Bil Corry @bilcorry

CISO at @sardineai. Treasurer of @OWASP Board of Directors. (he/him) qatta' mIghtaHghach.

 Phoenix, AZ
linkedin.com/in/bilcorry/
Joined July 2009
  • Tweets 8,305
  • Following 139
  • Followers 776
Load newest
This next one is not really something the Security team pushes onto users in so much as it is something the product team wants and Security often loses the fight to prevent it. So calling it out, because it's super dumb and we should stop allowing it.
1
3. "Secure" email products that require users to open HTML email attachments. The very same attack vector as some phishing. It has the additional downside of training users that opening HTML attachments is a normal behavior.
1
1
2. Preventing users from copying/pasting passwords. Besides being an accessibility issue, it doesn't seem to actually move the needle on security. @NCSC provides more background (and a link to @troyhunt's take) ncsc.gov.uk/blog-post/let-th…
2
1
I'm thinking of creating an @owasp Top Ten Dumb Things Security Makes Users Do. Here are a few: 1. Making users rotate passwords without evidence of compromise. @TechFTC actually does an awesome job of explaining why it's dumb. ftc.gov/news-events/blogs/te…
4
3
3
Bil Corry retweeted
Sam Stepanyan @securestep9
22 Mar 2021
Beware of PNG images which are actually ZIP files inside! Great technique to he aware of if you allow image uploads - the source code is open-source on GitHub - thanks @David3141593 !
David Buchanan @David3141593
17 Mar 2021
I found a way to stuff up to ~3MB of data inside a PNG file on twitter. This is even better than my previous JPEG ICC technique, since the inserted data is contiguous. The source code is available in the ZIP/PNG file attached:
4
9
Bil Corry retweeted
Lea Kissner @LeaKissner
19 Mar 2021
If you ever wonder why security is so hard, just remember that fonts are so complicated that someone programmed an entire game into one.
Daniel Feldman @d_feldman
19 Mar 2021
Ok this is slightly insane. OpenType (the common font format) actually supports simple scripts inside the font for complex characters and such. So a guy WROTE AN ENTIRE GAME INSIDE A FONT called Fontemon that you play by typing letters on the keyboard. coderelay.io/fontemon.html#p…
3
74
4
256
Storage bags on @amazon, only $4.90 for one box, plus $49.99 for delivery 🙄 Does this work? Do shoppers not pay attention?
The choice for financial stability seems like the obvious one, so what am I missing? Why is this show even a thing? (speaking as someone who spent very little money on my wedding and have enjoyed home ownership mostly since)
1
1
I'm not sure how @google managed to make their poorly designed feature to manage GSuite email rules even worse, but kudos to them, they've succeeded in making it truly awful. Clearly no one working on their product has to actually use it and it shows.
1
Hi @owasp members and leaders. I've scheduled three different town halls to go over finance reform and I've reserved at least an hour for all your questions. Please follow the OWASP Foundation at Meetup and register for the best time for you: meetup.com/owaspfoundation
1
3
Bil Corry retweeted
Eduardo Vela @sirdarckcat
6 Mar 2021
Very few websites implement all the defenses necessary for securing them in a Post-Spectre web. Specially against same-site cross-origin attacks.
Roberto Clapis @empijei
5 Mar 2021
Interesting ideas and suggestions on Post-Spectre Web Development: mikewest.github.io/post-spec…
2
11
3
45
That time my son was forced to write a poem for school.
5
My mom put off going to see the doctor due to COVID concerns and ended up on life support with sepsis (not from COVID), and was very very near death. She’s recovering, however please learn from her mistake, encourage your family to go see the doctor. npr.org/sections/health-shot…
1
Bil Corry retweeted
owasp @owasp
4 Mar 2021
Kick off our 20th Anniversary Celebrations with 20% off 2 year membership for the next 20 days! Join or renew today! We have a heap of free and paid events and activities coming up, grab a membership to get member discounts to all paid events! owasp.org/membership/?utm_so…
11
18
You must read this. Europe's "enforced disappearance" against asylum seekers. Powerful reporting by @jbwashing. theintercept.com/2021/02/28/…
1
1
What is old is new: history-sniffing, this time using Service Workers. cs.uic.edu/~skarami/files/sw…
I celebrate my kids mistakes as lessons learned so that they don’t feel any shame about it. Now my daughter enjoys telling me all the mistakes she made each day.
Laurie Voss @seldo
25 Feb 2021
Today my therapist asked "what if being wrong didn't automatically mean you are also worse as a person?" and my brain divided by zero and rebooted.
1
1
If your company has been using the @owasp brand to promote or sell your products, please come learn about the new trademark licensing program.
Andrew van der Stock, OWASP ED @owasped
25 Feb 2021
Replying to @owasped
Lastly, we are moving forward on our trademarks program. If there is anyone who has an interest in licensing or being subject to OWASP trademarks, come to the Community Slack & let's talk it through, because this is one of the biggest changes to the way we work in 20 years. 3/3
1
2
Social engineering. abc15.com/news/region-centra…
Looking to break into Information Security and are in New Orleans? @recurly is hiring a Compliance Analyst, no previous experience required! You'll work on audits, respond to privacy requests, complete inbound and outbound due diligence, and more. jobs.lever.co/recurly/bc17c1…
1
Load more