Lightnews — Scholar-powered news

Allan @allanfriedman.bsky.social · 3d

Looking forwards to listening to to this podcast but the view from a @cyberseccenter.bsky.social event of policy experts is that 1) sharing is happening, but more lawyers are being looped in and things are taking longer and 2) it’s probably slowly dragging the curve down and inhibiting new efforts.

1 1

Allan @allanfriedman.bsky.social · 3d

Solid summary of the risks we face in our supply chains. SBOM is a powerful tool for software bc it enables automation; we need similar approaches for vendors and third party risk mgmt. Fun hard problem:
Semiconductor supply chain & and HBOM. (Coming soon!)

Techradar @techrad.ar · 3d

#TechRadar Third-party breaches are a wake-up call for modern cybersecurity https://techrad.ar/ksuJ #Pro

Allan @allanfriedman.bsky.social · 8d

Finally feeling heathy enough to start doing some proper cooking. Thick cut pork chops with apple’n’onion pan sauce, nicely paired with a lovely crisp autumnal evening.

I’m still avoiding wine, etc (pairs poorly with nerve inflammation) but I prepped a batch of pear cardamon shrub.

3 3 19

Reposted by Allan

Joshua J. Friedman @joshuajfriedman.com · 10d

One of my favorite anecdotes from THE PREHISTORY OF THE FAR SIDE: "That doesn't sound like the Jane Goodall we know."

A few days after this cartoon was published, my syndicate received a very indignant letter from someone representing the Jane Goodall Institute.
Not only did my syndicate and I both get read the Riot Act, there was a vague implication that litigation over this cartoon might be around the corner.
I was horrified. Not so much from a fear of being sued (I just couldn't see how this cartoon could be construed as anything but silly, but because of my deep respect for Jane Goodall and her well-known contributions to pri-matology. The last thing in the world I would have intentionally done was offend Dr. Goodall in any way.
Before I had a chance to write my apology, another complication arose.
The National Geographic Society contacted my syndicate and expressed a

desire to reprint the cartoon in a special centennial issue of their magazine. My editor, aware of what had just occurred, declined, explaining why.
Apparently, whoever it was that sent the inquiry from National Geographic was shocked. They told my editor that "that doesn't sound like the Jane Goodall we know." They did some checking themselves, and an interesting fact was eventually discovered: Jane Goodall loved the cartoon. Furthermore, she was totally unaware that any of this "stuff" was going on. Some phone calls were made, and the cartoon was not only reprinted in the centennial issue of National Geographic, but was also used by her Institute on a T-shirt for fund-raising purposes.
I've since had an opportunity to visit Dr. Goodall at her research facility in Gombe. It's a wonderful place (sort of like right out of National Geographic).
"To refer to Dr. Goodall as a tramp is inexcusable even by a self-described 'loony' as Larson. The cartoon was incredibly offensive and in such poor taste that readers might well question the editorial judgment of running such an atrocity in a newspaper that reputes to be supplying news to persons with a better than average intelligence. The cartoon and its message were absolutely stupid." —Excerpt from the above-mentioned letter that started the ruckus

28 2.2K 6.4K

Allan @allanfriedman.bsky.social · 10d

‘Tis the season!

4

Allan @allanfriedman.bsky.social · 15d

Careful! That’s partly how we ended up with the terrible VEX acronym.

1 2

Allan @allanfriedman.bsky.social · 15d

Some of y’all remember the chaos we had in trying to decide whether to camel case it or not.

Or, even worse, which way to orient canonical examples of a dependency tree: top-to-bottom, or bottom-to-top.

Collective action is hard; the English language and good design are also hard.

julia ferraioli @juliaferraioli.com · 16d

Y'all pluralizing SBOM as SBOMs when you know full well that it's SBsOM

2 11

Allan @allanfriedman.bsky.social · 15d

Apple Music’s new automix feature not only isn’t very good, it’s bad enough to be distracting.

1 1

Reposted by Allan

Cynthia Brumfield @metacurity.com · 17d

Incredible must-read analysis of the Collins Aerospace incident by Günter Born (which relies heavily on work by @doublepulsar.com). It concludes by pointing to Cyfirma's assessment that Alixsec, Scattered Spider, and the Rhysida ransomware were the culprits

www.borncity.com/blog/2025/09...

Nachlese Sicherheitsvorfall bei Collins Aerospace, der Flughäfen lahm legte

In den Abendstunden des 19. September 2025 (Freitag) gab es einen Ransomware-Angriff auf den Dienstleister Collins Aerospace, der für europäische Flughäfen u.a. die Check-In-Systeme betreibt.

www.borncity.com

1 3 2

Reposted by Allan

TProphet @tprophet.org · 18d

1/ Hi, I'm TProphet. I write the Telecom Informer for @2600.com. A lot of people have been asking me about www.nbcnews.com/politics/nat... given that I'm somewhat knowledgeable in the area.

Here's my take: I'm kind of astonished that this is public, and it isn't normal that it would ever be.

Secret Service agents dismantle network that could shut down New York cellphone system

Agents discovered electronic devices in five locations in and around the city that could be used to disable cellphone towers. The system could also be used for criminal activities.

www.nbcnews.com

10 180 370

Reposted by Allan

Kevin Collier @kevincollier.bsky.social · 18d

I do think a bit about DDoS'ing a phone network as an effective tactic that rarely gets attention but could cause significant chaos. And remember this?

Malaysian politicians claim tech sabotage as polling begins

Malaysian politicians from both government and opposition camps complained of "dirty tricks" after voting in a general election began on Wednesday, as non-stop spam calls to their mobile phones disrupted communications with party organizers.

www.reuters.com

2 2 20

Allan @allanfriedman.bsky.social · Sep 6

Peak late summer vegetables from the farmer’s market, about to be made more delicious.

1 6

Allan @allanfriedman.bsky.social · Sep 6

Such FOMO. Hugs to amazing people!

3

Reposted by Allan

Decipher @deciphersec.bsky.social · Sep 4

When we launched in 2018, the first piece on the site was part one of our four-part oral history of the L0pht. We were able to rescue that series from the archives. Here's that first part again. Enjoy!

decipher.sc/2025/07/24/w...

‘We Got to Be Cool About This‘: An Oral History of the LØpht, Part 1 - Decipher

In the beginning, there was a hat factory. Factory is probably too grand a word for it, but the space that would eventually become the first home of L0p...

decipher.sc

4 5

Allan @allanfriedman.bsky.social · Aug 24

Taking a week off to drink wine and cycle the coast and hills around lovely Santa Barbara.

1 17

Allan @allanfriedman.bsky.social · Aug 22

I’m not sure I agree. Data breach is an important problem - I wrote one of the first studies on economic impact back in mid 2000s—but the disruption of operations can have a much bigger $ impact on the biz, and involves lives for critical infrastructure like hospitals.

Philippe Vynckier @pvynckier.bsky.social · Aug 22

The real problem with ransomware isn’t encryption—it’s the data that walks out the door www.fastcompany.com/91387139/the...

The real problem with ransomware isn’t encryption—it’s the data that walks out the door

In a world where ransomware has morphed into data extortion, encryption is just the bait. The real threat is what’s already gone by the time you realize anything’s wrong.

www.fastcompany.com

1 6

Allan @allanfriedman.bsky.social · Aug 16

Fun article, but the headline does trigger some nostalgia…

1 2

Allan @allanfriedman.bsky.social · Aug 16

No, but when it was almost 9, and I didn’t have energy to whip up an aioli, THIS was heresy:

2 10

Allan @allanfriedman.bsky.social · Aug 16

No time to make proper frites this Friday night, so I indulged in a particularly scary but potentially novel culinary heresy: “Moules Tots”

Reader, it works.

16 10 230

Reposted by Allan

Ian Coldwater 👻🌿 @lookitup.baby · Aug 13

Technically a Caesar cipher is military-grade encryption. They don’t mention *which* military

f4mi ‼️ @f4mi.bsky.social · Aug 12

so many companies today use "military grade" as an adjective for random stuff

"military grade encryption" and it's just aes-128

9 86 490

Allan @allanfriedman.bsky.social · Aug 5

If you’re around Black Hat / BSides, come by and say hi!

1 5

Allan @allanfriedman.bsky.social · Aug 5

Yes, agree! For good orgs, the QA should be both very easy (not a lot of problems) or very hard (you need to work to find any problems) and that’s the sign of a good sdl / blue team.

Allan @allanfriedman.bsky.social · Aug 5

The fun thing was that it was three separate problems!

1

Allan @allanfriedman.bsky.social · Aug 4

The 3rd speaker at a public event today just said from the stage “I love you, Allan, but [SBOMs won’t solve this problem]!”

On one hand, it’s nice to be an avatar for a security concept, but on the other hand, we did fail in our messaging that SBOM isn’t supposed to solve all our problems.

3 1 9

Reposted by Allan

Greg Otto @gregotto.bsky.social · Aug 4

For anyone that is on their way to Vegas for Black Hat — if you have respiratory problems, prepare. Wildfires in Santa Barbara have smoke moving through the city. Here is a picture from a hotel room, I could see the mountains clearly yesterday. You see any 🏔️ in this pic?

4 5 16