Kevin Beaumont Profile picture
Aug 11, 2018 7 tweets 1 min read Read on X
I’ve never seen Hackers and just found it on Netflix. I’m gonna watch it now.
The racist TV show at the beginning of Hackers going on about “blacks” was called “America First”.
Nipple rubbing Matthew Lillard talking about “hacking the Gibson”. What is life. #hackers
Lol there’s a talking ransomware
This was clearly a huge influence on The Matrix.
The college kid from Pitch Perfect 1 and 2 is in this. Where he also played a college kid.
That was fun. @mjg59 I finally watched Hackers.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Kevin Beaumont

Kevin Beaumont Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @GossiTheDog

Sep 19, 2018
I've written about Magecart compromise of customer data at Sophias Style (who've been informed) - the Javascript used is supplied differently server side depending on which page you're browsing from, to hinder security research doublepulsar.com/magecart-new-t…
This is the code you see on a non-cart page vs the code supplied when you register and go on a payment page. Exactly same .js URL.
There has been a great mobilisation in infosec to try to tackle parts of Magecart now. Several hundred infected sites have been ID’d today, many UK retailers contacted, and work is going on to take down core infrastructure behind some of the attacks.
Read 4 tweets
Sep 11, 2018
Well crap. It looks like JavaScript library Feedify got owned and were serving Magecart 😬 any comment @_Feedify?
Check out the regex, looking for generic checkout processes 😬
The Feedify thing is real, I've put in some YARA rules on web browsing threat intel feeds and it doesn't look like this is an isolated library either. Fun. Now I'm off to play Call of Duty and drink beer while I realise breaches are coming.
Read 5 tweets
Sep 9, 2018
US gov report into Equifax breach, 40 pages, worth a read. They essentially had a lack of asset inventory, vulnerable infrastructure, and failures in SecOps (eg vuln mgmt didn’t identify Struts issue, 10 month expired certificate so no monitoring etc) gao.gov/assets/700/694…
The expired certificate is likely going to be IDS not working - if you can afford SSL decryption (you want to budget for this ideally) somebody has to maintain the SSL certs for in line decryption, so you have to budget for that too.
The front line dispute portal (which was built on Struts) had access to a database with plain text admin credentials across Equifax - with no network segmentation internally, attacker just surfed through their network. With end to end encryption (and no decryption) for attacker.
Read 5 tweets
Aug 16, 2018
Next Gen AV vs My Shitty Code time :D
Watching James pop Metasploit shells without issue on next gen products from Cylance, Symantec, Sophos InterceptX, ESET, McAfee.
And the tools are released now: github.com/two06/Inceptio…. Great work @two06 :D
Read 10 tweets
Aug 14, 2018
There’s a new CPU vulnerability with a website, logo (free to use), website with no mitigation advice etc. Spin up the Vulnerability Hype Train while I analyse. foreshadowattack.eu
Re Foreshadow, “With the August, 2018 Windows security updates applied... any attempt to read from it using L1TF will fail.”
blogs.technet.microsoft.com/srd/2018/08/14…
The Microsoft mitigation guidance for enterprises with Foreshadow is supposed to be here, but they’ve failed to make it available so far support.microsoft.com/en-us/help/445… cc @msftsecurity @msftsecresponse
Read 10 tweets
Aug 14, 2018
Re hotel issue at Black Hat and DEF CON. I think both orgs should work together to agree clear standards for room entry with all venues. If venues don’t agree to generally accepted terms, they should not be venues.
Pragmatically organisers will need to accept certain things and communicate these to attendees. But some things are really important - eg room entry by security while attendee in room needs clear ID, with hotel security phone # to verify creds *before entry*.
I am not a big fan over the response over this one by organisers, as the initial take was treating it as just a privacy issue. It’s not. It’s a security issue. At a security conference. If cons want to be taken seriously when they say protect attendees, this is one to address.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(