Privacy is hard.
Blackhat Python - Coming out soon, I might buy early bird access
EVERYTHING YOU SHOULD KNOW ABOUT ANOMALY DETECTION STEP 1: THE BASICS. KNOW YOUR DATA – PARAMETRIC OR NON-PARAMETRIC? - That is a long blog post title
Tool: The Backdoor Factory
"Security exists to facilitate trust. Trust is the goal, and security is how we enable it." - Bruce Schneier— Joe Klein (@joeklein) October 25, 2014
The Case of the Modified Binaries - Basically always need a way to validate things you download because there could be any number of systems inbetween corrupting or altering the downloaded file(s)
After creating and using a new exitmap module, I found downloaded binaries being patched through a Tor exit node in Russia. Tor is a wonderful tool for protecting the identity of journalists, their sources, and even regular users around the world; however, anonymity does not guarantee security.
twitter digits - Access twitter acounts without a passsword. Good? Bad? Terrible?
Although Mogull is very enthusiastic about embracing the DevOps model for security, he also understands why some professionals might be hesitant to use it. Since the DevOps model is highly automated, it requires security professionals to have what Mogull referred to as trustable security automation. Historically, Mogull said, security professionals have had to do many elements of security testing manually, but that no longer necessarily needs to be the case in the DevOps model.
PSA: Don't run strings on untrusted files - This is a pretty counterintuitive thing here...says potentially use
Tool: American Fuzzy Lop
Officials warn 500 million financial records hacked - Ok, on one hand some hyperbole, but on the other not so far off the truth. This is the problem with security right now...how do you explain this without sounding insane?
Federal officials warned companies Monday that hackers have stolen more than 500 million financial records over the past 12 months, essentially breaking into banks without ever entering a building. "We're in a day when a person can commit about 15,000 bank robberies sitting in their basement," said Robert Anderson, executive assistant director of the FBI's Criminal Cyber Response and Services Branch.
PCI SSDs are getting fast...2GB/s - G.Skill Phoenix Blade Series 480GB PCIe SSD.
A culture of envy - Talks a bit about the recent book "Capital in the 21st Century" which I will soon be reading...it's on my shelf.
...sometimes culture is bullshit. Culture is bullshit when a company thinks that having a ping pong table makes up for overbearing and demeaning management. Culture is bullshit when "unlimited vacation" is an intentional bait-and-switch to represent "no vacation." Culture is bullshit when misguided engineers take pleasure in forcing interview candidates to experience as uncomfortable an interview experience as possible to feed their own egos. Perhaps a more apt wording is that in our industry, culture is often bullshit.
Pro Git V2 - Version 2 is out, nice.