CISO at @sardineai. Treasurer of @OWASP Board of Directors. (he/him) qatta' mIghtaHghach.

Phoenix, AZ
Joined July 2009
Free ethical hacking course, but you have about 5 hours to sign up for free. udemy.com/course/ethical-hac…
1
1
And to be clear, I also ask employees to not break the law for their own benefit. It’s a solid 10 minutes of reminding them to conduct business lawfully.
1
In my security awareness training, I cover ethics and ask employees to NOT break the law to benefit the company, then give a bunch of examples. I’ll be adding this one to to deck.
Ticketmaster to pay $10 MILLION fine for illegally accessing computer systems of a competitor in an attempt to "cut [its rival] off at the knees." Read: thehackernews.com/2021/01/ti… #infosec #cybersecurity #privacy #hacking #databreach
2
The @Meetup platform being abused to send spam. Apparently you can have a URL as your name.
1
1
Bil Corry retweeted
Hi! I would like to release the new version of Tamper Chrome. It's a HTTP Request/Response interception tool. It's very simple for now. If you have time, please help me test it to uncover embarrassing bugs! tamper.dev/ Fixed the old bugs.
New version of Tamper Chrome under development. Looking for testers :) Known Bugs: - Deleting headers doesn't delete them - You have to scroll to see new requests below Missing Features: - Response interception - Repeating requests github.com/google/tamperchro…
42
88
Bil Corry retweeted
XS-Leaks (cross-site leaks) is a class of issues which poses interesting challenges for security engineers and web browser developers due to a diversity of attacks and the complexity of building comprehensive defenses: #XSLeaks #AppSec xsleaks.dev/
5
8
Warning from the FBI about swatting attacks that also include hacking of home smart devices, which are then used to interact with the police and stream the entire event. ic3.gov/Media/Y2020/PSA20122…
1
1
Here's a short 28-minute documentary about the time that Big Tech colluded to cheat workers out of wages. Since it happens repeatedly, you'll have to watch to know which one this is about. vimeo.com/327830855
1
Even better, don’t send phishing emails at all, save that money and time for other more valuable efforts, and instead use your real phishing emails as the basis for improving your program. 3/3
1
That’s why employees hate phishing tests when they’re held accountable, it doesn’t prove anything. It’s trivial to create a highly clicked-on email, I’ve created many. Use the click-thru rate as a means to shore up controls and training. 2/3
1
Phishing tests are testing the security team’s technical controls and education; if an employee is duped, it’s the security team, not the employee, that failed. 1/3 coppercourier.com/story/goda…
1
That’s not what “optional” means! “The collection of such data is optional, but necessary if you choose to use the online proctoring function.” Source: home.pearsonvue.com/privacy#…
Bil Corry retweeted
"Details on proposed changes to HIPAA’s Privacy Rule" (via @DailyDashboard) ow.ly/OrMK50CSrZf
1
4
(Sadly, you have to be a member of Infragard to watch it)
InfraGard had a recent talk regarding paying ransoms to someone on OFAC’s SDN list. Summary: reach out to FBI and OFAC first and fully cooperate with their investigation. That will weigh more positively when the case makes it to DOJ. Replay on @InfraGardNatl website.
BBC News - Hackers threaten to leak plastic surgery pictures bbc.co.uk/news/technology-55… and the group is on the USA's denied person's list so paying the ransom may be problematic
1
1
1
BTW, this is the same issue with federal taxes for Americans working abroad, along with Americans living in US-territories. Perverse that the American colonies argued that representation is required to tax as a fundamental right, then turns around and does the same thing.
1
1
Massachusetts 1764: no taxation without representation Massachusetts 2020: New Hampshire remote workers still owe us taxes even though they have no representation. wsj.com/articles/states-squa…
1
Are you an OWASP Foundation member? If so, get yourself an Xmas present of a SecureFlag account which is now part of your benefits. If not, then give us an Xmas gift and sign up. Getting yourself a gift in the process! lnkd.in/dm4F9iP
5
8
I watched it live, it was fantastic! helenjanelong.com/product/li…
If you missed the live streaming show then great news due to rather massive demand, we’ve added it to our concert page so you can watch it for a further 5 days!! Happy Christmas! 🎄
Using AI to track down forced labor in high-seas fishing. globalfishingwatch.org/resea…