CISO at @sardineai. Treasurer of @OWASP Board of Directors. (he/him) qatta' mIghtaHghach.

Phoenix, AZ
Joined July 2009
I found logic bugs that allow audio or video to be transmitted without user consent in five mobile applications including Signal, Duo and Facebook Messenger googleprojectzero.blogspot.c…
26
611
73
1,600
Also, pay attention to the various plans. I wanted to add Live TV and missed the option that included it, so ended up losing Disney+. That small print that says what you're adding and removing is important. You may not think you're removing a service, but you just might be.
PSA: if you change your @hulu plan more than once in a month, they will gladly double-bill you for services you already paid for. Lesson: wait until it's about to renew, then change it.
2
1
Does anyone else get suggestions on Facebook for “People You May Know” where there are zero shared friends and no possible way you could know them? Are these paid advertisements? Super baffled why Facebook is constantly suggesting young, attractive women as potential friends.
6
1
"This is not justice." Justice Sotomayer's dissent lays out how the Supreme Court is aiding the government in (probable) illegal executions. You should read it. supremecourt.gov/opinions/20…
Hands down the worst CAPTCHA experience I've ever encountered. If the abandonment rate isn't 90%, then it must be because kids are more tolerant of bullshit.
It asks you to solve it five times, which seems overkill already. Then as you solve them, it then wants you to solve even more (once was 7 and another 8). And if you make a mistake, you have to start all over again.
1
I am becoming convinced CAPTCHAs are being used as free Mechanical Turks, forcing the user to solve a puzzle far more times than is necessary for some hidden purpose. Latest example, this gem from @Roblox (powered by @ArkoseLabs). /thread
1
Breach reports produced by outside forensic firms hired via outside counsel are likely not privileged. consumerprivacyworld.com/202…
1
What to learn about @owasp in a minute and a half? Many thanks to volunteer Nancy Gariché for putting this together! drive.google.com/file/d/10LV…
Have expertise in IoT security? The @owasp Internet of Things Security Verification Standard (ISVS) is seeking peer review of this new resource. Please take a look and contribute! github.com/OWASP/IoT-Securit…
Bil Corry retweeted
5
1
22
If you're validating identities by having users upload images of their government identification, then this court case might interest you. consumerprivacyworld.com/202…
4 Qs to unlock procrastination: How would someone successful complete the goal? How would you feel if you don’t do the required task? What is the next immediate step you need to do? If you could do one thing to achieve the goal on time, what would it be? bbc.com/worklife/article/202…
Every dreamed of owning a castle? A few years ago, I became a co-châtelain of la Mothe Chandeniers (@CMChandeniers), a castle in France. Want to join me? It's 79 euros and will help restore the castle. More info here: dartagnans.fr/en/projects/la…
This story suggests that Zoom may have surveillance capabilities or it could have been an overheard conversation. Seems like a honeypot opportunity to test. theintercept.com/2021/01/04/…
Wow, Softbank required to disclose attorney-client privileged communication because they used their Sprint email to communicate instead of Softbank email. Be sure to read the court opinion (link at the bottom of the article): businesslawtoday.org/month-i…
Bil Corry retweeted
You can make an app used by many millions of people that has no data...Cool chart by @forbes & @UKZak 🙈🙊🙉 forbes.com/sites/zakdoffman/…
139
3,823
551
9,813