Bil Corry @bilcorry

CISO at @sardineai. Treasurer of @OWASP Board of Directors. (he/him) qatta' mIghtaHghach.

 Phoenix, AZ
linkedin.com/in/bilcorry/
Joined July 2009
  • Tweets 8,305
  • Following 139
  • Followers 776
Filter
Exclude
Time range
-
Near
Load newest
Then you should bring it up with one or more browsers. Mozilla has a list for privacy (lists.mozilla.org/listinfo/d…) and Chromium has a list for security (groups.google.com/a/chromium…). /cc @dveditz @mikewest
In 2010, browsers implemented a fix for CSS history sniffing. It worked for some use cases, but not all. Turns out it is REALLY hard to prevent leaks without breaking powerful features, ie “an open research problem crucial to the future of the Web” ieee-security.org/TC/SP2011/…
Replying to @realhamed
Let’s create a Slack group and discuss!
1
Replying to @pendo19
That’s awesome! I like to join when I can.
1
Has math kept you from careers or opportunities? Check out this Kickstarter for a new documentary called "The Gatekeeper: Math in America" from the same filmmaker as @RaceToNowhere and Beyond Measure. Four days left to contribute! kickstarter.com/projects/the…
1
2
Replying to @ericlaw
I figured it’s because @mikewest, @estark37 and team are researching the implications of allowing arbitrary content in their PIP feature. groups.google.com/a/chromium…
1
1
Replying to @pendo19
How was it?
1
Replying to @bullz3ye @netflix
Pentests are scheduled based on risk and legal obligations. Threat modeling, design choices, functional changes, etc all determine when and how often to pentest, which for most apps spans from never to multiple times a year.
1
4
Was it the book by David Ahl? That’s how I learned. en.m.wikipedia.org/wiki/BASI…
Replying to @sugitime @Delta
The empty row is a buffer zone to keep away the unwashed masses.
Replying to @robot_wombat
Larger fonts on printed material and no reliance on color to distinguish between items. Also, snacks should be something other than pastries/baked goods unless you want me to fall into an afternoon coma.
1
How about we solve the talent shortage and diversity issues first before adding more barriers to entry.
Jim Manico @ AllAroundTheWorld @manicode
17 Apr 2019
Security must write code. 🤙🏼
1
Replying to @realhamed
No wonder students are avoiding STEM. Each speaker needs an epic theme song with exploding confetti and wild cheering.
2
Epic backstory of Fiddler proxy tool. Originally created to debug downloads of Microsoft clip art!
🎻 Eric Lawrence @ericlaw
16 Apr 2019
Replying to @SwiftOnSecurity
Fiddler was created to debug downloading of clipart.
1
Replying to @realhamed
July sounds tight, but let me know the dates in September, I’m in NYC monthly and will try to overlap. And it looks like no meals for the rest of today, sorry!
1
Replying to @realhamed
Yes, wish I could have gone this year, but changed jobs and my new role is no longer IoT focused. If you find yourself in Boston or NYC, let me know! Reading this tweet probably just cost you 50 pence.
1
Replying to @realhamed @ThreeUK
Wow, for that cost you could hire a private courier to fly to the UK, update your phone, replace the furniture in your flat, then fly back with your updated phone.
1
I've turned off DNS, so problem solved. Was a good a chuckle, glad they (finally) caught it.
1
I received an email from @markmonitor that one of my inactive domains was hacked and hosting a @PayPal phishing site. Turns out, back when I worked at PayPal, I needed to test a security control and pointed my domain to PayPal's website. The underlying phishing site is PayPal.
1
1
~10% of the homepages of Alexa Top 10k may allow a network attacker to get active scripting capabilities on them. Of those, 75% are because of the inclusion of external scripts retrieved over tainted channels. dais.unive.it/~calzavara/pap…
1
Load more