Bil Corry @bilcorry

CISO at @sardineai. Treasurer of @OWASP Board of Directors. (he/him) qatta' mIghtaHghach.

 Phoenix, AZ
linkedin.com/in/bilcorry/
Joined July 2009
  • Tweets 8,305
  • Following 139
  • Followers 776
Load newest
amazon.com/dp/B0BN6VVCHB?ref… This is my dad’s newly published book and here is the story behind it why I am asking you to read it.

Malevolence

In the fishing/tourist town of Trinityport Harbor, Maine there have been horrifying deaths of several local and seasonal residents; apparently at first by natural or accidental causes. Lucy Blair,...

amazon.com
3
5
1
17
I love a good @moxie story.
This tweet is unavailable
1
#Google has released an update for the #Chrome browser to patch a new, actively exploited zero-day #vulnerability (CVE-2022-4135) that resides in the GPU component. Read: thehackernews.com/2022/11/up… #infosec #cybersecurity #hacking
3
57
4
87
Very moving article about the Club Q hero. nytimes.com/2022/11/21/us/co…

Army Veteran Went Into ‘Combat Mode’ to Disarm the Club Q Gunman (Gift Article)

Richard M. Fierro, who served for 15 years in the military, was at the nightclub in Colorado Springs with his family when the gunman opened fire. “I just knew I had to take him down,” he said.

nytimes.com
The “software company” is @discord and one of the findings is they didn’t have a data retention policy.
IAPP @PrivacyPros
18 Nov 2022
"@CNIL fines software company 800K euros for GDPR violations" (via @DailyDashboard) ow.ly/iFxr50LHoPQ
Twitter is sliding off the rails. This ad for a windshield snow guard is a curious choice for someone that lives in PHOENIX.
1
Crushing it!
Ænna Westelius @bubblewire
16 Nov 2022
Getting ready for my keynote at #GlobalAppSec #OWASP tomorrow, turning nervousness into excitement 💪 looking forward to it!
1
Does anyone know a good "SAML as a service" for IDP? I know some services/libraries for SP side but implementing SAML as IDP seems less documented and tedious. want to implement "login with our service's account" for a documentation site hosted by a third party for instance.
2
1
The Payson Police Department (AZ): "[do not] use methamphetamine or you too may find yourself illegally purchasing a wild owl, for $100 dollars, in the middle of the night, from strangers, at a local gas station." m.facebook.com/story.php?sto…

Payson Police Department

The Payson Police Department would like to remind the public that wildlife should remain wild. It is illegal to possess, transport, buy, or sell wildlife unless expressly permitted by Arizona...

facebook.com
Bil Corry retweeted
Feisty Duck @feistyduck
9 Nov 2022
From the TLS Newsletter: Szilárd Pfeiffer From Balasys has released information about DoS attacks based on Diffie-Hellman key exchanges, which he calls the DHEat attack. Balasys also released proof-of-concept code for the attack. buff.ly/3Up3zzI buff.ly/3Gh8P1A
4
3
Bil Corry retweeted
Adam Roach 🫐 @adambroach
4 Nov 2022
Replying to @transitracer
More cursed knowledge: at Mozilla, the perf team discovered that it is, in double-digit percentage of cases, faster to re-fetch data over the network from the original web server than to retrieve it from local disk cache.
32
374
48
2,220
I wish @Dropbox offered a way to set a default expiration for links that share content. I’m obsessive about always setting an expiration, but it looks like others are not as diligent. Btw Dropbox, the UI overhaul for links is now confusing. Try again. abajournal.com/news/article/…

Lawyer flubs allowed Politico to access law professor's election-litigation emails

How did Politico obtain a law professor’s election-litigation emails? It began when a lawyer failed to deactivate a Dropbox link that was created to share documents with the House committee investi...

abajournal.com
Vonage's 3-step strategy to retaining customers: 1. Make it near impossible to cancel 2. Charge absurd fees if a customer overcomes #1 3. Keep charging customers if they do manage to cancel
FTC
 @FTC
3 Nov 2022
FTC action against Vonage results in $100 million to customers trapped by illegal dark patterns and junk fees when trying to cancel service. Vonage will be required to provide a simple way to cancel: bit.ly/3T1235y
Must be a slow news day.
Step 1: Learn how to fraudulently transfer wealth. Step 2: Find someone wealthy. Step 3: Profit! For step 1, the @ABAesq has a new book out called "The Fraudulent Transfer of Wealth: Unwound and Explained" americanbar.org/products/inv…

The Fraudulent Transfer of Wealth: Unwound and Explained

Renowned author David Slenn examines the intersection between fraudulent transfer law and its application to modern day wealth transfer planning transactions. Providing a thorough history of the appl…

americanbar.org
Pro-tip: When hiding weapons, drugs, $240k in cash, and $700k in gold and silver, just pay for your electricity. Stealing it will attract unwanted attention. fox10phoenix.com/news/mcso-f…

Undercover bunker containing guns, illegal drugs found in Maricopa County storage facility

Authorities investigating the alleged theft of utilities at an RV storage facility in the west Valley discovered an underground bunker containing guns, illegal drugs, and cash.

fox10phoenix.com
3
Latest example of inane security questionnaires with poorly worded questions. Will I alert customers when a material weakness is found? Sure if it impacts you, but absent that, no. Which answer would you choose, yes or no? No is wrong, btw, per the questionnaire.
2
Bil Corry retweeted
Lina Khan @linakhanFTC
24 Oct 2022
1. @FTC has taken action against @Drizly (a subsidiary of @Uber) and its CEO James Cory Rellas for security failures that led to a data breach exposing the personal information of around 2.5 million consumers. ftc.gov/news-events/news/pre…

FTC Takes Action Against Drizly and its CEO James Cory Rellas for Security Failures that Exposed...

The Federal Trade Commission is taking action against the online alcohol marketplace Drizly and its CEO James Cory Rellas over allegations that the company’s security failures led to a data breach

ftc.gov
7
55
11
103
Fortunately, chatting with @lyft customer service fixed it, but that was a very poor experience.
1
Even more perplexing, the mechanism to let @lyft know there’s an issue wasn’t available.
1
Load more