Caligin Tsukihara @caligin@octodon.social
Errorist. Weeaboo. Security Sleepwalker & BevOps @ ThoughtWorks UK (Views are mine etc...). 0x7AD2E918B3D5FFB7
Joined Apr 2017
Caligin Tsukihara
boosted
to include and prioritize #security work in our agile workstreams we value #threatmodelling techniques.
@jgumbley from #thoughtworks & Fraser Scott from capital one will be sharing techniques and stories at the #xconfunplugged18 threat modelling event on thursday 22/11 @ #thoughtworks #London office.
sign up here! https://thght.works/2PRdfC5 #infosec
I would not normally be that hashtaggy from a personal account but hey, it's a good talk and totally worth a share!
Data Security from Day 1 - Sara DIaz & Cade Cairns https://youtu.be/6oNhtcenNuk @sdiaz @ccairns #infosec #security #devsecops #whatnotothersecurityhashtagishotthesedays
Caligin Tsukihara
boosted
Seven Critical Things To Protect Your Infrastructure and Data
https://infosec.engineering/seven-critical-things-to-protect-your-infrastructure-and-data/
errm, does this mean that using maven is a risk? https://github.com/snyk/zip-slip-vulnerability
I'm tempted to say that as long as you only use dependency from trusted publishers and from a trusted repository it's alright but I'm pretty sure I'm minimizing the issue here. #swdev #security #infosec #maven #zipslip
Ron Jeffries - Developers Should Abandon Agile https://ronjeffries.com/articles/018-01ff/abandon-1/
#agile #swdev
after being away from java and spring for a while this was quite a good overview of what's new in the core framework: https://youtu.be/0V-3kUMfWCc
Caligin Tsukihara
boosted
Conversation here reminded me of this awesome piece by James Mickens:
https://www.schneier.com/blog/archives/2015/08/mickens_on_secu.html
It's not often I get to describe #infosec writing as simultaneously informative and fucking hilarious but Mickens fills the bill.
Caligin Tsukihara
boosted
One of the Patreon sketches from the other night that I thought turned out cute!
finally bottled my latest #homebrew. it's a truffle stout, so I called it "Proof of Wort"
Caligin Tsukihara
boosted
holy shit.
https://www.reddit.com/r/Python/comments/8hvzja/backdoor_in_sshdecorator_package/
https://twitter.com/x0rz/status/994116668086542336
"The ssh-decorator package from Python pip had an obvious backdoor"
sends host + username + password to an external website
Caligin Tsukihara
boosted
There are two natural paths to progress as a programmer:
1. Pick up farming, because all software is terrible.
2. Get into infosec, because f*** all software.
"How to Use Signal Without Giving Out Your Phone Number"
https://theintercept.com/2017/09/28/signal-tutorial-second-phone-number/ #signal #privacy
Caligin Tsukihara
boosted
Caligin Tsukihara
boosted
Because I live in fear that there exist people who don't know about this: https://godbolt.org/
Want to know what a compiler actually does with your code? Find out, with nice highlighting of sections! Supports C, C++, Haskell, Go, Swift, Rust, and various other languages.
See. Explore. Understand.
Caligin Tsukihara
boosted
Defensive Security Podcast Episode 216
http://defensivesecurity.org/defensive-security-podcast-episode-216/
#infosec
#homebewing a truffle #stout! I don't really know what I'm doing but I'm sure the result will be interesting! #beer
til ham+cheese+mustard sandwiches from eat are tastier than the ones from pret
Caligin Tsukihara
boosted
Sen. Catherine Cortez Masto
we are 𝙞𝙣𝙨𝙞𝙙𝙚
went snowboarding last week, got on the slopes right in time for the end of the season on the Dolomites
weather was great, sunny clear sky with soft snow
Errorist. Weeaboo. Security Sleepwalker & BevOps @ ThoughtWorks UK (Views are mine etc...). 0x7AD2E918B3D5FFB7
Joined Apr 2017
