I once asked a candidate if they knew what SNI was. He replied that it was the thing that let him know what web sites people were going to even though they were using https. Correct answer I suppose.
Firefox Nightly now supports encrypting the TLS Server Name Indication (SNI) extension, which helps prevent attackers on your network from learning your browsing history. You can enable encrypted SNI today and it will automatically work with any site https://blog.mozilla.org/security/2018/10/18/encrypted-sni-comes-to-firefox-nightly/
"Detecting the use of "curl | bash" server side" (as opposed to curl & save to a file).
Now this is some very clever, and scary, stuff. It's possible to detect if a #HTTPS request is being piped directly into #bash or just saved to a file. You can use this to send a different file (& commands!) only when it's going straight into bash.
I hate the birdsite’s algorithmic timeline. Someone posts “here’s a great keynote.” Original tweet of keynote is 3 days old. I watch the keynote. It is good. Now I have like 5 more tweets in my timeline saying “here’s a great keynote” all linking to exactly the same tweet. Ugh.
Wanna tell #AWS what you think of them? They're actually surveying. They want to know how the business is perceived by people. If you wanted a chance to be heard, this is that chance.
I finally did it. I moved my blog off of self-hosted WordPress and onto static HTML on S3, CloudFront, etc. using Hugo. I brought all my WP content across, converted to markdown. There are plenty of glitches, but this is faster, cheaper, and more secure.
Spent the whole day teaching cloud security to AWS partners. Fun but exhausting.
And if you "Cyber Security" as well as "Blockchain Evangelism" on your CV, I think we can safely pass...
People with "knowledge of the cyber domain" are also low on my list. What the fuck is #cyber? Can you name me two things? One that everyone would agree is cyber and one that everyone would agree is totally not cyber? I mean, I'm gonna assume a horse isn't cyber. But maybe it is. A chair? A door? Obviously everything that has electricity is cyber. An electric toothbrush, a kettle, an analog wristwatch. I just want to cyberstab myself in the cybereye.
It is hard to take someone seriously whose CV talks about the "challenges of Cyber" including the gratuitous capitalisation...
While a hilarious news story, it also shows how—for outsiders—Dublin is Ireland. London is the UK. Edinburgh is Scotland. Paris is France. When you're acquainted with these countries, you lose this association. But the fact that they use "Ireland" in the headline shows how implicit this association is. https://newsbots.eu/@boingbot/100838198961797718
Reading about the alleged hardware supply chain attack. This is a hilarious quote.
I have been a #FreeBSD user for a very long time. But I have rarely been prouder of them than when i read their Code of Conduct. Wow. Just Wow. So thorough. Impressive. I hope they live up to it in practice.
I'm sick and tired of people framing the speed disparity between security and development as "development going to fast" instead of "security going too slow". A blog post from ThreatStack (typical survey-backed marketing spew) got me going this morning. I rewrote it from the "your security team can't keep up" point of view. Makes it a really different read.
Cloud Security Consultant at AWS. Based in London. Opinions are my own, etc.
A Mastodon instance for info/cyber security-minded people.