CISO at @sardineai. Treasurer of @OWASP Board of Directors. (he/him) qatta' mIghtaHghach.
Phoenix, AZ
Joined July 2009
- Tweets 8,305
- Following 139
- Followers 776
- Likes 17,402
Bil Corry retweeted
Cracking up — A British experiment showed that angry eye posters reduced the amount of stolen bikes in eye-poster locations by 62 percent. Coming next? Infosec “social engineers we’re watching you! 👁👁” posters 😂 citylab.com/transportation/2…
11
27
5
100
2020 twist: it’s internet-connected with embedded AI, camera, microphone, and speaker, and occasionally SnapChats you when you’re not home.
1
Bil Corry retweeted
I'm excited about this. The UA string is a mess, somewhat fingerprintable, and legitimate use cases can be better and more clearly served by moving the information to an HTTPS-only client hint (a la wicg.github.io/ua-client-hin…).
Blink: Intent to Deprecate and Freeze: The User-Agent string groups.google.com/a/chromium…
5
30
7
74
Bil Corry retweeted
Now that Twitter has changed how it handles uploaded images, this unexpected behavior is perhaps more important now than before.
Your challenge: Tell me what I've redacted from this image.
(Anybody I've talked to about this so far is ineligible to play)
It can be done w/o tools.
45
459
72
1,171
Bil Corry retweeted
Conference speakers, this is valuable stuff:
Hi!, you can read it here: Thread by @QuinnyPig: Okay. For every retweet this gets (TO A POINT!) I'll add a thought / tip / observation about… threadreaderapp.com/thread/1…. See you soon. 🤖
2
5
The ad was following me around until I told Google Ads to hide it.
Turns out it’s manikin training items.
Bil Corry retweeted
Low income Americans can get free Android smartphones from a US gov'y-funded program.
Researchers say those phones are coming preinstalled with Chinese malware, endangering their private data.
Privacy should not be a luxury of the rich.
forbes.com/sites/thomasbrews…
4
2
I met @TinkerSec in person at @Layer8Conf and I still don’t know what gender @TinkerSec is.
Some things are unknowable.
This tweet is unavailable
4
68
Bil Corry retweeted
new version of Boneh-Shoup's magnificent book is out! crypto.stanford.edu/~dabo/cr…
2
47
2
104
Handy Firefox/Chrome extension that shows the CSP policy and offers suggestions for locking it down.
github.com/craigfrancis/dev-…
1
4
1970s keylogger
"The TV signals would swamp the illicit transmissions and mask them from detection by embassy security scans, but the clever design of the mystery antenna and associated electronic filtering let the Soviets extract the keystroke signals."
spectrum.ieee.org/tech-histo…
2
1
“This work shows once and for all that SHA1 should not be used in any security protocol where some kind of collision resistance is to be expected from the hash function”
arstechnica.com/information-…
Bil Corry retweeted
I took some time to sketch out `Scripting-Policy` in a little more detail: mikewest.github.io/csp-next/…. I'm starting to think it might actually not be a terrible idea.
github.com/mikewest/csp-next is a thought experiment: what if we broke CSP in half, removed some esoteric options, and built policy primitives that specifically targeted XSS on the one hand, and resource confinement on the other?
2
11
27