CISO at @sardineai. Treasurer of @OWASP Board of Directors. (he/him) qatta' mIghtaHghach.
Phoenix, AZ
Joined July 2009
- Tweets 8,305
- Following 139
- Followers 776
- Likes 17,402
Bil Corry retweeted
About the "security issue" on #VLC : VLC is not vulnerable.
tl;dr: the issue is in a 3rd party library, called libebml, which was fixed more than 16 months ago.
VLC since version 3.0.3 has the correct version shipped, and @MITREcorp did not even check their claim.
Thread:
51
2,508
422
3,487
Thank you for clarifying. It’s interesting that the privacy violation occurs when the employer requires location, but not when the employee freely offers it.
1
1
An employer has an obligation to keep their employees safe. Sending employees to an unknown location heightens risk and seems reckless.
Here’s advice from NIOSH:
“Always let your employer know your location and when to expect you to report back.”
cdc.gov/niosh/docs/2012-118/…
1
Amazing how prescient 1999 was! Rio 500 MP3 player, free long distance calls, preview the new James Bond movie, MP3 music, and free online storage at idrive.com.
(this is an old mp3.com CD mailer I found in a box)
1
1
1
Many thanks to the fine folks at @rapid7 for showing me their new Boston office, it is amazing!
In hindsight, I should have taken photos, but I did get a picture of their inclusive restrooms.
3
My trick is to turn the shower on high heat, hang everything I want to dewrinkle in the bathroom, turn off the shower and close the door. It’s not as good as ironing, but it’s good enough.
2
My security brain wonders what happens if the care giver goes missing? There isn’t a known location to begin a search and recording the location violates the patient’s privacy. Seems to be a safety issue?
1
Curious how the patient’s address, which is collected (presumably) to facilitate the actual care, is viewed? Or is the difference that one is consented to, and the other is not?
1
Bil Corry retweeted
Scam a friend told me about.
1. Phone is stolen out of hands in broad daylight by motorbiker in foreign country. Perp turns off phone a few blocks away.
1
23
5
45
Bil Corry retweeted
What the @#*($&# is product market fit?
I've been trying to study PM fit for the last decade. First with my own startup (that never reached PM fit) and then with my < 300 companies I've invested in and the tens of thousands I've reviewed. Here are my thoughts on PM fit:
94
586
180
2,315
Bil Corry retweeted
I have to say, Barr’s argument that the personal and commercial data protected by encryption isn’t all that important and that software security risks aren’t that big a deal is so flat-earth bizarre that I don’t even know where to begin.
43
773
61
2,385
If backdoors in encryption are secure and never abused, why doesn’t the government put them into all of its encrypted systems? They could do it today and show private industry how it’s done.
Spoiler: it’s bullshit.
Trump Administration is launching a new push to address “going dark” and encryption. Enlisting international and state/local partners to address it while engaging with tech industry, according to u.s. nat sec official. Barr addressing “Going Dark” in speech at Fordham Law 1/x
1
Or put another way, if the researcher wants to publish immediately despite the potential harm to the company, would they accept a payment under the same terms, ie publicly disclosed payment instructions, with the first person to follow them getting the payment?
1
What’s the impetus of the researcher to disclose right away? Why can’t they wait until the vuln is fixed?
1
For those in InfoSec, enabling the business means finding ways to support the tech stack. Great deck, hopefully the talk will be available at some point...
Here are the slides from my talk “Security Delusions” today at #QConNYC, outlining the often ridic fears infosec has about modern tech (cloud, microservices) & some cheat codes for how DevOps can manage them: swagitda.com/speaking/Securi…
Thanks to everyone who attended! 💖💜💙
1
3
Have you approached one of the big BB platforms? Perhaps they could pilot something.
Personally, I don’t see a scenario where a company pays a researcher to publicly announce how to hack the company, but maybe a pilot will bear one out.
Bil Corry retweeted
Online child abuse is an important problem that don't get enough attention. To help inform the discussion we published longitudinal study with @MissingKids on how the landscape changed and what we can do to improve the situation
elie.net/publication/rethink…
2
30
3
30