provar, que tudo se baseia no movimento regular de átomos imutáveis, aos quais ele não atribui outras qualidades além das geométrico-mecânicas. Diz-se que as qualidades sensoriais do calor, do frio, da cor, do cheiro e do sabor remontam aos movimentos dos átomos, assim como todos os fenômenos da vida. Ele pensa que a alma e o espírito são formados a partir de átomos particularmente leves, atribuindo (inconsistentemente) qualidades particulares da matéria a caracteres experienciais específicos.
Ele tem como objetivo principal do seu trabalho a libertação das pessoas do medo servil causado pela religião e pela superstição, que é nutrido e explorado pelos sacerdotes para seus próprios fins. Certamente ele se preocupa com isso. Mas ele parece ter sido motivado principalmente pela necessidade de convencer os seus leitores da necessidade da visão de mundo atomista-mecânica, mesmo que não ousasse dizê-lo abertamente aos seus leitores romanos, que eram provavelmente mais práticos. Sua admiração por Epicuro, pela cultura e pela língua grega em geral, que ele coloca bem acima do latim, é comovente. Os romanos devem ser elogiados por permitirem que isso fosse dito. Onde está a nação moderna que nutre e expressa tal nobre sentimento em relação a uma contemporânea? Os versos de Diels são tão naturais que se esquece que se está diante de uma tradução.
Berlim, junho de 1924.
Albert Einstein
Eventualmente editarei esse texto para acrescentar alguns trechos do Da Natureza das Coisas.
🔗 "9 Best Free and Open Source Terminal-Based Internet Radio Apps"
from Bruno Miguel
If you listen to online radio and prefer a client for the terminal, check this article on LinuxLinks.
#Linux #CLI #OnlineRadio
from stndinq
Read more...
Risparmiare tempo
from critic
Che poi con la doccia alla sera si risparmia tempo la mattina... certo se poi quel tempo lo usi per pulire le cacche dei gatti allora torniamo al punto di partenza.
Infosec.press
from critic
Non funziona con la app di Writefreely. Sono un po’ deluso. Nonostante ciò proverò ad usarlo via browser.
Van Morrison
from critic
Conosciuto troppo tardi, amato sin da subito.
Silenzi
from critic
Non ho grandi cose da dire oggi...
When I Must Wake
from JR DePriest
A tickle, a nuzzle against my neck. A breath. A sigh. I can't move, but I feel the slow, steady rise and fall of my chest. My eyes stay closed. I'm suspended, hovering, hesitating as each side pulls gently. My arm slips and I feel the smooth, muscled warmth of your thigh as you wrap your legs around me from behind. Familiar. You touch my shoulders and slip your hands under my arms. Trembling, my heart thrums, spilling warmth. Smiling, I nod so slightly I'm not sure you noticed. Your exploring hands answer by reaching between my legs, your mouth answers with teeth on my neck. A moan. Not sure if yours or mine. I long to turn around, to close my eyes enough that I can see you, know you, but my arm is asleep. And I hear the fan. My breathing is fast and shallow. I'm lying on my back. Awake. Alone.
I long to see you, to know you, but my body, my mind can't stay there, in the fugue, the twilight, the in between. Do you miss me when I wake? When I sleep and dream? Do you watch from invisible crevices, hiding in shadows, hoping I will remember how to find you? Do you know my True Name? My purpose? I am incomplete. I feel it every day. Something was lost, is missing. I cannot name it or describe it, but you are part of it. Maybe all of it. You will find me and drag me down to the Deep Waters and we will love for eternity. What is one lifetime to wait? Nothing. If I were ignorant; if I didn't know. But I do know. Each touch, each time, each brief moment together fills me with joy and peace before draining me, cruelly, against my protests. I'm not done here, but I wake up empty just the same. I wake up crying and forsaken. I love again and again. I struggle and learn. I hope for meaning that will never be revealed. I make a good life here. I love, I strive, I share. I am not alone. You can see that. But it's not the same. These feelings pale to The Before and The After. Is it time I'm supposed to appreciate? And it's passage? For us, a moment was forever and the universe a drop of water. For me, here, without you, time is a prison.
#WhenIDream #Dreams #Dreaming #Dreamlands #Writer #Writing #Writers #WritingCommunity #ShortFiction #Fiction #Paranormal #NightTerrors #SleepParaylsis #HypnagogicHallucinations
CC BY-NC-SA 4.0 This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License
18. Top 5 Things to Do When You're Lifting & Shifting Workloads to the Cloud (and a bonus one)
from Hyperscale Security
Earlier this week, someone asked me for my top 5-10 things I would recommend to an organization lifting & shifting workloads to public cloud. I thought that was a good starting point. “Refactor” for cloud-native is the common answer, but the reality is that everybody lifts & shifts, so why not recognize that.
So, here are my top 5... and I'll add a sixth as a bonus.
Centralize and automate cloud account creation and billing, and ensure that all are in your public cloud Organization. This will allow you to apply policies centrally, and more easily deploy cloud-native security tooling.
Apply cloud guardrails at that Organization level to apply basic preventative controls and make your cloud accounts behave more secure-by-default. These are likely the cheapest and most effective security controls you can apply to enforce logging, encryption standards, network restrictions, MFA enforcement, etc.
Get a Cloud-Native Application Protection Platform (CNAPP). This can be deployed via Organization policy and provides broad visibility to your cloud estate, across providers and for multiple use cases, including asset discovery, CSPM and vulnerability management.
Related to that, while lifting & shifting your workloads, resist the urge to lift & shift your secure tooling from the data center. Look at what the CNAPP gives you, and see whether you may not be able to rationalize your security stack, retire point solutions you no longer need, and reduce cost.
Cloud APIs give you the opportunity to describe the infrastructure and services you want and have the cloud materialize that for you, rather than do everything yourself. It is designed for automation. Use Infrastructure-as-Code (IaC) to create your infrastructure, network and service configuration, create compute instances and deploy your VM images. IaC allows you to redeploy from known-good state, which accelerates patching, system configuration and restoration, while making deployments more predictable.
The Cloud is Metered
One bonus recommendation, given the difference between owned and rented compute, network and storage resources. Remember that everything in the cloud is metered and that your architectural choices have potential significant cost impacts. Don't size like in data centers with head room to spare. Figure out what your workload needs. Smaller instances but many of them may be cheaper than fewer large instances. If the workload is variable (seasonal, variable during the day), consider autoscaling. If the workload is static, use reserved instances at lower cost.
And after you have done all that, feel free to refactor!
from acrypthash
End of the Year Wrap Post
Greetings fellow hackers! I hope everyone had a productive and prosperous year! This blog post is going to be pretty big and all over the place as I discuss what I have been up to over the past few months. It's been quite a ride :D. I am so grateful for this year and how much I've grown.
TLDR; DailyPay Okta breach, Malvertising and it's woes, security conferences, learning, GCP security, what's to come in 2024.
The first thing we will discuss is a security event that happen with a vendor called DailyPay. For those of you who don't know, “DailyPay is an American financial services company founded in 2015, which provides payroll services such as earned wage access.” The vendor was experiencing odd API requests coming from customer tokens (insert sweaty cat here). We started seeing notifications of odd logins and reached out. Apparently this was related to the Okta breach. Ultimately we rotated tokens, assured user logins all had 2FA (which they mostly did), and sat tight. A bit anticlimactic but we managed to avoid something bad from happening. It also taught me the value of actually calling up a vendor when you suspect something odd.
Malvertising is a TTP that is difficult for end-users to understand. It's hard to identify and easy to fall for. We work hard to train and explain these things in terms that end users can understand, but to get someone to actually remember to think with security in mind for their day to day is difficult and not realistic. For our organization, we need browser level security. We are a Google Workspace shop, so we could do some management at a browser level in Chrome, but that is limited and not ideal. ZScaler or a full fledged MDM is probably going to be the solution for us. In the past month we had an end user that fell for this TTP when they googled “Amazon” and clicked on an ad that redirected them to a phishing site. The phishing site is meant to trick you into thinking you had to call “Microsoft Support”.
I have also attended several security conferences this year! – PancakesCon (virtually) – BSides Harrisburg – BSides Philadelphia – Secure World Philadelphia – Defcon 31 – JawnCon – Cybersecurity Summit – Hardford, CT
Attending all of these conferences throughout the year has been such a fun and exciting learning experience. I've networked, learned new skills, learned lockpicking, and I have even started doing talks of my own at Penn State!
I have spent a lot of time reading whitepapers and learning the granular things that comes to writing malware and exploits. I have tested these exploits against the environment at work and have learned a lot about remediation! I've learned how to program in Python, Rust, and C! I've learned the classic VirtualAllocEx –> WriteProcessMemory and why not to use it in new malware that I write. I have learned the inner workings of process injection as well. By no means am I an expert, but my understanding in all of this has dramatically increased over the last year. I plan to continue to learn more about malware, about defense evasion methods and more.
We are Google shop and with that we inherit GCP. I am quite impressed with GCP security. There are several out of the box configs that aren't super great, but you are able to lock things down pretty easily. I had implemented things like terraform scans back when I first started, but now we are ingesting a lot of really interesting data into Datadog. With Datadog, I am able to get alerts in real-time on what our K8s are doing and so much more. We have also integrated Datadog alerting into various Slack channels.
The beginning of 2024 is going to be busy. We are deploying our new phishing campaign out to end users, I am building another IR tabletop to do by the end of January, among other things. I am actually utilizing a bit of AI into building the template for my IR tabletop. Due to CitrixBleed being so popular, I think that is what our topic is going to be about.
2024 is going to be having several major projects such as: – LLM build out for IR training and input (more to come) – 2 IR tabletops (one Citrix, the other pending) – Better coding and reverse engineering skills – New training for all employees – More blog posts that have more value
I am so excited for more blog posts and projects! LETS GO!
from AnOtterCity
Test
Hello