CISO at @sardineai. Treasurer of @OWASP Board of Directors. (he/him) qatta' mIghtaHghach.
Phoenix, AZ
Joined July 2009
- Tweets 8,305
- Following 139
- Followers 776
- Likes 17,402
Bil Corry retweeted
It's exciting to see Encrypted Client Hello coming closer to reality--one more tracking vector on the way to being squashed. Still a ways to go and lots of testing before real-world use (spec is not final).
Over the last few months I've been helping to move forward the Encrypted Client Hello extension, which brings full handshake encryption to TLS 1.3. Making deployed crypto more secure is hard, but rewarding work. Follow along here: blog.cloudflare.com/encrypte…
1
10
Every generation for thousands of years thought kids were ruining things, described by the authors as a "pervasive illusion of humanity."
advances.sciencemag.org/cont…
15-year-old scientist and inventor Gitanjali Rao is named Time's Kid of the Year (and is well deserved!).
npr.org/2020/12/03/942034617…
Bil Corry retweeted
Thought that we forgot about #xsleaks? Nothing could be more wrong! Today we launch an improved XS-Leaks wiki:
xsleaks.dev
The project is open-sourced and everyone is welcome to contribute. The code can be found here github.com/xsleaks/wiki.
3
110
4
296
This documentary about the USPS' 100-year-old "Operation Santa" tradition looks to be awesome.
dearsanta.movie/videos/
1
2
Beautiful story, be sure to watch the video.
abajournal.com/news/article/…
SAMM and BSIMM are two ways to assess the maturity of your AppSec program. Wonder what the difference is?
Here's a comparison:
owaspsamm.org/blog/2020/10/2…
Back when I owned the bug bounty program at PayPal, I was adamant that researchers should be able to post their findings after it was patched. That’s how the community can collectively learn.
This is even better, do it! 💪
For the exemplar of "doin' it right", see Dropbox, who leave the researchers in control: dropbox.tech/security/protec…; Dropbox does not use the bug bounty to buy silence; neither does Dropbox reserve the right to take forever to fix.
1
3
Me: I hope this 4-hour final for contract law won't take 4 hours, it's just 17 questions.
<3 hours and 46 minutes later>
Me: I finished with 14 minutes to spare!
Lesson: take your wins where you can find them...
2
Bil Corry retweeted
It's Giving Tuesday! As the largest not for profit for AppSec globally, we rely upon memberships, corporate support, and donations to execute our mission. Please join, donate, or sponsor us today!
Donate here:
owasp.org/donate/
11
2
15
The spam money requests via @paypal are getting more creative. CAD $75 to help improve his beatboxing skills!
1
2
Not sure what is going on here, but @gmail is gaslighting me with "seid" which isn't even a word?!
More odd, only seems to happen with "Jef", "Jeff", and "Jeffr" in front of "said". I wonder if there's a Google engineer named "Jeff" that is being made fun of for using "seid"?
Wow, @Twitch really up the game for secure passwords. My 32 character password is "too easy to guess" 🤔
1
1
Amazon is preparing the next generation for their low-income workforce.
2/2 "Prospective employees can find jobs, apply, and be hired entirely online, without talking to a single person....[Amazon is now] working with preschools to establish the foundation of tech education so that [our] 'pipeline [of labor] is there and ready' in the future.”
1