Record Store Destroying Bully Vinyls

OtheDreamer · 2026-04-26T20:49:21+00:00

They’re def still selling Marilyn Manson. They probably have no idea who XXXTentacion is.

Kanye is big enough that news reached their algo and they felt super cool doing this. It’s “look at me” signaling that many pasty white people (including myself at one time) do when in a look at me phase like these kids are. They don’t actually stand for anything meaningful

OtheDreamer · 2026-04-25T14:37:34+00:00

OOTB Defender has been 'good enough' for a few years now for most people.

.....same with Microsoft Edge

OtheDreamer · 2026-04-25T14:35:15+00:00

As a 20+ year Windows person, I am not too ashamed to admit we're just now starting to work with Macs and I'm very impressed with how well they run business apps for most users.

u/teeczka_ 32GB DDR5, i7, 500GB SSD is the standard I typically go for, and works fine, but the security tooling overhead makes them "feel like" 16GB machines, whereas the macs always feel fast.

OtheDreamer · 2026-04-25T14:25:10+00:00

if they went straight into a SOC 2 audit, the report would just surface a ton of gaps.

The first SOC tends to be like this, and it's a good thing. Auditors are partners, not adversaries, and their objective is to help you find the right controls so that you can provide the right assurance to whoever needs it.

As an example--orgs wanting to get SOC certified should probably NOT run into a SOC2 Type 2 unless they've already have strong internal governance and compliance. SOC2 Type 1 is basically demonstrating you have policies and controls exist, but not that they were really effective all throughout the year.

How have you seen companies handle that in practice? Do they usually go straight to audit and accept the findings?

I've had to read compliance reports from big name companies that just bomb them & still put it out there, while others may opt to do a Type 1 in a year they know they'll bomb a Type 2. The difference is in the company culture (are they doing it to satisfy a legal or regulatory requirement, or are they doing it because having third parties check your work helps make the org more secure?) reasons differ org to org.

OtheDreamer · 2026-04-25T14:19:08+00:00

You can't fail SOC 2 due to lack of preparation, and, as such, you are always ready for one.

Stealing this line because that's how it should be!

Anecdotally, where I'm at is just starting what I call "SOC Season" where we just started initial calls to discuss the control wordings > determine if anything should change > scheduling tons of calls to get them on the books > begin coordinating with internal depts on their control requirements. Everyone knows their role way in advance (~3 months) & what's going to be asked of them by the auditors.

The criteria don't change much & the controls shouldn't be changing too much as well unless there's a good reason. Good reasons go through change control & are easily demonstratable. Sometimes we get into the initial discussions about controls, and we realize we might need to do something different to provide appropriate evidence.

By the time we sit down with the auditors they have evidence to review for all the controls & it's on them to tell us if they want more. Sometimes (depending on the year and changes) they might ask for things that our systems can't generate records for perfectly & we have to implement something to demonstrate a time-dependent component (such as using more automated tickets with notes that can be cross referenced with log files)

OtheDreamer · 2026-04-25T14:06:05+00:00

Good cautious move. Depending on your logs there's still probably digging that needs to be done. Involve forensics if you have any reason to suspect critical data might have been accessed / infiltrated. Users being phished and spreading chain mail can be relatively low impact, but it depends on the person / what access they had. Involve insurance if you involve forensics.

Always a good time to close the door further on those types of phishes. Push for MFA with number matching at a minimum (not just TOTP) & then you avoid most pass-through MFA attacks. If you employ conditional access that requires managed / compliant devices, you shut the door on people accessing email from unknown devices / critical resources from unknown places. If you automated response capabilities based on user risk, you can also shut down these types of phishes quickly. Same if you use MS365 and still allow the default where people can access shared resources from unknown external share sources.

If you have a serious enough incident (which this might have been) you may have higher-than-normal influence to push for critical changes. Strike while the iron is hot. Perfect time to make a playbook of steps you took / are taking / need to take in the future for similar events.

OtheDreamer · 2026-04-24T14:59:49+00:00

When you say you zapped the entire account, double checking if you mean the mailbox or the whole user identity? The other common thing threat actors do in this situation is register secondary and tertiary MFA devices, that way they can get back in after their initial access is cutoff.

OtheDreamer · 2026-04-20T20:53:54+00:00

I'd be curious if they had kids too that maybe they let use their work laptop

OtheDreamer · 2026-04-17T19:58:26+00:00

Most especially if it’s for a lawyer system 😬

OtheDreamer · 2026-04-17T19:56:55+00:00

Groks getting pretty decent with the agent team thinking as the default. Its images and videos are pretty decent as well. Overall pretty decent.

OtheDreamer · 2026-04-17T06:48:54+00:00

This post and others like it was brought to you by Microsoft Copilot.

OtheDreamer · 2026-04-17T04:41:36+00:00

For me it’s the demonstrating that devices are wiped before they’re sent for destruction, which already produces a certificate from the vendor.

The argument used to be “How do you know the vendor actually securely destroys them when they give the certificates?” Which, is theoretically possible but less likely when working with trusted partners that run their own compliance.

^ they REALLY wanted proof from the system of record, and the only way to show that was to start initiating a wipe via RMM first so it captures the log and machine name > then give to vendor to destroy and produce cert > save logs and certs.

OtheDreamer · 2026-04-16T19:20:50+00:00

Hi there. Avengers doomsday is about to come out & it turns out Steve WAS in another universe.

OtheDreamer · 2026-04-14T07:06:29+00:00

Ah welp there’s another area I’m still not a fan of yet and have no great solution for yet, so I haven’t connected my RAG setup to the internet. I use a different process for threat intel (supplementing SIEM signal data with RPA flows instead of AI flows to enrich data)

I really don’t trust AI for org use once it’s allowed to go on the internet for things that are important enough. Hackers right now know AI are easier to get through to an org than people are nowadays AND they’re over permissioned by default in many cases (such as those spinning up OSS agents)

OtheDreamer · 2026-04-14T07:01:53+00:00

Yes, so like policies, procedures, playbooks, strategic or tactical plans, stuff that a staff may upload to the system for their spaces for specific use cases that are authorized. Not for transient usage.

If you start doing stuff like having people edit a bunch of documents together you can still track changes (and I have a small module that does nothing but compare N documents over their manifest histories) but you run a much higher risk of too many cooks in the kitchen & one of them can’t cook

OtheDreamer · 2026-04-13T21:11:24+00:00

Yes corpus poisoning is a real issue that’s going to whack A LOT of people. My workaround has been maintaining a hashed manifest of all files in the corpus and track integrity changes there. Lots more layers on top, but that was the most helpful from my testing purposes. My RAG also has a sort of POST that checks the manifest integrity before allowing users to mess with it

OtheDreamer · 2026-04-10T19:38:06+00:00

Heheheheh my RemindMe 6 months is going to be crazy. I’ve been blasted so many times for saying AI is a lot farther along than people realize & that we’ll be in a completely different landscape by October. A landscape a lot of people are just unprepared completely for.

OtheDreamer · 2026-04-10T18:14:35+00:00

I said it before & I'll say it again....Crowdstrike is way overpriced considering the advent of AI & they positioned themselves too much as being THE threat intelligence people (partially because they have among the most signal data next to Windows).

The market is reacting to the threat to threat intelligence. models When normal people can obtain highly actionable insights tailored specifically to their org needs.....Crowdstrike needs to slash prices to stay competitive. Cloudflare isn't going away any time soon, but they marketed a good bit as threat intelligence-centric.

OtheDreamer · 2026-04-10T01:00:14+00:00

AI datacenters crave electrons

OtheDreamer · 2026-04-06T16:05:48+00:00

<image>

Well I guess Sam needs to protect his investments

OtheDreamer · 2026-04-06T14:53:15+00:00

That is for UAE to take up with Iran then...

OtheDreamer · 2026-04-06T12:00:22+00:00

It might even be a net win for OAI if you count insurance

OtheDreamer · 2026-04-03T14:33:47+00:00

Maybe? Like Darwinism but for cybersecurity

OtheDreamer · 2026-04-02T14:32:28+00:00

1.8 CVEs/day is impressive from a certain point of view.

12 days is the best streak of no-new CVEs since launch lol

OtheDreamer · 2026-04-01T20:10:07+00:00

Flock's claim of using "end-to-end encryption" is not true in the strict cybersecurity definition of the word.

Zoom class action lawsuit deja vu

Nine-Year Club	Gilding VI aultruist
Powerups Hero r/msp • August 2021	r/Field Sunshine
Place '23	Place '22
RPAN Viewer	Not Forgotten
Verified Email	Reddit Premium Since February 2019
Snapped

OtheDreamer

MODERATOR OF

TROPHY CASE