0xf00 @caligin@octodon.social
Technologist & Cybersecurity specialist 0x7AD2E918B3D5FFB7
Joined Apr 2017
a few months ago I looked at how to bootstrap my personal #aws account, I wrote down the journey in my blog: https://foo.anima.tech/2020/10/12/bootstrapping-aws-owner-users.html
0xf00
boosted
to include and prioritize #security work in our agile workstreams we value #threatmodelling techniques.
@jgumbley from #thoughtworks & Fraser Scott from capital one will be sharing techniques and stories at the #xconfunplugged18 threat modelling event on thursday 22/11 @ #thoughtworks #London office.
sign up here! https://thght.works/2PRdfC5 #infosec
I would not normally be that hashtaggy from a personal account but hey, it's a good talk and totally worth a share!
Data Security from Day 1 - Sara DIaz & Cade Cairns https://youtu.be/6oNhtcenNuk @sdiaz @ccairns #infosec #security #devsecops #whatnotothersecurityhashtagishotthesedays
0xf00
boosted
Seven Critical Things To Protect Your Infrastructure and Data
https://infosec.engineering/seven-critical-things-to-protect-your-infrastructure-and-data/
errm, does this mean that using maven is a risk? https://github.com/snyk/zip-slip-vulnerability
I'm tempted to say that as long as you only use dependency from trusted publishers and from a trusted repository it's alright but I'm pretty sure I'm minimizing the issue here. #swdev #security #infosec #maven #zipslip
Ron Jeffries - Developers Should Abandon Agile https://ronjeffries.com/articles/018-01ff/abandon-1/
#agile #swdev
after being away from java and spring for a while this was quite a good overview of what's new in the core framework: https://youtu.be/0V-3kUMfWCc
0xf00
boosted
Conversation here reminded me of this awesome piece by James Mickens:
https://www.schneier.com/blog/archives/2015/08/mickens_on_secu.html
It's not often I get to describe #infosec writing as simultaneously informative and fucking hilarious but Mickens fills the bill.
0xf00
boosted
One of the Patreon sketches from the other night that I thought turned out cute!
finally bottled my latest #homebrew. it's a truffle stout, so I called it "Proof of Wort"
0xf00
boosted
holy shit.
https://www.reddit.com/r/Python/comments/8hvzja/backdoor_in_sshdecorator_package/
https://twitter.com/x0rz/status/994116668086542336
"The ssh-decorator package from Python pip had an obvious backdoor"
sends host + username + password to an external website
0xf00
boosted
There are two natural paths to progress as a programmer:
1. Pick up farming, because all software is terrible.
2. Get into infosec, because f*** all software.
"How to Use Signal Without Giving Out Your Phone Number"
https://theintercept.com/2017/09/28/signal-tutorial-second-phone-number/ #signal #privacy
0xf00
boosted
0xf00
boosted
Because I live in fear that there exist people who don't know about this: https://godbolt.org/
Want to know what a compiler actually does with your code? Find out, with nice highlighting of sections! Supports C, C++, Haskell, Go, Swift, Rust, and various other languages.
See. Explore. Understand.
0xf00
boosted
Defensive Security Podcast Episode 216
http://defensivesecurity.org/defensive-security-podcast-episode-216/
#infosec
#homebewing a truffle #stout! I don't really know what I'm doing but I'm sure the result will be interesting! #beer
til ham+cheese+mustard sandwiches from eat are tastier than the ones from pret
0xf00
boosted
Sen. Catherine Cortez Masto
we are 𝙞𝙣𝙨𝙞𝙙𝙚
Technologist & Cybersecurity specialist 0x7AD2E918B3D5FFB7
Joined Apr 2017
