scriptjunkie @sj@social.scriptjunkie.us

@3141592f generate a secure master password, don't make one up. If I was LastPass, rather than even give people that ability, I would do something like a cryptocurrency wallet and generate a seed phrase. They can memorize it or put it in their physical wallet or whatever.
LastPass's "it would be extremely difficult to attempt to brute force" statement is misdirection baloney. We've cracked oodles of hashes with wordlists, phrase lists, and rules without ever "brute forcing" and I'm sure you too.

Doing this once - memorizing a seed phrase is 1000 times easier and more secure than "keep rotating 1000 logins so when they crack your 1337Passw0rd! they'll only have it a few months!"

97% of user-chosen PW's get cracked. Stop throwing wet band-aids on top and fix the bleeding.

Apparently unpopular opinion: stop telling people it's worth rotating passwords (in case their master password gets cracked). Tell them to stop picking passwords and generate them with measurable entropy. You don't wring your hands every day about if root CA ECC keys are cracked.

@dave also see: mountains

Do people using complicated stuff like LastPass know you can just use Pass1234 for everything?

@jfslowik We're looking for security engineers, appsec, and security software engineers.

CVE 10.0 in the Linux kernel. Credit https://twitter.com/thalium_team
https://www.zerodayinitiative.com/advisories/ZDI-22-1690/

Thankfully there appears to be another cleaning robot taking care of the mirror universe
https://social.v.st/@th/105690012399873591

It's the shortest day of the year, which means it's peak season for "pagans celebrated when it got dark so Christmas is a pagan holiday" takes. Look, we get it, you were never loved as a child. That's still no excuse to not know how holidays work. And that's not how they work.