Follow

Chris Eng

@chriseng

Chief Research Officer

| Cautious Traveler | Food Enthusiast | Dad | Public Speaker | IG: chrisplusfilters

he/himabout.me/chrisengJoined February 2008

Chris Eng’s Tweets

Chris Eng Retweeted

Can you imagine going through the joy and pain of having a child, feeding him, staying up at night and comforting him, teaching him how to read and try new foods... ...and then you discover he turned out like this?

Quote Tweet

@JasonSCampbell

Daily Wire host says it is unscientific to cast a Black person as a mermaid: “From a scientific perspective, it doesn't make a lot of sense to have someone with darker skin who lives deep in the ocean” mediamatters.org/daily-wire/dai

Embedded video

1:56

2.6M views

22

26

321

Chris Eng Retweeted

Security people everywhere, listen to Jason! Former Netflix security chief Jason Chan (

) offers early stage founders six "green flags" to look out for when hiring and building cybersecurity teams that truly make an impact. bvp.com/atlas/how-to-h

2

39

81

The earliest thing I've been able to find so far is from 2011, in an academic journal, Computer Fraud & Security. academia.edu/5444900/Select

2

Show this thread

We started using the term "Security Champions" with our internal SDLC program around 2013, and I first described the concept in conference talks during late 2014 (SecTor) and early 2015 (AppSec California). I'm trying to locate prior industry usage of the term. Any pointers?

3

1

Show this thread

This is a very informative article on the "brain fog" associated with long COVID. Terrifying really. (I'd tag the author but I'm blocked for reasons unknown)

theatlantic.com

One of Long COVID’s Worst Symptoms Is Also Its Most Misunderstood

Brain fog isn’t like a hangover or depression. It’s a disorder of executive function that makes basic cognitive tasks absurdly hard.

6

5

Chris Eng Retweeted

Exploiting GPT-3 prompts with malicious inputs that order the model to ignore its previous directions.

91

1,051

5,467

Show this thread

Topics to follow

Sign up to get Tweets about the Topics you follow in your Home timeline.

Carousel

Funny (common) goof I just noticed, rewatching a scene from House of Cards set in an

building: it's "Agency" not "Administration". Also 14 CFR §1203a and 18 USC §199 describe high security areas at

. I kind of hope those were meant as easter eggs. 😂

2

Today in the irony department: the csurf library, meant to protect against CSRF, is vulnreable to CSRF.

Quote Tweet

Mateusz Krzeszowiec

World's oddly relaxed about recent CSRF bypass in csurf express middleware. It does require cookie tossing which limits the blast radius but for multi-tenant apps using subdomains it could be deadly -> fortbridge.co.uk/research/csrf-.

Show this thread

1

4

3

Chris Eng Retweeted

John Scott-Railton

There's a good chance that you're safer because of Peter Eckersley or things he got started. He had a vision of how to make the web saver & more private with ubiquitous encryption (HTTPS Everywhere!) & quietly worked towards it. This is a tragedy.

Quote Tweet

just got the heartbreaking news that peter eckersley is in the hospital and may not make it. there will be a vigil for him at 7pm in duboce park. if you want to share a story about him, please let me know.

Show this thread

9

290

897

Show this thread

Chris Eng Retweeted

Katie Notopoulos

@katienotopoulos

This may be the most important investigative work of my career: the reason that there's so many surprisingly popular (and profitable) songs about poop on Spotify? Little kids yelling "ALEXA, PLAY POOP!"

buzzfeednews.com

Kids Yell “Poop” At Alexa, And These Musicians Profit

“Alexa, play ‘Poopy Stupid Butt’ again.”

25

182

514

Chris Eng Retweeted

Hey Cloudflare, here's a fun fact: you aren't the only CDN/reverse proxy/DDOS protection service. And when my boss is like "hey which CDN should we set up?" and I look at the options, I don't immediately have a hugely negative opinion of Fastly or Akamai or CacheFly.

134

3,183

16.8K

Show this thread

I could read these AliExpress sketchy electronics teardowns all day long. Great thread. 😂

Quote Tweet

Have you ever heard the expression “if it sounds too good to be true, it probably is”? Well AliExpress is currently advertising a 30 Terabyte SSD for $29. And I just had one delivered. Let’s open it up, shall we? /1

Show this thread

1

5

Chris Eng Retweeted

Sachiko Ishikawa

@Ishikawa_Sachi

I am begging howaito people to stop this orientalist bs trend of taking common human concepts and mystifying them. Yes, we say しょうがない. You may also have heard of its counterpart “oh well.” twitter.com/jamierusso/sta

This Tweet is unavailable.

232

3,162

21K

Show this thread

Chris Eng Retweeted

if you just assume ronald reagan is the cause of any bad thing you encounter in life you'll be right way more often than you'll be wrong

340

13K

97.4K

Great thread -- "Cassandra Is So Obnoxious!" 😂 This is one thing I like about being a vendor. You get to work with the CISOs who are on the more organizationally supported end of the spectrum (generally speaking) and help them shine in their role.

Quote Tweet

I have a

about CISOs and CSOs and their fate. Get a cold drink or maybe a cuppa, as this is a long one. 1/32

Show this thread

1

The worst part? When you're fully aware it's a bad practice yet you still aren't allowed to fix it in your products because well-intentioned customers insist that you conform to their outdated security checklists.

Quote Tweet

Whitney Merrill

Every time a service makes me change my password after 90 days, I want to scream. It's 2022. Enough with these shitty password practices.

2

6

16

$10k of student loan balance forgiven is still $10k free money. I do think zeroing out or capping interest rates would be a positive step forward and a reasonable compromise to address predatory loans without completely abdicating personal responsibility.

Biden to Cancel $10,000 in Student Debt; Low-Income Students Are Eligible for More

The debt forgiveness comes after months of deliberations in the White House over fairness and fears that the plan could make inflation worse ahead of the midterm elections.

3

1

3

Chris Eng Retweeted

Great thread.

Quote Tweet

For the first time, astronomers have captured a photograph of a star so distant that nothing we do could ever affect it — even in the very fullness of time. It lies beyond the affectable universe. Let me explain: 1/n

Show this thread

2

8

Exactly.

Quote Tweet

Dino A. Dai Zovi

My tl;dr: it's not the crime, it's the cover-up. twitter.com/chriseng/statu…

5

Add to that the fact that

has built up pretty much unimpeachable credibility over a long career in both private and public sector. He has nothing to gain and everything to lose by doing this.

6

40

627

Show this thread

There's a big difference between "airing dirty laundry" vs. filing a legally protected whistleblower complaint to shine light on systemic negligence with national security implications (and after exhausting all other avenues to fix things).

5

71

666

Show this thread

Nobody in infosec is surprised that Twitter had unpatched servers, lax access controls, an immature SDLC, poor backups, and all of the other security debt that you'll find in most large enterprises. BUT...

18

166

1,196

Show this thread

Quick link to the full disclosure: washingtonpost.com/technology/int

1

4

Show this thread

Chris Eng Retweeted

Given the choice between believing Mudge and almost any CEO in the US, I'm going to choose Mudge.

10

82

414

It's absolutely laughable.

Quote Tweet

Furthermore, @Twitter’s claim that @dotMudge was ‘fired for poor performance’ is and always has been complete BS. Anyone who has been in or around the security community would be able to recognize this as an attempt to stunt his credibility…

Show this thread

4

Whoa.

blows the whistle on Twitter, alleging systemic security issues and gross negligence.

washingtonpost.com

Twitter whistleblower won hacker acclaim for exposing software flaws

From the L0pht and Cult of the Dead Cow to DARPA and Google, Peiter "Mudge" Zatko took unorthodox approaches to "make a dent in the universe."

2

9

20

Show this thread

Naturally I made a typo a couple tweets up ("you people" ➡ "people").

1

1

Show this thread

Interestingly, the study is actually making the opposite case. It acknowledges that asynchronous work is the future and says companies need to find ways to address these potential barriers. assets.qatalog.com/language.work/

1

1

3

Show this thread

From the cited study. As far as I can tell these are all things that you people would be doing regardless of their work location -- maybe video calls would be replaced by conference room meetings, but the time spent is the same.

1

4

Show this thread

What is this nonsense? It's from an article about Apple's push to make people return to the office. finance.yahoo.com/news/apple-emp

2

1

7

Show this thread

This, almost to the letter.

Quote Tweet

the apocalypse, but make it fashion.

@ElleArmageddon

People keep asking when I will relax my COVID safety precautions. As I’ve been saying since it became abundantly clear that vaccines alone are not a solution: I will relax precautions when long COVID is understood well enough for us to have developed treatments for it. twitter.com/EricTopol/stat…

Show this thread

1

1

10

Wow,

managed to capture the security "old-timer" experience in three succinct bullet points.

22

240

868

Chris Eng Retweeted

LISTEN ZIPPER MERGING ACTUALLY MAKES IT GO FASTER FOR EVERYONE BY ALTERNATING CARS AND USING BOTH LANES TO THE FULLEST IT REDUCES TRAFFIC BY UP TO FORTY PERCENT SO THE PERSON USING THE OTHER LANE ISN’T BEING A JERK ITS ACTUALLY BETTER AND IF EVERYONE FOLLOWED THIS METHOD—

41

295

1,452

Chris Eng Retweeted

Ollie Whitehouse

@ollieatnccgroup

Thanks copilot.. it just coded me a minivan with that SQL Injection

Quote Tweet

Arian van Putten 

@ProgrammerDude

Copilot writing an authentication page in PHP using MD5. Great

Show this thread

6

14

This whole system is madness.

Quote Tweet

Do you know a simple signature in Metamask can drain your wallet? A very experienced user (top 10 by Degen Score) lost almost 500k USDC in an exploit today. You could be next... A short thread how it happened and how you can avoid such exploits in future.

Show this thread

1

1

4

I can't figure out the math behind this anecdote. The monthly payments since 2013 would have to be so tiny (like $100 to $200/mo) for the principal to reach $300k in that time. If this were a 10 yr mortgage at 6.9% it'd be paid off at $1,700/mo. Not sure what I'm missing.

Quote Tweet

@MOyamaLeininger

I took out $150k for law school from 2009-2012, I consolidated my loans in 2011 and locked in the lowest interest amount I could (6.9%). I’ve paid monthly since 2013, and I now owe approx $300k. In what world is any of this not predatory. #CancelStudentDebt

3

3

Chris Eng Retweeted

Thanks to The Verge for citing my research in their comprehensive article on HDD resonance attacks.

Janet Jackson’s “Rhythm Nation” apparently vibed too hard for some laptops

It gave some hard drives bad vibrations.

2

19

45

Show this thread

After taking CO2 measurements over two days from multiple locations in the room where I was scheduled to speak, I felt comfortable enough with the room ventilation that I took my mask off during the panel. I also sneakily ensured that I was seated on the end.

1

5

Show this thread

Update to how my planned precautions held up: One of my outdoor reservations was rained out. We ate indoors but got a table pretty far from other parties, and I kept the KN95 on except while actively eating/drinking -- so maybe a total of 10 minutes.

2

Show this thread