Jeff Jarmoc
@jjarmoc.bsky.social
Yet another security person.
All out of batteries, but still making noise!
All out of batteries, but still making noise!
Reposted by Jeff Jarmoc
this can't be what they mean but i love the idea of drug-dealing gangs using agile methodology. "we're really looking to move 50kg of coke this sprint"
September 19, 2025 at 6:21 PM
this can't be what they mean but i love the idea of drug-dealing gangs using agile methodology. "we're really looking to move 50kg of coke this sprint"
Reposted by Jeff Jarmoc
Political violence is bad. It usually begets more political violence.
Celebrating political violence is bad. It usually encourages more political violence, against various targets.
Campus shootings are bad. They make everyone on campus less safe.
It's bad that what I wrote here is controversial.
Celebrating political violence is bad. It usually encourages more political violence, against various targets.
Campus shootings are bad. They make everyone on campus less safe.
It's bad that what I wrote here is controversial.
September 10, 2025 at 7:06 PM
Political violence is bad. It usually begets more political violence.
Celebrating political violence is bad. It usually encourages more political violence, against various targets.
Campus shootings are bad. They make everyone on campus less safe.
It's bad that what I wrote here is controversial.
Celebrating political violence is bad. It usually encourages more political violence, against various targets.
Campus shootings are bad. They make everyone on campus less safe.
It's bad that what I wrote here is controversial.
Reposted by Jeff Jarmoc
Someone at the American Bar Association ate their Wheaties this morning.
February 10, 2025 at 8:32 PM
Someone at the American Bar Association ate their Wheaties this morning.
Reposted by Jeff Jarmoc
Around 35% of SpaceX’s revenue comes directly from the federal govt.
Less than 1% of NPR’s budget comes from the federal govt.
Less than 1% of NPR’s budget comes from the federal govt.
February 5, 2025 at 5:23 PM
Around 35% of SpaceX’s revenue comes directly from the federal govt.
Less than 1% of NPR’s budget comes from the federal govt.
Less than 1% of NPR’s budget comes from the federal govt.
Reposted by Jeff Jarmoc
Here is a list of groups actually litigating against the barrage of illegal and unconstitutional actions by the the Trump Administration.
LAW FIRMS should be providing pro bono support. Don't cower in a corner. Your business depends on the rule of law. 1/
www.justsecurity.org/107087/track...
LAW FIRMS should be providing pro bono support. Don't cower in a corner. Your business depends on the rule of law. 1/
www.justsecurity.org/107087/track...
February 5, 2025 at 8:12 PM
Here is a list of groups actually litigating against the barrage of illegal and unconstitutional actions by the the Trump Administration.
LAW FIRMS should be providing pro bono support. Don't cower in a corner. Your business depends on the rule of law. 1/
www.justsecurity.org/107087/track...
LAW FIRMS should be providing pro bono support. Don't cower in a corner. Your business depends on the rule of law. 1/
www.justsecurity.org/107087/track...
Reposted by Jeff Jarmoc
I'll subscribe to a lot of criticisms, but the blind non-specific ageism against GenZ isn't doing a lot for the Democratic Party, and seems like a stupid line of attack when you should be talking specific experience.
What are we even doing here. Have you seen the voting demographics recently.
What are we even doing here. Have you seen the voting demographics recently.
February 6, 2025 at 3:31 PM
I'll subscribe to a lot of criticisms, but the blind non-specific ageism against GenZ isn't doing a lot for the Democratic Party, and seems like a stupid line of attack when you should be talking specific experience.
What are we even doing here. Have you seen the voting demographics recently.
What are we even doing here. Have you seen the voting demographics recently.
Reposted by Jeff Jarmoc
When I first switched to application security, I feared not knowing all the answers. Watch the video to hear about how I dealt with this, built up my confidence, and how you can too. #impostersyndrome
youtu.be/crHKiVkWotk
youtu.be/crHKiVkWotk
February 6, 2025 at 10:13 PM
When I first switched to application security, I feared not knowing all the answers. Watch the video to hear about how I dealt with this, built up my confidence, and how you can too. #impostersyndrome
youtu.be/crHKiVkWotk
youtu.be/crHKiVkWotk
Reposted by Jeff Jarmoc
FBI Uncovers Al-Qaeda Plot To Just Sit Back And Enjoy Collapse Of United States
FBI Uncovers Al-Qaeda Plot To Just Sit Back And Enjoy Collapse Of United States
WASHINGTON—Putting the nation on alert against what it has described as a “highly credible terrorist threat,” the FBI announced today that it has uncovered a plot by members of al-Qaeda to sit back an...
theonion.com
February 5, 2025 at 6:31 PM
FBI Uncovers Al-Qaeda Plot To Just Sit Back And Enjoy Collapse Of United States
I miss that little InfoSec/hacking corner of Twitter where I could escape for a while. It seems both of those things are long gone thanks to Elon.
February 5, 2025 at 5:20 AM
I miss that little InfoSec/hacking corner of Twitter where I could escape for a while. It seems both of those things are long gone thanks to Elon.
Reposted by Jeff Jarmoc
Lately people have been asking me for digital security tips, so I wrote a little post with some basics, some resources, and some dreams of a better world.
Digital Security In Uncertain Times
For the past few weeks, I've been getting frantic texts, calls, and emails from people who are concerned about their own digital security and are seeking guidance—some for the first time.
The guidanc...
blog.yaelwrites.com
February 4, 2025 at 5:34 AM
Lately people have been asking me for digital security tips, so I wrote a little post with some basics, some resources, and some dreams of a better world.
Reposted by Jeff Jarmoc
Capitol Hill reporters: Please ask congressional Republicans if they believe the Trump administration should follow federal court orders.
If they say yes, ask them what Congress should do if Trump refuses.
If they say yes, ask them what Congress should do if Trump refuses.
February 5, 2025 at 1:16 AM
Capitol Hill reporters: Please ask congressional Republicans if they believe the Trump administration should follow federal court orders.
If they say yes, ask them what Congress should do if Trump refuses.
If they say yes, ask them what Congress should do if Trump refuses.
People often ask me how they can improve CFP submissions for Blackhat. Here’s some info on what the review board looks for, and a few resources that can help.
www.blackhat.com/html/blog/20...
This information largely applies to other cons as well.
www.blackhat.com/html/blog/20...
This information largely applies to other cons as well.
Black Hat
Black Hat
www.blackhat.com
February 4, 2025 at 7:34 PM
People often ask me how they can improve CFP submissions for Blackhat. Here’s some info on what the review board looks for, and a few resources that can help.
www.blackhat.com/html/blog/20...
This information largely applies to other cons as well.
www.blackhat.com/html/blog/20...
This information largely applies to other cons as well.
Reposted by Jeff Jarmoc
This is exactly the sort of honest lede that I expect to see from the fourth estate. Anything less is cowardice and complicity.
Very happy with the way @rollingstone.com and my boy @milesklee.bsky.social played this headline!
www.rollingstone.com/politics/pol...
www.rollingstone.com/politics/pol...
Trump and Allies Default to Racist Explanation of Deadly Air Collision
President Trump blamed diverse hiring policies for a deadly mid-air collision between a commercial jet and an Army helicopter that killed 67 people
www.rollingstone.com
January 31, 2025 at 3:42 PM
This is exactly the sort of honest lede that I expect to see from the fourth estate. Anything less is cowardice and complicity.
Clearly this must be legit.
January 14, 2025 at 9:04 PM
Clearly this must be legit.
Reposted by Jeff Jarmoc
One of the cool things about JavaScript is that all numbers are floats, so all loop iterators and incremented counters will eventually get stuck
January 13, 2025 at 5:54 PM
One of the cool things about JavaScript is that all numbers are floats, so all loop iterators and incremented counters will eventually get stuck
Reposted by Jeff Jarmoc
Reposted by Jeff Jarmoc
New #FBI #FOIA docs in response to my request for records relating to the SQL Slammer worm of 2003. Gradually working my way through these big worm / #malware outbreaks pre-2010. Main thing that jumped out for me was that FBI identified a suspect in a foreign country.
archive.org/details/sqls...
archive.org/details/sqls...
SQLslammer worm FBI FOIA docs : FBI : Free Download, Borrow, and Streaming : Internet Archive
FOIA documents from the FBI in response to a request for records relating to the SQLslammer worm that first appeared in 2003 but has continued to infect...
archive.org
January 8, 2025 at 12:42 PM
New #FBI #FOIA docs in response to my request for records relating to the SQL Slammer worm of 2003. Gradually working my way through these big worm / #malware outbreaks pre-2010. Main thing that jumped out for me was that FBI identified a suspect in a foreign country.
archive.org/details/sqls...
archive.org/details/sqls...
Reposted by Jeff Jarmoc
I have my Kamala Won flag fashioned with weapons, my flak jacket, walkie-talkie, and bear spray. I’m ready to storm the Capitol and smear my feces on the walls tomorrow to Stop The Steal.
Said no sane democrat ever because we’re not in a cult.
Said no sane democrat ever because we’re not in a cult.
January 6, 2025 at 7:15 AM
I have my Kamala Won flag fashioned with weapons, my flak jacket, walkie-talkie, and bear spray. I’m ready to storm the Capitol and smear my feces on the walls tomorrow to Stop The Steal.
Said no sane democrat ever because we’re not in a cult.
Said no sane democrat ever because we’re not in a cult.
Reposted by Jeff Jarmoc
It’s funny Zuck says “I started building social media to give people a voice” when in fact, he started building social media to publicly rate the hotness of undergrads.
January 7, 2025 at 7:48 PM
It’s funny Zuck says “I started building social media to give people a voice” when in fact, he started building social media to publicly rate the hotness of undergrads.
Reposted by Jeff Jarmoc
We tested a flaw in Motorola's ALPR system that caused real-time vehicle data from license plate readers to be leaked. In just 20 minutes, 30 LPRs recorded 4,000 car images. One vehicle was captured three times as it passed different cameras.
www.wired.com/story/licens...
www.wired.com/story/licens...
License Plate Readers Are Leaking Real-Time Video Feeds and Vehicle Data
Misconfigured license plate recognition systems reveal the livestreams of individual cameras and the wealth of data they collect about every vehicle that passes them by.
www.wired.com
January 7, 2025 at 6:48 PM
We tested a flaw in Motorola's ALPR system that caused real-time vehicle data from license plate readers to be leaked. In just 20 minutes, 30 LPRs recorded 4,000 car images. One vehicle was captured three times as it passed different cameras.
www.wired.com/story/licens...
www.wired.com/story/licens...
Reposted by Jeff Jarmoc
You have to understand that back in my day, it was possible to make a career out of sending a lot of AAAAAAs to computer programs
January 5, 2025 at 10:56 PM
You have to understand that back in my day, it was possible to make a career out of sending a lot of AAAAAAs to computer programs
lol, yeah.. I’ll get right on that.
January 3, 2025 at 4:52 PM
lol, yeah.. I’ll get right on that.
Reposted by Jeff Jarmoc
I am convinced 99% of websites should use magic links + passkeys.
It bypasses all (debatable) portability objections to passkeys, it’s at least as secure as email-based recovery, as fast as a password manager, it’s available to all users… and importantly, no passwords!
It bypasses all (debatable) portability objections to passkeys, it’s at least as secure as email-based recovery, as fast as a password manager, it’s available to all users… and importantly, no passwords!
I wrote about how magic links (emailed one-time login links) frustrate me while explaining that they radically accept some fundamental truths. I argue that websites should layer passkeys on top of magic links to provide a seamless authentication experience for everyone. rmondello.com/2025/01/02/m...
Ricky Mondello » Magic Links Have Rough Edges, but Passkeys Can Smooth Them Over
rmondello.com
January 2, 2025 at 3:26 PM
I am convinced 99% of websites should use magic links + passkeys.
It bypasses all (debatable) portability objections to passkeys, it’s at least as secure as email-based recovery, as fast as a password manager, it’s available to all users… and importantly, no passwords!
It bypasses all (debatable) portability objections to passkeys, it’s at least as secure as email-based recovery, as fast as a password manager, it’s available to all users… and importantly, no passwords!