Brutkey

Bob Young
@fifonetworks@infosec.exchange

FIFO Networks is now offering cybersecurity services to the resistance.

Bob Young
@fifonetworks@infosec.exchange

Now offering personal cybersecurity setup for journalists, stalking victims, and others.
Secure communications channels.
Financial account separation.
Reduced location tracking.
Social media security settings.

All work can be done remotely.
It doesn’t matter where you are.
I don’t even have to know where you are.
I will never at any time be able to access your accounts.
Pay by credit card, PayPal, or Venmo.

For more information use the “Contact Us” page on my website.
It’s only me. You’ll be communicating directly with me.
https://fifonetworks.com/contact-us/

Bob Young
@fifonetworks@infosec.exchange

#introduction

I’m an old guy who chooses not to retire because cybersecurity is so much fun. Why would I stop doing something I love?

I’m safe to be around in the Fediverse, regardless of your ethnicity, gender identity, age, whatever. You be you; that’s important.

Self-employed since 2003. Taught college courses evenings and weekends for 17 years in addition to working during the day. I still teach technology to engineers and technicians at companies around the USA. My LinkedIn profile has more info.

Mostly I toot about the same things I do for money: cybersecurity (infrastructure, policy, training), wireless systems, and telecommunications.

I’m not here for politics, and no, I’m not flirting with you. Let’s just enjoy technology and humor about technology together.

Bob Young
@fifonetworks@infosec.exchange

FIFO Networks is now offering cybersecurity services to the resistance.

Bob Young
@fifonetworks@infosec.exchange

It finally happened. If an email header contains “DocuSign” it’s redirected to the Spam Review folder automatically.
The decision is based on simple statistics.
If I’m supposed to get something via DocuSign, I’ll know it in advance. If I’m not expecting it, it can be ignored.

Bob Young
@fifonetworks@infosec.exchange

I'm likely to do it with Gmail, too, to be honest. I can always whitelist a few friends' addresses.

Bob Young
@fifonetworks@infosec.exchange

It finally happened. If an email header contains “DocuSign” it’s redirected to the Spam Review folder automatically.
The decision is based on simple statistics.
If I’m supposed to get something via DocuSign, I’ll know it in advance. If I’m not expecting it, it can be ignored.

Bob Young
@fifonetworks@infosec.exchange

The Cyber Security Hub posted the INTERPOL AFRICA CYBERTHREAT ASSESSMENT REPORT 2025 on LinkedIn today. Since I just got my first client in the Democratic Republic of the Congo a couple of weeks ago, I downloaded it and read it. It's a strange new world for me. Last month I wouldn't even have noticed that post, but now it stands out and calls my name.

Bob Young
@fifonetworks@infosec.exchange

By chance while doing an email search I ran across an email from a former client. Our last correspondence was in April 2016, but things ended on good terms. I thought, "What the heck, I'll send an email and check in, maybe get a gig with this company again." It's been 9 years since last contact, but who knows? You miss 100 percent of the shots you don't take, right? The email bounced almost immediately: "Recipient not found by SMTP address lookup." Just for grins I did some OSINT research. The guy is probably retired. That's one of the problems I face as I get older, but continue working. Some of my contacts exit the playing field. The lesson is, never stop marketing, and ALWAYS generate new relationships and contacts.

Bob Young
@fifonetworks@infosec.exchange

Knowing your KEVs is way more important than knowing your CVEs.

CVEs – Common Vulnerabilities and Exposures. Anyone who has ever taken a beginner’s course in cybersecurity should be familiar with the CVE list. If a vulnerability is verified, a CVE Numbering Authority (CNA) assigns it a number, like CVE-2025-49706. The repository for this information is cve dot org.

KEVs – Known Exploited Vulnerabilities. This list is maintained by CISA. The KEV catalog is a shorter list. It contains the CVEs that are known to have been “exploited in the wild.” (cisa dot gov / known-exploited-vulnerabilities-catalog).

The difference is important because some vulnerabilities identified in the CVE list are real enough, but they’re difficult to exploit at scale. A cybercriminal reads the latest CVE list and says, “Forget that one – that takes too much effort.” The cybercriminal reads another item on the list and says, “Oh, wow, I can do that with my existing tools!”

When you’re prioritizing your work, knowing the KEVs is a helpful guide.

Here’s a picture of the 14 SonicWall entries in the KEV catalog, as of August 11. Bigger organizations have more entries. Microsoft, for example, has 338 KEVs.

You shouldn’t ignore any CVE Record. Comparing the CVEs against the KEVs is a tool for prioritizing your work, not an excuse for neglect.

One last thing: before you comment that “there are automated tools for this,” keep in mind that in the USA 99.9% of all businesses employ fewer than 500 employees. In fact, the average number of employees for all US businesses is 10.5 (source: Statista). Most of these businesses are not paying for automated tools. If anyone at all is looking out for their cybersecurity, it means visiting the CVE and KEV source websites regularly and checking the new entries. Some of the bigger vulnerabilities make it into the news, but not all of them. You have to do the work and look. If your hardware and software inventories are up to date, you can sort by vendor and easily see if there are new entries that are relevant.

#CallMeIfYouNeedMe #FIFONetworks

#cybersecurity #CVE KEV #SmallBusiness

Bob Young
@fifonetworks@infosec.exchange

@Edent@mastodon.social
Your question sent me on a quest through RFC 5321, and I still don't know the answer. I'm guessing that more than one dot in a row isn't valid, but I've been wrong before.

Bob Young
@fifonetworks@infosec.exchange

@Edent@mastodon.social
The 64 octet limit is legit, though.

RFC 5321
"The local-part of a mailbox MUST BE treated as case sensitive. Therefore, SMTP implementations MUST take care to preserve the case of mailbox local-parts. In particular, for some hosts, the user "smith" is different from the user "Smith". However, exploiting thecase sensitivity of mailbox local-parts impedes interoperability and is discouraged."

"Local-part = Dot-string / Quoted-string; MAY be case-sensitive"

"While the above definition for Local-part is relatively permissive, for maximum interoperability, a host that expects to receive mail SHOULD avoid defining mailboxes where the Local-part requires (or uses) the Quoted-string form or where the Local-part is case-sensitive."

"4.5.3.1.1.
Local-part The maximum total length of a user name or other local-part is 64 octets."

Bob Young
@fifonetworks@infosec.exchange

My wife is doing something mysterious on her iPad. What programming language is this?

Bob Young
@fifonetworks@infosec.exchange

And the answer is: it's a crochet pattern. Not knitting, but similar.

Bob Young
@fifonetworks@infosec.exchange

“Never eat alone.”
I’m doing a job in Georgia at the end of the month. I’d love to meet some of my LinkedIn connections for dinner. I’ll be staying in Kennesaw, available around 6-ish on August 25, 26, and 27. Depending on how many people schedule, they may be group dinners, no guarantees of one-to-one, but it’s possible. The only rule is, no sales pitches. This is just a time for getting to know each other, build relationships, and hopefully learn from each other.
Ways to schedule:
DM me on LinkedIn
My mobile number is in the “Contact info” section of my profile
Use the “Contact Us” page at fifonetworks dot com. (“Contact us” is contacting me. I’m a sole proprietor. It’s only me).

#cybersecurity #InformationTechnology #networking #wireless #VoIP #telecom

Bob Young
@fifonetworks@infosec.exchange

My wife is doing something mysterious on her iPad. What programming language is this?