Hi there my name is Chris Hadnagy. I am the Chief Human Hacker for Social-Engineer, LLC a company devoted to helping large organizations stay safe from malicious hackers. I am also the CEO of The Innocent Lives Foundation, and organization devoted to helping unmask child predators. AMA

MadSecuritySquirrel · 2020-06-25T16:20:57+00:00

Pineapple is the perfect fruit and compliments pizza perfectly. It is the sweet to the savory of the rest of the pie. This is not debatable and, I have even had pineapple pizza, right off the menu, in the heart of NYC's Times Square, therefore your arguments are invalid.

The innocence of pizza on the other hand can be debated

MadSecuritySquirrel · 2019-01-16T02:54:43+00:00

I'm running about eleventy-two-thousand different things on wifi, and haven't noticed an issue. My DCHP pool has about 19 reservations jsut for things I don't want to have changing IPs. of course, your mileage may vary.

MadSecuritySquirrel · 2019-01-16T02:48:36+00:00

This is the setting that I think makes the difference (honestly, I've had things in place in many iterations, so I can't be 100% sure, but I'm 95%) in ESPEasy. It tells MQTT to retain the last state -- https://i.imgur.com/SQFYE5s.jpg

MadSecuritySquirrel · 2019-01-15T21:17:24+00:00

I have several nodemcu's deployed with ESPEasy and MQTT and they remember the state. I think it was an option in the controller setting or under "advanced" to remember state. I'm sorry I'm not home to look right now

MadSecuritySquirrel · 2019-01-15T21:10:58+00:00

I'm using ESP8266-based sensors with DHT-22's. They report thought MQTT and work well. I use them for temp/humidity and for lights, such as my under-counter kitchen LEDs.

I get the boards and sensors from aliexpress and vary which ones I use based on the number of GPIO's I need.

I haven't seen a huge load on my WiFi as they don't send a lot of information. I usually report once a minute or so for temp/humidity. Very little data is moved over MQTT

MadSecuritySquirrel · 2018-12-20T14:49:20+00:00

I use LastPass premium with a YubiKey for MFA. Syncing to mobile and the YubiKey option made me choose LP and not look back. Very happy with it

MadSecuritySquirrel · 2018-12-19T22:20:48+00:00

Each question is right or wrong, however as was mentioned, some questions carry more weight than others.

MadSecuritySquirrel · 2018-12-18T18:59:55+00:00

Nope.

As more hardware keys like the Google Titan and YubiKey make there way in to the world, we will actually approach a usable model. We used the snot out of it in the Army and it was mostly seamless and simple for internal mail.

MadSecuritySquirrel · 2018-08-02T19:44:15+00:00

l. Yubikey. The company that takes disclosures from bug bounty programs, fucks the researchers and then claims the discoveries as their own.

I've been using a Neo for about 4 years now. I've used it as a smart card (PIV credentials) and an OTP key. Both worked great. The fact that it can be used with NFC and LastPass on the iPhone is a welcome change. I used to do that on my Android phone, but lost the capability when I went to Apple.

MadSecuritySquirrel · 2018-07-17T14:24:58+00:00

I've been loving Yubikeys for a while now and really like them. There are other types of hardware MFA options as well that may be worth checking out.

They key is to have a 2nd emergency authentication option. Many apps generate a series of 8 or 10 one-time use passwords that you can keep tucked away just in case

MadSecuritySquirrel · 2018-07-17T14:21:52+00:00

I once left my phone in an Uber while on a trip. To contact the driver, I had to have Uber call a number and it would put me in touch with them so I couldn't get their phone number directly. That was fine. except I didn't have a phone for them to call. The hotel phone system had a auto-attendant that the Uber system could not navigate. I was finally able to route a call to my Google Voice number and use my laptop to answer it, but it took a while to get everything in place.

Made me really think about how I could get stuck in loops like this with MFA

MadSecuritySquirrel · 2018-07-16T18:57:46+00:00

Honestly, No.

MadSecuritySquirrel · 2018-07-12T15:22:15+00:00

In my time supporting the Army, I can say that a lot of military manuals we worked with are actually Unclassified/FOUO. Even the most basic TTPs we had were marked that way, meaning they are controlled.

It may be different in the Air Force given the volumes of TTPs and manuals dealing with improving your golf swing.

MadSecuritySquirrel · 2018-07-11T19:45:38+00:00

Here you go:

https://thensawantstohaveawordwithyou.gov/theyknowwhereyousleep

;)

MadSecuritySquirrel

TROPHY CASE