CISO at @sardineai. Treasurer of @OWASP Board of Directors. (he/him) qatta' mIghtaHghach.
Phoenix, AZ
Joined July 2009
- Tweets 8,305
- Following 139
- Followers 776
- Likes 17,402
Canon sharing how to break their DRM. #lulz
petapixel.com/2022/01/09/can…
1
2
FTC is threatening fines if you don’t remediate your Log4J vulns.
FTC warns companies to remediate Log4j security vulnerability: bit.ly/31oEKxB
1
TIL there’s a ‘strict’ mode for Microsoft’s Authenticode signature verification.
It’s off by default and is actively being exploited. Turning it on has the side effect of rendering some executables as untrusted.
Fun choice.
A new Zloader #banking trojan campaign is now exploiting the #Microsoft Signature Verification system to evade detection and steal cookies, passwords and other sensitive data.
Read details - thehackernews.com/2022/01/ne…
It already has over 2,000 victims in 111 countries.
1
At work, we have a dedicated slack channel for this game.
Josh Wardle, a software engineer in Brooklyn, knew his partner loved word games and created a guessing game for the two of them called Wordle. Just over two months after releasing it to the rest of the world, the once-a-day game has over 300,000 players. nyti.ms/32JuOiY
4
Great article on why curl will never have "easter eggs" with important lessons for any project.
And if you ever get the chance to meet @bagder, you should, super nice guy and super modest for someone that has code running on Mars.
daniel.haxx.se/blog/2021/12/…
2
27
Bil Corry retweeted
Following public consultation, the final version of the EDPB Guidelines on examples regarding data breach notifications is now available here: europa.eu/!Kvc4xU
2
78
11
96
Bil Corry retweeted
I've officially have spent one year on the OWASP board, and every day that goes by, I'm in awe about what OWASP can accomplish. There are many great security organizations out there.
1
9
20
Tickets are free, hope to see all of you at @CactusCon !
AHHHHH, IT'S HAPPENING; CactusCon 10 registration is open!
eventbrite.com/e/cactuscon-1…
So excited to have you join us physically or virtually in the new year. #cc10 #cybersecurity
Little know fact about #DontLookUp, Meryl Streep was not supposed to get the role as President. They settled on her as their last choice.
(source: youtube.com/XYWq1SP4r-c?t=150)
2
0
Bil Corry retweeted
Looking for something to watch over the holidays? Watch @curphey 's OWASP 20th Anniversary keynote: "20/20 The history and future of OWASP"
youtube.com/5a7LM2PJffo
3
2
11
For those of you with employees in New York, you now have to notify them if you monitor their communications.
consumerprivacyworld.com/202…
1
Bil Corry retweeted
One more reason why having background detection capabilities for physical trackers built into Androids and iPhones is a good idea: thieves are using AirTags to track cars they want to steal. fox5dc.com/news/man-finds-ap…
11
112
21
369
Brian Williams' goodbye in which he condemns our politicians as "burning it all down with us inside"🔥🔥🔥
youtube.com/watch?v=o5AoMNF7…
1
I'm hiring a Senior Application Security Engineer (USA remote or in the office, your choice). Recurly is a well-funded fintech startup with an awesome security team.
If you're interested, DM me.
jobs.lever.co/recurly/421289…
1
3
1
I just re-read through your program and didn’t see where you clearly state that it’s 14 days from receiving the trade-in kit, which you can send before receiving my new purchase, making the return window very short.
That’s deceptive advertising.
apple.com/shop/trade-in
1
Or better yet, you know when I received my new device, start your return window then and not when I get the trade-in kit. That’s how I thought it worked and you can align with my (and likely other customer) expectations.
1
In case you're wondering which companies (and their financial backers) profit from the ongoing threat to humankind.
dontbankonthebomb.com/perilo…
1
1
Bil Corry retweeted
Adding this case to my insider threat scenario list: magoo.medium.com/malicious-i…
3
1
13