Archive

This weekend I had two interesting experiences that got my nerd spirit boil hot: I brought my 6yo son to his first cyber-security conference (NoHat 2021 on Sat) and this morning I visited an IBM abandoned facility.

Only if you’re a father or a geek, or both, you can imagine the feelings and fully appreciate these moments. It was just amazing.

BTW, if you’re curious how to maintain a news digest like this one with only a few minutes a day, I documented my semi-automated workflow.

Oh, and I’m experimenting baking panettone (I screwed up with the timing so I’ll have to wake up at 2am to prepare the last round of dough): Winter Hols are getting closer and closer!

Greetings! 👋

Just back from Black Hat Europe, which was great as it’s been more than 2 years without an on-site conference (at least for me). Was a very nice get-together among those review-board members who could attend, who haven’t been meeting for what seemed to be forever.

Unfortunately, due to capacity and travel restriction, the event felt a bit emptier than usual, but we’re all looking forward to Black Hat USA 2022!

I jotted down some notes from my favorite session, the Locknote (vs Keynote), with Daniel Cuthbert, Meadow Ellis, James Kettle, Marina Krotofil, and Thomas Brandstetter. I “live” tweeted some notes in this thread, but since I’m far from being a professional tweeter, I revised them here, along with some comments.

Oh oh oh!

I guess I’m a little early this year, but after having spent the Halloween weekend at home with no adequate trick or treating because of the rain, I’m really looking forward to the upcoming holiday season!

I don’t know about you, but I changed my business travel plans to make sure I’m back home to watch Home Sweet Home Alone with the family. I guess it’s a little too much 😂

Greetings! 🎃

Interesting week in Europe, right? It’s interesting to see the parallel between (1) the social protests happening in Italy about the regulations that require all workers to possess a valid EU Digital COVID Certificate (a.k.a., “GreenPass”) and (2) the incident at one (potentially more) cert-issuance sites, which have been found to be exposed on the public Internet without protection. Of course, in a matter of hours, there was an explosion of Telegram groups selling generated certificates.

At the beginning, it didn’t seem like a big deal, because the EU Digital COVID Certificate system has this scenario figured out already. But, as more clearly forged but accepted passes have started to circulate (), more details bubbled up, revealing what seems to be a larger “compromise” of the certificate issuing infrastructure. Technically, nothing has been actively compromised: It’s just some unwanted service exposure.

Hello! 👋

I should have never skipped last week’s CyberFacts Weekly, because…guess what, now I had to process twice the load! 🥵

But last week was definitely too packed with prepping for Black Hat Europe and I had to prioritize that! By the way, consider attending Black Hat Europe, which is taking place both on site (at the London ExCeL) and virtually.

I think this week’s featured image by the @archillect AI is very appropriate, given the 3 massive leaks that happened (plus FB/IG/WA downtime, although not due to a security compromise):

• Twitch (128GB)

Hello ☺️

The second issue of CyberFacts Weekly is out and I have to say that I’m quite happy to see a (slowly) growing interest around both this weekly digest and the live feed (available via Twitter and RSS).

Hello 👋

And welcome to the first issue of the CyberFacts Weekly 🥳

I’ve started to systematically keep an archive of my readings since early 2021. There are already many good cyber-security newsletters (e.g., tl;dr sec), so by no means I’m trying to compete with them.