home.social

#physical-security — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #physical-security, aggregated by home.social.

fetched live
  1. Sécurité décentralisée, niveau 1970. Pour injecter un triple zéro (000) dans la matrice de ce terminal Burroughs, il faut littéralement tourner une clé physique.
    C'est le protocole "Cold Storage" le plus stylé de l'histoire. Pas de hack possible sans crocheter du bronze. 💾🔐
    #RetroComputing #Burroughs #PhysicalSecurity #RootOfTrust #GeekHistory

  2. Sécurité décentralisée, niveau 1970. Pour injecter un triple zéro (000) dans la matrice de ce terminal Burroughs, il faut littéralement tourner une clé physique.
    C'est le protocole "Cold Storage" le plus stylé de l'histoire. Pas de hack possible sans crocheter du bronze. 💾🔐
    #RetroComputing #Burroughs #PhysicalSecurity #RootOfTrust #GeekHistory

  3. 📰 FBI Warns 'Silent Ransom Group' (Luna Moth) is Sending Operatives In-Person to Steal Data

    FBI WARNING 🚨: 'Silent Ransom Group' (aka Luna Moth) is sending operatives IN-PERSON to offices, posing as IT support to steal data via USB if remote hacks fail. Law firms, healthcare & finance targeted. #SocialEngineering #PhysicalSecurity

    🌐 cyber[.]netsecops[.]io

    🔗 cyber.netsecops.io/articles/fb

  4. The cameras are already on the wall.

    Turn existing installs into monitored CCTV - and keep the customer relationship yours.

    AI-prefiltered events, multi-operator locking, keyholders clearing their own alerts in real time.

    Integrates with Immix, Sentinel, CONXTD - or run it yourself.

    tetherx.io/control-rooms

    What's stopping you adding monitoring to your existing base?

    #SecurityIntegrators #MonitoredCCTV #PhysicalSecurity #TetherX

  5. 📰 FBI Warns 'Silent Ransom Group' (Luna Moth) is Sending Operatives In-Person to Steal Data

    FBI WARNING 🚨: 'Silent Ransom Group' (aka Luna Moth) is sending operatives IN-PERSON to offices, posing as IT support to steal data via USB if remote hacks fail. Law firms, healthcare & finance targeted. #SocialEngineering #PhysicalSecurity

    🌐 cyber[.]netsecops[.]io

    🔗 cyber.netsecops.io/articles/fb

  6. The FBI is warning US law firms about a cybercrime group that exfiltrates data physically — in person. Not a phishing kit, not a zero-day: human presence on-site. A reminder that threat modeling stops too early when it ends at the network perimeter. #infosec #threatintel #physicalsecurity
    cyberscoop.com/fbi-warning-sil

  7. The FBI is warning US law firms about a cybercrime group that exfiltrates data physically — in person. Not a phishing kit, not a zero-day: human presence on-site. A reminder that threat modeling stops too early when it ends at the network perimeter. #infosec #threatintel #physicalsecurity
    cyberscoop.com/fbi-warning-sil

  8. Camera, edge, or cloud analytics - each has a different cost, latency, and accuracy profile.

    Camera: lowest cost at scale, fixed at firmware.
    Edge: upgrades as algorithms improve, works across 200+ camera manufacturers.
    Cloud: best for verified alarms, highest cost per camera.

    TetherX runs all three on one platform, one timeline, one bill.

    Which layer do you lean on most for multi-site deployments?

    #VideoSurveillance #PhysicalSecurity #SecurityIntegrators #TetherX

  9. Hey Miami! We're excited to be at Ekoparty Miami all day today and tomorrow! Come try our displays, catch our talks, and learn about physical security!

    #ekoparty #ekomiami #ekopartymiami #physicalsecurity #physsec

  10. Hey Miami! We're excited to be at Ekoparty Miami all day today and tomorrow! Come try our displays, catch our talks, and learn about physical security!

    #ekoparty #ekomiami #ekopartymiami #physicalsecurity #physsec

  11. I attended the AITP Chicago Security SIG tonight at RSM and left with one clear takeaway: a $200 device called Flipper Zero can clone your building access badge and bypass the physical security your organization worked so hard to set up. FBI Chicago Intelligence Analysts and an InfraGard board member explained how these devices work and where organizations are vulnerable. The room was full of security professionals, many of whom had that familiar look, realizing a threat they thought was unlikely is actually much closer to home.
    Here are a few key points from tonight:
    ・ You can buy Flipper Zero on Amazon, and teenagers are posting demo videos on YouTube. If your physical security plan assumes attackers need special equipment, that assumption is no longer true.
    ・ Most enterprise security programs barely address RF-based attacks on access control systems. We invest heavily in endpoint protection and network monitoring, but the badge reader by the server room often gets overlooked.
    ・ Mitigation is practical. Encrypted credentials and multi-factor physical access are real solutions. Most organizations just haven’t made them a priority because the threat seemed remote.

    If you’re a CISO or CIO and haven’t reviewed your physical access controls for RF-based attacks, now is a good time to add it to your to-do list.
    Thank you to AITP Chicago, the FBI, InfraGard, and RSM for a great discussion.

    aitpchicago.com/event-6680905
    #Cybersecurity #PhysicalSecurity #InfraGard #security #privacy #cloud #infosec #flipper0

  12. I attended the AITP Chicago Security SIG tonight at RSM and left with one clear takeaway: a $200 device called Flipper Zero can clone your building access badge and bypass the physical security your organization worked so hard to set up. FBI Chicago Intelligence Analysts and an InfraGard board member explained how these devices work and where organizations are vulnerable. The room was full of security professionals, many of whom had that familiar look, realizing a threat they thought was unlikely is actually much closer to home.
    Here are a few key points from tonight:
    ・ You can buy Flipper Zero on Amazon, and teenagers are posting demo videos on YouTube. If your physical security plan assumes attackers need special equipment, that assumption is no longer true.
    ・ Most enterprise security programs barely address RF-based attacks on access control systems. We invest heavily in endpoint protection and network monitoring, but the badge reader by the server room often gets overlooked.
    ・ Mitigation is practical. Encrypted credentials and multi-factor physical access are real solutions. Most organizations just haven’t made them a priority because the threat seemed remote.

    If you’re a CISO or CIO and haven’t reviewed your physical access controls for RF-based attacks, now is a good time to add it to your to-do list.
    Thank you to AITP Chicago, the FBI, InfraGard, and RSM for a great discussion.

    aitpchicago.com/event-6680905
    #Cybersecurity #PhysicalSecurity #InfraGard #security #privacy #cloud #infosec #flipper0

  13. Hardware shortages are killing deals. Quotes expire, lead times stretch, clients walk. 🔧

    TetherX runs on whatever you can source - spare servers, refurb gear, even a Raspberry Pi. Quote Monday, install Friday.

    Same platform. Same features. Any hardware, any camera brand, any site size.

    No forklift upgrade when stock returns. Just scale.

    What's the longest lead time that's cost you a job recently?

    #VideoSurveillance #SecurityIntegrators #PhysicalSecurity #TetherX

  14. Physical Security Lapses Expose Sensitive Servers

    Your cybersecurity is only as strong as the physical locks on your servers - and a recent case where a server-room lock proved laughably easy to bypass is a stark reminder of this often-overlooked vulnerability. Leaving sensitive servers exposed is like leaving a car with cash in the console unlocked - it's an open invitation…

    osintsights.com/physical-secur

    #PhysicalSecurity #ServerSecurity #Cybersecurity #EmergingThreats #VulnerabilityManagement

  15. Why a Locked Floppy Disk Could Be Safer Than a Modern Network

    Photo by CCDBarcodeScanner, licensed CC BY-SA 4.0 via Wikimedia Commons.

    Dear Cherubs, in the 1990s, office security had the elegance of a locked drawer and the threat model of a very determined coat thief. Floppy disks were the workhorses of the era, and Britannica notes they were popular from the 1970s until the late 1990s, made of flexible plastic coated with magnetic material. Before the internet became an everyday business utility, many workplaces were still mostly offline; Pew Research found that in 1995 only 14% of U.S. adults had internet access, and 42% had never heard of it.

    THE LOCKED-BOX LOGIC

    If your payroll files, drafts, and backups lived on removable media, the cleanest security move was physical control. Put the disks in a cabinet, lock the cabinet, and hope nobody on the third floor had a master key and a curious streak. It was a blunt system, but it worked because access was local, slow, and obvious. If someone needed a copy, they usually had to walk over, ask, sign something, and maybe endure a suspicious look from whoever guarded the supply room.

    That is the part people forget when they romanticize the old days. The security was not magical; the attack surface was just tiny. To steal the data, someone usually had to be in the building, or at least within arm’s reach of the media. Annoyingly low-tech, yes. Also annoyingly effective.

    MODERN SECURITY, NEW PROBLEMS

    Once files moved onto networks and cloud systems, the game changed. NIST defines intrusion detection as monitoring events in a system or network for signs of possible incidents, and says intrusion prevention systems can also try to stop them. CISA says firewalls shield computers and networks from malicious or unnecessary traffic, while NIST says cryptography is used to protect sensitive digitized information during transmission and while in storage. In other words: the modern office traded one locked box for a whole stack of digital locks, alarms, and panic buttons.

    Of course, the modern setup has its own virtues. Data can be backed up automatically, shared instantly, and protected with layered controls that the floppy-disk era never needed. NIST’s storage-encryption guidance still says organizations should physically secure devices and removable media, which is a polite way of saying: the box still matters, even when the box now lives in a server rack. Security did not become less important; it became more complicated, which is basically the same thing with extra meetings.

    So yes, a locked plastic box full of floppies could be safer than a badly configured internet-facing system. But that is not because the past was wiser. It is because the past had fewer doors, fewer windows, and fewer strangers trying every handle on the planet at once. Security has always been a trade-off between convenience and control; we just used to do the math with keys instead of passwords.

    Sources:
    Britannica — https://www.britannica.com/technology/floppy-disk
    Pew Research Center — https://www.pewresearch.org/internet/2014/02/27/part-1-how-the-internet-has-woven-itself-into-american-life/
    NIST SP 800-94 — https://csrc.nist.gov/pubs/sp/800/94/final
    CISA firewalls — https://www.cisa.gov/news-events/news/understanding-firewalls-home-and-small-office-use
    NIST SP 800-175B Rev. 1 — https://csrc.nist.gov/pubs/sp/800/175/b/r1/final
    NIST SP 800-111 — https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-111.pdf
    Wikimedia Commons image page — https://commons.wikimedia.org/wiki/File:Floppy_Disk_HD.jpg

    The Thisclaimer logo blends a classic warning symbol with a brain icon to represent critical thinking, curiosity, and thoughtful disclaimers. #cybersecurity #dataSecurity #encryption #firewalls #floppyDisks #internet #internetHistory #intrusionDetection #officeHistory #openSource #physicalSecurity #techNostalgia #technology #ubuntu #wordpress
  16. Why a Locked Floppy Disk Could Be Safer Than a Modern Network

    Photo by CCDBarcodeScanner, licensed CC BY-SA 4.0 via Wikimedia Commons.

    Dear Cherubs, in the 1990s, office security had the elegance of a locked drawer and the threat model of a very determined coat thief. Floppy disks were the workhorses of the era, and Britannica notes they were popular from the 1970s until the late 1990s, made of flexible plastic coated with magnetic material. Before the internet became an everyday business utility, many workplaces were still mostly offline; Pew Research found that in 1995 only 14% of U.S. adults had internet access, and 42% had never heard of it.

    THE LOCKED-BOX LOGIC

    If your payroll files, drafts, and backups lived on removable media, the cleanest security move was physical control. Put the disks in a cabinet, lock the cabinet, and hope nobody on the third floor had a master key and a curious streak. It was a blunt system, but it worked because access was local, slow, and obvious. If someone needed a copy, they usually had to walk over, ask, sign something, and maybe endure a suspicious look from whoever guarded the supply room.

    That is the part people forget when they romanticize the old days. The security was not magical; the attack surface was just tiny. To steal the data, someone usually had to be in the building, or at least within arm’s reach of the media. Annoyingly low-tech, yes. Also annoyingly effective.

    MODERN SECURITY, NEW PROBLEMS

    Once files moved onto networks and cloud systems, the game changed. NIST defines intrusion detection as monitoring events in a system or network for signs of possible incidents, and says intrusion prevention systems can also try to stop them. CISA says firewalls shield computers and networks from malicious or unnecessary traffic, while NIST says cryptography is used to protect sensitive digitized information during transmission and while in storage. In other words: the modern office traded one locked box for a whole stack of digital locks, alarms, and panic buttons.

    Of course, the modern setup has its own virtues. Data can be backed up automatically, shared instantly, and protected with layered controls that the floppy-disk era never needed. NIST’s storage-encryption guidance still says organizations should physically secure devices and removable media, which is a polite way of saying: the box still matters, even when the box now lives in a server rack. Security did not become less important; it became more complicated, which is basically the same thing with extra meetings.

    So yes, a locked plastic box full of floppies could be safer than a badly configured internet-facing system. But that is not because the past was wiser. It is because the past had fewer doors, fewer windows, and fewer strangers trying every handle on the planet at once. Security has always been a trade-off between convenience and control; we just used to do the math with keys instead of passwords.

    Sources:
    Britannica — https://www.britannica.com/technology/floppy-disk
    Pew Research Center — https://www.pewresearch.org/internet/2014/02/27/part-1-how-the-internet-has-woven-itself-into-american-life/
    NIST SP 800-94 — https://csrc.nist.gov/pubs/sp/800/94/final
    CISA firewalls — https://www.cisa.gov/news-events/news/understanding-firewalls-home-and-small-office-use
    NIST SP 800-175B Rev. 1 — https://csrc.nist.gov/pubs/sp/800/175/b/r1/final
    NIST SP 800-111 — https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-111.pdf
    Wikimedia Commons image page — https://commons.wikimedia.org/wiki/File:Floppy_Disk_HD.jpg

    The Thisclaimer logo blends a classic warning symbol with a brain icon to represent critical thinking, curiosity, and thoughtful disclaimers. #cybersecurity #dataSecurity #encryption #firewalls #floppyDisks #internet #internetHistory #intrusionDetection #officeHistory #openSource #physicalSecurity #techNostalgia #technology #ubuntu #wordpress
  17. Fitness Equipment Exposes Weak Link in Gym Security

    A recent security mishap at a gym serves as a stark reminder of the importance of safeguarding sensitive information, as a technician's careless mistake - stapling configuration details to a cupboard - left fitness equipment vulnerable to exploitation by mischief makers. This embarrassing blunder highlights the need for vigilance in…

    osintsights.com/fitness-equipm

    #GymSecurity #PhysicalSecurity #IotSecurity #EmergingThreats #FitnessEquipment

  18. Bulk edit 500 cameras across every site - one screen, one click.

    Recording schedules, credentials, modes - any manufacturer, updated in real time.

    Rows glow when something changes, so nothing slips past you.

    Live now for all TetherX users.

    How do you currently handle config changes across a large estate - one device at a time?

    #VideoSurveillance #SecurityIntegrators #PhysicalSecurity #TetherX

  19. #physicalsecurity #cybersecurity #trustedplatformmodule #tpm #fujitsu secured! The tpm is only plugged and the only defense against simply unplugging it and taking it away together with the mass storage is a strategically dremeled screw. Well, it is a rather cheap system, but still...

  20. #physicalsecurity #cybersecurity #trustedplatformmodule #tpm #fujitsu secured! The tpm is only plugged and the only defense against simply unplugging it and taking it away together with the mass storage is a strategically dremeled screw. Well, it is a rather cheap system, but still...

  21. This guy is handcuffed in our village! If you want to learn how to get out of handcuffs come by RSAC, in Moscone South 204 before we close at 2pm! #RSAC #RSAC2026 #RSAConference #physicalsecurity #handcuffs #physicalsecurityvillage

  22. This guy is handcuffed in our village! If you want to learn how to get out of handcuffs come by RSAC, in Moscone South 204 before we close at 2pm! #RSAC #RSAC2026 #RSAConference #physicalsecurity #handcuffs #physicalsecurityvillage

  23. We spend so much time hardening our #GrapheneOS devices and sandboxing our apps, but we often leave our front doors wide open to analog tracking. 📬

    In Episode 19 of Impractical Privacy, we dive into:
    🔹 The MICT program
    🔹 The Informed Delivery trap
    🔹 Physical Defense

    Your residence shouldn't be a data point on a broker's map. It’s time to shred the paper trail. ✂️
    Listen here: impracticalprivacy.com
    #Privacy #DigitalSovereignty #Metadata #Sudo #OptOut #SelfHosting #PhysicalSecurity #USPS

  24. We spend so much time hardening our #GrapheneOS devices and sandboxing our apps, but we often leave our front doors wide open to analog tracking. 📬

    In Episode 19 of Impractical Privacy, we dive into:
    🔹 The MICT program
    🔹 The Informed Delivery trap
    🔹 Physical Defense

    Your residence shouldn't be a data point on a broker's map. It’s time to shred the paper trail. ✂️
    Listen here: impracticalprivacy.com
    #Privacy #DigitalSovereignty #Metadata #Sudo #OptOut #SelfHosting #PhysicalSecurity #USPS

  25. A little work kvetching here, but willing to be contradicted by people in the know:

    It is my experience that there are only two tiers of physical access control integrators: certifiably high-security operations, and everyone else.

    ...and my ongoing ~2 decades worth of experience with varied providers of the latter category is that they all seem to be awful without exception.

    #PhysicalSecurity #AccessControl #Security

  26. A little work kvetching here, but willing to be contradicted by people in the know:

    It is my experience that there are only two tiers of physical access control integrators: certifiably high-security operations, and everyone else.

    ...and my ongoing ~2 decades worth of experience with varied providers of the latter category is that they all seem to be awful without exception.

    #PhysicalSecurity #AccessControl #Security

  27. Caetra new release v1.2.0; added new shield that reacts when a webcam turns it on/off.

    With this shield we are trying to avoid privacy leaks from you and others, among possible security visual breaches like harvesting information about your surroundings. Do not forget to cover your webcam with a nice cat sticker :3

    github.com/carvilsi/caetra

    #physicalSecurity #physicalAttacks #linuxhardening #hardwareSecurity #bpf #ebpF #bcc

  28. Thank you Guadalajara and HackGDL for having us! We hope you all had a great time at the village with us and we look forward to seeing you at the next con!

    #hackGDL #physsec #physicalsecurity #physicalsecurityvillage

  29. Thank you Guadalajara and HackGDL for having us! We hope you all had a great time at the village with us and we look forward to seeing you at the next con!

    #hackGDL #physsec #physicalsecurity #physicalsecurityvillage

  30. Evidence review just got faster.

    TetherX's new Event Player plays gapless footage start to finish - intelligent thumbnails surface the best frame every 5 seconds, so a one-second run-through doesn't get missed.

    Wall-clock timestamps. Variable speed. Full scrub control.

    is.gd/WDl9Mu

    How do you currently handle events where the key moment lasts under a second?

    #PhysicalSecurity #VideoSurveillance #SecurityIntegrators #TetherX

  31. New Caetra release; Fix bug related with bcc adding missing struct bpf_wq to support kernel 6.14.0-37 on 24.04.1-Ubuntu (noble)

    github.com/carvilsi/caetra

    #eBPF #physicalSecurity #securityTools #monitoring

  32. A new report from the BSI reveals how drones can be used as mobile hacking hubs to bypass fences and target data centers directly. From signal jamming to "shoulder surfing" through windows, the threat is no longer just physical.

    Read More: security.land/drone-cyber-thre

    #SecurityLand #BusinessShield #Drone #BSI #Germany #CorporateSecurity #DroneAwareness #Cybersecurity #PhysicalSecurity #Government

  33. The suspected rail sabotage in northern Italy highlights a recurring challenge: protecting physical infrastructure during high-profile global events.

    With fires, damaged signaling components, and hours-long delays reported, the incident underscores how transport systems remain exposed to disruption even without advanced technical methods.

    Source: therecord.media/italy-suspecte

    💬 How should critical infrastructure protection evolve for large-scale international events?

    🔔 Follow TechNadu for ongoing analysis of infrastructure and security risks

    #CriticalInfrastructure #InfrastructureSecurity #PhysicalSecurity #RiskAssessment #PublicTransport #TechNadu

  34. The suspected rail sabotage in northern Italy highlights a recurring challenge: protecting physical infrastructure during high-profile global events.

    With fires, damaged signaling components, and hours-long delays reported, the incident underscores how transport systems remain exposed to disruption even without advanced technical methods.

    Source: therecord.media/italy-suspecte

    💬 How should critical infrastructure protection evolve for large-scale international events?

    🔔 Follow TechNadu for ongoing analysis of infrastructure and security risks

    #CriticalInfrastructure #InfrastructureSecurity #PhysicalSecurity #RiskAssessment #PublicTransport #TechNadu

  35. We've rebuilt the TetherX website from the ground up.

    New Partner Directory connects customers directly with integrators. They find you, submit project details, you get a qualified lead by email.

    Proper Knowledge Base now live: user guides, control room workflows, integrator docs, API reference.

    tetherx.io

    What feature would make the biggest difference to how you quote or deploy security projects?

    #SecurityIntegration #PhysicalSecurity #TetherX

  36. Just released v1.0.1 of Caetra: Linux Physical Security based on eBPF.

    🐛 Fix bug related with bcc v0.35.0 (supports up to Linux 6.14), adding missing struct "bpf_task_work" to support kernel 6.18.5

    github.com/carvilsi/caetra

    #eBPF #bcc #physicalSecurity

  37. Linux Physical Security based on eBPF

    By now uses CanaryToken and-or TelegramBot to send notifications

    I have in mind some TODOs, one of them is about monitor accelerometers, if someone has accelerometers sensors on the laptop, please send DM I'm very hype to implement this feature.

    github.com/carvilsi/caetra

    #eBPF #canaryToken #physicalSecurity #monitoring

  38. An interesting read on physical car security for keyless entry and engine starts.

    paigehai.github.io/blog/my-key

    But I doubt that any of the current mitigation techniques will in broad practice bear any fruit because ... people love the convenience. That's why they buy that sh*t. That's why they use Gmail, etc.

    And manufacturers aren't moving fast (or at all), and definitely not on vehicles already sold.

    In my books, the main problem mainly originates between the ears of people/customers.

    #car #security #keyless #theft #physicalsecurity

  39. Beyond the surface of a steel door lies a world of precision engineering. From internal reinforcements to blast-resistant cores. Ever wondered what makes a security door virtually impenetrable?

    We’re peeling back the steel layers to show you.

    vocal.media/stories/the-hidden
    #SecurityEngineering #SteelDoors #PhysicalSecurity #Architecture #BuildingDefense

  40. New release v5.1.2 for CanaryUSB that fixes a :bug: when building long canaryDNS tokens.

    Get a mail notification via, Canary Tokens (DNS) when a USB or SDCard device is connected on a Linux computer.

    Also it is possible to de-authorize an USB that is not present on trusted devices list.

    github.com/carvilsi/canaryusb/

    #usb #linux #security #physicalSecurity #sdcard #canaryToken

  41. @[email protected] @GrapheneOS

    Pros of mobile over desktop/tablet/laptop form factor -->

    Physical security of your primary cpu and disk is enhanced by the kind of portability you can always keep in your pocket. No evil maid attacks with your (convergence?) daily driver always in sight. No bad usb (rubber ducky) attacks or untrusted peripherals.

    #SecureBoot protections only necessary realistically in very narrow circumstances like border crossings or seizures.

    #PhysicalSecurity #AEM #BadUSB #Mobile #Convergence #RFHardened

  42. New Attacks Against Secure Enclaves

    Encryption can protect data at rest and data in transit, but does nothing for data in use. What we have are secure enclaves. I’ve written about thi... schneier.com/blog/archives/202

    #physicalsecurity #cloudcomputing #dataprotection #Uncategorized #hardware