Claudio Criscione

@paradoxengine

I used to be a better hacker, when I was 11. Security Robot Overlord @ Google.

Vrijeme pridruživanja: travanj 2008.

Tweetovi

Blokirali ste korisnika/cu @paradoxengine

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @paradoxengine

  1. A week or so later, the gender ratio of responses I've got to my posting here is depressing. I'm not sure what can be realistically done to improve things here, but I'm happy to try anything :-)

    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    25. sij

    (A few) Ops Lessons We All Learn The Hard Way -- a Twitter 🧵:

    Prikaži ovu nit
    Poništi
  3. 2. velj

    I can't help but wonder what would have happened to me if bitcoin, public image repos and the general "patching is so hard" attitude had been around when I was growing up :-/

    Poništi
  4. proslijedio/la je Tweet
    1. velj

    I thought that simply sharing this dystopian video proudly shared by the Chinese gov would be adequate for people to ruminate on, but I’ll be more direct and note that civilians being surveilled and yelled at by drones is probably not a very good omen for global tech & privacy.

    Poništi
  5. 30. sij

    on the other hand, even poorly-wrapped mochis are delicious.

    Prikaži ovu nit
    Poništi
  6. 30. sij

    So, today I watched the team that runs the single largest vulnerability scanning pipeline in the world trying to make mochis. I can safely say that the ability to prepare Japanese pastry and scanning wizardry do not correlate.

    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    30. sij
    Poništi
  8. proslijedio/la je Tweet
    29. sij

    This is a great talk about how to do security in a modern software engineering environment:

    Poništi
  9. proslijedio/la je Tweet
    27. sij

    Flamingo is a new open source tool from for capturing credentials sprayed by IT and security products: (h/t to for HTTP NTLM support!)

    Poništi
  10. 27. sij

    And I would also like to add: If you are part of an under-represented group (in any way or form) and are not sure if you are interested/can be a fit, reach out to me, and let's talk. I can't reach out to you directly but I'll do my best to listen, if you do!

    Prikaži ovu nit
    Poništi
  11. 26. sij

    I should mention I'm hiring security engineers both in Sunnyvale and Zürich. Come shape how we do automated security scanning at Google, and find more bugs in a hour than all bughunters combined in a day.

    Prikaži ovu nit
    Poništi
  12. 24. sij

    Also "the user is the weakest link" is victim blaming in 2020. Maybe stop giving them guns pointed to their damn feet so they can focus on doing their jobs? :-/

    Poništi
  13. 24. sij

    We get all the metaphors wrong. Having a "cyber perimeter" is hopelessly broken. Having "Limes" didn't work for the Roman Empire but somehow should work for us. Time to move on from the damn perimeter.

    Poništi
  14. proslijedio/la je Tweet
    22. sij

    I am beyond excited to finally announce Secret Manager - a secure and convenient method for storing API keys, passwords, certificates, and other sensitive data on . It’s available for everyone today in beta:

    Poništi
  15. proslijedio/la je Tweet
    22. sij

    This. It's hard to imagine how Apple are going to resolve this, it took a long time to accept that the auditor problems were fundamental, and it's hard to see how itp is any different here. Prediction: after a few failed attempts to rework it, they'll come to the same conclusion.

    Poništi
  16. proslijedio/la je Tweet
    20. sij

    ~15 years ago, if you wanted a dynamic website with PHP, you installed a LAMP stack, wrote a few toy pages, uploaded the files to a $5 host, fiddled 30mins with htaccess (optional), and you were done. I don’t recall seeing anything close to this easy since then.

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    19. sij

    Periodic reminder that you should NEVER use MD5 or SHA1 in any new project/system. What to use: - Password hashing: argon2i - Cryptographically secure hashes (most usecases): BLAKE2 (fastest) or SHA3 (if needed for compatibility) - Non-CS hashes: xxhash (faster than MD5)

    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet
    18. sij

    Caro , desidero condividere con voi l'incubo per gli italiani all'estero che ha rappresentato il giro di vite sull' art. 14 legge 1185/1967. Fino al 2018 circa i bimbi italiani all'estero viaggiavano allegramente nelle gite scolastiche con la stessa documentazione…

    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    16. sij

    And there it is: Public PoC released for 2020-0601. With ~50 lines of Python “we [are able to] sign a certificate with arbitrary domain name and subject alternative names.” Great work & ! (And thanks for the shoutout 👍)

    Poništi
  20. proslijedio/la je Tweet
    16. sij

    While you patch your Win server, please update Java too CVE-2020-2655

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·