Opens profile photo
Follow
Chris Eng
@chriseng
Chief Research Officer | Cautious Traveler | Food Enthusiast | Dad | Public Speaker | IG: chrisplusfilters
he/himabout.me/chrisengJoined February 2008

Chris Eng’s Tweets

Can you imagine going through the joy and pain of having a child, feeding him, staying up at night and comforting him, teaching him how to read and try new foods... ...and then you discover he turned out like this?
Quote Tweet
Daily Wire host says it is unscientific to cast a Black person as a mermaid: “From a scientific perspective, it doesn't make a lot of sense to have someone with darker skin who lives deep in the ocean” mediamatters.org/daily-wire/dai
Embedded video
1:56
2.6M views
22
321
We started using the term "Security Champions" with our internal SDLC program around 2013, and I first described the concept in conference talks during late 2014 (SecTor) and early 2015 (AppSec California). I'm trying to locate prior industry usage of the term. Any pointers?
3
1
Show this thread

Topics to follow

Sign up to get Tweets about the Topics you follow in your Home timeline.

Carousel

Funny (common) goof I just noticed, rewatching a scene from House of Cards set in an building: it's "Agency" not "Administration". Also 14 CFR §1203a and 18 USC §199 describe high security areas at . I kind of hope those were meant as easter eggs. 😂
Image
2
Today in the irony department: the csurf library, meant to protect against CSRF, is vulnreable to CSRF.
Quote Tweet
World's oddly relaxed about recent CSRF bypass in csurf express middleware. It does require cookie tossing which limits the blast radius but for multi-tenant apps using subdomains it could be deadly -> fortbridge.co.uk/research/csrf-.
Show this thread
1
3
There's a good chance that you're safer because of Peter Eckersley or things he got started. He had a vision of how to make the web saver & more private with ubiquitous encryption (HTTPS Everywhere!) & quietly worked towards it. This is a tragedy.
Quote Tweet
just got the heartbreaking news that peter eckersley is in the hospital and may not make it. there will be a vigil for him at 7pm in duboce park. if you want to share a story about him, please let me know.
Show this thread
9
897
Show this thread
Hey Cloudflare, here's a fun fact: you aren't the only CDN/reverse proxy/DDOS protection service. And when my boss is like "hey which CDN should we set up?" and I look at the options, I don't immediately have a hugely negative opinion of Fastly or Akamai or CacheFly.
134
16.8K
Show this thread
I could read these AliExpress sketchy electronics teardowns all day long. Great thread. 😂
Quote Tweet
Have you ever heard the expression “if it sounds too good to be true, it probably is”? Well AliExpress is currently advertising a 30 Terabyte SSD for $29. And I just had one delivered. Let’s open it up, shall we? /1
Show this thread
Image
5
Great thread -- "Cassandra Is So Obnoxious!" 😂 This is one thing I like about being a vendor. You get to work with the CISOs who are on the more organizationally supported end of the spectrum (generally speaking) and help them shine in their role.
Quote Tweet
I have a 🧵 about CISOs and CSOs and their fate. Get a cold drink or maybe a cuppa, as this is a long one. 1/32
Show this thread
1
The worst part? When you're fully aware it's a bad practice yet you still aren't allowed to fix it in your products because well-intentioned customers insist that you conform to their outdated security checklists.
Quote Tweet
Every time a service makes me change my password after 90 days, I want to scream. It's 2022. Enough with these shitty password practices.
2
16
$10k of student loan balance forgiven is still $10k free money. I do think zeroing out or capping interest rates would be a positive step forward and a reasonable compromise to address predatory loans without completely abdicating personal responsibility.
3
3
Add to that the fact that has built up pretty much unimpeachable credibility over a long career in both private and public sector. He has nothing to gain and everything to lose by doing this.
6
627
Show this thread
There's a big difference between "airing dirty laundry" vs. filing a legally protected whistleblower complaint to shine light on systemic negligence with national security implications (and after exhausting all other avenues to fix things).
5
666
Show this thread
Nobody in infosec is surprised that Twitter had unpatched servers, lax access controls, an immature SDLC, poor backups, and all of the other security debt that you'll find in most large enterprises. BUT...
18
1,196
Show this thread
It's absolutely laughable.
Quote Tweet
Furthermore, @Twitter’s claim that @dotMudge was ‘fired for poor performance’ is and always has been complete BS. Anyone who has been in or around the security community would be able to recognize this as an attempt to stunt his credibility…
Show this thread
4
From the cited study. As far as I can tell these are all things that you people would be doing regardless of their work location -- maybe video calls would be replaced by conference room meetings, but the time spent is the same.
Image
1
4
Show this thread
This, almost to the letter.
Quote Tweet
People keep asking when I will relax my COVID safety precautions. As I’ve been saying since it became abundantly clear that vaccines alone are not a solution: I will relax precautions when long COVID is understood well enough for us to have developed treatments for it. twitter.com/EricTopol/stat…
Show this thread
1
10
LISTEN ZIPPER MERGING ACTUALLY MAKES IT GO FASTER FOR EVERYONE BY ALTERNATING CARS AND USING BOTH LANES TO THE FULLEST IT REDUCES TRAFFIC BY UP TO FORTY PERCENT SO THE PERSON USING THE OTHER LANE ISN’T BEING A JERK ITS ACTUALLY BETTER AND IF EVERYONE FOLLOWED THIS METHOD—
Image
41
1,452
This whole system is madness.
Quote Tweet
Do you know a simple signature in Metamask can drain your wallet? A very experienced user (top 10 by Degen Score) lost almost 500k USDC in an exploit today. You could be next... A short thread how it happened and how you can avoid such exploits in future.
Show this thread
1
4
I can't figure out the math behind this anecdote. The monthly payments since 2013 would have to be so tiny (like $100 to $200/mo) for the principal to reach $300k in that time. If this were a 10 yr mortgage at 6.9% it'd be paid off at $1,700/mo. Not sure what I'm missing.
Quote Tweet
I took out $150k for law school from 2009-2012, I consolidated my loans in 2011 and locked in the lowest interest amount I could (6.9%). I’ve paid monthly since 2013, and I now owe approx $300k. In what world is any of this not predatory. #CancelStudentDebt
3
3
After taking CO2 measurements over two days from multiple locations in the room where I was scheduled to speak, I felt comfortable enough with the room ventilation that I took my mask off during the panel. I also sneakily ensured that I was seated on the end.
5
Show this thread
Update to how my planned precautions held up: One of my outdoor reservations was rained out. We ate indoors but got a table pretty far from other parties, and I kept the KN95 on except while actively eating/drinking -- so maybe a total of 10 minutes.
2
Show this thread