Brutkey

Bob Young
@fifonetworks@infosec.exchange
Bob Young
@fifonetworks@infosec.exchange

FIFO Networks is now offering cybersecurity services to the resistance.

Bob Young
@fifonetworks@infosec.exchange

I'm likely to do it with Gmail, too, to be honest. I can always whitelist a few friends' addresses.

Bob Young
@fifonetworks@infosec.exchange

It finally happened. If an email header contains β€œDocuSign” it’s redirected to the Spam Review folder automatically.
The decision is based on simple statistics.
If I’m supposed to get something via DocuSign, I’ll know it in advance. If I’m not expecting it, it can be ignored.

Bob Young
@fifonetworks@infosec.exchange

The Cyber Security Hub posted the INTERPOL AFRICA CYBERTHREAT ASSESSMENT REPORT 2025 on LinkedIn today. Since I just got my first client in the Democratic Republic of the Congo a couple of weeks ago, I downloaded it and read it. It's a strange new world for me. Last month I wouldn't even have noticed that post, but now it stands out and calls my name.

Cover of the INTERPOL AFRICA CYBERTHREAT ASSESSMENT REPORT 2025
Bob Young
@fifonetworks@infosec.exchange

By chance while doing an email search I ran across an email from a former client. Our last correspondence was in April 2016, but things ended on good terms. I thought, "What the heck, I'll send an email and check in, maybe get a gig with this company again." It's been 9 years since last contact, but who knows? You miss 100 percent of the shots you don't take, right? The email bounced almost immediately: "Recipient not found by SMTP address lookup." Just for grins I did some OSINT research. The guy is probably retired. That's one of the problems I face as I get older, but continue working. Some of my contacts exit the playing field. The lesson is, never stop marketing, and ALWAYS generate new relationships and contacts.

Bob Young
@fifonetworks@infosec.exchange

Knowing your KEVs is way more important than knowing your CVEs.

CVEs – Common Vulnerabilities and Exposures. Anyone who has ever taken a beginner’s course in cybersecurity should be familiar with the CVE list. If a vulnerability is verified, a CVE Numbering Authority (CNA) assigns it a number, like CVE-2025-49706. The repository for this information is cve dot org.

KEVs – Known Exploited Vulnerabilities. This list is maintained by CISA. The KEV catalog is a shorter list. It contains the CVEs that are known to have been β€œexploited in the wild.” (cisa dot gov / known-exploited-vulnerabilities-catalog).

The difference is important because some vulnerabilities identified in the CVE list are real enough, but they’re difficult to exploit at scale. A cybercriminal reads the latest CVE list and says, β€œForget that one – that takes too much effort.” The cybercriminal reads another item on the list and says, β€œOh, wow, I can do that with my existing tools!”

When you’re prioritizing your work, knowing the KEVs is a helpful guide.

Here’s a picture of the 14 SonicWall entries in the KEV catalog, as of August 11. Bigger organizations have more entries. Microsoft, for example, has 338 KEVs.

You shouldn’t ignore any CVE Record. Comparing the CVEs against the KEVs is a tool for prioritizing your work, not an excuse for neglect.

One last thing: before you comment that β€œthere are automated tools for this,” keep in mind that in the USA 99.9% of all businesses employ fewer than 500 employees. In fact, the average number of employees for all US businesses is 10.5 (source: Statista). Most of these businesses are not paying for automated tools. If anyone at all is looking out for their cybersecurity, it means visiting the CVE and KEV source websites regularly and checking the new entries. Some of the bigger vulnerabilities make it into the news, but not all of them. You have to do the work and look. If your hardware and software inventories are up to date, you can sort by vendor and easily see if there are new entries that are relevant.

#CallMeIfYouNeedMe #FIFONetworks

#cybersecurity #CVE KEV #SmallBusiness

Here’s a picture of the 14 SonicWall entries in the KEV catalog, as of August 11. Bigger organizations have more entries. Microsoft, for example, has 338 KEVs.
Bob Young
@fifonetworks@infosec.exchange

@Edent@mastodon.social
The 64 octet limit is legit, though.

RFC 5321
"The local-part of a mailbox MUST BE treated as case sensitive. Therefore, SMTP implementations MUST take care to preserve the case of mailbox local-parts. In particular, for some hosts, the user "smith" is different from the user "Smith". However, exploiting thecase sensitivity of mailbox local-parts impedes interoperability and is discouraged."

"Local-part = Dot-string / Quoted-string; MAY be case-sensitive"

"While the above definition for Local-part is relatively permissive, for maximum interoperability, a host that expects to receive mail SHOULD avoid defining mailboxes where the Local-part requires (or uses) the Quoted-string form or where the Local-part is case-sensitive."

"4.5.3.1.1.
Local-part The maximum total length of a user name or other local-part is 64 octets."

Bob Young
@fifonetworks@infosec.exchange

And the answer is: it's a crochet pattern. Not knitting, but similar.

Bob Young
@fifonetworks@infosec.exchange

β€œNever eat alone.”
I’m doing a job in Georgia at the end of the month. I’d love to meet some of my LinkedIn connections for dinner. I’ll be staying in Kennesaw, available around 6-ish on August 25, 26, and 27. Depending on how many people schedule, they may be group dinners, no guarantees of one-to-one, but it’s possible. The only rule is, no sales pitches. This is just a time for getting to know each other, build relationships, and hopefully learn from each other.
Ways to schedule:
DM me on LinkedIn
My mobile number is in the β€œContact info” section of my profile
Use the β€œContact Us” page at fifonetworks dot com. (β€œContact us” is contacting me. I’m a sole proprietor. It’s only me).

#cybersecurity #InformationTechnology #networking #wireless #VoIP #telecom

Bob Young
@fifonetworks@infosec.exchange

My wife is doing something mysterious on her iPad. What programming language is this?

iPad screen showing letters and numbers.