My colleague Mansi wrote an awesome series on Java crypto last year, and just published a great update to it.

veracode.com/blog/research/jav

The weather here got up to -5°C over the weekend, so we took a light hike along the Vermillion River. Frozen waterfalls!

Brave browser leaking your TOR data by DNS...

well, I guess I can't use that source anymore...

Get fedi hired! 

looking for a DevSecOps Consultant who has experience building and deploying CI/CD pipelines in the cloud and is an expert in automation using Terraform or Ansible.

Also looking for someone with in-depth Cisco Networking experience, as well as expertise working with Cisco Firepower firewalls. You must be proficient in creating and writing firewall rules, and have in-depth knowledge of network security.

I'm hiring two Principal Security Researchers to join my Applied Research Team at Veracode. One focused on application static analysis and auto-remediation, one focused on dynamic analysis of web apps and web APIs.

My team is fully remote always (we have team members in EU, UK, US so far), great support for education (including attending conferences), pursuing your own projects, flexible scheduling, etc.

Boosts appreciated!

More info: mobile.twitter.com/chriseng/st

And here's my little hacky script to talk to SmartThings to toggle lights: github.com/darrenpmeyer/smartt

It depends on a "just enough to work" implementation of the SmartThings API here: github.com/darrenpmeyer/python

Show thread

Built a little Python agent that monitors my macOS process list to see if I'm actively in a Zoom call, and runs an "on air" script when I join one and an "off air" script when I end one. I use this to automatically turn on a smart light I've designated as an "on air light" so my family knows when I'm on a call.

Very much "works on my machine", but people might find this useful

github.com/darrenpmeyer/pyzoom

@TheGibson we have a local place in the Twin Cities that very much has that sort of vibe, called The Electric Fetus. They're struggling due to the constraints of the pandemic, and I'm worried we'll lose them.

@vertigo there's no need to specifically have done research before. I'm looking for a good mix of development and security knowledge and an ability to think like a hacker. Formal dev proofs? Hell yeah, that helps

@superruserr hey, @ TheGibson @hackers.town mentioned you might be looking, and I'm hiring appsec research. Check latest post and let me know if that's possibly a fit!

I'm hiring two Principal Security Researchers to join my Applied Research Team at Veracode. One focused on application static analysis and auto-remediation, one focused on dynamic analysis of web apps and web APIs.

My team is fully remote always (we have team members in EU, UK, US so far), great support for education (including attending conferences), pursuing your own projects, flexible scheduling, etc.

Boosts appreciated!

More info: mobile.twitter.com/chriseng/st

Can anyone recommend—by which I mean actually vouch for—good courses/book/programs to teach an already-technical person about web app security from a pentesting standpoint?

A whole story setup just for one tiny character moment. 

@polychrome @drwho I would enjoy this

But it's depressing that it took me a moment to realize you meant "Q from the Bond universe" not "Q the right-wing cult leader"…

@TheGibson I respect the folks who clearly know how this stuff works providing their viewpoint. None of them are shitting on Signal though; their takes tend to me more measured and charitable

@TheGibson the fact they recovered fairly quickly suggests to me they had a pretty good plan. I bet the retro will find holes. But until you've been through an event like this, you can't know which of your tech debt decisions are going to bite you or which assumptions you got wrong

Scaling is hard. Resilience is hard. Half the people chucking rocks have never had to solve either problem for anything

@amsomniac yeah, it's frustrating for sure. But that doesn't necessarily mean federation would have saved them or that federation is right for them. Like anything, federation is a set of trade-offs, and treating it as a panacea is silly

A federated comms network with a 5x unplanned growth over a few days would have different, but still severe, problems

@amsomniac anything can scale at reasonable pace, and every approach has hard parts.

Email has a large enough presence now that the network can withstand large scaling events, but "suddenly there are 5x the number of mail users on the existing services" would have caused serious issues not that long ago. Hell, email HAS HAD past scaling issues

Federation doesn't magically solve scaling

@TheGibson I dunno, there aren't a whole lot of orgs that could handle 50 million new users in a weekend without issues. There's always stuff you could have done better, because there's always something you didn't anticipate

Spending a lot of cash for something that MIGHT happen doesn't always make sense either, so…

@amsomniac no, people are saying that if they were, they wouldn't have these scaling issues. As if federation automatically solves scaling or something

Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.