Hal Pomeranz @hal_pomeranz

I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange

 Orlando, FL
deer-run.com/~hal/
Joined November 2008
  • Tweets 19,311
  • Following 237
  • Followers 13,672
228 Photos and videos
Load newest
People are struggling more and more every day. Be compassionate. Even "easy" things are hard right now.
4
13
Hal Pomeranz retweeted
Jake Williams @MalwareJake
2 Mar 2022
As I was typing out "popcorn.gif" I realized that if .gif ever becomes a TLD, the popcorn.gif domain will be worth millions...
6
2
1
57
Hal Pomeranz retweeted
Wim Remes TR @wimremes
2 Mar 2022
RT for reach. Applies for people currently in Ukraine. Contact @Stekkz to apply. 🇺🇦 🙏 💪🏻
2
20
1
10
I'm happy to announce an errata update of my Linux Forensics class (also added @SecShoggoth's honeypot image for practice). archive.org/details/HalLinux… If you'd like to be part of the first ever in-person run of the class register at kernelcon.org/training#linux…
1
12
1
31
Some great stories about Boggs from @paulvixie during our recent panel discussion during WWHF Deadwood. It feels too soon to be losing these great inventors.
NYTimes Tech @nytimestech
1 Mar 2022
In the 1970s, David Boggs helped create Ethernet, the powerful etworking technology that connects PCs to printers, other devices and the internet in offices and homes. He has died at 71. nyti.ms/3porn9m
4
1
6
Replying to @hal_pomeranz
I cannot overstate how impossibly difficult it is to attack a system running SELinux with setenforce 1. Even if it's got openings and misconfigurations, an attacker is going to make buckets of noise finding the flaws. Know who does ls -laZ? Nobody but attackers.
5
6
1
35
Q: Why is Hal going on about SELinux again? A: Because I investigate lots of Linux intrusions that would have failed if SELinux was enabled. At least come and learn to criticize SELinux from a position of knowledge and not FUD.
Antisyphon Training @Antisy_Training
28 Feb 2022
Coming up March 9-10 is @hal_pomeranz's 6-hour course, "SELinux – Necessary and Not Evil!" 10% of this course will be donated to @RuralTechFund. What's your experience with SELinux? Good? Bad? Let us know! Course details & registration can be found here: ow.ly/7q7a50I6lHa
8
20
103
NEW: This is Daxin, the most advanced Chinese espionage tool we've ever found. Used to spy on governments worldwide. symantec-enterprise-blogs.se…
10
346
34
696
Hal Pomeranz retweeted
Jake Williams @MalwareJake
27 Feb 2022
I'll close by noting that for most orgs, right now you're more likely to suffer an outage due to a self inflicted wound than a destructive cyberattack. Be vigilant. Increase log retention. Turn on netflow. But I wouldn't be making major security architecture changes now. /FIN
1
6
78
Hal Pomeranz retweeted
Mike Olson 🇺🇸 @mikeolson
25 Feb 2022
This isn't a theoretical problem -- those floods of funds have corrupted politics in the US, and concentrated power in Russia in the hands of Putin and his oligarchs. The US and UK have helped to clean and store the money being used to wage war in Ukraine.
4
89
2
571
STOP THE PRESSES! I made a serious error. This !! technique as shown doesn't work. 1,001 Thanks to @joswr1ght for catching this, and showing me a fix that still uses !! What you need to do is this... alias keeper='echo $(history -p !!) >>~/.keeper.txt'
4
12
82
Most refreshing job posting I have seen in some time!
@hobu@fosstodon.org @howardbutler
23 Feb 2022
Hobu is hiring. The criteria are 1) Not an Asshole and 2) Can Google Stuff. We'll teach you the lidar and the geo and the open source stuff. Please use #2 to contact me to demonstrate #1 if you are interested.
1
7
Hal Pomeranz retweeted
Robert M. Lee @RobertMLee
24 Feb 2022
If you are in the US/UK/ANZ at a small co-op/muni & need ICS cybersecurity support (Dragos Platform technology, managed service, and incident response) please feel free to message me directly. Dragos is going to make our capabilities free for the smaller members of our community
50
703
68
1,929
We are so far from living up to the ideals laid out in our founding documents. And the hypocrisy is particularly rank at this moment.
1
2
I wanted to write that such behavior is un-American. But the reality is that denigrating, abusing, and using others for political and financial gain has played itself out in American history from the founding of the republic 250 years ago.
1
1
4
Using any group of humans—immigrants, the LGBTQ+ community, anybody—as a wedge issue or to “motivate your base” is despicable. It’s also straight out of the authoritarian playbook. It frightens me that such people hold positions of power.
1
4
17
I believe this was mentioned in a VH-1 “Behind the Music” episode
Mick Douglas 🇺🇦🌻 @bettersafetynet
23 Feb 2022
Replying to @hal_pomeranz
Like all things in life, it can be related to the Spice Girls. In their smash hit Wannabe (if you wanna be my lover) "if you wanna be my lover, you gottta setenforce 1" (at least that's how the original cut went before it got workshopped to death)
1
Oh look, a fake AV pop-up in my web browser! Should I... nah, I've got too much crap to do today than joust with these idiots.
6
Load more