The Shellsharks Podcast

Join me as I chat with Apis Necros [https://www.vzqk50.com/whoami/], a software developer & hacker about his intro to infosec, the IndieWeb, cookie recipes and more! SHOW NOTES * @ApisNecros@ioc.exchange [https://ioc.exchange/@ApisNecros] * The Hive [https://www.vzqk50.com] * Pokemon Go [https://pokemongolive.com] * Apis Necros Projects [https://www.vzqk50.com/projects/] * Straddling Checkerboard [https://www.vzqk50.com/projects/checkerboard/] * Actually, Roll Your Own crypto, then throw it away. [https://security.stackexchange.com/questions/18197/why-shouldnt-we-roll-our-own] * Apis Mellifera Cecropia [https://animalia.bio/apis-mellifera-cecropia] * The IndieWeb [https://indieweb.org] * Hugo [https://gohugo.io] * One of us [https://shellsharks.com/notes/2024/05/14/one-of-us] * Having a website isn’t about blogging, it’s about you [https://shellsharks.com/notes/2024/04/17/having-a-website-is-about-you] * Getting Into Information Security [https://shellsharks.com/getting-into-information-security] * You have something to say, someone will listen [https://shellsharks.com/notes/2024/03/13/you-have-something-to-say-someone-will-listen] * Popular Shellsharks posts (2022) [https://shellsharks.com/captains-log/2022/01/29/log#site-news] * Exploring Minix Character Device Drivers [https://shellsharks.com/minix-character-device-driver] * Herman Miller Logitech Embody Review [https://shellsharks.com/herman-miller-logitech-embody-review] * An Ode to Lost Friends [https://www.vzqk50.com/blog/an-ode-to-lost-friends/] * Enshittification [https://en.wikipedia.org/wiki/Enshittification] * Facebook’s AI Spam Isn’t the ‘Dead Internet’: It’s the Zombie Internet [https://www.404media.co/facebooks-ai-spam-isnt-the-dead-internet-its-the-zombie-internet/] * Facebook’s Shrimp Jesus, Explained [https://www.404media.co/email/1cdf7620-2e2f-4450-9cd9-e041f4f0c27f/] * AI Slop [https://www.thesamur.ai/news/the-growing-menace-of-slop-understanding-ai-generated-internet-content] * omg.lol [https://home.omg.lol] * Apis Necros Recipes [https://www.vzqk50.com/recipes/] * Slash Pages [https://slashpages.net] * /Chipotle [https://shellsharks.com/chipotle] * Deobfuscating a Malware Stager [https://www.vzqk50.com/blog/deobfuscating-a-malware-stager/] * Mental Illness, Autism, and Suffering [https://www.vzqk50.com/blog/mental-illness-autism-and-suffering/] * A 5 Year Infosec Education Retrospective [https://shellsharks.com/training-retrospective] * Desk Setup [https://shellsharks.com/uses] * Infosec.exchange [https://infosec.exchange] * Ioc.exchange [https://ioc.exchange/about] * Stars, Boosts & Toots [https://shellsharks.com/mastodon]

Join me as I chat with Jason Parker [https://muckrack.com/northantara], a Software Developer, Cybersecurity Researcher and Independent Journalist about hacking court systems, punycode, infosec training and more! !! Explicit Language Alert !! SHOW NOTES * Jason Parker on Mastodon [https://xn--8r9a.com/@north] * Twitter Migration [/mastodon#twitter-migration] * Maricopa County Superior Corut eFiling system disclosure [https://xn--8r9a.com/@north/112457880446707326] * My call for Podcast guests on Mastodon [https://shellsharks.social/@shellsharks/112446624615970425] * Jeltz [https://jeltz.org/about.html] * Bluesky Exploits [https://github.com/qwell/bsky-exploits] * Disorder In The Court [https://github.com/qwell/disorder-in-the-court/] * OWASP Broken Access Control [https://owasp.org/Top10/A01_2021-Broken_Access_Control/] * 404 Media [https://www.404media.co] * LockBit ransomware Fulton county [https://krebsonsecurity.com/2024/02/fulton-county-security-experts-call-lockbits-bluff/] * Toothbrush botnet [https://arstechnica.com/tech-policy/2024/02/viral-news-story-of-botnet-with-3-million-toothbrushes-was-too-good-to-be-true/] * Security flaws in court record systems used in five US states exposed sensitive legal documents | Tech Crunch [https://techcrunch.com/2023/11/30/us-court-records-systems-vulnerabilities-exposed-sealed-documents/] * Flaws in public records management tool could let hackers nab sensitive data linked to requests | Nextgov [https://www.nextgov.com/cybersecurity/2024/03/flaws-public-records-management-tool-could-let-hackers-nab-sensitive-data-linked-requests/394755/] * Software Flaws Exposed Sealed Court Docs, Researcher Says | Law360 [https://www.law360.com/pulse/articles/1771766/software-flaws-exposed-sealed-court-docs-researcher-says] * Multiple Vulnerabilities Affecting Web-Based Court Case and Document Management Systems | CISA [https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems] * California Bar investigates after confidential discipline records published online [https://www.latimes.com/california/story/2022-02-27/california-bar-investigates-possible-data-breach-after-discipline-records-published-online] * State Bar of Calif. Data Breach Caused Confidential Disciplinary Records to Show Up on Third-Party Website, Class Action Says [https://www.classaction.org/news/state-bar-of-calif.-data-breach-caused-confidential-disciplinary-records-to-show-up-on-third-party-website-class-action-says] * Microsoft Recall [https://arstechnica.com/gadgets/2024/05/microsofts-new-recall-feature-will-record-everything-you-do-on-your-pc/] * The best counterargument to using Recall [https://infosec.exchange/@chrismerkel/112495797916386580] * Punycode [https://en.wikipedia.org/wiki/Punycode] * Single-letter second-level domain [https://en.wikipedia.org/wiki/Single-letter_second-level_domain] * Interesting instance domains [https://shellsharks.com/notes/2024/03/29/the-whimsical-corners-of-the-fediverse] * Donate to the EFF [https://supporters.eff.org/donate/join-4--s] * ISC2 certified in cybersecurity [https://www.isc2.org/Certifications/CC] * Web Security Academy [https://portswigger.net/web-security] * California Consumer Privacy Act (CCPA) [https://www.oag.ca.gov/privacy/ccpa] * Other US States w/ Privacy Laws [https://pro.bloomberglaw.com/insights/privacy/state-privacy-legislation-tracker/] * iTerm moves AI functionality into a plugin [https://gitlab.com/gnachman/iterm2/-/issues/11470#note_1917647951] * Governor Wants to Prosecute Journalist Who Clicked View Source on Government Site [https://www.vice.com/en/article/jg8ynp/governor-wants-to-prosecute-journalist-who-clicked-view-source-on-government-site] * AWS Shared Responsibility Model [https://aws.amazon.com/compliance/shared-responsibility-model/]

The Shellsharks Podcast is back! Season 2 begins now. * The Last Episode: Mastodon & Cyber-success w/ @rebootkid [https://podcast.shellsharks.com/cp-admin/podcasts/2/episodes/74] * The show is now available to follow on the Fediverse @ShellsharksPodcast@podcast.shellsharks.com [https://podcast.shellsharks.com/@ShellsharksPodcast] * The Shellsharks Podcast direct RSS link [https://podcast.shellsharks.com/@ShellsharksPodcast/feed.xml] * Shellsharks.com [https://shellsharks.com] * Follow me @shellsharks@shellsharks.social [https://shellsharks.social/@shellsharks]

Positivity abounds in this edition of The Shellsharks Podcast! @rebootkid [https://infosec.exchange/@rebootkid] (Nate) joins me to discuss the great Infosec Mastodon migration, getting into infosec, mentorship, cybersecurity as a practice and management’s role in combatting burnout. SHOW NOTES * Mastodon [https://joinmastodon.org/] * Stars, Boosts & Toots [/mastodon] * Diaspora [https://diasporafoundation.org/] * Infosec.Exchange [https://infosec.exchange/getting-started] * Fediverse [https://fediverse.party/] * Defcon.social [https://defcon.social/explore] * ActivityPub rocks! [https://activitypub.rocks/] * Why I Blog. You Should Too! [/you-should-blog] * SQL Slammer [https://en.wikipedia.org/wiki/SQL_Slammer] * What Certification or Training Should I Take? [/training-retrospective#what-certification-or-training-should-i-take] * Interview w/ Security Engineer, Eva Georgieva [https://shellsharks.podbean.com/e/interview-w-security-engineer-eva-georgieva/] * MFA Prompt Bombing [https://arstechnica.com/information-technology/2022/03/lapsus-and-solar-winds-hackers-both-use-the-same-old-trick-to-bypass-mfa/] * Getting Into Information Security [/getting-into-information-security] * An Ode to RSS [/an-ode-to-rss#title] * Cybersecurity burnout is real [https://www.zdnet.com/article/cybersecurity-burnout-is-real-and-its-going-to-be-a-problem-for-all-of-us/]

Boltive [https://www.boltive.com/] CEO and privacy advocate, Dan Frechtling [https://www.linkedin.com/in/frechtling/] joins me to discuss all things in the world of Internet privacy! SHOW NOTES * I Said No to Online Cookies. Websites Tracked Me Anyway. [https://www.consumerreports.org/electronics-computers/privacy/i-said-no-to-online-cookies-websites-tracked-me-anyway-a8480554809/] | Consumer Reports * Story of Dan Frechtling & Scott Moore [https://www.geekwire.com/2022/the-bittersweet-serendipity-that-gave-these-two-startup-leaders-a-shared-mission-in-online-privacy/] * Privacy Regulations - GDPR [https://gdpr-info.eu/], LGPD [https://iapp.org/resources/article/brazilian-data-protection-law-lgpd-english-translation/], CCPA [https://oag.ca.gov/privacy/ccpa], CPRA [https://thecpra.org/] * Sephora Privacy Settlement [https://www.reuters.com/legal/litigation/sephora-pay-12-mln-privacy-settlement-with-calif-ag-over-data-sales-2022-08-24/] * Global Privacy Control [https://globalprivacycontrol.org/] * The American Data Privacy and Protection Act (ADPPA) [https://www.congress.gov/bill/117th-congress/house-bill/8152/text] * Advanced Data Protection Control (ADPC) [https://www.dataprotectioncontrol.org/] * US Privacy String [https://github.com/InteractiveAdvertisingBureau/USPrivacy/blob/master/CCPA/US%20Privacy%20String.md] * OSINT Sock Puppets [https://www.cybervie.com/blog/what-is-sock-puppets-in-osint-how-to-create-one/] * RuTarget Harvesting Google Data [https://www.propublica.org/article/google-russia-rutarget-sberbank-sanctions-ukraine] * Executive Order on Protecting Foreign Intel from Surveilling US Citizens [https://www.whitehouse.gov/briefing-room/presidential-actions/2022/09/15/executive-order-on-ensuring-robust-consideration-of-evolving-national-security-risks-by-the-committee-on-foreign-investment-in-the-united-states/] * Is TikTok safe? [https://www.security.org/digital-safety/is-tiktok-safe/] * Deprecation of third-party cookies [https://www.epsilon.com/us/insights/trends/third-party-cookies] * SSO wall of shame [https://sso.tax/] * GDPR enforcement tracker [https://www.enforcementtracker.com/] * Future of Privacy Forum [https://fpf.org/] * TROPT Defining the Privacy tech Landscape Whitepaper [https://www.riseofprivacytech.com/definingprivacytechwhitepaper2021/] * IAPP [https://iapp.org/] * Three Ways Your Data is Leaking in Advertising and How to Avoid It [https://ceoworld.biz/2022/07/03/three-ways-your-data-is-leaking-in-advertising-and-how-to-avoid-it/]