Bil Corry @bilcorry

CISO at @sardineai. Treasurer of @OWASP Board of Directors. (he/him) qatta' mIghtaHghach.

 Phoenix, AZ
linkedin.com/in/bilcorry/
Joined July 2009
  • Tweets 8,305
  • Following 139
  • Followers 776
Load newest
📢Heads up: in 85, Chrome is changing its default referrer policy to strict-origin-when-cross-origin. By default, no cross-origin leaks of full URLs—and more privacy! 🤔What should you do? 🔹Check what this changes for your site 🔹Set a protective policy developers.google.com/web/up…

A new default Referrer-Policy for Chrome - strict-origin-when-cross-origin  |  Blog  |  Chrome for...

A new default Referrer-Policy for Chrome - strict-origin-when-cross-origin

developer.chrome.com
4
90
26
198
Replying to @dveditz @13M4C
I fail these about 50% of the time. Apparently I’m part bot.
2
Replying to @mdennedy
“Sperm are very cheeky little creatures”
1
1
Replying to @randomdross @hillbrad
Clippy
Bil Corry retweeted
Tavis Ormandy @taviso
31 Jul 2020
This was an interesting thread, I even agree with some of the attackers advice 😂 I wish Microsoft would make AppLocker available to non-Enterprise SKUs so that more people were familiar with it.
This tweet is unavailable
1
41
1
185
Maker-Style Project: How to Look People in the Eye While Videoconferencing (no, I haven't tried this but it looks interesting) spectrum.ieee.org/geek-life/…
1
Is the missing word “met”?
Replying to @ericgeller
I still think about this. vox.com/policy-and-politics/…
I always wanted to break into animation.
1
Replying to @LeaKissner @susie_dent
If you don’t find it, there’s always “suaviter in modo, fortiter in re” which translates to “pleasantly in manner, powerfully in deed”
"vulnerability stemmed from .... sharing a URL without any additional log-in or authentication. The URL contained the actual document ID and thus other documents could be viewed simply by changing the number in the URL. The URLs .... did not expire." squirepattonboggs.com/-/medi…
Jury selection sounds like remote working: "One potential juror was laying in what appeared to be a bed, curled up, and possibly asleep. Another was working out on an elliptical machine. Other people are herding literally pets, children." abajournal.com/news/article/…
1
That’s not what you said when I asked for a three-hour tour.
@PBSKIDS - the closed captions for @OddSquadPBS episode "Odd Outbreak / The Perfect Lunch" are wrong. No matter what someone says, the caption reads "My Name is agent Olive." All of the other episodes' CC work fine. pbskids.org/oddsquad/videos
1
Explains your lack of a yacht too.
2
Replying to @mattblaze
Check out @Divvy_HQ getdivvy.com/virtual-cards/
2
Yes, rule #1 when a government requires you install/use their software (and many do), assume it's malicious. zdnet.com/article/chinese-ba…
Starting to think there are also Russian bounties on American cities.
Daniel Goldman
 @danielsgoldman
22 Jul 2020
I missed it. Did anyone ask Trump about the Russian bounties on American troops?
Germans have a saying for this: “Vorfreude ist die schönste Freude!” The joy you get from planning is as real as the joy you get from doing it.
This tweet is unavailable
Bil Corry retweeted
Artur Janc @arturjanc
22 Jul 2020
Chrome 83 and Firefox 79 are shipping new opt-in security features to combat XSS, CSRF, XS-leaks & more. It's arguably more web platform security goodies than have landed over the previous decade. @we1x and I wrote down how we're deploying them at Google: security.googleblog.com/2020…

Towards native security defenses for the web ecosystem

Posted by Artur Janc and Lukas Weichselbaum, Information Security Engineers With the recent launch of Chrome 83, and the upcoming release ...

security.googleblog.com
115
2
217
Load more